This article describes what the user needs to prepare for before implementing vCenter Enhanced Linked Mode.

vCenter Server 8.x

Q1. What are the requirements or prerequisites for enabling Enhanced Linked Mode (ELM)?

A1.

1. All vCenter Servers must belong to the same SSO domain.

2. All vCenter Servers must have network connectivity with each other, and FQDNs must be mutually resolvable.

3. All vCenter Servers must have synchronized time (NTP).

4. A standalone vCenter can also be repointed to a new SSO domain using CLI commands. ELM is supported across all currently supported vCenter versions, as long as the versions and build numbers match exactly.

Q2. What should be considered when using ELM?

A2.

1. After ELM configuration, it is recommended to periodically take offline snapshots or file-based backups of all vCenter Servers participating in ELM.

   • For example, after any configuration changes in vCenter, create an offline snapshot or file-based backup. This ensures quick rollback in case of issues.

2. When updating credentials for the STS certificate, locate the primary (central) vCenter Server, power off all secondary nodes, update the STS certificate on the primary node, and then power on the secondary nodes to synchronize the credentials.

   • Other credentials can be refreshed independently without specific requirements.

3. For vCenter Server upgrades, there are no strict sequence requirements — you can upgrade each vCenter individually.

4. The Active Directory (AD) domain and SSO domain are two independent systems. To allow an AD domain account to manage multiple vCenter Servers, simply assign the required permissions individually on each vCenter.

5. For ELM topology details, refer to the Broadcom KB: https://knowledge.broadcom.com/external/article/312682/ (see the Resolution section).

Q3. What is the difference between the Primary (Central) vCenter and the Secondary vCenters in an ELM environment?

A3.
The distinction lies in the STS (Security Token Service) certificate.
In an ELM topology, the vCenter that provides the STS certificate is considered the primary (central) node, while the others are secondary nodes.

Typically, ELM uses a star topology, with one central vCenter Server and multiple secondary vCenter Servers connected to it.

Q4. The recommendation says to regularly take offline snapshots or file-based backups of all vCenter Servers after ELM setup. What kind of issues does this refer to? Are there any real cases?

A4.
After ELM is configured, if one of the vCenter Servers encounters a problem, you must take offline snapshots of all vCenters in the ELM environment before starting troubleshooting.

While ELM enhances centralized management of connected vCenters, it also increases troubleshooting complexity.
For example, in one real case, a customer had nine vCenter Servers linked via ELM. When one vCenter became disconnected, we had to take offline snapshots of all nine vCenters before performing any recovery steps.
Because ELM environments are complex, any incorrect operation could cause irreversible issues, so snapshots are essential for quick rollback.

However, taking snapshots for multiple vCenters can be time-consuming, as each needs to be powered off, and powering off/on increases downtime and investigation time. Additionally, the initial remediation might not always work, requiring further investigation.

Recommendation:
If possible, regularly perform file-based backups of all vCenters in ELM at the same time.
Also, take periodic offline snapshots and remove outdated snapshots to ensure storage efficiency and system reliability.