In high availability mode, two nodes work with the same database, data, and user stores to ensure that vCenter Single Sign-On is not a single point of failure.


When configured for high availability, vCenter Single Sign-On cannot cannot authenticate local OS Windows users. However, it can authenticate Active Domain users.

Review Prerequisites for Installing vCenter Single Sign On, vCenter Inventory Service, and vCenter Server.


Configuring vCenter Single Sign-On for high availability requires two machines. One machine acts as the primary node, and the other as the backup node. When configured for high availability, both nodes work with the same database, use the same data, and have the same user stores


Create the first node in a vCenter Single Sign-On installation for high availability.


Create or upgrade an additional vCenter Single Sign-On node for an existing high availability vCenter Single Sign-On installation.


You can configure any SSL-aware load balancer (physical or virtual) to act as load balancing software with Single Sign-On, increasing availability.


Configure the load balancing software. Because Single Sign-On sends and receives sensitive information, configure the load balancing software for SSL.


When you configure Single Sign-On for high availability, update the Lookup Service records to ensure that the load balancer can connect to the Single Sign-On nodes.