Between these forests A and B no trust exists nor will there ever be. However, the administrators wanted to use SCVMM (Forest B) in conjunction with OpsMgr (Forest A) so the PRO-tips could be used.
However, the run-as account of VMM needs access to the OpsMgr Management Group (MG) and the OpsMgr Action Account needs VMM Admin access. Since there is not a full trust between both Forests this wasn’t going to work.
The only two options which remained were:
- Building a new OpsMgr Management Group in Forest B and use this MG together with the SCVMM MP for the PRO-tips. And use the OpsMgr MG in Forest A as a looking glass by using the option ‘Connected Management Groups’ in OpsMgr.
- Building an OpsMgr Gateway Server in Forest B and use this Gateway Server to monitor the Hyper-V hosts but not SCVMM nor using the PRO tips.
In the end, option 2 was chosen.
So whenever OpsMgr needs to work in conjunction with SCVMM, both solutions need to be in the same Forest or – when residing in different forests, a full trust between both Forests needs to be present. Otherwise it will not work.
No comments:
Post a Comment