VMware Cloud on AWS VMware HCX

Enhanced Linked Mode (ELM) vs Hybrid Linked Mode (HLM)

Originally posted on virtuallyGhetto on September 25.

In the last few weeks I have seen a large number of inquiries from customers regarding the vCenter Enhanced Linked Mode (ELM) as it compares to the Hybrid Linked Mode (HLM) feature. Hopefully with this article, I can help clarify the differences between ELM and HLM and their respective use cases. I will also quickly touch upon some of the future thinkings for both of these features.

Disclaimer: Features are subject to change and must not be included in contracts, purchase orders or sales agreement of any kind.

Current
Lets start off by reviewing what we have today and explaining the differences between ELM and HLM.

vCenter Enhanced Linked Mode was first introduced in vSphere 6.0 and replaces the existing Linked Mode capability which was based on Microsoft ADAM technology. This was needed as VMware wanted to provide the Linked Mode capability for both Windows-based vCenter Server as well as the vCenter Server Appliance (VCSA). This is especially important since the VCSA is the future direction for VMware. In case you had not heard, the depreciation of Windows vCenter Server was announced right before VMworld US.

  • ELM provides customers with single administrative domain across multiple vCenter Servers within a single SSO Domain
  • A 2-way trust is established between vCenter Servers participating in an ELM and data is synced bi-directionally
  • Can only be configured during installation of vCenter Server, post-deployment is NOT supported
  • Requires an External Platform Services Controller (PSC) to be deployed, Embedded vCenter Server is NOT supported
  • ELM requires all vCenter Server versions to be same (6.0+), mixed-versions is NOT supported outside of a rolling upgrade
  • Users can login to ANY vCenter Server for single-pane of glass management (Flex and H5 Client supported)
  • Roles, Global Permissions, Licenses, Certificates, vSphere Tags and VM Storage Policies are automatically replicated across all vCenter Servers
  • Below is a diagram that outlines what an ELM configuration could look like:

    Hybrid Linked Mode (HLM) is a capability, announced at VMworld US, which is currently only available as part of the new VMware Cloud on AWS (VMC) offering. Although simliar in name, HLM is a completely different implementation that differs in a number of ways and more importantly addresses a new challenge when dealing with hybrid cloud management. The primary benefit and driver for HLM is not so much a single-pane of glass as some might come to believe but rather providing an operational consistency between your on-prem and VMware Cloud on AWS infrastructure. Simply speaking, it provides customers a consistent experience whether you are dealing with on-prem or VMware Cloud on AWS from an operational and day to day usage.

  • HLM allows customers to link a single VMware Cloud on AWS instance to a single on-prem SSO Domain which contains a single vCenter Server while maintaining separate administrative domains (e.g. on-prem user is Administrator while VMware Cloud on AWS user maybe CloudAdmin only)
  • SSO Domains will be different between on-prem and VMware Cloud on AWS, however it is a 1:1 relationship
  • A 1-way trust is established where VMware Cloud on AWS trusts the on-prem vCenter Server and data is sync’ed uni-directionally from on-prem to VMware Cloud on AWS
  • Can be configured at any point in the on-prem vCenter Server lifecycle, no restrictions to initial install and can easily be un-linked unlike ELM
  • Requires the on-prem vCenter Server to be an Embedded deployment, External PSC is NOT supported
  • HLM supports different versions of vCenter Server between on-prem (6.5d+) and VMware Cloud on AWS, especially as VMware Cloud on AWS will almost always run a newer version of vSphere
  • Users MUST login to VMware Cloud on AWS vCenter Server for single-pane of glass management (H5 Client supported only), logging into on-prem vCenter Server will NOT show VMware Cloud on AWS vCenter Server
  • Roles are NOT replicated due to the restrictive access model in VMware Cloud on AWS
  • As mentioned earlier, all HLM configurations are only available when using the VMware Cloud on AWS’s H5 Client. Below is a screenshot of where to find the configurations which is located under Administration->Hybrid Cloud->Linked Domains

    Below is a diagram that outlines what two different HLM configurations could look like, notice that both the VMware Cloud on AWS and on-prem SDDCs all have different SSO Domains:

    Futures
    Hopefully the above gives you a nice summary break down between ELM and HLM and some of their key differences and constraints. Like with any new or existing technology, it can always be improved upon and feedback directly from our customers is a great way to help influence a feature and/or product. Lets now take a look at some of the changes being considered for both ELM and HLM:

    Lets start off with ELM –

  • One major constraint of ELM today is the requirement for an External PSC, which also means customers now have one additional VM to patch, upgrade and manage. Many customers would like to keep their vCenter Server designs simple. The primary driver for deploying an External PSC today is to enable ELM. At VMworld US, a Tech Preview was given on adding support for the Embedded VCSA and ELM which many folks were quite excited to hear
  • Although the updated news is great, what about customers who have already deployed an External PSC and wish to go back to Embedded VCSA? Well, the other update that was given which was marked as a “Roadmap” item is that a conversion tool would be made available in the future to help customers convert from an External PSC deployment back into an Embedded (similarly to what we have today going from Embedded to External). No timelines were given, but customers who chose to go with an External deployment to benefit from things like ELM will have a path back to an Embedded deployment in the future while maintaining features like ELM
  • Lastly, although not related to ELM, it was also announced that a tool was actively being developed to allow customers to consolidate SSO Domains which is currently not possible today. I suspect this will be a very welcome tool especially as many customers would like to reduce the number of vCenter Servers that they currently have to manage
  • Ultimately, our goal is to ensure that regardless of the VCSA deployment topology, that all features like VCHA, backup, etc. will be available and customers will not be forced into a specific deployment to access certain features. Longer term, it looks like there should not be any differences between deploying an Embedded VCSA vs one with an External PSC. If you wish to keep things simple, I would recommend sticking with the Embedded model as you will have all the capabilities that External PSC provides today without any of the complexity. This is especially true if you plan to use VCHA which today requires two separate PSCs and an External Load Balancer. It is also good to know that there are tools being developed to allow customers to easily convert from External to Embedded as well as consolidate SSO Domains which will also help reduce the number of vCenter Servers that customers have to manage.

    Reference:

    SER2779BU – What’s New in vCenter Server

    LHC3178BU – Operating a Hybrid Environment with Hybrid Linked Mode and Content Library

    Lets now take a look at HLM –

    on-prem vCenter Server being Embedded is only a short term requirement, there are plans to also add HLM support for a vCenter Server using an External PSC. This also means in the future, you can potentially have 1:many relationship between a VMware Cloud on AWS instance and on-Prem SSO Domain since multiple vCenter Servers can be part of that single SSO Domain through the use of ELM. No timelines were provided, but the Product Manager did state that this was in the works
    Given this is the first release of HLM, its roadmap is still pretty wide open. Feedback usage from our customers will help drive its future direction. If you have any feedback or feature requests, feel free to leave comment below and I will be sure to forward it to the HLM Product Manager. Lastly, I just want to re-iterate that its not ELM or HLM, but rather each has its own specific use cases. It is also important to note that both can co-exists as mentioned earlier and it will definitely be interesting to see how both of these capabilities evolve in the future.

    Reference:

    LHC1547BU – Creating Your VMware Cloud on AWS Data Center: VMware Cloud on AWS Fun

    LHC3178BU – Operating a Hybrid Environment with Hybrid Linked Mode and Content Library