VMware vCenter Server's Linked Mode capability is one vSphere 4's newest features. This federation tool allows
administrators to move beyond vSphere's established limits in terms of implementation and management.
A single vCenter server, for example, can support a maximum of 3,000 powered-on virtual machines (VMs) with a 64-bit vCenter Server OS. In Linked Mode environments, however, that jumps to 10,000 VMs.
In this SearchVMware.com tip, I will configure Linked Mode and outline what's possible with this new vCenter capability.
Linked Mode: A consolidated view of management zones
To put it simply: Linked Mode is a consolidated view of management zones. During the VMware Infrastructure 3 era, a connection with the VI Client to each vCenter server was required. For organizations with two vCenter servers, this is a tolerated practice. When three or more servers come into play, however, it quickly becomes annoying for the virtualization administrator to frequently transition between VI Client sessions for basic management tasks.
Linked Mode is available in the VMware vSphere 4 Essentials Edition and higher and utilizes Windows Active Directory for communication between management zones. For environments with a single Active Directory domain, this process is fairly straightforward. But when domain trusts come into the picture, it becomes a little more complicated.
To establish a vCenter Server Linked Mode connection, the base requirement is that the vCenter Server administrator account used must be able to authenticate in both domains. VMware has more details about vCenter Linked Mode and domain trusts available on the VMware Infrastructure Operations website.
Configuring vCenter Server Linked Mode
Configuring VMware vCenter Linked Mode occurs during the installation process or through the vCenter Server Linked Mode Configuration shortcut for an existing installation. Before configuring this option, though, it is a good idea to verify that the proposed configuration meets the Linked Mode requirements, which are the following, according to the vCenter vSphere Online Library:
- Domain name server must be operational for Linked Mode replication to work.
- If the domains have a two-way trust relationship the vCenter Server instances in a Linked Mode group can be in different domains. Each domain must trust the other domains on which vCenter Server instances are installed.
- When adding a vCenter Server instance to a Linked Mode group, a domain user who is an administrator must run the installer on (1) the machine where vCenter Server is installed and (2) the target machine of the Linked Mode group.
- All vCenter Server instances must have network time synchronization. The vCenter Server installer validates that the machine clocks no more than five minutes apart.
Once these conditions are verified, the vCenter server is now a candidate for Linked Mode. During a new installation, there's an option to install a new vCenter Server with Linked Mode, as seen in Figure 1.
The installation process will then prompt you to add the existing vCenter server to configure for the new installation. In my example, VC1.RWVDEV.INTRA is the existing vCenter server and VC2.RWVDEV.INTRA is the second vCenter server, which is being installed with the Linked Mode configuration. The installation process provides the first vCenter Server information, which is shown in Figure 2.
The installation will continue with the normal options, such as TCP ports for vCenter operation. Once the installation completes, the Linked Mode configuration will then run for the new vCenter server. The installation example above was on VC2.RWVDEV.INTRA. Once the installation is complete, the first view into the vSphere Client shows the existing vCenter configuration -- VC1.RWVDEV.INTRA -- when connecting to VC2.RWVDEV.INTRA. This is shown in Figure 3.
On the first vCenter Server, VC1.RWVDEV.INTRA, the Linked Mode configuration is displayed on subsequent connections to the vSphere Client. The vCenter activities, which are displayed in the scrolling log at the bottom of the screen, will now display both vCenter server's activities, as shown in Figure 4.
What vCenter Server Linked Mode cannot do
Linked Mode doesn't allow for a fully connected virtual infrastructure or administrators to migrate VMs from a host managed on one vCenter server to another. This setup requires VMotion or offline migration technologies, such as cloning. You can circumvent some of these limitations with storage that is zoned to hosts in both management zones and removing a VM from the inventory of one vCenter server and then importing it into the inventory on the next vCenter server.
Workloads are still separate
One popular practice is to separate virtualization environments by their workload classification or security zones. While Linked Mode cannot move VMs between different management zones, the virtualization administrator can view the separated environments through a single management pane. Aside from the scrolling log benefit, additional Linked Mode benefits include the ability to create roles that can be used in each vCenter server.
For role creating and propagation to other vCenter servers, there are a few considerations. Each role is created from one vCenter server and then replicated to the other vCenter servers configured through Linked Mode. In Figure 5, notice that VC1.RWVDEV.INTRA has the displayed role inventory, including the custom role named LinkedMode-ConsoleMediaRole:
As highlighted in Figure 5, the roles are automatically replicated on every VMware vCenter server. You can, however, force the replication to occur on demand. On the vCenter server that does not show the custom role that you have created, you can restart the VMwareVCMSDS service. This service coordinates the Linked Mode features and can be restarted without affecting the running vSphere workloads. VMs, hosts, Distributed Resource Scheduler rules, High Availability and other core vSphere functions are not managed by this service.
Centralized roles may be the best feature of vCenter Server Linked Mode. Managing roles and their associated group or user membership across multiple vCenter servers is a tedious process. Linked Mode reduces the risk of inconsistent configuration as well as of overassigning permissions in different environments.
Considerations for existing vCenter Server installations
For existing installations, the central issue is when custom roles currently exist with the same name or default roles have been modified. The vSphere Online Library provides the following guidance for resolving duplicated role names:
If two vCenter Server systems have roles with the same name, the roles are combined into a single role if they contain the same privileges on each vCenter Server system. If two vCenter Server systems have roles with the same name that contain different privileges, this conflict must be resolved by renaming at least one of the roles. You can choose to resolve the conflicting roles either automatically or manually.
In my view, this is the biggest Linked Mode implantation issue. As previously stated, solutions to this problem include renaming custom roles with the vCenter Server name to identify the "owner" or consolidate the inventory of roles to a common configuration.
Final thoughts on Linked Mode
With vSphere, using vCenter Server Linked Mode allows administrators to centrally manage virtual environments. This is a welcome configuration, and as shown in the steps above -- quite easy to implement in a VMware vCenter Server installation.
Rick Vanover (VCP, MCTS, MCSA) is an IT infrastructure manager for a large financial services organization in Columbus, Ohio. Vanover has more than 12 years of IT experience. His areas of interest include virtualization, Windows-based server administration and system hardware.