Large Linked Mode Environments – Backup, Recovery, Operations

This post was originally published on this site

Its looking like I need to break up our centralised, multi-tenant vCenter model up into a individual vCenters per tenant, pretty much because of the limitations of NSX – ie not able to scope access for distributed firewall admins to ‘per tenant’ ESX hosts (I want to prevent a tenant from pushing firewall rules to other tenant’s esxi nodes).



Splitting up the vcenters I’m fine with – in many ways it’d make my life simpler.  But I’m getting pressure internally to consider deploying all of them into a single SSO domain – and given my recent (bad) vCenter upgrade experiences, and the rollback / DR prep you need to do in order to recover from a failed upgrade when using linked mode, it fills me with dread.



I guess you’re all aware – the only supported rollback method (outside of recovering from file based vcsa backups) is to:

– Power down ALL vcenters in the SSO domain (or at least stop services on all)

– Snap, power back up.



This makes sense, because it allows for a clean recovery point across the domain, avoiding the obvious issues you’ll run into re: PSC replication.  But, it’s pretty inconvenient.  If you have a failed upgrade on one vcenter, be prepared to roll them all back.



The potential scenario I’m looking at is a 9 x VCSA, single SSO deployment.  (3 x tenants, 3  datacenters).  To me, this spells bad news.  Yes, I want centralised auth, I want global object searching….but I don’t think I have enough confidence in VMware’s directory service, nor do I think there’s enough expertise out there to support this appropriately.



Interested to know if anyone here has a large linked mode environment and how this impacts routine patching an upgrades?  It’s crazy right?  Someone convince me otherwise!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.