- How to use VMware vSAN ReadyNode Configurator - Fri, Dec 17 2021
- VMware Tanzu Kubernetes Toolkit version 1.3 new features - Fri, Dec 10 2021
- Disaster recovery strategies for vCenter Server appliance VM - Fri, Nov 26 2021
vCenter Server availability (VCSAHA) was introduced in vSphere 6 and protects the vCenter Server appliance against host and hardware failures. It has active–passive architecture, in which a three-node cluster is configured with active, passive, and witness nodes. Note that vCenter HA can also be useful in that it reduces downtime when you patch your VCSA. Over time, the solution has been improved to provide very good protection for the vCenter Server.
During the configuration process, we will see that the first instance of VCSA will be used as an active node. This instance will be cloned twice, once to the Passive node and once to the Witness node.
We do not have to deal with external Platform Service Controller (PSC) VMs, as this architecture decision has been phased out in vSphere 7.
All three nodes, then, provide an additional layer of resiliency where each node is deployed on a different ESXi host. The three nodes communicate over a private network, called a vCenter HA network, which is set up as part of the configuration. The active node continuously replicates data to the passive node. The Witness is a lightweight clone of the Active node and provides a quorum to protect against a split-brain situation.
VCSA HA Prerequisites ^
We need to first create a vCenter HA network. This network is separate from the management network. It is used for communication between the nodes to determine, in case of failure, which node has the latest data. For best performance, the network latency between the nodes should be less than or equal to 10 ms. So, for each host of the cluster, add a separate port group for the vCenter HA network. The vCenter HA network must be on a different subnet than the management network. vCenter HA needs a single vCenter Server license; however, it needs to be a standard license, not an "Essentials" license that covers only three host installations.
You need to enable SSH on the vCenter Server appliance. You can do that via the VAMI user interface by connecting directly to the appliance via https://ip_of_vcsa:5480 with root user and password. Then select Access > SSH Login > Enable, where you activate the SSH.
We should also reserve static IP addresses for all the nodes on our DNS server. These IP addresses will be required in vCenter HA IP settings during the setup process.
I assume that you've done this config on your DNS server.
A new page will pop up that shows the resource settings. Here on each node, you'll have to click the Edit button to select the host, storage, network, etc.
Note the check box "Automatically create clones for Passive and Witness nodes."
Then we must select the compute resources where the passive node will be running. When we say it's in passive node, it does not mean that the VM is powered off. No, it is a fully running VM, but it only receives a copy of the data from the active node.
Then, in case of a failure, this node is "promoted" as active, and a new copy of the passive node is cloned again.
The networking for each node must be done separately for the passive and witness nodes.
Once all options are selected and you click the Finish button, the system will start the configuration. It will clone an active node and create passive and witness nodes. The process takes some time, depending on your underlying storage system.
How can VCSA be patched when there is an HA configuration? ^
While it's possible to patch VCSA HA globally, you must put the VCSA HA cluster into maintenance mode and then patch the witness node first. When done, patch the passive node.
After you've done this, initiate a failover manually. The passive node will become active and the current active node will become passive. Patch this passive node now. Exit maintenance mode and you're done.
While this is quite tedious, the other option is simply to destroy the HA configuration and delete the passive and witness nodes prior to patching. Once you have finished patching, simply recreate the VCSA HA.
The view on the cluster nodes looks like this. The Edit, Initial Failover, and Remove vCenter HA buttons are on the right.
Final words ^
The VCSA HA is an interesting technology; however, you'll need at least three hosts in your environment, managed by the vCenter Server, to spread the nodes out. Remember that we have passive VCSA as well as witness nodes, which must run on a separate ESXi host.
Subscribe to 4sysops newsletter!
For smaller installations, it might not be worth activating as it consumes memory, CPU, and storage resources by running additional VMs.