Home > Blogs > VMware Consulting Blog


vSphere Datacenter Design – vCenter Architecture Changes in vSphere 6.0 – Part 1

jonathanm-profileBy Jonathan McDonald

As a member of VMware Global Technology and Professional Services at VMware I get the privilege of being able to work with products prior to its release. This not only gets me familiar with new changes, but also allows me to question—and figure out—how the new product will change the architecture in a datacenter.

Recently, I have been working on exactly that with vCenter 6.0 because of all the upcoming changes in the new release. One of my favorite things about vSphere 6.0 is the simplification of vCenter and associated services. Previously, each individual major service (vCenter, Single Sign-On, Inventory Service, the vSphere Web Client, Auto Deploy, etc.) was installed individually. This added complexity and uncertainty in determining the best way to architect the environment.

With the release of vSphere 6.0, vCenter Server installation and configuration has been dramatically simplified. The installation of vCenter now consists of only two components that provide all services for the virtual datacenter:

  • Platform Services Controller – This provides infrastructure services for the datacenter. The Platform Services Controller contains these services:
    • vCenter Single Sign-On
    • License Service
    • Lookup Service
    • VMware Directory Service
    • VMware Certificate Authority
  • vCenter Services – The vCenter Server group of services provides the remainder of the vCenter Server functionality, which includes:
    • vCenter Server
    • vSphere Web Client
    • vCenter Inventory Service
    • vSphere Auto Deploy
    • vSphere ESXi Dump Collector
    • vSphere Syslog Collector (Microsoft Windows)/VMware Syslog Service (Appliance)

So, when deploying vSphere 6.0 you need to understand the implications of these changes to properly architect the environment, whether it is a fresh installation, or an upgrade. This is a dramatic change from previous releases, and one that is going to be a source of many discussions.

To help prevent confusion, my colleagues in VMware Global Support, VMware Engineering, and I have developed guidance on supported architectures and deployment modes. This two-part blog series will discuss how to properly architect and deploy vCenter 6.0.

vCenter Deployment Modes

There are two basic architectures that can be used when deploying vSphere 6.0:

  • vCenter Server with an Embedded Platform Services Controller – This mode installs all services on the same virtual machine or physical server as vCenter Server. The configuration looks like this:

JMcDonald 1

This is ideal for small environments, or if simplicity and reduced resource utilization are key factors for the environment.

  • vCenter Server with an External Platform Services Controller – This mode installs the platform services on a system that is separate from where vCenter services are installed. Installing the platform services is a prerequisite for installing vCenter. The configuration looks as follows:

JMcDonald 2

 

This is ideal for larger environments, where there are multiple vCenter servers, but you want a single pane-of-glass for the site.

Choosing your architecture is critical, because once the model is chosen, it is difficult to change, and configuration limits could inhibit the scalability of the environment.

Enhanced Linked Mode

As a result of these architectural changes, Platform Services Controllers can be linked together. This enables a single pane-of-glass view of any vCenter server that has been configured to use the Platform Services Controller domain. This feature is called Enhanced Linked Mode and is a replacement for Linked Mode, which was a construct that could only be used with vCenter for Windows. The recommended configuration when using Enhanced Linked Mode is to use an external platform services controller.

Note: Although using embedded Platform Services Controllers and enabling Enhanced Linked Mode can technically be done, it is not a recommended configuration. See List of Recommended topologies for vSphere 6.0 (2108548) for further details.

The following are some recommend options on how—and how not to—configure Enhanced Linked Mode.

  • Enhanced Linked Mode with an External Platform Services Controller with No High Availability (Recommended)

In this case the Platform Services Controller is configured on a separate virtual machine, and then the vCenter servers are joined to that domain, providing the Enhanced Linked Mode functionality. The configuration would look this way:

JMcDonald 3

 

There are benefits and drawbacks to this approach. The benefits include:

  • Fewer resources consumed by the combined services
  • More vCenter instances are allowed
  • Single pane-of-glass management of the environment

The drawbacks include:

  • Network connectivity loss between vCenter and the Platform Service Controller can cause outages of services
  • More Windows licenses are required (if on a Windows Server)
  • More virtual machines to manage
  • Outage on the Platform Services Controller will cause an outage for all vCenter servers connected to it. High availability is not included in this design.
  • Enhanced Linked Mode with an External Platform Services Controller with High Availability (Recommended)

In this case the Platform Services Controllers are configured on separate virtual machines and configured behind a load balancer; this provides high availability to the configuration. The vCenter servers are then joined to that domain using the shared Load Balancer IP address, which provides the Enhanced Linked Mode functionality, but is resilient to failures. This configuration looks like the following:

JMcDonald 4

There are benefits and drawbacks to this approach. The benefits include:

  • Fewer resources are consumed by the combined services
  • More vCenter instances are allowed
  • The Platform Services Controller configuration is highly available

The drawbacks include:

  • More Windows licenses are required (if on a Windows Server)
  • More virtual machines to manage
  • Enhanced Linked Mode with Embedded Platform Services Controllers (Not Recommended)

In this case vCenter is installed as an embedded configuration on the first server. Subsequent installations are configured in embedded mode, but joined to an existing Single Sign-On domain.

Linking embedded Platform Services Controllers is possible, but is not a recommended configuration. It is preferred to have an external configuration for the Platform Services Controller.

The configuration looks like this:

JMcDonald 5

 

  • Combination Deployments (Not Recommended)

In this case there is a combination of embedded and external Platform Services Controller architectures.

Linking an embedded Platform Services Controller and an external Platform Services Controller is possible, but again, this is not a recommended configuration. It is preferred to have an external configuration for the Platform Services Controller.

Here is as an example of one such scenario:

JMcDonald 6

  • Enhanced Linked Mode Using Only an Embedded Platform Services Controller (Not Recommended)

In this case there is an embedded Platform Services Controller with vCenter Server linked to an external standalone vCenter Server.

Linking a second vCenter Server to an existing embedded vCenter Server and Platform Services Controller is possible, but this is not a recommended configuration. It is preferred to have an external configuration for the Platform Services Controller.

Here is an example of this scenario:

JMcDonald 7

 

Stay tuned for Part 2 of this blog post where we will discuss the different platforms for vCenter, high availability and different deployment recommendations.


Jonathan McDonald is a Technical Solutions Architect for the Professional Services Engineering team. He currently specializes in developing architecture designs for core Virtualization, and Software-Defined Storage, as well as providing best practices for upgrading and health checks for vSphere environments.

41 thoughts on “vSphere Datacenter Design – vCenter Architecture Changes in vSphere 6.0 – Part 1

  1. TerafirmaNZ

    Hi Jonathan, I have read through all the supported scenario KB and documentation however I cannot seem to find a path forward for anyone with an existing install. If you have a vCenter install currently on a single server be it Windows or VCSA and want to go down a route that allows scaleability in the future or HA you cannot upgrade the vCenter directly as changing to a external PSA post upgrade is not supported and no install option I can see allows the migration of an integrated install to a distributed install.

    Is the only option to backup the resource pools and do a new install then restore the resource pools? What if you have other products that this would then break? Seems to me this is likely to be the most common upgrade path for people and it is the only one not supported.

    Please tell me I’m wrong and there is a way.

    Reply
        1. Kenneth Henry

          If you go to the 6.0 documentation, it’s right there in the revisions. Seems by the wording that you can proceed with upgrading with embedded SSO’s and repoint to an external PSC post upgrade. Enhanced linked-mode setup from that point on.

          Reply
    1. Shayne Niu

      TerafirmaNZ ,
      Seems you have same problem with me, I have a server running vCetenter 5.5 and SSO together , other components are installed in another windows node.
      The question is , if i upgrade vCenter from 5.5 to 6 directly, vCenter with embedded PSC will be installed and other components will be moved to the first server. Well , our environment is big enough , I ‘d like use external PSC for load balance and scaleability.
      My way to upgrade is this :
      Upgrade directly to 6.0 —> vCenter 6+embedded PSC .
      Deploy a new server and install new PSC ,choose to join the same domain with the embedded PSC.
      Repoint vCenter 6 to external PSC.
      The Embedded PSC service will be stopped , but you cannot move them .
      I think this looks like vCenter + External PSC mode..
      Just FYI…

      Reply
  2. Jonathan McDonald

    Hi,

    Officially the following is the support stance on this:

    ——

    There are several configurations of vSphere 5.1 and 5.5 that may be upgraded to one of the topologies that are not recommended. These include, but are not limited to:

    * Two or more vCenter Server and vCenter Single Sign-On(SSO) services installed on the same machine on the same SSO domain.
    * An environment with all of the following servers on the same SSO domain:
    * One or more vCenter Server and vCenter SSO installed on the same machine
    * One or more vCenter SSO installed on a dedicated machine.
    * One or more vCenter Server on a dedicated machine.

    If you have one of the preceding vSphere 5.1 or 5.5 topologies, you may be required to do one of these options:

    * Re-install the vSphere 5.1 or 5.5 using one of recommended topologies in advance of the upgrade.
    * Install vSphere 6.0 using one of recommended topologies listed above.
    ——

    In my experiences, the first option is easier if the environment is large, and you would like to take advantage of Enhanced Linked Mode. This would prevent most of the export import problems you mention, but needs some downtime to configure. That being said, I am not sure of what will be available in the future, but I am personally hopeful that there will be improvements that allow for more flexibility.

    Thanks,
    Jonathan

    Reply
    1. Stefan

      Hi Jonathan,
      we have actually an VSphere 5.5 server with SQL Express on a windows server.
      How can i migrate to the vsphere 6 appliance with postgres?
      what is the best practices?

      have u some instruction for us?

      many thanks

      Reply
      1. Shayne Niu

        Hi Stefan ,
        From upgrade guide, “When you upgrade vCenter Server 5.x to vCenter Server 6.0, the bundled Microsoft SQL
        Server Express database is migrated to PostgreSQL.”
        If you want use vCenter Appliance , I guess the way to obtain your requirement.
        I think it’s :
        Upgrade vCenter to 6 . Sql will be replaced by PostgreSQL.
        Then try to move data from PostgreSQL and try to move to a new deployed vCenter6 Appliance.
        it’s worth to test in lab..

        Reply
    1. Jonathan McDonald

      Hi,

      There is going to be details on this in Part 2 of the post, as well as deployment recommendations. In short, the limit is still 10 per SSO Domain for this release.

      Cheers,
      /Jonathan

      Reply
  3. Andres Jimenez

    Hello Jonathan, we are running test deployments of vsphere 6, with external Platform Services Controller. In our scenario, we have 2 separate PSC servers, linked together, and each of them manages an external vcenter server, we do not have a LB configuration for the vcenters to reach the PSC, so each VC was installed connecting to their respective connection to the remote PSC. Our assumption was that if one of the PSC goes down, the other VC via web client, can manage both vcenters still, but it seems not to be the case, or to be extremely slow via web client, that it actually does not really work. Do you have any feedback in this regard?. To summarize :

    First vc insallation : separate PSC and VC connecting to the remote PSC
    Second vc installation : separate PSC, joined to the existing sso domain and site, VC connecting to the second deployed PSC.

    Outage scenario : second PSC is disconnected from the network, then we login to the vsphere web client from the first vc installation, and it shows the inventory, but does not seem to be able to pull anything from the secondary VC.

    In vsphere 5.5, linked mode can manage all vcs, if the SSO service goes down locally on any of the linked vcenters. do you have any feedback on this deployment?. thanks!

    Reply
    1. Jonathan McDonald

      Hi,

      In the current revisions, Platform Service Controllers aren’t automatically load balanced and therefore the vCenter server attached to the failed PSC will fail as well. To accomplish this task as far as i am aware you would need a load balancer in front such that if one fails the other can take over. I am hopeful that we will see changes here in the future as well!

      Cheers,
      /Jonathan

      Reply
  4. ganesh

    Is there anyway to re-configure the appliance which is already implemented to the embedded PSC to the external PSC without re-installing it ….by command or changing the configuration …Thanks…

    Reply
    1. Jonathan McDonald

      At this time I am unaware of any way to do this. From the documentation:

      “You cannot switch the models after deployment, which means that after you deploy vCenter Server with an embedded Platform Services Controller, you cannot switch to vCenter Server with an external Platform Services Controller, and the reverse.”

      http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.install.doc/GUID-ACCD2814-0F0A-4786-96C0-8C9BB57A4616.html

      Cheers,
      /Jonathan

      Reply
  5. Danushka

    Dear Jonathan,
    Kindly help on my scenario.

    I have already 2 vcenter servers with version 5.5 and one license Essentials Plus and other essentials. both are running on 5.5 and separate servers.

    I have installed vCenter Server with an Embedded Platform Services Controller. can I add both vcenter hosts (6 hosts) to the new vcenter server 6.0 with licenses?

    Regards,
    Danushka

    Reply
    1. Jonathan McDonald

      It is not recommended to configure Enhanced Linked Mode with Embedded Platform Services Controllers. As long as you have the licenses however, it is possible to do it, but backup is not easy. See KB 2108548 for details on what we recommend and backup strategies for each.

      What I recommend is configuring an external PSC, and then configuring the vCenters to point to that PSC. If you need HA it becomes more complex, so take a look at the KB for supported architectures I mention above. Unfortunately once deployed, you need to reinstall to change modes.

      Cheers,
      /Jonathan

      Reply
  6. Pingback: Homelab update to vSphere 6.0 - Get Virtual

  7. Scott

    Jonathan,

    Has anyone tried using a DNS CNAME in lieu of Load Balancers for the external PSC’s? Theoretically you could just point a CNAME at a single PSC “A” record for the vCenter devices and when that one failed you could manually change DNS and be up. This way you could lose the complexity/cost of a LB device but gain redundancy with some simple DNS changes…

    Thanks!
    Scott

    Reply
  8. Pingback: Tips for vSphere Datacenter Design — Plus More Top Posts from VMware Professional Services | VMware Education and Certification Blog - VMware Blogs

  9. Pingback: Installing vSphere 6 | vNoob

  10. John Mackessy

    Hi Johnathon,

    Hopefully this is a quick question…

    We currently have 4 5.5 vCenters with “embedded\internal SSO” using linked mode. We want to end up with 4 vCenters using external PSC and in linked mode.

    From the documnetation and upgrading it seems one can only upgrade SSO internal to embedded PSC. And then there is a tool on vCenter 6 U1 to move it to external for one vCenter. But this doesnt seem to allow you to complete this process for all four and then rejoin them to a linked mode….From what I have read.

    Is there a way to complete this without rebuilding 5.5 as external SSO and then upgrading or have i misunderstood the documentation?

    Thanks
    John

    Reply
    1. Jonathan McDonald

      Unfortunately the tool requires that the PSC’s be in the same domain at this point, therefore i am not sure that it will work as you mention. Only way would be to try it. If it doesn’t work, than you would need to do the conversion to external on the 5.5 side prior to upgrading.

      Reply
    1. Jonathan McDonald

      No, unfortunately for Auto Deploy in this release it is included as a part of the vCenter installation whether it is a part of the vCenter for windows or vCenter appliance installs. There is no way that it can be separated in this release.

      Cheers,
      /Jonathan

      Reply
  11. Kamal Halder

    Hi Jonathan,

    In our environment have 5.5 VC and ESXi hosts. Also SRM and VSAN are configured. Could please suggest me if any extra prerequisites are required to convert the environment from 5.5 to 6.0
    Please let me if required any further information from my end.

    Thanks,
    Kamal Halder

    Reply
    1. Jonathan McDonald

      I am not familiar with the prerequisites for SRM , so I can’t speak to that. For Virtual SAN however, it should be as simple as upgrading vCenter and the hosts. Virtual SAN volumes from 5.5 are still supported between releases. The only thing that I believe you would need to do is to upgrade the volume once each host is upgraded to v6. You can even do this in the GUI if i recall, if you are on Virtual SAN 6.2/vSphere 6.0U2.

      Reply
  12. Pingback: Vcenter High Availability | mastersofpublicpolicyonline.com

  13. Pingback: Datacenter License | toptencreditcardcompanies.com

  14. Pingback: Datacenter Architecture | requirementsforcheckingaccount.com

  15. Aldulaimi

    Hi Jonathan,,

    We are planning to have 2 sites, one production and the other as a DR, each with it’s own vCenter. Would you recommend the 2 vCenters linked (Installing vCenter with external PSC)?

    Reply
    1. Andres R

      Hi Aldulaimi,
      Im in the same stage as you are, I already have a datacenter1 2 platform services controllers in Ha mode (behind F5) for a vCenter appliance
      Now I need to deploy to my datacenter2 the same setup but I want them to be link and use enhanced link mode in a single SSO domain.
      Is this possible???

      Reply
    2. nicolas

      hello

      i already have two datacenter, one active site and one dr sute. each one with his own vcenter 5.5 in link mode

      i wonder how i can upgrade in v6 with the same design ??

      Reply
  16. Pingback: BCDR Some Things to Consider When Upgrading DR Solutions - VMware Blogs

  17. Daniel

    From my googling, it would appear that I’m in a similar boat to a lot of people. I have two datacenters: Primary and DR. In 5.5 they were embedded SSO in linked mode. The linked mode is nice, because we do a lot of stage & dev work at the DR site, then migrate the machines to production.

    We upgraded both to 6 using vCenter with embedded PSC (the most similar topology to what we had before). Now I’m stuck. Do I just go ahead and link them like before? Do I not do that and instead work on backing out of the current configuration? If so, how?

    I stare at the following note on my desk pretty much every day:

    Set to linked? Convert to Appliance?

    Any advice would be fantastic.

    Reply
    1. john Howell

      Ive got a similar situation, originally a datacenters vSphere environment was to be isolated, and small, only three hosts, so was installed with an integrated PSC-vCentre and has NSX installed. Now want to expand and use linked mode and work with a new extenal PSC and vCenter to be installed at a second DC, also has NSX installed.
      Is the best option really to just set up a new external PSC and VC linked to the one in the new DC, and migrate the hosts over to it?

      Reply
  18. Erwin Zoer

    Hi Jonathan,

    If one reads the article, some of the options (Enhanced Linked Mode with an External Platform Services Controller with High Availability (Recommended) and Enhanced Linked Mode with Embedded Platform Services Controllers (Not Recommended)) are listed as part of the drawbacks of the previous option. This makes the article somewhat confusing. I just thought I’d point that out.

    Best regards,

    Erwin Zoer

    Reply
  19. Bruno Guerra

    Hi. I have 2 sites with one external PSC and one vCenter each site. They all are in version 6.0. How do I upgrade them to 6.5?
    I need to update first the PSC from both sites and then update the vCenters?

    Thank you.

    Reply
  20. Erik

    I’m curious about the One to Many aspect of PSC. The way our organization is broken up, we need many vCenter Servers, but we expect that the footprint while widely spread, only needs the two redundant PSCs. I’m considering up to 6 vCenters with up to 700 VMs per vCenter… all still within the same Data Center.

    Would this be advisable? Or would we want a higher density of PSCs to vCenters?

    Reply
  21. Glennn

    (5.5 to 6.0)

    Hi All:

    First I was set to use the Embedded PSC model on PROD and DR but that is not recommended by VM. Then I rewrote the design doc to use 1 External PSC but that is not recommended by SRM so a bit confused now.

    Will the 2 x Embedded work with SRM (no Linked Mode) or am I forced to go with 2 External and an LB per Andres Jimenez issue?

    Does SRM negate the need for EHL/ or vice versa ? It seems to me the perform relatively the same function?

    – Glennn

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*