Enhanced Linked Mode Replication on vSphere 6.x and 7.x

 
Laraib Kazi

A platform services controller, or a PSC (which can be an external appliance, or embedded into VC) handles vSphere single sign-on (SSO), licensing, tagging, global permissions, custom roles, and certificate management. More Info: 

https://blogs.vmware.com/vsphere/2017/10/platform-services-controller-psc-6-x-faq-now-available.html

We often read about PSCs replicating between each other, but more often than not, it is unclear WHAT exactly is being replicated between the PSCs. When you deploy multiple PSCs (or vCenters with embedded PSCs) in the same SSO domain, the PSCs will be replicating VMDIR data with each other, depending on how replication is configured.

Based on VMware documentation available here: 

 https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-FE4E0496-A14C-4331-A7D6-1200F7C068A5.html

VMDIR data includes: authentication, certificate, lookup, and license information. If your domain contains more than one Platform Services Controller instance, an update of VMDIR content in one VMDIR instance is propagated to all other instances of VMDIR (i.e the other PSCs or embedded VCs).

In this example, we are using 3x 6.7 PSCs, all part of the same "vsphere.local" domain. 

 PSC1 in Site1: 10.0.100.191
 PSC2 in Site2: 10.0.100.192
 PSC3 in Site3: 10.0.100.193

We have replication agreements setup in a ring topology

We can check the replication partners for each PSC using the following command: 

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w Administrator_Password

To check the actual replication status, we can run the following command: 

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w Administrator_Password

Reference: https://kb.vmware.com/s/article/2127057

Here we can see that both the replication partners are 0 changes behind, and their changes match. Keep in mind that the two different replication partners can have different change numbers from each other, and as long as they are 0 changes behind – everything is working fine.

We can see this replication in action using the vmdird-syslog.log located in 

/var/log/vmware/vmdird/

Usually, we see a replication cycle every 30 seconds, but this can be delayed if no changes have occurred that are required to be pushed.

The VMDIR Database (which stores ALL this VMDIR information) is located in /storage/db/vmware-vmdir as "data.mdb"

Categories:

Author:

Laraib Kazi

Laraib Kazi is an expert in Virtualization and is multi-year VMware Certified Implementation Expert and vExpert.

VCIX-DCV_2023

vExpert_2023

Featured Articles:

Recent Articles:

RSS Feed

Youtube Channel

Sitemap

Copyright 2024 - SpinOneUp