VMware Cloud Community
fermarloe
Enthusiast
Enthusiast
‎06-03-2019 05:23 AM
Jump to solution

What is your opinion in this scenario: ELM (Enhanced Linked Mode), “on” or “off”?

Hi Community friends,

I have a question about  Enhanced Linked Mode in a new vSphere 6.7 Design.

General Infos:

  • vSphere v6.7u2
  • There are 2x Data Center, DC_A and DC_B. Each DC has a local vCenter with 200-300 Hosts.
  • The vCenter are VCSA with Embedded PSC. https://kb.vmware.com/s/article/60229
  • The vCenter are with VCHA protected
  • SRM v8.2 is integrated: DC_A is the Protected Site, DC_B is the Recovery Site
  • Array-based replication.

The design includes the functions: VCSA + Embedded PSC + VCHA.

I have installed the 2 vCenter (one VCSA in each DC) and configured with ELM. I have produced a Disaster in DC A. The VCSA in DC B couldn’t authenticate the AD users even the administrator@vsphere.local user. It is a big problem, because in a disaster case of DC A the SRM couldn’t run the Recovery Plan.

I have considered the following Design scenarios:

(1) VCHA local (the VCSA-Active, VCSA-Passive and Witness in the same DC) & without ELM

(2) VCHA local & with ELM

(3) VCHA distributed (the VCSA-Active, VCSA-Passive and Witness in different locations) & without ELM

(4) VCHA distributed & with ELM. I don’t know if VMware support this. I read that VCHA is a HA feature and not a DR feature, but I didn’t find an explicit “don’t supported” for this.

*Please, see the Scenarios.pdf.

The question is: ELM (Enhanced Linked Mode) “on” or “off”?

  • Option „on“: Scenario (1)
  • Option „off“: Scenario (4)
  • The scenario (2) were a good Design but the VCSA in DC B couldn’t authenticate the users.
  • The scenario (3) isn’t much interesting.

What is your opinion?

Regards for all,

Fernando

Preview file
189 KB
0 Kudos
1 Solution

Accepted Solutions
fermarloe
Enthusiast
Enthusiast
‎06-05-2019 01:48 AM
Jump to solution

Hi,

after more tests I solved the problem with the ELM.

I had linked two independent VCSA with the following command: cmsso-util domain-repoint

After that the biggest problem that I had was that the VCSA in DC B couldn’t authenticate the users after a disaster in Site A.

In the new test I followed the Joining a vCenter Enhanced Linked Mode Domain instructions:

  1. For Appliance 1, deploy the vCenter Server Appliance as an instance on ESXi Host 1. Synchronize the time settings with ESXi Host 1.
  2. For Appliance 2, deploy the vCenter Server Appliance as an instance on ESXi Host 1 and configure the time settings so that Appliance 2 are synchronized with ESXi Host 1. In stage 2 you select to join the vCenter Single Sign-On server of the deployed appliance on Machine 1.

And the authentication works in both directions in disaster case too.

I prefer the scenario 2 in this case. 🙂

Regards,

Ferrnando

View solution in original post

0 Kudos
1 Reply
fermarloe
Enthusiast
Enthusiast
‎06-05-2019 01:48 AM
Jump to solution

Hi,

after more tests I solved the problem with the ELM.

I had linked two independent VCSA with the following command: cmsso-util domain-repoint

After that the biggest problem that I had was that the VCSA in DC B couldn’t authenticate the users after a disaster in Site A.

In the new test I followed the Joining a vCenter Enhanced Linked Mode Domain instructions:

  1. For Appliance 1, deploy the vCenter Server Appliance as an instance on ESXi Host 1. Synchronize the time settings with ESXi Host 1.
  2. For Appliance 2, deploy the vCenter Server Appliance as an instance on ESXi Host 1 and configure the time settings so that Appliance 2 are synchronized with ESXi Host 1. In stage 2 you select to join the vCenter Single Sign-On server of the deployed appliance on Machine 1.

And the authentication works in both directions in disaster case too.

I prefer the scenario 2 in this case. 🙂

Regards,

Ferrnando

0 Kudos