vCenter Server 6 Deployment Topologies and High Availability

vCenter Server 6 has some fundamental architectural changes compared to vCenter Server Server 5.5. The multitude of components that existed in vCenter Server 5.x has been consolidated in vCenter Server 6 to have only two components vCenter Management Server and Platform Services Controller, formerly vCenter Server Single Sign-On.

The Platform Services Controller (PSC) provides a set of common infrastructure services encompassing

• Single Sign-On (SSO)
• Licensing
• Certificate Authority

The vCenter Management Server consolidates all the other components such as Inventory Service & Web Client services along with its traditional management components. The vCenter Server components can be typically deployed in with either embedded or external PSC. Care should be taken to understand the critical differences between the two deployment models. Once deployed one cannot move from one mode to another in this version.

Deployment Models:

vCenter Server with Embedded PSC:

The embedded PSC is meant for standalone sites where vCenter Server will be the only SSO integrated solution. In this case a replication to another PSC is not necessary.

• Sufficient for most environments. Easiest to deploy and maintain
• Aimed at minimizing fault domains. Use in conjunction with only one of VMware Product or Solution.
• Multiple standalone instances supported
• Replication between embedded instances not supported
• Supports Windows & Appliance

Figure 1: Embedded mode vCenter Server 6

vCenter Server with External PSC:

In this configuration the PSC is external to the vCenter Server. This configuration allows multiple  vCenter Servers to link to a PSC.

• Recommend this if deploying/growing to multiple vCenter Server instances that need to be linked
• Reduces footprint by sharing Platform Services Controller across several vCenter Servers
• Deploy more than one PSC to provide resilience within the environment
• Supports Windows & Appliance

Figure 2: vCenter Server 6 with External PSC

Options available for vCenter Server failure protection:

Backup (VDP / Third Party VADP):

vCenter Server deployed in embedded mode can be backed up with VDP or third party backup software that leverage VADP. Currently there is no simple mechanism available to backup the PSC when is external to the vCenter Server. Multiple instances of PSC should be leveraged to protect against an individual external PSC failure.

VMware HA

Majority of the customers have virtualized their vCenter server and leverage VMware HA to protect against Hardware failure.  VMware HA can also protect against guest OS failure through the use of heartbeat and watchdog services.

Third Party Solutions that layer on top of VMware HA:

Third party solutions like Symantec ApplicationHA layer on top of VMware HA and can also monitor and restart vCenter services in the event of any failure. Using a solution like Symantec ApplicationHA, one can monitor all of the  components of vCenter server. In the event it is unable to resolve issues by restarting services, it interacts VMware HA to reset the virtual machine. Symantec ApplicationHA has a specific agent for vCenter agent that helps monitor and protect all aspects of vCenter.

VMware SMP-FT

With the release of vSphere 6, SMP Fault tolerance is available for up to 4 vCPU. This can also protect against hardware failure, but is applicable only to vCenter Server instances that can fit within the 4 vCPU virtual machine size.  Any application failure is not protected by SMP-FT.

Database Clustering:

For vCenter servers backed by Microsoft SQL databases, SQL clustering can be leveraged to provide reduced downtime for unplanned events and for OS patching.

Platform Service Controller

Multiple External PSC instances can be used for a single site to service one or more vCenter servers. A load balancer is required to frontend the PSC instances. The PSC instances replicate state information between each other.

vCenter Server High Availability:

With vCenter Server 5.5 Update 3 and later, Windows Server Failover Cluster is supported as an option for providing vCenter Server availability. Two instances of vCenter Server are in a MSCS cluster, but only one instance is active at a time. VMware only supports 2 node clusters.

USE CASES FOR THIS SOLUTION:

• This solution helps reduce downtime for maintenance operations, such as patching or upgrades, on one node in the cluster without taking down the vCenter Server database.
• Another potential benefit of this approach is that MSCS uses a type of “shared-nothing” cluster architecture. The cluster does not involve concurrent disk accesses from multiple nodes. In other words, the cluster does not require a distributed lock manager. MSCS clusters typically include only two nodes and they use a shared SCSI connection between the nodes. Only one server needs the disks at any given time, so no concurrent data access occurs. This sharing minimizes the impact if a node fails.
• Unlike the vSphere HA cluster option, the MSCS option works only for Windows virtual machines and does not support the vCenter Server Appliance.
•  Before you can set up MSCS for vCenter Server availability, you must create a virtual machine with one of the following guest operating systems:
  • Windows 2008 SP2
  • Windows 2012 R2 Datacenter
  Additionally, you must add two RDM disks to this VM. These disks must be mounted and when they are added, you must create a separate SCSI controller with the bus sharing option set to physical. The RDM disks must also be independent and persistent.
  In this configuration all vCenter Server services can be protected individually. The backend Microsoft SQL database can also be protected separately with SQL Clustering.

Figure 3: Clustering based high availability for Windows based vCenter Server

Deployment Modes for vCenter Server:

Local vCenter Server & PSX High Availability:

• This model protects the platform service controller service by having multiple instances of PSC locally behind a load balancer. Failure of a PSC does not impact the usage of the infrastructure. The PSCs should also be separated from each other physically using anti-affinity rules. The PSCs replicate state information vCenter Server nodes are individually clustered with WSFC for HA. The  vCenter Servers interact with the PSCs through a load balancer.

Figure 4: Local vCenter and PSC high availability

Multiple Site vCenter Server and PSC basic Architecture:

In this configuration each site is independent with PSC replication between sites. The vCenter Server is aware of the site topologies and use the local PSC under normal circumstances. Customers are able to seamlessly move the vCenter Servers between PSCs when necessary. This topology allows for Enhanced Linked Mode (ELM) which is facilitated by the PSC. Enhanced Linked Mode provides for a single point of management for all vCenter Servers in the same vSphere domain. In vSphere 6 the Windows-based and Virtual Appliance-based vCenter Servers have the same operational maximums and can belong to the same linked mode configuration. The configuration replicates all license, global permissions, tags and roles across all sites.

Figure 5: Multi-site vCenter Server and PSC basic architecture

Multiple Site vCenter Server & PSC with High Availability Architecture:

Combining the high availability configuration in a local site with the multi site configuration. Each site is populated with at least two PSCs for high availability. vCenter Server nodes are individually clustered with WSFC for HA.

Figure 6: Multi-site vCenter Server and PSC high availability architecture

Reference - blogs.vmware.com

vSphere6.5 Deploy External PSC Controller

Installation Process

Downloaded the VMware vCenter Server Appliance here: v6.0, v6.5.

Mount the ISO on your computer. The VCSA 6.5 installer is compatible with Mac, Linux, and Windows. Browse to the corresponding directory for your operating system, e.g. \vcsa-ui-installer\win32. Right click Installer and select Run as administrator. As we are installing a new instance click Install.

On the welcome page click Next. Accept the license agreement and click Next.

For the deployment type we need to select Platform Services Controller under the External Platform Services Controller heading. Click Next.

Enter details of the vCenter or ESXi host where the appliance will be deployed, click Next.

Select a location for the virtual appliance and click Next.

Select the compute resource for the virtual appliance and click Next.

Enter a name for the virtual appliance and configure the root password, click Next.

Select the storage to use and click Next.

Select the VM network to use and configure the network settings, click Next.

Review the deploy Platform Services Controller summary page and click Finish. The Platform Services Controller appliance will now be deployed.

In stage 2 we configure the new appliance, click Next.

Configure the NTP server(s) and click Next.

The SSO configuration page is where we determine if the PSC should be joined to an existing SSO domain or if you are creating a new SSO domain. Enter the SSO domain details and click Next.

Tick or untick the Customer Experience Improvement Program and click Next.

On the summary page click Finish and Ok. The PSC virtual appliance will now be configured.

Once complete we can access the Platform Services Controller in 2 different ways. For the appliance management portal browse to https://IP:5480 where IP is the IP or FQDN of the virtual appliance. Login with the root account.

Here we can configure settings specific to the virtual appliance, such as networking, SSH, syslog, etc.

To access the user interface browse to https://IP/psc where IP is the IP or FQDN of the virtual appliance. Login with the administrator@vsphere.local account created or defined in the installation wizard.

Here we can configure Platform Services Controller related settings, such as permissions, certificates, etc. To join the PSC to an Active Directory domain browse to Appliance Settings, and Manage. Under Active Directory click Join.

The Platform Services Controller has now been deployed and configured. Multiple PSC instances can be placed behind a load balancer to provide High Availability, as outlined in this KB.

vCenter Server Appliance (VCSA) 6.5 Deployment

VMware vCenter is a management software for your vSphere environment. It enables to manage from a single pane of glass all your VMware virtual infrastructure. Last month, VMware has released the vSphere 6.5 version which includes the vCenter. vCenter comes in two versions:

• A Software to be deployed on a Windows Server (physical or virtual)
• A virtual appliance that is based on Linux (vCenter Server Appliance: VCSA)

Since vSphere 6, the VCSA can manage more hosts and more VM and is more robust and scalable. With vSphere 6.5, the VCSA support the simplified native vCenter High Availability which is available only for the VCSA (not for Windows).

The below table introduces the Windows versus VCSA scalability (vSphere 6.0 information):

As you can see, there is no advantage anymore to use Windows vCenter. Moreover, with vSphere 6.5, the update manager is integrated to vCenter. You don’t need Windows for that anymore. The VCSA is free where you have to pay a license for the Windows vCenter. The only con of VCSA is that it is a black box.

In this topic, I’ll show you how to deploy a standalone VCSA 6.5 from a client computer.

Requirements

To deploy your VCSA 6.5 you need the following:

• A running ESXi host reachable from the network
• The ISO of VCSA 6.5 (you can download it from here)
• At least 4GB on your host and 20GB on a datastore

Step 1: Deploy the VCSA on an ESXi

Once you have downloaded the VCSA 6.5 ISO, you can run vcsa-ui-installer\win32\installer.exe

When you have run the installer, you can see that you have several options:

• Install: to run the VCSA installation (I choose this option)
• Upgrade: if you want to upgrade an existing VCSA to 6.5 version
• Migrate: to migrate a Windows vCenter Server to vCenter Server Appliance
• Restore: to recover the VCSA from a previous backup

In the next screen, the wizard explains you there is two steps to deploy the VCSA. In the first step, we will deploy the appliance and in the second one, we will configure it.

Next you have to accept license agreement and click on next.

Then choose the deployment model. You can select to embed the Platform Services Controller (PSC) with the vCenter Server. Or you can separate the role as explain in the below schema. PSC manages SSO, certificate stores, licensing service and so on. The second deployment model is recommended when you want share these services between multiple vCenter Server instances. For this example, I choose the first one and I click on next.

Then specify the ESXi or the vCenter Server where the appliance will be deployed. I specify a running ESXi, the management port and the root credential.

Next I specify the VM Name and the root password for the VCSA.

In the next screen, you can choose the appliance size. More the virtual infrastructure is huge, more the VCSA needs vCPU, RAM and storage.

Then choose a datastore where the VM will be deployed and click on next.

In the next screen, specify the network configuration of the VCSA. If you specify a FQDN in system name, be sure that the entry exists (with the right IP address) in the DNS server. Otherwise you will have an error message.

To run the appliance deployment, click on finish in the below screen.

While the deployment occurs, a progress bar will show you where you are in the deployment process.

If you connect to the ESXi from the web interface, you can see that the VM is well deployed.

When the deployment is completed, you should have the below screen.

Click on continue to process in the step 2.

Step 2: Configure the appliance

In the step 2, we will configure the appliance. In the first screen, just click on next.

Then, specify some NTP server to synchronize the time.

In the next screen, provide SSO information to manage your vSphere infrastructure.

Next you can accept to join the VMWare’s Customer Experience Improvement Program (CEIP) or not.

To finish, click on finish to run the configuration.

During the configuration, you should have a progress bar to inform you where you are in the process.

Once the configuration is finished, you should have the below screen.

You can now connect to the vSphere Web Client. The URL is indicated in the above screenshot.

Appliance monitoring

The VCSA provides an interface for the monitoring. You can connect from https://<SystemName>:5480. You can use root credential.

As you can see in the below screenshot, you can have the overall health status from this interface.

You can also monitor the CPU and memory of the appliance.

And you can also update the appliance from this interface.

Update Manager 

In vSphere 6.5, the Update Manager (VUM) is integrated in vCenter .