The vCenter Single Sign-On multisite configuration is designed for deployments with multiple physical locations. Installing a Single Sign-On instance at each site allows fast access to local authentication-related services. Each Single Sign-On instance is connected to the local instances of the AD (LDAP) servers and has its own database with local users and groups.

For more information about vCenter Single Sign-On, see How vCenter Single Sign On Affects vCenter Server Installation and Upgrades and the vSphere Security documentation.

For more information about multisite deployment mode, see vCenter Single Sign-On Deployment Modes.

To install vCenter Single Sign-On in high availability mode, see Install or Upgrade vCenter Single Sign-On for a High Availability Deployment. To install vCenter Single Sign-On in basic mode, see Separately Install or Upgrade vCenter Single Sign-On in a Basic Deployment.

These instructions let you install vCenter Single Sign-On only. You must install vCenter Single Sign-On and upgrade Inventory Service before upgrading vCenter Server. For simple deployments, you can install vCenter Single Sign-On, upgrade Inventory Service, and upgrade vCenter Server together on a single host machine using the vCenter Server Simple Install option. See Using Simple Install to Upgrade vCenter Server.

After you install Single Sign-On, no connectivity between the Single Sign-On servers is necessary, because there is no automatic replication of data between Single Sign-On instances.

There are no components in the vSphere suite that communicate with multiple Single Sign-On servers. Each vSphere component should be configured to communicate with its local Single Sign-On instance for faster access.


vCenter Server 5.1 supports connection between vCenter Server and vCenter Server components by IP address only if the IP address is IPV4-compliant. To connect to a vCenter Server system in an IPv6 environment, you must use the fully qualified domain name (FQDN) or host name of the vCenter Server. The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if assigned by DHCP.


Create or upgrade the first vCenter Single Sign-On node for a multisite vCenter Single Sign-On installation.


Create an additional vCenter Single Sign-On node for a multisite vCenter Single Sign-On installation.