Did you know in vSphere 5.1, you can now configure multiple vSphere Web Client servers to multiple vCenter 5.1 Servers and get a single view of your entire infrastructure as well as provide redundancy to the vSphere Web Client? This is all made possible with the new vCenter SSO (Single Sign-On) and Lookup Service feature.
When you first install vCenter Server, you can install the vSphere Web Client on the same machine or you can install it on a separate machine. If you decide to install the vSphere Web Client on a separate system or add additional vSphere Web Client servers, you simply just need to point them to your main vCenter SSO instance.
Note: If you wish to re-point or re-register other vCenter Server components, there is nice VMware KB that goes over all the steps.
Before getting started, it is very important to ensure you have proper DNS resolution (forward / reverse working) on all your Windows servers.
If you are running Windows, when you install the vSphere Web Client, you will be brought to a screen to specify your SSO Administrator credentials (admin@System-Domain for windows) or (root for VCSA) as well as the Lookup Service URL which will be the same system running your vCenter SSO service.
Note: In my lab, I am using the VCSA for my vCenter Server as well as my SSO server, but this can also be a Windows vCenter Server and SSO Server.
You also have the ability to re-point your vSphere Web Client to another vCenter SSO server and you can do so by using the following script: C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts\client-repoint.bat To use the script, you just need to specify the new Lookup Service URL along with the SSO Administrator credentials.
C:\Program Files\VMware\Infrastructure\vSphereWebClient\scripts\client-repoint.bat https://172.30.0.181:7444/lookupservice/sdk root vmware
Once the script has finished registering with the new vCenter SSO server, you can now connect to the vSphere Web Client URL by going to https://[webclient-hostname-ip]:9443/vsphere-client and you now should be able to see all the vCenter Servers that have registered with the same vCenter SSO server.
Here is another view using the new VIN 1.2 (vSphere Infrastructure Navigator) to show that I have two vSphere Web Client servers (webclient 3 and webclient4) registered to my primary vCenter SSO Server (vcenter51-1) as well as two additional vCenter Server (vcenter51-2 and vcenter51-3) that are also registered with the same SSO Server.
As you can see this provides me with single view of all my vCenter Servers and I can now connect to either vSphere Web Client servers which can be used for both load balancing as well as redundancy. You probably might have guessed, the next logical step is to put an actual load balancer in front of multiple vSphere Web Clients and simply expose a single entry point for your end users .... stay tune ๐
FYI - If you are interested in using the VCSA and only enabling the vSphere Web Client feature, the process is slightly different and I will share the procedure in a separate post.
Hi William, nice post.when are posting VCSA as a vSphere Web Client server setup details ๐
regards
Surya
@surya,
Thanks, very soon. I still need to do some more testing/validation, but I have the steps ๐
This comment has been removed by the author.
Is it possible to recreate above scenario on single vcenter? Let me explain my lab setup. Running 1 vcenter on server 2008 + 1 vcenter as vcenter server appliance. Both have different ip address and both have SSO installed (during initial setup). Appreciate your guidance.
I visit your site everyday to learn new stuff. Great help and thank you.
When repointing I'm getting error "Server certificate assertion not verified and thumbprint not matched". This occurs on both new installation of vCenter and from the upgrade. Could you advise what needed fixing? Thanks.
@chakrit, do you have proper DNS in your environment that both Windows system can resolve each other both forward & reverse lookups?
Hi, Thanks for getting back to me. Oddly during the upgrade of vcenter it did actually complain about resolving the FQDN DNS name. However I was able to do the forward/reverse dns lookup from the command prompt. I'll give it another check. Thanks.
Hi, I was wondering if it's possible to register more than one vCenter to an instance of Inventory Service? Thanks.
To get your best article i have gonna very handy for me which is very essential. I must follow the discussion which is very positive for our job. Keep it up.
Hallowen