Objective 1.2 Topics:
Deploy vCenter Core Components According to a Deployment Plan
- Deploy and Configure a Platform Services Controller (PSC)
- Determine Use Case for Embedded vs. External (PSC)
- Re-Point a vCenter Service Appliance to another External PSC
Deploy vCenter Core Components according to a deployment plan
Deploy and Configure a Platform Services Controller (PSC):
In the VCP6 study guide we deployed just a single standalone vCenter appliance with an embedded PSC. In this objective, we’ll deploy a 2nd PSC but this one will be an external PSC. Once that’s complete, we’ll need to re-point our vCenter appliance to the new PSC.
Let’s get started…
But first! Make sure you have a forward and reverse lookup record for the external PSC that’s about to be created. This is very important so don’t forget to do that.
Mount the VCSA ISO, and open the html file to get started…
Install
Let’s connect to our existing vCenter Server
Select the Datacenter we want to place the PSC in
Select the host we want to place the PSC on. I only have 1 in this datacenter.
Name the appliance and enter a password
Select the deployment type. We’re doing an external PSC only so we’ll select that.
We’re going to join the existing SSO domain.
Join an existing site
Select the datastore for the PSC to reside on
Configure the network IP settings and be sure to set up the NTP servers correctly.
Click finish a few times and we’re off and running the installation.
Newly created PSC booting…
And we’ve successfully deployed an external PSC.
Now that the PSC is running we need to finish up a few other items to make use of it.
Re-Point a vCenter Server Appliance to another External PSC
For a Windows deployment these instructions will not work, since I’m using the unix version of the vCenter appliance.
Let’s access the shell (ssh) of the vCenter server.
Let’s run a few commands to re-point the vCenter Server.
cmsso-util reconfigure –repoint-psc [new_psc_fqnd] –username [your_username] –domain-name vsphere.local –passwd [password]
Note – the hostname in the FQDN on the PSC is case sensitive. If the DNS name is ALL CAPS then use all caps, if not then use lowercase letters. If the case is not consistant then the re-point will fail with the following error.
Once the command runs successfully, eventually (a few minutes) we’ll see the following.
Now that we’ve successfully re-pointed vCenter to an external PSC. We might experience a few problems. I’ve had this happen twice in 2 different deployments.
Performance graphics stop working with the following error:
This issue occurs when the VMware Performance Chart Service of vCenter Server attempts to connect to the decommissioned Embedded PSC’s Secure Token Service (STS) to perform a SAML exchange.
If we follow VMware’s KB 2131327 we can fix this.
Connect to the external PSC via the shell (ssh).
Run the following command to enter the scripts directory:
cd /usr/lib/vmidentity/tools/scripts
Then run the following command:
./lstool.py list –ep-type com.vmware.cis.cs.identity.sso –no-check-cert –url https://External_PSC_FQDN/lookupservice/sdk 2> /dev/null
We should see both PSC’s the external and embedded.
External
Embedded
Now we need to un-register the old STS service registration:
Enter the following command and input the Service ID of the embedded PSC and the password for the administrator account.
./lstool.py unregister –user “Administrator@vsphere.local” –password “administrator password” –id <Embedded PSC Service ID From above> –no-check-cert –url https://External_PSC_FQDN/lookupservice/sdk
Once done, you should be given output showing the new client created and the old disposed of.
Client was created successfully
Client was disposed successfully
Now we need to restart the Performance Chart Service on the vCenter Server.
Console/ssh into the vCenter Server and issue the following commands to restart the service:
Let’s go see if the performance charts are giving us any data.
Looks like we’re back in business.
Determine Use Case for Embedded vs. External PSC
There are two basic topology’s we can use when deploying vSphere 6.0
- vCenter Server with an embedded Platform Services Controller. This option installs all the services on the same virtual/physical server as the vCenter Server.
Use case: Ideal for small environments, simple and reduced resource utilization.
2. vCenter with an External Platform Services Controller. This option installs the Platform Services Controller on a separate system from vCenter. If this deployment is chosen, the PSC needs to be installed first, since vCenter requires a PSC.
Use case: Ideal for larger environments, where there might be multiple vCenter servers, but want a single management point for the site.
Enhanced Linked Mode with no High Availability
Components: 1 external PSC, 2 vCenters on the same domain.
Benefits of Enhanced Linked Mode w/ no HA:
- Fewer resources consumed by combined services
- More vCenter Servers are allowed
- Single management of the environment
Disadvantages of Enhanced Linked Mode w/ no HA:
- Network connectivity loss between vCenter and the PSC can use outages of service (such as authentication)
- Additional Windows licenses if using a Windows based vCenter
- More VM’s to manage
- If the PSC fails/goes offline then both vCenter are affected
Enhanced Linked Mode with an External Platform Services Controller with High Availability
Components: 2 PSCs, 2+ vCenter Servers, Load balancer.
Benefits of Enhanced Linked Mode w/ HA:
- Fewer resources are consumed
- More vCenter Servers are allowed
- PSC configuration is highly available.
Disadvantages of Enhanced Linked Mode w/ HA:
- Additional Windows licenses if using a Windows based vCenter
- More VM’s to manage
Source/Credit:
Thanks to Jonathan McDonald for a well structured blog post on this topic. For more in-depth information on PSC topology’s visit his blog post.
vSphere Datacenter Design – vCenter Architecture Changes in vSphere 6.0.