The following provides a step-by-step walkthrough for deploying an external PSC Appliance into a new site, while joining an existing SSO Domain, followed by the installation of VCSA 6.0.

This scenario may arise in a multi-Site multi-vCenter solution where Enhanced Linked Mode is a requirement.

Begin by mounting the VCSA ISO on the VM from which you will be managing the PSC&VCSA deployment:


From the management VM browse the media contents, navigating to the VCSA folder and installing the Client Integration Plug-in:


The next series of steps detail the installation of the PSC Appliance

From the root of the attached media(VCSA ISO) right click vcsa-setup and open with your desired browser (I find OPERA plays nicest with the plugin!):


Select install:


Accept the license agreement:


Enter the FQDN/IP of the ESXi host used as the provisioning target for the PSC Appliance:


Click yes to accept the SHA1 thumbprint:


Enter the NEW PSC Appliance name:


Choose the External PSC install option:


Chose to Join an SSO Domain and enter the FQDN/IP of the existing PSC:


Enter the name of the new SSO Site name:


Sizing details of the appliance:


Select the datastore to use:


Enter the required network details for the NEW PSC:


Review and click finish to begin the install:


Install Complete:


Confirm the connectivity is valid: begin by SSH to the new appliance and enable shell access. More details on shell access here:

vSphere VCSA 6.x – Enabling Bash Shell

Run the following commands from the NEW PSC Shell to ensure the environment is as you expect?:

  • /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost
  • /usr/lib/vmware-vmafd/bin/vmafd-cli get-site-name --server-name localhost
  • /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator
  • /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator


Navigate to https://FQDN_of_PSC/websso/ to confirm successful install:


Installation of the vCenter Server Appliance (VCSA):


If you prefer to have replicated PSC partners per site, then deploy another PSC joining the primary PSC of the New site03 and then modify your SSO Domain replication agreements between sites in order to create a ring topology as per VMware best practices.

Useful Reference:

FAQ: VMware Platform Services Controller in vSphere 6.0 (2113115)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s