VMware Cloud Community
FingerJC
Enthusiast
Enthusiast
‎08-04-2023 11:09 AM

vCenter Linked Mode

I have been managing a linked vCenter environment for a few years now.  I did not set it up.  I find it not great to maintain.  I actually have multiple geographically diverse data centers that I know I should be standing up another vCenter server and moving resources to it and linking that one to the existing environment.  I've heard others in our org spit ball ideas.  In a lab, I went ahead and stood up 2 vCenter servers and set up linked mode as existing separate vCenters, rather than deploying it as such, as this is the scenario I would encounter with linking existing vCenters. 

From what I saw of the linking process, this doesn't appear to be something you just want to unlink temporarily and re-link?  I have a customer or two where we manage their hosts using our vCenter, but will likely be spinning up new vCenters for them.  Would like to make it a single pane of glass to manage their hosts, but if I've got 5ish vCenters linked, I'm not necessarily going to want to shut them all down to snap them all prior to doing any updates, but I'm not really seeing that it's feasible to unlink temporarily to give me more time to get them all updated.  How do others manage maintaining the environment with more than 2 linked vCenters?  Am I over thinking this or is this just a challenge I need to work through?

Presently, our authentication to vCenter is LDAP.  I am thinking about joining vCenter to our Active Directory.  Not knowing why it was initially decided not to join AD, I am not sure if there are implications to domain joined with regards to linked mode.  We have acquired another entity and they have a much smaller vCenter environment that will eventually all get absorbed into ours, but they are joined to their AD and this may become linked to our vCenter environment during this transition period. 

To recap questions I've got:
How do people maintain several linked vCenters?  Do you unlink the unimportant ones while you are focused on your more mission critical appliances or just accept you have to shut them all down and snap them?
Any implications with linked mode while domain joined or does it only affect the vsphere.local SSO?
As you add more than 2 vCenters, what even is the process?  Do you still just link to an existing vCenter that is linked and it becomes linked to all or do you have to link a new vCenter to each existing linked vCenter?

Thanks in advance.
Joel

0 Kudos
2 Replies
maksym007
Expert
Expert
‎08-05-2023 11:25 AM

If I were you I would check here everything: 

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vcenter.install.doc/GUID-7A90361C-E95B-4C53... 

0 Kudos
markey165
Expert
Expert
‎08-07-2023 04:52 PM

Hi Joel @FingerJC ,

We use Enhanced Linked mode across 3 sites and personally i think its great.

Yes we learned early on that for updates you MUST power off all vCenters, snapshot them, power them back on again, then update each in turn, so if something goes wrong, you can roll them all back to the same pre-upgrade state, without replication getting into a mess.

I wouldn't waste time unlinking and relinking vCenters , you risk corrupting things unnecessarily by doing that. I just start early on upgrade day and do it out of hours when no one needs to login. its no problem, and everything carries on running. You could also script the snapshot process to speed things up if you like. its a good idea to have a pre-agreed maintenance window for things like this, such as 6-9am on a Tuesday morning before the working day starts. Then you can crack on and do your thing before most people have even got up!

Also no issues with them being domain joined when using Linked Mode. Ours are joined to the domain, and we are also using AD over LDAPS as our Identity Provider. Absolutely no problem at all with either. Just remember you will need to completely remove the old identity provider, then re-add the new identity provider, so you might want to test this in isolation first to get comfortable with the process and make sure AD over LDAPs works, as you have to run through some steps to grab the AD certificates using openssl. Google for relevant guides.

If you feeling really adventurous, build an all new Platform, new vCenter, new hosts, configure everything how you want it, then use Cross vCenter vMotion to move everything seamless to the new platform (you can also use Advanced Cross vCenter vMotion if you decide to setup an all new SSO domain). I did this on my recent 6.7 to 7.0 upgrade, and it worked like a charm.

Regarding your last question, yes you can setup additional replication agreements to have everything replicating in a 5 way topology. You don't HAVE to do this, but it does make replication a bit more resilient.


In terms of useful commands, i've just written a blog post on Enhanced Linked Mode and Replication which you can find below. It doesn't cover AD over LDAPs, but it does include lots of useful commands to help you understand ELM.
https://www.digitalewok.com/post/vcenter-enhanced-linked-mode

Hope this helps. Cheers. Mark 😊

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
0 Kudos