The Platform Services Controller maximums represent limits for domain or replication, identity source, enhanced linked mode or lookup service, and VMware Certificate Authority (VMCA).

Table 1. Platform Service Controller maximums




Maximum PSCs per vSphere Domain


Maximum PSCs per site, behind a load balancer


Maximum objects within a vSphere Domain (Users and Groups)


Maximum tolerance for time skew between PSC nodes

5 minutes

Identity Source

Maximum Active Directory or OpenLDAP Groups per User for best performance


Enhanced Linked Mode/Lookup Service

Maximum number of VMware Solutions connected to a single PSC


This limit is based on the test performed using only vCenter Server.

Maximum number of VMware Solutions in a vSphere Domain


A VMware Solution is defined as a product that creates a Machine Account and one or more Solution User (a collection of vSphere services) within the VMware Directory Service when the product is joined to the PSC, thus the vSphere Domain. The Machine Account and Solution User(s) are used to broker and secure communication between other Solutions available within the vSphere environment. In order to count against these maximums, the Machine Account and Solution Users must be fully integrated with all of the PSC's available feature sets (Identity Management and Authentication Brokering, Certificate Management, Licensing, etc.) such that the product makes full use of the PSC. At this time, only vCenter Server is defined as a fully integrated solution and counts against these maximums.

Partially integrated solutions, such as vCenter Site Recovery Manager, vCloud Director vRealize Orchestrator, vRealize Automation Center, and vRealize Operations, do not count against these defined maximums .


Maximum number of subordinate Certificate Authority servers in the chain within VMware Certificate Authority


Maximum cryptographic hash used for PSC Node certificate


Maximum RSA Public Key length used for PSC Node certificate