Configuring vCenter 6.

5 High Availability

The vCenter HA architecture is made up of the components in the vSphere image

below. The vCenter Server Appliance is cloned out to create passive and witness nodes.
Updated data is replicated between the active and passive nodes. In the event of an
outage to the active vCenter the passive vCenter automatically assumes the active role
and identity. Management connections still route to the same IP address and FQDN,
however they have now failed over to the replica node. When the outage is resolved
and the vCenter that failed comes back online; it then takes on the role of the passive
node, and receives replication data from the active vCenter Server.

Requirements

 vCenter HA was introduced with the vCenter Server Appliance 6.5

 The vCenter deployment size should be at least small, and therefore 4 vCPU 16
GB RAM
 A minimum of three hosts
 The hosts should be running at least ESXi 5.5
 The management network should be configured with a static IP address and
reachable FQDN
 SSH should be enabled on the VCSA
 A port group for the HA network is required on each ESXi host
 The HA network must be on a different subnet to the management network
  Network latency between the nodes must be less than 10ms
 vCenter HA is compatible with both embedded deployment model and external
PSC
 For further information on vCenter HA performance and best practises see this
post

Configuration Types

When setting up vCenter HA we are given the option of basic configuration or advanced.
The correct deployment type depends on your environment. If the VCSA is managing its
own ESXi host and virtual machine, or is managed by another vCenter Server in
the same SSO domain then the basic deployment method should be used. This
automatically clones the vCenter, and creates DRS anti-affinity rules.
If the VCSA is on a separate vCenter in a different SSO domain then the advanced
deployment method should be used. In this case we need to manually add an additional
NIC and clone the VCSA. The basic and advanced configuration types produce the same
end result, but with a different process for different environments.
Both the embedded PSC and external PSC deployment models are supported. In this
post we will walk through the advanced and basic configuration steps for vCenter with
embedded PSC. For external PSC a load balancer can be implemented to provide HA,
you can read more about implementing vCenter HA with the external deployment
model here. If you are configuring vCenter HA in a cluster with less than the required
number of physical hosts, such as in a home lab, you can add a parameter to override
the anti-affinity setting; see this post by William Lam.

Basic Configuration Process

Log into the vSphere web client. Right click the top level vCenter Server in the inventory
and select vCenter HA Settings. Click Configure in the top right hand corner.

Select the configuration type, in this example we are going to use Basic. Click Next.
An additional NIC will automatically be added to the active VCSA. Select the HA network
to use and enter an IP address, remember this must be a separate subnet to the
management network or the configuration wizard will error. Click Next.
Once the configuration wizard is complete the active VCSA will be cloned to create
passive, and witness nodes. On this page we need to specify the HA IP addresses to use
for each node, then click Next. You do not need to manually add any NICs during the
basic configuration, this is all done for you. However as per the pre-requisites you do
need to make sure a network is available to use for HA traffic.

Review the deployment page, if applicable you may need to change the compute or
datastore locations by clicking Edit to ensure each component is spread across the
vSphere cluster.
As you can see on the final page clone tasks will automatically be created. The new VMs
are named VCSA-peer and VCSA-witness, where VCSA is the VM name of your current
vCenter Server Appliance. Click Finish.
Monitor the tasks pane, vCenter HA may take around 5 minutes to clone and deploy the
cluster nodes, depending on the speed of your underlying infrastructure. Once complete
the vCenter HA status will show Enabled, and all nodes in the cluster will show Up.

You can edit the status of vCenter HA at any time by going back into the vCenter HA
menu and clicking Edit. These are the available options.
Advanced Configuration Process

The advanced deployment process takes longer as it involves much more manual
configuration. The first thing we need to do is add an additional network adapter to our
existing vCenter Server Appliance, and configure a vCenter HA IP address. Log into the
vSphere web client of the vCenter managing the VCSA. Locate and right click the VCSA,
select Edit Settings. From the New device drop down select Network and click Add.
Select the port group to use, remember this needs to be a separate subnet to the
management network, ensure Connect is ticked and click Ok.

Now we can configure the network settings using the Appliance Management portal.
Browse to https:// :5480 where is the IP address or FQDN of your vCenter Server
Appliance. Log in with the root password.

Select Networking on the left hand navigation menu.

Open the Manage tab and click Edit next to the Networking Interfaces box.
Expand nic1, note that the status is down, configure the IP settings and click Ok.

Verify that nic1 is now showing a status of Up.

We can now start the vCenter HA configuration wizard. Open the vSphere web client of
the VCSA for which you want to configure HA. Right click the top level vCenter Server in
the inventory and select vCenter HA Settings. Click Configure in the top right hand
corner.

Select the configuration type, in this example we are going to use Advanced.

Click Next.
Enter the IP address settings for the passive and witness nodes, on the HA network,
then click Next.
Now we need to do some manual cloning, go back to the vSphere client of the vCenter
Server managing the VCSA. Locate the VCSA in the inventory, right click and
select Clone, Clone to Virtual Machine.
Run through the clone wizard, let’s create the passive node first. During the clone
wizard we configure all settings, including management IP address and host name, to
be the same as the active VCSA except for the HA IP address. Each node has a
unique IP address on the HA network.

 Enter a name and location for the virtual appliance.

 Select different compute resource and datastores to the active VCSA if possible.
 On the clone options page select Customise the operating system, Power on
virtual machine after creation.

 On the customise guest OS page click the create new specification icon.
 Enter a name and description for the new customisation.
 Enter the same OS host name and domain as the active node.
 Configure the same time zone as the active node.
 On the network page edit the settings for NIC1, select use the following IP
settings, and enter the management network settings of the active vcsa. This
network adapter will be used to assume the identity of the active VCSA in the
event of a fail over.
 Edit the settings for NIC2, select prompt the user for an address when the
specification is used. Enter the subnet mask and leave the gateway blank.
This adapter will be used for the HA network, we will configure the unique IP
address shortly.
 On the DNS and domain settings page of the wizard enter the domain name and
DNS server(s) that the interface will connect to, click Finish.
 You will be returned to the clone virtual machine wizard. Select the newly
created customisation profile.
 Enter the IP address for NIC1. This is the HA IP for the passive node we input
during the vCenter HA configuration wizard earlier.
  Accept the default virtual hardware and vApp properties.

The VCSA will now be cloned to create the passive node. Repeat the steps above for the
witness node, however this time select the existing guest customisation that we created
first time round.
Enter the unique HA IP address for the witness node that we specified during the
vCenter HA configuration wizard.

When these manual steps have been completed go back to the vCenter HA
configuration wizard and click Finish. Monitor the Configure a vCenter HA Cluster task
in the recent tasks pane.

Once complete the vCenter HA status will show Enabled, and all nodes in the cluster
will show Up.
For more information on vCenter HA or configuring different aspects of the advanced
deployment; see the vCenter High Availability section of the vSphere 6.5
Documentation Centre.
The final step is to configure an anti-affinity rule to stop the vCenter Server appliances
from running on the same hosts. Log into the vSphere web client and browse to Hosts
and Clusters. Click the vSphere cluster and select the Manage tab.
Under Configuration click VM/Host Rules. Under VM/Host Rules click Add.
Enter a name for the rule, such as vCenter HA, ensure Enable rule is ticked and
select Separate Virtual Machines as the rule type. Click Add and select the vCenter
Server nodes. Click Ok.
This rule will ensure DRS does not place nodes on the same hosts in a vSphere cluster.