Understanding the Multi-Center Feature

This topic covers the vGW Series Multi-Center feature that synchronizes policy across vGW Security Design VM management centers to enable large scale virtualization. The Multi-Center feature is useful for large-scale virtualized environment deployments spread across many vCenters.

This section includes the following sections:

The Multi-Center Feature

For various reasons–such as geographic separation of data centers, scaling requirements, and use of different administrative domains–some companies who deploy the vGW Series must use more than one VMware vCenter to manage their environments. These companies want to use the same or similar vGW Security Design VM configuration for all of their data centers, as if they were rolling out a single deployment. Manually configuring separate vGW Security Design VMs at various locations with the same information consumes time, and it is cumbersome and error prone.

To accommodate companies with these requirements and companies that want to scale their environments for other reasons, the vGW Series includes a feature called Multi-Center. The Multi-Center feature allows you to designate a single vGW Security Design VM connected to a vCenter at one location as the master.

Following the database replication model, configuration is done at master vGW Security Design VM. It can be synchronized all or in part to one or more delegate vGW Security Design VM centers, each of which is connected to an individual vCenter. Configuration of global objects at the master vGW Security Design VM is propagated to the delegate vGW Security Design VMs centers automatically, based on objects selected when the administrator of the master vGW Security Design VM creates a Multi-Center definition for the delegate center.

Figure 121 shows a master center and a delegate center. Objects at the master center are synchronized to the delegate center.

Figure 121: vGW Series Multi-Center

vGW Series Multi-Center

Deploying vGW Series in an Environment With a Mix of Delegate and Stand-alone vGW Security Design VMs in Various vCenters

The vGW Security Design VM Multi-Center feature can be in whatever configuration your environment requires. You might design your virtualized environment to include some vGW Security Design VMs that belong to a configuration that uses the Multi-Center feature and some that do not. You might want one vGW Security Design VM to manage resources at a specific vCenter and let it have an entirely unique configuration. You might want others at different vCenters to use largely the same configuration.

For example, an organization’s virtualized environment might include six data centers of various sizes, each of which is connected to an individual vCenter. The administrator uses the same overall configuration for five of the data centers but not for the sixth one. The Multi-Center feature suits this environment well also in that it can secure the five data centers in the same way, but the administrator of the vCenter environment with different security requirements could define his own policies and other security protection independently.

Related Documentation