Most vSphere administrators are familiar with using VM templates. However, if your business relies heavily on templates for versioning, you will encounter the operational overhead of managing these templates and documenting any changes made to them. vSphere Content Libary aims to reduce the operational overhead of managing different versions of VM templates by using linked clones.
Think of Content Libary as a centralized repository for storing reusable vSphere objects such as templates, OVFs, and other files such as ISOs and automation scripts. Using a Content library reduces the need to maintain duplicate copies of the identical template/OVF/ISOs at multiple locations (vCenters).
In most large vSphere environments, there are multiple vCenters. It is possible to miss copying a newly approved template for VM provisioning to one of the vCenters. This can lead to VMs deployed from an older template and mostly go unnoticed until you encounter a related issue.
However, if you use vSphere Content Library, you can avoid this issue. Content Library is a central repository where you only need to update the template once. This helps maintain consistent VM image baselines even if spread across multiple vCenter servers.
There are two types of content libraries - Local and Subscribed.
A Content Library, by default, is local to the vCenter on which it is created. If a local library is published, other vCenters can subscribe to its contents, hence the name "Subscribed " library.
It is important to note that the subscriber can not republish a Subscribed library.
The libraries that subscribe to a published library are often called Subscribers.
A few operational differences exist when sharing VM templates and other files using a Content Library. We will review the difference in the next section.
For content libraries to be fully functional, the publishing and subscribing libraries should be from vCenters in a linked mode configuration (enhanced or hybrid).
VM templates vs OVF/OVA in a Content Library
For starters, VM templates and OVFs are treated differently in a Content Library. VM templates stored in a library are associated with an ESXi host. Therefore, they show up in the vCenter inventory like other templates. Unlike VM templates, OVF templates do not maintain host associations, are stored independently, and do not appear in the vCenter inventory. This is an important distinction as this affects how templates and OVF are shared with other subscriber libraries.
Support for VM templates in Content Library was added starting vSphere 7
When subscribing to a published library, OVFs and other files are synchronized periodically to the subscribing library. However, you will need an active subscription configured for the subscriber on the published library to synchronize VM templates. Read 'Subscribed vs. Subscriptions.' More importantly, you cannot set up a subscription unless the publishing and subscribing libraries belong to vCenters in a linked-mode configuration.
Let's take a look at publishing an already-created Local library. Select Content Libraries from vCenter's burger menu, select the content library from the list, and go to Actions | Edit Settings and Enable Publishing. The subscriber will use the subscription URL generated to subscribe to the contents in this library.
Since the vCenters are in a linked-mode configuration, content libraries from participating vCenters appear in the same list. However, vCenter warns you but doesn't stop you from creating a library (local/subscribed) with a duplicate name. It is recommended to choose a different name to avoid confusion.
When subscribing to a remote library, you will supply a Subscription URL corresponding to the remote library. Remember, a subscription URL is only available if publishing is enabled on the remote library.
Securing Access to Content Libraries
Anyone with a subscription URL can fetch data from a published content library. Hence, VMware allows enabling password authentication when creating the library or by editing its settings after creating it.
Subscribed Libraries vs Subscriptions
As mentioned earlier, enabling publishing alone should be sufficient to sync OVFs and other files from a published library; however, the publisher must create a subscription to sync VM templates. A subscribed library is a library that syncs data from a published remote library. On the other hand, a subscription is a method to enable syncing VM templates to subscriber libraries. Subscriptions can only be created on published libraries.
For example, the "Lab-B Subscriber" library subscribes to the contents of the "Lab-A Library"; however, only OVF and other files are synchronized by default. If you were to sync VM Templates, you must create a subscription on the published library for the target subscriber libraries.
Once created, you can do a "Publish" to push all the template data in the library to all its subscribers.
Like with OVFs, you can also initiate a sync from a subscriber library to fetch template data.
Data Sync between Libraries
The data-sync method between Content Library would depend on the type of linked-mode configuration the vCenters are in and the underlying storage configuration. vCenters in an Enhanced Linked Mode configuration will employ VAAI if the underlying storage system is shared or NFC if that is not the case. vCenters in a hybrid-linked mode configuration will use HTTPS to transfer data.
If necessary, the data synchronization between published/subscribed libraries can be fine-tuned using the Advanced Configuration for Content Libraries. This may be necessary as synchronizing templates and OVFs can consume network bandwidth between vCenter locations. In other words, tweaking these settings may only be necessary if your underlying infrastructure calls for it.
The Advanced Configuration can be accessed from the Content Libraries page. It is important to note that the advanced configuration is local to each vCenter. In other words, the published libraries manage the sync frequency and the performance optimizations, including the time of the day the syncs should occur, the maximum number of items during each sync, etc.
Although content libraries are periodically synchronized (default - 4 hrs), you still have the option to initiate an ad-hoc sync from the vCenter UI.
Content Library maximums can be found at https://configmax.esp.vmware.com/home under the vCenter Server category.
In a future post, I will cover how to manage and version VM templates using Content Libraries. Content Libraries are also used by other solutions such as vSphere Tanzu to store packages.