Awaiting too long for this!!! vCenter HA – Part 2

As recap, in this series of blogs I would perform the deployment of vCenter HA with the topology of the most comprehensive protection. I would deploy the following configuration to have HA deployment for PSC 6.5 on a Load Balancer while vCenter HA will be enabled for the vCenter server.


So, I have gone through about ten steps while those are NOT made up by me but from VMware KB and VMware Guides (So it’s quite trust worthy). As the version 6.5 is still bit new, I could see some typo in the KB. But no worry, I will highlight the caution steps. As from the image above, left hand side is the high level architecture, there are 6 components in total and I realised those as 6 VM of the logical setup on the right hand side. I mainly followed the steps from

  1. VMware KB 2147018: To setup the NLB and PSC nodes, i.e. PSC01, 02 and NLB boxes
  2. VMware ESXi vCenter 6.5 Availability Guide: To setup the vCenter HA i.e. VC01, 02 and VC Witness boxes

So the 10 steps are performed are as following:

  1. Install the primary external Platform Services Controller node.
  2. Deploy the secondary SSO node as a replication partner to the primary Platform Service Controller node.
  3. Create a new machine SSL certificate. For more information, see:
    Configuring certificates for Platform Services Controller for High Availability in vSphere 6.5 (2147627)
  4. Configure the load balancer. For more information, see:
    Configuring Netscaler Load Balancer for use with vSphere Platform Services Controller (PSC) 6.5 (2147014)
  5. Verify the machine Certificate:
    vCenter Server Appliance – /usr/lib/vmware-vmafd/bin/vecs-cli entry list –store MACHINE_SSL_CERT –text
  6. Verify the Load Balancer is presenting the same certificate:
    vCenter Server Appliance – openssl s_client -connect SSOLB.vmware.local:443
  7. Run the configuration scripts on the Platform Service Controllers. For more information, see
    Configuring PSC Appliance for High Availability in vSphere 6.5 (2147384)
  8. Install the vCenter Server using the Load Balancer virtual IP for the Platform Service Controller when prompted.
  9. Configure vCenter HA With the Basic Option
  10. Verify the vCenter HA function

So let’s get started and deep dive in the steps!!! In this blog post, I will perform the step 1 and step 2. While a separate blog post will be written for Step 3-7 and another for Step 8-10.

Install the primary external Platform Services Controller node.

Trivial step, thanks for the improvement of the installer. Not matter windows based or Appliance based installation is so simple now. In this deployment, I use all Virtual Appliance for all the PSC nodes. So following is the installation wizard of the vCSA 6.5, you do NOT need to install any plug-in before running it (still remember the one for 6.0?). Thus, you can run it even on your Mac.


After choosing the “Install” on the first page, you will come to the Wizard for deploying the appliance. Here, it illustrates you that there are actually two Stages of deployment while the first step is to “Deploy Appliance” and the second stage is “Set up appliance”. We are at stage 1 and press next to continue.


We then need to accept the EULA and press next to continue


Next, we have to choose the deployment topology. While, we are deploying just the PSC, so choose the “External Platform Services Controller” and “Platform Services Controller” Option. Press Next to Continue.


Provide the ESXi information you would like to deploy your PSC appliance. I have three hosts in my environment and this is the minimum actually. Since VC01, VC02 and the witness servers have to be put on three different hosts by default.


Accept the SSL cert warning


Provide the VM network and password for the root user of the PSC Appliance


Choose the storage to put on. Usually I would put two PSC into two different datastore for better residency.


Provide the IP information and choose the correct port group


Review the information and press finish to proceed the Stage 1 deployment


Wait for the completion of task and proceed to the Stage 2 by hitting continue


In the Stage 2 of the deployment, we will setup the PSC appliance. Press Next to proceed the setup.


DO use NTP server for syncing the time for the PSC server. But as I don’t have a NTP server, I choose to sync it with the ESXi host which could more possibly causing time drift between your machines.


I like to enable the SSH access for all the nodes. *DO remember this is mandatory for the vCenter Nodes you going to deploy bit later in step 8.


As usually, provide the SSO domain information and press next to proceed.


Configure the CEIP, and press Next to continue


Confirm the setting and hit Finish to start the Stage 2 setup


As in stage 2, we are NOT just deploying an OVA as stage 1. Lot more configuration and packages works are kicked start in this step, so Wizard would prompt you NOT to interrupt it.


Wait for the completion and click Close


Log into the PSC to confirm the SSO admin page is shown and everything is working


Great! Step 1 is DONE!!! Proceed to Step 2…

Deploy the secondary SSO node as a replication partner to the primary Platform Service Controller node.

We have to run the installer wizard again for deploying another PSC appliance in the environment



Basically, we did same  procedures for the Stage 1 deployment. But we do have some different in Stage 2 for joining this newly deployed PSC into the Existing PSC which we deployed in Stage 1.


Accept the EULA and press Next to Continue


As said, since we are using external PSC, choose the “External Platform Services Controller” and “Platform Services Controller”. Press Next to proceed the setup.


Although you can use the same host for deploy the second PSC, I choose another hosts for better resiliency. Remember that you still have to configure the DRS affinity rule to separate the PSC servers after the vCenter is being setup later.


Accept the cert warning and proceed


Provide the VM name again and define the Root Password for the PSC appliance


Choose a separate Datastore for 2nd PSC such that 1st and 2nd PSC are running on different storage to provide a better resiliency level.


Provide the FQDN, network information for the 2nd PSC


Confirm the input and click finish to proceed the Stage 1 deployment


Wait for the completion of PSC deployment and click “Continue” to proceed the Stage 2 setup for the 2nd PSC Server


Press Next to kick start the Stage 2 deployment of the 2nd PSC


Configure the Time Sync Setting and Enable the SSH access again. (Same like the 1st PSC)


Choose “Join an existing SSO domain” in this step, input the information of the Existing PSC server and press next to continue the setup


Choose “Join an existing site”, as the diagram shown in the wizard, this option refers to a High Availability Setup. If you are doing a cross site setup, you would need to choose “Create a new site” instead (we are not doing this).


Choose Join or not Join the CEIP and click Next to proceed the setup


Confirm the configuration and press Finish to proceed the Setup


Again, the wizard will warn you not to interrupt the setup. Click OK to proceed


Wait for the completion of deployment


DONE!!! You have finished the Step 1 and Step 2 of the setup. Please refer to the Next blog for the Step 3-7 setup which focus in the HA configuration of the deployed PSC severs.

Awaiting too long for this!!! vCenter HA – Part 1
Awaiting too long for this!!! vCenter HA – Part 3

Leave a Reply

Your email address will not be published / Required fields are marked *