One thing we have been meaning to do for a while but haven’t got round to is getting our Virtual Center Servers into “Linked” mode – essentially to provide a single pane of glass view of our entire virtual estate. One vCenter resides on the other side of our DMZ and manages hosts isolated for security purposes. I’ve created an IPSec server-to-server connection and allowed that through the firewall to secure traffic between the DMZ VC and LAN VC.
For the purposes of this, let’s call them DefinIT-VC01.definit.co.uk and DefinIT-VC02.definit.test.
Linked Mode Pre-requisites
As well as the normal vCenter Server pre-requisites, there are certain criteria you have to fulfil to be able to use linked mode too. These are taken from the docs here: http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-7C9A1E23-7FCD-4295-9CB1-C932F2423C63.html
Linked Mode groups that contain both vCenter Server 5.x and versions of vCenter Server earlier than 5.0 are not supported. The vSphere Client does not function correctly with vCenter Servers in groups that have both version 5.x and pre-5.0 versions of vCenter Server. Do not join a version 5.x vCenter Server to pre-5.0 versions of vCenter Server, or pre-5.0 version of vCenter Server to a version 5.x vCenter Server. Upgrade any vCenter Server instance to version 5.0 or later before joining it to a version 5.x vCenter Server.
Easy one to start with, both my vCenter Servers are 5.1!
Make sure that all vCenter Servers in a Linked Mode group are registered to the same vCenter Single Sign On server.
Not so easy – I need to register DefinIT-VC02 with DefinIT-VC01’s Single Sign On service. This is possible using Repointing and reregistering VMware vCenter Server 5.1.x and components, however if your install path is not the default the scripts do not work. There are references all over the place to “c:\Program Files” hard coded – even editing them as best I could I couldn’t get it to work. In the end I removed everything from DefinIT-VC02 and reinstalled each component, skipping the SSO and pointing the Inventory Service, vCenter Server and WebClient to DefinIT-VC01.
To join a Linked Mode group the vCenter Server must be in evaluation mode or licensed as a Standard edition. vCenter Server Foundation and vCenter Server Essentials editions do not support Linked Mode.
Both VCs are installed with a vCenter Server Standard License.
DNS must be operational for Linked Mode replication to work.
Both VCs can resolve their own and each other’s DNS names.
The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances are installed.
The two domains do trust each other.
When adding a vCenter Server instance to a Linked Mode group, the installer must be run by a domain user who is an administrator on both the machine where vCenter Server is installed and the target machine of the Linked Mode group.
Both vCenter Servers are run using the same service account, and the Linked Mode Configuration will be run from this context.
All vCenter Server instances must have network time synchronization. The vCenter Server installer validates that the machine clocks are not more than five minutes apart. See Synchronizing Clocks on the vSphere Network.
Finally, check you’re in time sync – 5 minutes is a big difference though, more tolerant than most applications!
Configuring Linked Mode
Running the Linked Mode Configuration tool was pretty straightforward, though it did get confused in the middle reporting errors that didn’t exist. The steps are self-explanatory: