vSphere 6.5 introduced vCenter Server Appliance High Availability (VCSA-HA), which is a new way to protect vCenter. However, this feature is only available when installing vCenter as a vCenter Server Appliance (VCSA). In other words, it is unavailable when you install vCenter server on a Windows server.

VCSA 6.5 runs the new Photon OS owned by VMware and has a larger set of features than the Windows equivalent. Previously, VMware used CentOS and SuSE Linux Enterprise Server (SLES), but now VMware owns the underlying OS. Please read my guide of how to install VMware vCenter (VCSA) 6.5.

The VCSA-HA feature works as a cluster of three VMs. It is an automated clustered solution allowing you to maintain the infrastructure services in case there is a hardware problem or the main, Active node is isolated within the cluster.

Components ^

  • Active node – This is the production VM. The Active node is serving admins' requests, and provides the common services and operations within the vSphere environment.
  • Passive node – This is an exact copy of the Active node, which constantly receives updates from the Active node. It has the same size as the Active node.
  • Quorum (also called Witness) node – This node serves to solve split-brain scenarios and solve inconsistencies within the distributed system, which has replicated data between nodes.

Please view the diagram below for the relationships between the nodes.

In case of a hardware or software failure related to the Active node, the Passive node takes over automatically, and becomes the Active node. Tests show that the failover RTO (recovery time objective) is usually less than five minutes. Because the database uses synchronous replication, there is no data loss; that is, the recovery point objective (RPO) equals zero.

In case a VCSA 6.5 machine is isolated from the cluster, the system stops all of its services so the Passive node can take over. The mechanism takes into account intermittent network problems and puts itself into an isolated state only after several retry attempts have failed.

The Witness node cannot become an Active or Passive node and stores only chunks of data related to the tiebreaker code.

What is replicated? ^

  • Database – The VCSA vPostgres database uses synchronous replication. It is a native vPostgres replication mechanism.
  • Flat files – All configuration files, certificates, licensing info, etc. are replicated.
VMware VCSA 6.5 High Availability configuration

VMware VCSA 6.5 High Availability configuration

Network settings ^

There's a bit of configuration necessary at the network level. With the help of the vSphere web client, you have to create a new network that will then serve as the communication channel of the VCSA-HA cluster.

Each VCSA node will then have two network interface cards (NICs):

  • eth0 for public traffic
  • eth1 for private traffic (heartbeats, synchronizations, and file replications).

Two configurations options ^

The vCenter Server deployment can use an internal or external Platform Services Controller (PSC), where the PSC assures a certain number of authentication services such as the vCenter Single Sign-On (SSO), the VMware Certificate Authority (VMCA), the Certificate Store (VECS), licensing, the Lookup Service for component registrations, and other services.

  • External PSC: The vCenter Server and Platform Services Controller are deployed on different virtual machines. This is necessary where multiple vCenter servers are in linked mode and are communicating via a single PSC (or multiple PSCs behind a load balancer).
  • Embedded PSC: The vCenter Server and PSC are deployed on the same virtual machine.

As mentioned above, a network configuration that allows communication between the nodes through a second communication channel is necessary. The network configuration has to respect some rules. The communication network has to be completely separated from the production network either via a VLAN or through additional physical network devices.

Independently of the deployment option and the inventory hierarchy you select, you have to set up your network before you can start with the configuration.

Simply add a port group to each ESXi host and assign a VLAN.

VMware VCSA 6.5 HA network configuration

VMware VCSA 6.5 HA network configuration

Basic option ^

When you use the Basic option, the vCenter HA wizard creates and configures a second network adapter on the vCenter Server Appliance automatically. Then it clones the Active node and configures the vCenter HA network.

VCSA HA configuration wizard

VCSA HA configuration wizard

Next, you have to assign IP addresses for the Passive and Witness nodes.

VCSA HA network IP for Passive and Witness nodes

VCSA HA network IP for Passive and Witness nodes

The configuration process simply clones the Active VCSA and finalizes the configuration. You'll end up with:

  • VCSA (your primary active VCSA 6.5)
  • VCSA-peer (the Passive node)
  • VCSA-Witness (the appliance running the tiebreaker code)

All vCenter nodes are up

If you no longer need to use VCSA HA, you can delete the configuration and the VMs via the vSphere web client by clicking the Configure button and specifying a delete option. You must do it via the cluster configuration and not delete the VMs individually.

Remove vCenter HA configuration

Remove vCenter HA configuration

Conclusion ^

It has never been simpler to install an active-passive cluster protecting a vCenter server as a crucial piece of VMware infrastructure. Service providers have been waiting for this for a long time. The automated clustered protection works flawlessly by monitoring the Active node resources.

This configuration does not really suit smaller environments, as it uses additional resources for maintaining the cluster (the Passive node consumes the exact same amount of memory and CPU cycles).

Subscribe to 4sysops newsletter!

The Witness VM is a lightweight VM maintaining just the witness components. Additionally, the VCSA‑HA 6.5 virtual machine comes with 12 virtual disks. Each virtual disk is a separate virtual machine disk (VMDK) file. The server uses each of these 12 virtual disks for different purposes, including storing logs, core dumps, netdumps, auto deployment, Update Manager, and so on. The passive VCSA has the exact same configuration.

  1. invisible 5 years ago

    I discovered a problem with dual-homed VCSA. In my setup external interface communicates with Internet to download patches/updates and internal interface is used to communicate with hosts and for management purposed.

    I’ve added second interface after installation was over. Adding/communicating with ESxi hosts are not a problem. However, after several hours of trying I can’t manage to change the IP address for the Update Manager. I Update manager to use internal interface’s IP address for host communication but no matter what I tried – it only shows the external interface’s IP address or FQDN.

    Any solution?

  2. Author
    Vladan Seget 5 years ago

    Setting up two interfaces (unless instructed by VMware) is unsupported. The only time when you need to add the second vNIC is when you’re setting up VCSA HA functionality. And in this case, the second vNIC is used as the communication channel between nodes, for the HA network.

  3. invisible 5 years ago

    So I translate this the way – if you need to have two interfaces, then the only option is to install it on Windows box.

  4. Author
    Vladan Seget 5 years ago

    You should check the best practices on Windows, perhaps there is a mention on multiple NIC setup. I’m unsure that what you’re looking to do (Update manager), is supported with multiple NIC config on Windows Server either. There is a small mention about adding a second NIC to vCenter and PSC within VMware Documentation, but that does not necessarily apply to your environment.


  5. LittleHarbor 5 years ago


    Is there some more documentation on EXACTLY what is running and happening in the Witness?

    Are ANY of the config files replicated to it? Or is it truly just a quorum engine?

    • Author
      Vladan Seget 5 years ago

      All I know that there is no DATA stored at the appliance. Witness node acts as a quorum node only.

      Used to break a tie in the event of a network partition causing a situation where the Active and Passive nodes cannot communicate with each other.
      A light-weight VM utilizing minimal hardware resources.
      Does not take over role of Active/Passive nodes.

  6. vishal desai 4 years ago


    I am trying to do a similar deployment but am struggling with the vlan tag on the HA vSwitch.

    When you provision these, do you have the ports as static or trunk.

    Also if you choose not the tag the HA vswitch with a vlan do you loose any functionality.

    many thanks

  7. vijay 4 years ago

    Where are the configuration logs ? I am facing issue while configuring this so I want to check logs.

Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account