Hi,
I am putting together a VCenter 6 Design currently with two VCenters and two external PSCs (one in each datacentre) load balanced using F5 GSLB. The PSCs VMCA component will be a subordinate of my client's internal Microsoft PKI. SO my questions are:
1. Do any certificates issued by the VMCA get replicated between the PSC nodes? If we have a primary datacentre failure, can I be certain that any certificates are also stored in the second PSC VECS? DOes it actually matter if the certificate is already on the host?
2. Are certificates checked against a CRL for revocation? Does the VMCA perform the CRL checking or is this done by the PKI?
3. What order does the install and certificate configuration happen? I am assuming;
Install PSC1
Configure PSC1 to be a subordinate of PKI
Install PSC2
Configure PSC2 to be a subordinate of PKI also
Configure Load balancing
Install VCenters using GSLB of PSCs.
Thanks all in advance