Now that a user can switch between different sites without the need to reauthenticate, making changes across a number of sites becomes more straightforward. A user can login to the first site in which they want to make changes, then switch to the second and so on until they have completed the changes in each site. However, because it is possible for users to log into any vCloud Director site as long as they have a user account within an organization there, vCloud Director v9.0 offers Service Providers the chance to provide a more resilient access mechanism across their associated sites. While customers can still log in at any site, in the event of a failure at the site they are attempting to log in to, their session will fail. With the introduction of a load sharing or load balancing mechanism in front of the users’ login to a particular site, service providers can offer a higher availability service level against the associated sites. It should be noted that, even though using the techniques described in the following sections offers increased availability, a failure at an associated site will potentially prevent access to the site even if a user is able to log in to another site and then attempts to switch to the failed site.

For the purposes of this document, the ability to distribute login sessions across multiple sites is split into two models. The first involves those options which require an HTTP(S) connection to be made from the user’s browser to a service location and the second involves those options which rely on intelligent DNS service to steer the user’s initial connection to the required service location. Both models appear similar at a high level. The following figure illustrates the conceptual traffic flow for both.

 

To access one of the associated organizations, the user connects to a single, global URL (1) which is “https://portal.cloud.example.com/tenant/orgname”. The request is directed to one of the service location sites accessed through the site’s “Site-X.cloud.example.com” host name and IP address (2). The site that receives the connection sends back the login page for the user to enter their credentials (3).