What would your design look like for a SRM Shared Recovery Model Service Provider solution? A service provider is providing SRM to it's many customers via the SRM shared recovery model. Let's make the assumption that each customer constitutes a different authentication domain. This is different than a company with 2 sites but a common authentication domain between sites.
Does it make sense for this design to have each customer who will be using this service to be migrated into the service providers authentication domain, or should they be allowed to continue to use their own authentication domain?
If the customers are allowed to use their own authentication domain, what happens when a failure at there datacenter occurs? SRM would bring up their vm's at the service provider site, but the service provider's SSO has no knowledge of the customer authentication domain. I assume the customer would not be able to log onto their machines with domain creds.
vCenter Server 5.5 has a deployment mode for SSO that states, 'vCenter Single Sign on For an Additional vCenter Server with a new Site'. The stipulation states that SSO server would have to be part of the same authentication domain as the existing. So, how would this work for a multi-tenant SRM environment?
It would seem to me that the only way for this model to work would be to the customer vCenter Server to exist in the same authentication domain as the service provider. How would you architect a multi-tenant, multi-domain shared recovery SRM solution - from an SSO perspective?