In the last few weeks, albeit due to VMworld, I have seen a large number of inquiries from customers regarding the existing vCenter Enhanced Linked Mode (ELM) as it compares to the newly announced Hybrid Linked Mode (HLM) feature. In some cases, certain assumptions were being made based on what was initially announced and I think that also led to some confusion on what the future holds for both of these capabilities. Hopefully with this article, I can help clarify the differences between ELM and HLM and their respective use cases. I will also quickly touch upon some of the future thinkings for both of these features as they were discussed at several VMworld Sessions both in the US and Europe.
Disclaimer: Hopefully folks are familiar with the standard VMworld Disclaimer slide that is shown before any session which states features are subject to change and must not be included in contracts, purchase orders or sales agreement of any kind. I am sure many of you have memorized it by now, but this is a good time to re-iterate that point, especially as we talk about futures 🙂
Lets start off by reviewing what we have today and explaining the differences between ELM and HLM.
vCenter Enhanced Linked Mode was first introduced in vSphere 6.0 and replaces the existing Linked Mode capability which was based on Microsoft ADAM technology. This was needed as VMware wanted to provide the Linked Mode capability for both Windows-based vCenter Server as well as the vCenter Server Appliance (VCSA). This is especially important since the VCSA is the future direction for VMware. In case you had not heard, the depreciation of Windows vCenter Server was announced right before VMworld US.
- ELM provides customers with single administrative domain across multiple vCenter Servers within a single SSO Domain
- A 2-way trust is established between vCenter Servers participating in an ELM and data is sync'ed bi-directionally
- Can only be configured during installation of vCenter Server, post-deployment is NOT supported
- Requires an External Platform Services Controller (PSC) to be deployed, Embedded vCenter Server is NOT supported
- ELM requires all vCenter Server versions to be same (6.0+), mixed-versions is NOT supported outside of a rolling upgrade
- Users can login to ANY vCenter Server for single-pane of glass management (Flex and H5 Client supported)
- Roles, Global Permissions, Licenses, Certificates, vSphere Tags and VM Storage Policies are automatically replicated across all vCenter Servers
Below is a diagram that outlines what an ELM configuration could look like:
Hybrid Linked Mode (HLM) is a brand new capability that was announced at VMworld US, which is currently only available as part of the new VMware Cloud on AWS (VMC) offering. Although simliar in name, HLM is a completely different implementation that differs in a number of ways and more importantly addresses a new challenge when dealing with hybrid cloud management. The primary benefit and driver for HLM is not so much a single-pane of glass as some might come to believe but rather providing an operational consistency between your on-prem and VMC infrastructure. Simply speaking, it provides customers a consistent experience whether you are dealing with on-prem or VMC from an operational and day to day usage.
- HLM allows customers to link a single VMC instance to a single on-prem SSO Domain which can contain one or more vCenter Servers (Enhanced Linked Mode) while maintaining separate administrative domains (e.g. on-prem user is Administrator while VMC user is CloudAdmin only)
- SSO Domains will be different between on-prem and VMC, however it is a 1:1 relationship
- A trust is established where the on-prem vCenter Server trusts the incoming connections from VMC as they share the same Active Directory identity source. Data is sync'ed uni-directionally from on-prem to VMC
- Can be configured at any point in the on-prem vCenter Server lifecycle, no restrictions to initial install and can easily be un-linked unlike ELM
Requires the on-prem vCenter Server to be an Embedded deployment, External PSC is NOT supportedExternal PSC support was just added on 11/28, both Embedded & External vCenter Server deployment is supported
- HLM supports different versions of vCenter Server between on-prem (6.5d+) and VMC, especially as VMC will almost always run a newer version of vSphere
- Users MUST login to VMC vCenter Server for single-pane of glass management (H5 Client supported only), logging into on-prem vCenter Server will NOT show VMC vCenter Server
- Roles are NOT replicated due to the restrictive access model in VMC
As mentioned earlier, all HLM configurations are only available when using the VMC's H5 Client. Below is a screenshot of where to find the configurations which is located under Administration->Hybrid Cloud->Linked Domains
Below is a diagram that outlines what two different HLM configurations could look like, notice that both the VMC and on-prem SDDCs all have different SSO Domains:
Hopefully the above gives you a nice summary break down between ELM and HLM and some of their key differences and constraints. Like with any new or existing technology, it can always be improved upon and feedback directly from our customers is a great way to help influence a feature and/or product. Lets now take a look at some of the changes being considered for both ELM and HLM which were covered in several VMworld Sessions (references listed below)
Lets start off with ELM -
One major constraint of ELM today is the requirement for an External PSC, which also means customers now have one additional VM to patch, upgrade and manage. Many customers would like to keep their vCenter Server designs simple. The primary driver for deploying an External PSC today is to enable ELM. At VMworld US, a Tech Preview was given on adding support for the Embedded VCSA and ELM which many folks were quite excited to hear.As of vSphere 6.5 Update 2 and vSphere 6.7, ELM is fully supported using Embedded VCSA. Although the updated news is great, what about customers who have already deployed an External PSC and wish to go back to Embedded VCSA? Well, the other update that was given which was marked as a "Roadmap" item is that a conversion tool would be made available in the future to help customers convert from an External PSC deployment back into an Embedded (similarly to what we have today going from Embedded to External). No timelines were given, but customers who chose to go with an External deployment to benefit from things like ELM will have a path back to an Embedded deployment in the future while maintaining features like ELM.At VMworld US 2018, Emad Younis and I presented VIN2410BU - Nerds with Appliances: vCenter Server Migration which goes into a new Convergence Tool that will enable customers to convert from an VCSA with an External PSC to an Embedded VCSA, please watch the session for more details. Lastly, although not related to ELM, it was also announced that a tool was actively being developed to allow customers to consolidate SSO Domains which is currently not possible today. I suspect this will be a very welcome tool especially as many customers would like to reduce the number of vCenter Servers that they currently have to manage.At VMworld US 2018, Emad Younis and I presented VIN2410BU - Nerds with Appliances: vCenter Server Migration which goes over some new enhancements to the SSO Domain Repoint Tool for consolidating or splitting out SSO Domains, please watch the session for more details
Ultimately, our goal is to ensure that regardless of the VCSA deployment topology, that all features like VCHA, backup, etc. will be available and customers will not be forced into a specific deployment to access certain features. Longer term, it looks like there should not be any differences between deploying an Embedded VCSA vs one with an External PSC. If you wish to keep things simple, I would recommend sticking with the Embedded model as you will have all the capabilities that External PSC provides today without any of the complexity. This is especially true if you plan to use VCHA which today requires two separate PSCs and an External Load Balancer. It is also good to know that there are tools being developed to allow customers to easily convert from External to Embedded as well as consolidate SSO Domains which will also help reduce the number of vCenter Servers that customers have to manage.
- SER2779BU - What's New in vCenter Server
- LHC3178BU - Operating a Hybrid Environment with Hybrid Linked Mode and Content Library
Lets now take a look at HLM -
- on-prem vCenter Server being Embedded is only a short term requirement, there are plans to also add HLM support for a vCenter Server using an External PSC. This also means in the future, you can potentially have 1:many relationship between a VMC instance and on-Prem SSO Domain since multiple vCenter Servers can be part of that single SSO Domain through the use of ELM. No timelines were provided, but the Product Manager did state that this was in the works
Given this is the first release of HLM, its roadmap is still pretty wide open. Feedback usage from our customers will help drive its future direction. If you have any feedback or feature requests, feel free to leave comment below and I will be sure to forward it to the HLM Product Manager. Lastly, I just want to re-iterate that its not ELM or HLM, but rather each has its own specific use cases. It is also important to note that both can co-exists as mentioned earlier and it will definitely be interesting to see how both of these capabilities evolve in the future.
- LHC1547BU - Creating Your VMware Cloud on AWS Data Center: VMware Cloud on AWS Fun
- LHC3178BU - Operating a Hybrid Environment with Hybrid Linked Mode and Content Library
I would hope VMware is really making External SSO support a priority. We are in the middle of a cross-vCenter NSX deployment specifically to be able to consolidate datacenters, and then move workloads to AWS. I have to hope that down the road when we are ready for migrations to AWS, this issue will be solved.
Wee Kiong Tan (@tanwk3) says
HLM to support both on prem vC 6.5 and 6.7 for customer with different hardware and vSphere setup.