Please enable Javascript for better experience...
VMC on AWS - Hybrid Linked Mode(HLM) Concept in VMware Cloud on AWS
By Pranay Jha | Sep 23, 2020 | In Articles | Update: Sep 23, 2020 | Total Views [ 510 ]
(0 Like)

If you have two datacenters, one in on-premises and another in Cloud, SSO domain needs trust between both domains to establish communication. And if you want to manage SSO domain for both, then Hybrid Linked Mode provides the ability to manage both SSO with flexible options. We need to create HLM between both sites. Let’s suppose that you want to remove on-premises or Cloud SDDC separately, then you can easily remove and add as per your requirement. They do not become dependent on each other. You can tear down the HLM without making huge changes. HLM is a flexible solution that allows us to jointly manage SSO Domains for both the datacenter includes On-Premises and VMware Cloud on AWS.

  • It provides one-way trust between on-premises to VMC on AWS.
  • It gives us option to link and unlink the datacenter whenever needed.
  • It also maintains separation between both the datacenter permissions. Means, if you unlink one datacenter then there is no impact on second datacenter.
  • Once HLM is configured, you can migrate on-premises workload to VMware Cloud on AWS.
  • Migration works both ways and workloads can be migrated back from VMC on AWS to On-Premises.
  • Supports both embedded and external PSC.
  • Management of each environment is done by logging in the VMware Cloud on AWS vSphere client using an on-premises account.
  • You can manage inventory of all vCenter including on-premises and Cloud SDDC using same VMC on AWS console.
  • You can migrate the data between on-premises to Cloud SDDC.

Important Points about HLM:

If you want to use HLM with VMware Cloud on AWS, then you must need to configure on-premises vCenter to enable SSO.

If you are connecting an on-premises vCenter to HLM, and if you on-premises vCenter has multiple vCenter linked using Enhanced Linked Mode, then all linked vCenter servers will be linked to VMware Cloud on AWS as well.

Options for Configuring HLM

  1. Configuring Hybrid Linked Mode using the vCenter Cloud Gateway Appliance
  2. Configuring Hybrid Linked Mode from the Cloud SDDC

Linking HLM using Cloud Gateway Appliance vs Cloud SDDC

Prerequisite for Configuring HLM


S. No


Common Prerequisites for both linking from the Cloud Gateway Appliance and from the cloud SDDC


Connection between On Prem and Cloud SDDC
- Use Direct Connect, or
- Use VPN


vCenter FQDN must resolve to a private IP address


On-Prem and Cloud SDDC must be synchronized to an NTP service


Maximum latency between On-Prem and Cloud SDDC should not be more than 100 msec roundtrip


Decide for Cloud Administrator user for On-Prem environment

Prerequisites for Linking with Cloud Gateway Appliance (Option 1)


On-premises environment should be running vSphere 6.5 patch d or later.


Cloud Gateway Appliance and vCenter Server should reach each other over your network.


Ports should be opened as per below figure.


8 CPUs, 24 GB Memory, 190 GB Storage

Prerequisites for Linking from the Cloud SDDC (Option 2)


On-Premises vCenter server should be;
- vSphere 6.0 Update 3 patch c and later, or
- vSphere 6.5 patch d and later.


SSO domain for On-Premises vSphere


Minimum of read-only access to the Base DN


Ports should be opened as per below figure.


On-premises DNS should be configured


Connectivity Validator tests to check that network connectivity

Configure a Connection between On-Premises and Cloud SDDC

Enhanced Linked Mode (ELM) vs Hybrid Linked Mode (HLM)



Two Way Trust

One Way Trust

Only support with External PSC

Supports with External and Embedded PSC

Can only be configured during Installation, Post installation do not support

Can Link/Unlink any time.

Once you are connected to vCenter server, you can login to one vCenter and can see all vCenter in single console. In fact, you may take required tasks from the same console.

You must login to VMC on AWS console to see on prem and Cloud SDDC

Support multiple vCenter together by using one or more PSC.

SSO can be different in On Prem and Cloud SDDC

It replicates all roles, tags, permissions, policies, and licenses.

Supports round-trip workload mobility via cold migration


Can be configured at any point of time


Roles, permission do not replicate

Thanks for visiting here. Share this article if you found it useful.
Like Facebook Page
Connect to twitter
Subscribe my Channel
Connect over Linkedin
Share this on Social Media

About the Author

Pranay Jha
Pranay Jha
Founder, Contributer

Public profile: user/profile/99900000

Follow me

facebook linkedin twitter G+ VMTN youtube

Thank you for visiting my profile. I am Pranay Jha, bring along a total of 11+ years of extensive experience with me in Information Technology sector for organizations from small business to large enterprises, wherein my current assignment I am associated with IBM as a Technical Solution Architect for Virtualization platform. I am vExpert x 3 (16/17/18), VCIX-DCV, VCAP5/6-DCD, VCAP5-DCA, VCP7-CMA, VCP5/6-DCV, VCA-DCV, VCA-Cloud, VSP, VCE-CIA, MCITP, MCSE, MCSA(Messaging). I am also an Independent blogger and founder of and I can be reached via email at or Direct Message via Contact Us form.

Please SignUp/Login to comment...

Or comment as anonymous...
* Name
* Email ID
Facebook Likes