VCAP study notes – 9.3 Configure vCentre server Linked Mode
- Identify Linked Mode Prerequisites
- Identify differences between Linked and non‐linked vCenter Server Configurations
- Identify when a role requires reconciliation
Skills and Abilities
- Reconcile Roles in a Linked Mode Configuration
- Create and Join a Linked Mode Group
- Determine use cases for vCenter Server Linked Mode
- Troubleshoot Linked Mode Configurations
Tools & learning resources
- Product Documentation
- ESX and vCenter Server Installation Guide
- vSphere Datacenter Administration Guide
- vSphere Client
- vCentre Linked Mode (VMworld ’09) – well worth a watch!
- Best practices for vCenter Linked Mode (VIOPS)
Determine use cases
Simplify administration – in large environments this prevents administrators having to open multiple VI client sessions to multiple vCenters as all administration can be done through a single session.
Geographical or organisational boundary – if the infrastructure is split across a large geographical area latency could be an issue if the vCenter server is remote to some hosts. In this case locating a vCenter onsite and using Linked Mode may improve performance.
NOTE: Linked Mode can’t be used to move VMs or ESX hosts between vCenter instances – it’s view and search only.
Scalability is another reason to use Linked Mode. (NOTE: it’s not a multiple of a single vCenter’s maximums);
- 10 vCenter servers
- 1000 ESX hosts
- 10000 powered on VMs (15000 VMs total)
The above limits could be an issue for VDI deployments (lots of VMs per host).
NOT designed as a DR solution. VMware vCenter Server Heartbeat is the official DR product for vCenter, and SRM is the official DR product for protecting VMs.
Licences are shared between all linked vCenter instances so you can’t stop someone at one site using any licence in the licencing portal.
Differences between Linked Mode and standalone vCenters
- VI client display – all vCenters shown in the tree hierarchy and at various other points. For example you can choose which vCenter to set Advanced Settings;
- Scalability limits
- Global role definitions vs per vCentre
- Global licencing vs per vCentre
- Ability to search across all vCenter instances
- ADAM service and replication
Linked Mode Prerequisites
Server compatibility is same as for vCenter.
- Time synchronisation within 5 mins (Kerberos authentication).
- Working DNS
- User installing Linked Mode must be local Admin on both vCenters servers being linked.
- When vCenter servers are in multiple domains there must be two way trusts between domains.
Only included with Standard edition (not in vCenter Foundation edition).
Both I and people on the VMware communities site have had no problems running vCenter 4.1 and linking to a vCenter running v4.0, though not sure if it’s officially supported.
UPDATE: Having deployed this in production I can say that running mixed versions is supported (it’s listed in the 4.1. release notes) BUT does have its issues – see VMwareKB1026346. It also requires an update to the VI client so you have both v4.0 and v4.1 installed. There’s a good blogpost describing the problems and solution (upgrade to v4.1!).
Linked Mode works with SRM and is compatible with vCSHB, but has limited compatibility with VMware Data Recovery. See the Data Recovery FAQ for details.
Create and Join a Linked Mode group
There are two ways to enable Linked Mode. You can choose it during vCenter installation (assuming you already have at least one vCenter server built) or you can configure it at a later date using Start -> Programs -> VMware -> vCenter Server Linked Mode Configuration.
NOTE: Setting up Linked Mode requires a restart of the vCenter services
When vCenter is installed, ADAM (Active Directory Application Mode, now renamed Lightweight Directory Service) is also installed regardless of whether Linked Mode is selected. This creates a lightweight LDAP server and an application specific ‘partition’ which stores configuration details for the vCenter instance. Details stored in the AD partition;
- Licence information
- Certificates (SSL etc)
- User roles and permissions
If Linked Mode is enabled the ADAM partition is replicated between all vCenter instances (see vCenter installation guide p.37). NOTE: Even if you’re only using a single vCenter server NOT in linked mode the ADAM partition is still used to store licencing information (see VMware KB1017480). You can confirm this by starting ‘ADAM ADSI Edit’ on the vCenter server (Start -> Programs -> ADAM -> ADAM ADSI Edit);
Leaving a Linked Mode group (isolating a vCenter server)
The process is almost identical to joining a Linked Mode group. Go to Start -> Programs -> VMware -> vCenter Server Linked Mode Configuration but choose the ‘Isolate this vCenter server…’ option instead of the ‘Join…’ option. The vCenter Server restarts (the service, not the OS) and is no longer part of the Linked group.
This is when roles defined at one vCenter server clash with the same role as defined on another vCenter and Linked Mode is used. For example if the Virtual Machine Administrator role is amended on one vCenter server (while in standalone mode) and it’s then put into Linked Mode. As the same role has two conflicting definitions a conflict arises.
The Linked Mode setup wizard will identify any conflicts and prompt the user. Choices are to automatically resolve the conflict or manually resolve it. In both cases the roles need to be renamed – if done automatically they’re renamed with the name of the vCenter and role ie. ‘vCentre01 VMAdmin’
Troubleshooting Linked Mode
Server name and DNS name for the vCenter server must match or connectivity errors will occur. See the ESX and vCenter Server Installation Guide (p106-107)
The following knowledgebase articles all use ADSI Edit to fix issues with vCenter Linked Mode;
- See VMware KB1024036 for details of changing a host’s name when in Linked Mode
- See VMware KB1017631 for details of how to force removal a vCenter server from Linked Mode
- See VMware KB1024329 for details of how to rebuild the ADAM instance for a broken vCenter
As stated in the requirements section, time must be in sync across all vCenter servers (within 5 mins). If not (according to VMware KB1009551) there will be no obvious errors but replication will stop working.
If the user installing vCenter is not an administrator on both the source and destination vCenter servers the install may appear to complete OK but won’t work as expected – see VMware KB1016144 for details.
Check the ADAM service is started (named vCMSDS) – this becomes a dependency for vCenter when Linked Mode is enabled. You can restart vCMSDS service without impacting any running operations (VM clones etc).
Replication is done via RPC so the relevant ports must be open on any firewalls. The default is for any changes to be replicated after 15 seconds although this is only for ADAM replicas in the same site. You can change replication schedules and monitor replication using the usual AD administration tools (more info can be found in this Microsoft article) or using vCenter (Home -> Administration -> vCenter Service Status, look at the LDAP Health Monitor). There is also a dedicated event log on the vCenter server named ‘ADAM (VMwareVCMSDS)’;
The actual files representing the ADAM partition are located here;
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\VMwareVCMSDS
Logfile created when setting up Linked Mode;
Logfiles for vCenter;