Thanks for the fine blog/link. After having read through it, and based on other lab/setup tests I've done over the past week, I'm convinced that, for us, a single SSO server installed as primary node (for 'future-proofing') will work well.
One thing that the blog's author stated, however, caught my eye, and that being his noting that multisite is 'required' for linking vCenters. I haven't re-linked my 2 vCenters in the lab (both installed/configured to use the same primary node SSO server I setup), but I had read differently... that I can have linked mode vCenters in a primary node SSO config. I can already see both vCenters that I had access/admin rights to prior to upgrading my lab 4.1 ones to 5.1 ones, within the Web Client, so from that perspective they're definitely 'linked' but of course Linked Mode in the classic sense with the 'fat' .Net vSphere client is different. I'll find out soon and post back because I'm doing more lab stuff today.
It's baffling how badly documented SSO's various configs are and how many installation issues there have been since 5.1 came out, necessitating these quick revisions/updates to the code from VMware, namely 5.1.0a and now, 5.1.0b. I have information that I can't elaborate on that yet ANOTHER revision (5.1.1 or 5.2?) will be out circa May that attempts to mitigate many of 5.1's misgivings. Perhaps then they (VMware) will actually have plugins for their very own products for the Web Client, namely Update Manager and SRM.