This comes down to how your are deploying your environment.
- Are you going to have multiple vCenters with SRM?
- Meaning different SRM Stacks (PROD Stack, CORP Stack etc etc)
- Each Stack would have 2 vCenters?
- How many sites will you have (Physical Data Centers)?
- Planning to have SSO install for each vCenter?
Here is what I have done in the past (and currently) with SSO, SRM, VCENTER accounts
- Each Datacenter gets its own Infrastructure Database Server (to host the Diaster Recover Infrastructure)
- Each physical Datacenter gets One SSO Server.
- Each SSO server gets its own AD Service Account to run from
- That account has the correct rights to its own SSO DB located to the local Database Server in that Datacenter
- The SSO Install is extremely tricky when it comes to Databases, I am not going into those issues for this reply. Staying on topic but wanted to mention it
- Each physical Datacenter gets One Web Server.
- This server in my designs is actually hosted on the same box as SSO
- Web Server Service is using the same SSO Service Account of the server its installed on (since they are on the same box)
- Each individual vCenter gets its own Service Account
- Each vCenter DB is located on the local Databse Server in the Datacenter its "physically sitting"
- Each local vCenter in Datacenter authenticates to its local SSO Server for Web Client Access
Now the SRM gets a little trickier.
- Each Stack uses the same Service Account for SRM.
- Different SRM Stacks get different Service Accounts
- In other words: Both SRM installs on both vCenters in PROD are using the same Service Account. However both SRM installs on both vCenters in CORP are using the same account but that account is different from the one in used in PROD
- Each SRM Stack's Service Account has its proper ownership to the SRM Databases
This model works well with Primary and Secondary Sites with a Diaster recovery Strategy. Along with different environments at those site such as Production, QA, Staging, Development and Corporate.
Thanks,
Boston Tech Guy