Home > Blogs > VMware vSphere Blog

vCenter Server 6 Deployment Topologies and High Availability

Architectural changes to vSphere 6:

vCenter Server 6 has some fundamental architectural changes compared to vCenter Server Server 5.5. The multitude of components that existed in vCenter Server 5.x has been consolidated in vCenter Server 6 to have only two components vCenter Management Server and Platform Services Controller, formerly vCenter Server Single Sign-On.

The Platform Services Controller (PSC) provides a set of common infrastructure services encompassing

  • Single Sign-On (SSO)
  • Licensing
  • Certificate Authority

The vCenter Management Server consolidates all the other components such as Inventory Service & Web Client services along with its traditional management components. The vCenter Server components can be typically deployed in with either embedded or external PSC. Care should be taken to understand the critical differences between the two deployment models. Once deployed one cannot move from one mode to another in this version.

Deployment Models:

vCenter Server with Embedded PSC:

The embedded PSC is meant for standalone sites where vCenter Server will be the only SSO integrated solution. In this case a replication to another PSC is not necessary.

  • Sufficient for most environments. Easiest to deploy and maintain
  • Aimed at minimizing fault domains. Use in conjunction with only one of VMware Product or Solution.
  • Multiple standalone instances supported
  • Replication between embedded instances not supported
  • Supports Windows & Appliance




Figure 1: Embedded mode vCenter Server 6

vCenter Server with External PSC:

In this configuration the PSC is external to the vCenter Server. This configuration allows multiple  vCenter Servers to link to a PSC.

  • Recommend this if deploying/growing to multiple vCenter Server instances that need to be linked
  • Reduces footprint by sharing Platform Services Controller across several vCenter Servers
  • Deploy more than one PSC to provide resilience within the environment
  • Supports Windows & Appliance


Figure 2: vCenter Server 6 with External PSC

Options available for vCenter Server failure protection:

Backup (VDP / Third Party VADP):

vCenter Server deployed in embedded mode can be backed up with VDP or third party backup software that leverage VADP. Currently there is no simple mechanism available to backup the PSC when is external to the vCenter Server. Multiple instances of PSC should be leveraged to protect against an individual external PSC failure.

VMware HA

Majority of the customers have virtualized their vCenter server and leverage VMware HA to protect against Hardware failure.  VMware HA can also protect against guest OS failure through the use of heartbeat and watchdog services.

Third Party Solutions that layer on top of VMware HA:

Third party solutions like Symantec ApplicationHA layer on top of VMware HA and can also monitor and restart vCenter services in the event of any failure. Using a solution like Symantec ApplicationHA, one can monitor all of the  components of vCenter server. In the event it is unable to resolve issues by restarting services, it interacts VMware HA to reset the virtual machine. Symantec ApplicationHA has a specific agent for vCenter agent that helps monitor and protect all aspects of vCenter.


With the release of vSphere 6, SMP Fault tolerance is available for up to 4 vCPU. This can also protect against hardware failure, but is applicable only to vCenter Server instances that can fit within the 4 vCPU virtual machine size.  Any application failure is not protected by SMP-FT.

Database Clustering:

For vCenter servers backed by Microsoft SQL databases, SQL clustering can be leveraged to provide reduced downtime for unplanned events and for OS patching.

Platform Service Controller

Multiple External PSC instances can be used for a single site to service one or more vCenter servers. A load balancer is required to frontend the PSC instances. The PSC instances replicate state information between each other.

vCenter Server High Availability:

With vCenter Server 5.5 Update 3 and later, Windows Server Failover Cluster is supported as an option for providing vCenter Server availability. Two instances of vCenter Server are in a MSCS cluster, but only one instance is active at a time. VMware only supports 2 node clusters.

Use cases for this solution:

  • This solution helps reduce downtime for maintenance operations, such as patching or upgrades, on one node in the cluster without taking down the vCenter Server database.
  • Another potential benefit of this approach is that MSCS uses a type of “shared-nothing” cluster architecture. The cluster does not involve concurrent disk accesses from multiple nodes. In other words, the cluster does not require a distributed lock manager. MSCS clusters typically include only two nodes and they use a shared SCSI connection between the nodes. Only one server needs the disks at any given time, so no concurrent data access occurs. This sharing minimizes the impact if a node fails.
  • Unlike the vSphere HA cluster option, the MSCS option works only for Windows virtual machines and does not support the vCenter Server Appliance.
  •  Before you can set up MSCS for vCenter Server availability, you must create a virtual machine with one of the following guest operating systems:
    • Windows 2008 SP2
    • Windows 2012 R2 Datacenter

    Additionally, you must add two RDM disks to this VM. These disks must be mounted and when they are added, you must create a separate SCSI controller with the bus sharing option set to physical. The RDM disks must also be independent and persistent.

    In this configuration all vCenter Server services can be protected individually. The backend Microsoft SQL database can also be protected separately with SQL Clustering.


Figure 3: Clustering based high availability for Windows based vCenter Server

Deployment Modes for vCenter Server:

Local vCenter Server & PSX High Availability:

  • This model protects the platform service controller service by having multiple instances of PSC locally behind a load balancer. Failure of a PSC does not impact the usage of the infrastructure. The PSCs should also be separated from each other physically using anti-affinity rules. The PSCs replicate state information vCenter Server nodes are individually clustered with WSFC for HA. The  vCenter Servers interact with the PSCs through a load balancer.


Figure 4: Local vCenter and PSC high availability

Multiple Site vCenter Server and PSC basic Architecture:

In this configuration each site is independent with PSC replication between sites. The vCenter Server is aware of the site topologies and use the local PSC under normal circumstances. Customers are able to seamlessly move the vCenter Servers between PSCs when necessary. This topology allows for Enhanced Linked Mode (ELM) which is facilitated by the PSC. Enhanced Linked Mode provides for a single point of management for all vCenter Servers in the same vSphere domain. In vSphere 6 the Windows-based and Virtual Appliance-based vCenter Servers have the same operational maximums and can belong to the same linked mode configuration. The configuration replicates all license, global permissions, tags and roles across all sites.



Figure 5: Multi-site vCenter Server and PSC basic architecture

Multiple Site vCenter Server & PSC with High Availability Architecture:

Combining the high availability configuration in a local site with the multi site configuration. Each site is populated with at least two PSCs for high availability. vCenter Server nodes are individually clustered with WSFC for HA.



Figure 6: Multi-site vCenter Server and PSC high availability architecture


vCenter Server 6 has a new deployment architecture. In this blog we have discussed the deployment modes for vCenter Server based on different requirements. The modes of deployment can go from a minimal local deployment to a multi site high availability deployment. There are many high availability options available for vCenter Server and one can mix and match these based on customer requirements.


This entry was posted in ESXi, vCenter Server, vCloud Suite, vSphere and tagged , , , , on by .
Mohan Potheri

About Mohan Potheri

Mohan Potheri is VCDX#98 and has more than 20 years in IT infrastructure, with in depth experience on VMWARE virtualization. He currently focuses on evangelization of "Business Critical Applications (BCA)" and "Big Data” Virtualization on vSphere. He has extensive experience with business critical applications such as SAP, Oracle, SQL and Java across UNIX, Linux and Windows environments. Mohan Potheri is an expert on SAP virtualization and has been a speaker in multiple VMWORLD and PEX events. Prior to VMWARE, Mohan worked at many large enterprises where he has engineered fully virtualized ERP and business critical applications. He has planned, designed, implemented and managed robust highly available, DR compliant SAP on Oracle environments in UNIX and x86 environments.

41 thoughts on “vCenter Server 6 Deployment Topologies and High Availability

  1. Shady El-Malatawey (@ShadyMalatawey)

    Dear Mohan, thx for this valuable information.
    I have a question: What did you mean by “Additionally, you must add two RDM disks to this VM. These disks must be mounted and when they are added, you must create a separate SCSI controller with the bus sharing option set to physical. The RDM disks must also be independent and persistent.’?
    AFAIK, when deploying two VMs with MSCS, they share a single RDM Quorum Disk only not two. Am I wrong?

    1. Andreas Paulsson

      The second RDM would be for the data disk, since all clustered services need to put their data on a common disk.

  2. James McKane

    Can you confirm that in a multiple site vCenter server configuration, that the PSC’s will replicate with other PSC’s in the SSO domain? If so is restoring a PSC as simple as installing a new one into the SSO domain and letting replication occur?

    Thank you

  3. Pingback: vSphere 6.0 Link-O-Rama » Welcome to vSphere-land!

    1. Charu Chaubal

      This is not correct. VMware will support the use of vSphere FT to protect vCenter Server in certain configurations. We will be providing details in the near future.

  4. Pingback: [VMware] news + interesting reads from the blogosphere: 16 Mar 2015

  5. russ oconnor

    Can you clarify the comment “Currently there is no simple mechanism available to backup the PSC when is external to the vCenter Server”

    In Figure 1, VMware is recommending a single external PSC to multiple vCenter Server instances, it seems reasonable that this has to backed up or we risk a losing the SSO, and a whole lot more.

    1. Mohan PotheriMohan Potheri Post author

      The backup of all vCenter components need to be at the same point in time. An external PSC makes this difficult to achieve. While we work to develop a backup solution for an external PSC, we recommend customers requiring protection for the PSC to use multiple instances.

        1. russ oconnor

          Useful KB, though if we use vSphere Data Protection for single vCenter deployments in order to restore vCenter Server in the Direct-to-Host Emergency Restore Operation we would have to Disassociate the Host which contains vCenter/PSC from vCenter Server… wouldn’t this result in an inconsistent networking state on the host, if dVSwitch, ( VXLAN /vShield) are in use.

          I suppose a third party backup software that doesn’t rely on vCenter might be an option

          What about a control tower scenario, separate vCenter for management, perhaps in anther fire zone/data center and run vSphere Data Protection from there, or would Sphere Replication be a better option, a 15 minute RPO would be acceptable for most ( 5 minutes is better though..)

          1. Eli Ben-Shoshan

            vSphere replication relies on the vCenter server to be up and available if you want to restore a failed VM. This makes restoring more difficult. Duncan Epping talks about an unsupported solution to this problem with vSphere replication here:


            I have tested this and it actually works as expected. That being said, I think now that vSphere Data Protection has an emergency restore operation, I would just go with that. We don’t make that many configuration changes to the vCenter server on a daily basis. We create VMs all the time though so I would probably set the backup schedule for the vCenter server to 4 times a day and call it good enough.

  6. Pingback: Thoughts before upgrading to vCenter 6 | VirtualPad

  7. MikeP

    If you have the information available, could you post what might need to be set up on the load balancers to do an HA configuration. I recognize that the exact procedures will vary by vendor but the general settings such as ports/protocols/session state/SSL handling etc… are what I am looking for so I can work with the load balancer vendor to implement them. Thanks…

    1. Mohan PotheriMohan Potheri Post author

      Here are some basic load balancer requirements for vSphere 6.0:

      Ability to load balance multiple TCP ports
      Ability to load balance multiple HTTP/S ports
      Ability to have session affinity to a single node (i.e. Sticky Sessions)
      Ability to have services matched across multiple ports to same node (i.e. Match Across Services)
      Ability to control request timeout intervals

  8. Pingback: My vSphere 6 Upgrade Experience | Notes from MWhite

  9. Pingback: VCP6-DCV Delta Study – Section 1 – Objective 1.3 » vHersey - VCDX Two to the Seventh Power (#128)

  10. russ oconnor

    Hi Mohan

    Thanks for the additional content on backup, much appreciated

    In regard to MSCS/WSFC you mention RDM disks must be used, what about iSCSI disks?
    Will in-guest cluster-across-a-box be supported using ISCSI for the shared disks?

  11. Pingback: VMware vCenter 6.0, the Brains of Your vSphere Deployment | 24 x 7 IT Connection

  12. Ryan Sadorus

    Thanks for the great post. One area to touch on here might be expected behavior when one of these sites goes down. There are various behaviors based on different failure scenarios. Another variable is the idea of stretched clusters within the management framework of these various vCenter/PSC combinations.

  13. Paul

    Could you have a multi-site PSC solution front ended by a load balancer, connected to single instance vCenter servers (one in each of the sites)?

    I’m reluctant to put vCenter on top of a Microsoft Cluster, I think this introduces a lot of complexity into the solution platform. If the benefits outweighed the cost of complexity I think I would consider it, but it might be a hard sell. For View it would be more understandable of course.

    The nasty part for this type of configuration is having to use RDMs in the environment, if you have an architecture stance of avoiding RDMs if at all possible (still using physical SQL 2008 servers, but using virtual 2012 sql) then this option is very unattractive.

  14. Pingback: Redundancyدر Vcenter چگونه انجام میشود ؟

  15. George

    Is it possible to use WFCS without quorum or cluster disks (meaning independent data disks for each virtual center manager server in the cluster) and use DFS replication to keep the application data in sync? This would be similar to the protection provided by Heartbeat in earlier versions and not require the RDMs?

  16. vmb

    Thanks for the great doc.
    I read: Customers are able to seamlessly move the vCenter Servers between PSCs when necessary
    How can I do to move a vCenetr to another PSC?

  17. Pingback: Installing vCenter 6 – High Level Decisions | Douglas P. Smith

  18. Pingback: VMware – vSphere 6 Basics – Platform Services Controller | penguinpunk.net

  19. Pingback: VMware vCenter 6 Deployment Possibilities: Topologies and High Availability | Settlersoman - A settler in the SDDC world.

  20. Alex Storey

    Is there a reason why you don’t mention protecting an external PSC with FT?

    Seems like it would be much more simple than putting two behind an HLB. I read the PSC / HLB deployment kb and it doesn’t look particularly nice…is FT an option instead?

  21. Pingback: vCenter Server 6.0 Windows Deployment | Onur Can

  22. Scotland81

    From the Multiple Site vCenter Server and PSC basic Architecture design, the article says: The vCenter Server is aware of the site topologies and use the local PSC under normal circumstances. Customers are able to seamlessly move the vCenter Servers between PSCs when necessary.

    I understand that if a local PSC goes down, vCenter in that site needs to be repointed to other available PSCs manually? It does not detect the topology change and starts using PSC in other site automatically?


  23. Mayank Patel

    Hi Mohan,

    Where can I get more details on configuring replication between sites for the external PSC in the Multiple Site vCenter Server & PSC with High Availability Architecture. Also, is there anyway to configure clustering using vCenter server appliance.

  24. Pingback: VCP6 2V0-620 Foundations – 1.1 Identifier l’Architecture et les Solutions vSphere pour un cas donné – leSysAdmin

  25. Pingback: VCP6-DCV Objective 1.3 - Enable SSO and Active Directory Integration - ESX Virtualization

  26. Pingback: فعال سازی SSO و همگام سازی با اکتیو دایرکتوری در VCP6 - راهکارهای جامع دیتاسنتر

  27. Jeremie

    When we use wfcs for vCenter 6, what is way to update the solution. Correct me if I am wrong, but we are not able to provide an easy way to update vcenter itself in this kind of solution …. For windows updates, this solution is good and yes, it brings an easy way to limit downtime, but for vcenter updates, it will be a huge problem.

  28. ken

    Loads of high level architectural recommendations in this without any mapping to any real life documentation showing the actual steps to make some of this happen. Based on this I can’t say this post is so hot, in fact it totally lacks. try adding some details around how some of this is put into action, or at least some links. you are talking about PSC behind a load balancer, anyone can talk about putting an app behind a LB, but actually providing the real life steps is another story. typically vcenter products map to a single instance of vcenter or what ever, and now you are saying you can map vcenters to a single PSC and have two of them behind an LB, does this work out of the box just by pointing to a DNS alias sitting on the LB, what about the configuration that allows this to work on the VMware side? what about health check settings on the LB? I think you get the point here.


Leave a Reply

Your email address will not be published. Required fields are marked *