This document goes over some best practices for using the Linked Mode feature of vCenter 4.

The Linked Mode feature provides a way to greatly improve the efficiency of managing multiple vCenter instances. After you form a Linked‐Mode group, you can log in with the vSphere Client to any single instance of vCenter and view and manage the inventories of all the vCenter Servers in the group. For more background information on Linked Mode, please see the vSphere product documentation, or view this video.

Overview of Linked Mode Capabilities

Choose the boundaries for Linked Mode deployments based on these considerations

Linked vCenter instances share the following

• Roles definitions

• Licenses, e.g. ESX host license or individual features license

NOTE: it's impossible to not share these

Linked vCenter instances cannot share

• ESX hosts

• Clusters

• VMs

Linked vCenter instances do not share these directly, but can be shared indirectly

• Roles assignments (share by explicitly duplicating; this could be scripted using the PowerCLI or Perl Toolkit)

• Templates (share using common datastores)

• ISOs, other utility files (share using common datastores)

• Dormant VMs (share using common datastores; remove from one inventory and add to other; this migration could be scripted)

With Orchestrator, these processes can be shared across Linked vCenter instances

• Deployment of VMs (i.e., you can initiate a VM deployment within Orchestrator, and then indicate which vCenter instance the VM should go to)

Migrating from vCenter 2.5 to vCenter 4

Scenario 1: Multiple independent vCenter 2.5 deployments

Recommendation: upgrade each deployment independently to vCenter 4, and then join into Linked Mode group

Scenario 2: One large vCenter 2.5 deployment

Recommendation: split the deployment by desired organizational boundaries into multiple separate ones, according to Proven Practice: Splitting a VirtualCenter Server Installation. Then, follow recommendations from Scenario 1. Note that this is a one-time procedure: you cannot go back to the first vCenter and then move additional hosts, unless you are willing to lose performance data.

Approaches for Assigning Permissions across Linked Mode vCenter

Choose from the following two scenarios based on your own internal administration model and processes. Make sure the vCenter administration model is aligned with your other IT policies and configurations, e.g. AD domains, network access, etc.

Scenario 1: site-specific permissions

In this scenario, only a top-level administrator has privileges across all linked vCenter instances. Lower level admins and all users have privileges only for specific sites.

Scenario 2: universal permissions

In this scenario, all administrators have privileges across all sites, with fewer or greater privileges depending on seniority. Only the least privileged users have site-specific permissions.

Linked Mode Operational Considerations

Prerequisites

• The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances are installed.

• For transitive trust between domains: the same user should be able to be authenticated on any of the domains from any of the instances

• vCenters in Linked Mode cannot run on a Domain Controller

• When adding a vCenter instance to a Linked Mode group, the installer must be run by a domain user who is an administrator on both the machine where vCenter is installed and the target machine of the Linked Mode group.

• All vCenter Server instances must have network time synchronization. The vCenter Server installer validates that the machine clocks are not more than 5 minutes apart.

• DNS resolution needs to works correctly from any instance to all other instances

For more information, please see the section on Linked Mode prerequisites in the vSphere documentation

Other Considerations

• If you are joining a vCenter Server to a standalone instance that is not part of a domain, you must add the standalone instance to a domain and add a domain user as an administrator.

• The vCenter Server instances in a Linked Mode group do not need to have the same domain user login. The instances can run under different domain accounts. By default, they run as the LocalSystem account of the machine on which they are running, which means they are different accounts.

• During vCenter Server installation, if you enter an IP address for the remote instance of vCenter Server, the installer converts it into a fully qualified domain name.

• You cannot join a Linked Mode group during the upgrade procedure when you are upgrading from VirtualCenter 2.x to vCenter Server 4.0. You can join after the upgrade to vCenter Server is complete. See the vSphere Upgrade Guide.

Known Issues

For the latest list of known issues, please see the Release Notes for your version of vCenter.

• Joining a Linked mode group after installation is unsuccessful if UAC is enabled on Windows Server 2008

• Joining two vCenter Server instances fails with an error message in status.txt about failure to remove VMwareVCMSDS

• For large vCenter Server inventories, when you open the vSphere Client in Linked Mode with the inventories of all vCenter Server systems fully expanded, the vSphere Client might be nonresponsive for several minutes

• When you run the Linked Mode Configuration Wizard after linking a vCenter Server system to a group in a pure IPv6 environment, there is no option to isolate the vCenter Server system from Linked Mode

• If you remove a role, the operation only checks the status of the role on the currently selected vCenter Server system. However, it removes the role from all vCenter Server systems in the Linked Mode group without issuing a warning that the role might be in use on the other servers.

Troubleshooting

Please see the section on Troubleshooting Linked Mode in the vSphere documentation.