Original blog posted on November 3rd, 2020.
Want a simpler way to manage all vCenter Servers within your Software-Defined Data Center (SDDC)? It’s now possible thanks to a new feature called vCenter Linking for SDDC Groups, which automatically configures new SDDCs for secure connectivity.
Back in September, the VMware Transit Connect (vTGW) on VMware Cloud on AWS (VMConAWS) feature was released and provides users a simplified way of connecting AWS VPCs, AWS Direct Connect Gateways and customer on-premises datacenter from a networking connectivity standpoint. As part of this feature, a new logical construct called an SDDC Group was created which allows customers to easily apply common networking connectivity policies across a number of SDDCs versus having to manage them separately which can quickly get complex from an operational point of view.
The SDDC Group not only simplified the initial setup, but it also simplifies Day 2 Operations when new SDDCs are provisioned and added to the SDDC group. The networking policies that have been configured at the SDDC Group will automatically apply to all new SDDCs which makes this a really slick solution. As SDDCs are removed from the SDDC Group, the related configurations are automatically un-provisioning and detached from the respective networking resources.
Simplified network connectivity using an SDDC Group was just the beginning! Today, the VMware Cloud team has released a new feature built on top of the SDDC Groups construct called vCenter Linking for SDDC Groups. Just as the name implies, customers can now easily “Link” multiple vCenter Servers within an SDDC Group enabling a single view of all vCenter Servers using any one of the vSphere UIs within the SDDC. For those familiar with Enhanced Linked Mode (ELM), this is basically that but for SDDCs running in the Cloud!
The workflow could not have been simpler and last week I got try it out and was quite impressed! Under the hood, this leverages the vCenter Convergence capability and when enabling vCenter Linking, the service automatically handles all those details including the necessary NSX-T firewall rules that need to be configured across ALL SDDC to allow for secured connectivity. Just imagined having to do this each time a new SDDC is added or remove, you need to manually go to all SDDC and update or create new firewall rules!? This is all hidden away from the user and by simply associating SDDCs in the SDDC Group, the configurations are applied automatically for you.
One question that I did have while trying out this new feature was how does this work with existing features such as Hybrid Linked Mode (HLM) and ELM?
In short, vCenter Linking for SDDC Groups (we need a shorter name … maybe Cloud Linking Mode :P) works with both HLM and ELM. To help illustrate how these three features work together, take a look at my diagram below:
- ELM links multiple on-premises vCenter Servers together and using any one of the vSphere UIs from those vCenter Servers, you have a single UI inventory view
- When using HLM, users are now logging into the vCenter Cloud Gateway UI and that provides a UI linked view between all ELM vCenter Servers along with the specific VMConAWS SDDC, as ELM is a 1:1 mapping from an ELM group
- When using the new vCenter Linking for SDDC Groups or what I am calling CLM in-conjunction with HLM, you will not be able to see the on-premises vCenter Servers within ELM
In talking to Product team, the north star is to eventually allow customers to login from either an SDDC in the Cloud or from their on-premises vCenter Server using the vCenter Cloud Gateway and be able get a complete view of all vCenter Servers in a true Hybrid fashion. I am also looking forward to when this becomes more than just a UI-only view but enable customers to start performing Automation that could be federated across the SDDCs from a single endpoint. Lots of really cool possibilities with SDDC Groups and a huge congrats to the team on releasing this new capability for our VMConAWS customers!
