<-Home Page for VMware vSphere 6.x articles
First thing to do in a vSphere 6.x deployment is to understand the new deployment architecture options available on the vSphere 6.0 platform, which is somewhat different from the previous versions of vSphere. The below will highlight key information but is not a complete guide to all the changes..etc. For that I’d advise you to refer to the official vSphere documentation (found here)
Deployment Architecture
The deployment architecture for vSphere 6 is somewhat different from the legacy versions. I’m not going to document all of the architectural deference’s (Please refer to the VMware product documentation for vSphere 6) but I will mention few of the key ones which I think are important, in a bullet point below.
- vCenter Server – Consist of 2 key components
- Platform Service Controller (PSC)
- PSC include the following components
- SSO
- vSphere Licensing Server
- VMCA – VMware Certificate Authority (a built in SSL certification authority to simply certificate provisioning to all VMware products including vCenter, ESXi, vRealize Automation….etc. The idea is you associate this to your existing enterprise root CA or a subordinate CA such as a Microsoft CA and point all VMware components at this.)
- PSC can be deployed as an appliance or on a windows machine
- PSC include the following components
- vCenter Server
- Appliance (vCSA) – Include the following services
- vCenter Inventory server
- PostgreSQL
- vSphere Web Client
- vSphere ESXi Dump collector
- Syslog collector
- Syslog Service
- Auto Deploy
- Windows version is also available.
- Appliance (vCSA) – Include the following services
- Platform Service Controller (PSC)
Note: ESXi remains the same as before without any significant changes to its core architecture or the installation process.
Deployment Options
What’s in red below are the deployment options that I will be using in the subsequent sections to deploy vSphere 6 u1 as they represent the likely choices adopted during most of the enterprise deployments.
- Platform Services Controller Deployment
- Option 1 – Embedded with vCenter
- Only suitable for small deployments
- Option 2 – External – Dedicated separate deployment of PSC to which external vCenter(s) will connect to
- Single PSC instance or a clustered PSC deployment consisting of multiple instances is supported
- 2 options supported here.
- Deploy an external PSC on Windows
- Deploy an external PSC using the Linux based appliance (note that this option involves deploying the same vCSA appliance but during deployment, select the PSC mode rather than vCenter)
- PSC need to be deployed first, followed by vCenter deployment as concurrent deployment of both are NOT supported!
- Option 1 – Embedded with vCenter
- vCenter Server Deployment – vCenter Deployment architecture consist of 2 choices
- Windows deployment
- Option 1: with a built in Postgre SQL
- Only supported for a small – medium sized environment (20 hosts or 200VMs)
- Option 2: with an external database system
- Only external database system supported is Oracle (no more SQL databases for vCenter)
- This effectively mean that you are now advised (indirectly, in my view) to always deploy the vCSA version as opposed to the Windows version of vCenter, especially since the feature parity between vCSA and Windows vCenter versions are now bridged
- Option 1: with a built in Postgre SQL
- vCSA (appliance) deployment
- Option 1: with a built in Postgre SQL DB
- Supported for up to 1000 hosts and 10,000 VMs (This I reckon would be the most common deployment model now for vCSA due to the supported scalability and the simplicity)
- Option 2: with an external database system
- As with the Windows version, only Oracle is supported as an external DB system
- Option 1: with a built in Postgre SQL DB
- Windows deployment
PSC and vCenter deployment topologies
- Refer to the VMware KB at http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2108548 for various supported topologies.
Certificate Concerns
- VMCA is a complete Certificate Authority for all vSphere and related components where the vSphere related certificate issuing process is automated (happens automatically during adding vCenter servers to PSC & adding ESXi servers to vCenter).
- For those who already have a Microsoft CA or a similar enterprise CA, the recommendation is to make the VMCA a subordinate CA so that all certificates allocated from VMCA to all vSphere components will have the full certificate chain, all the way from your Microsoft root CA(i.e. Microsoft Root CA cert->Subordinate CA cert->VMCA Root CA cert->Allocated cert, for the vSphere components).
- In order to achieve this, the following steps need to be followed in the listed order.
- Install the PSC / Deploy the PSC appliance first
- Use an existing root / enterprise CA (i.e. Microsoft CA) to generate a subordinate CA certificate for the VMCA and replace the default VMCA root certificate on the PSC.
- To achieve this, follow the VMware KB articles listed here.
- Once the certificate replacement is complete on the PSC, do follow the “Task 0” outlined here to ensure that the vSphere service registrations with the VMware lookup service are also update. If not, you’ll have to follow the “Task 1 – 4” to manually update the sslTrust parameter value for the service registration using the ls_update_certs.py script (available on the PSC appliance). Validating this here can save you lots of headache down the line.
- Now Install vCenter & point at the PSC for SSO (VMCA will automatically allocate appropriate certificates)
- Add ESXi hosts (VMCA will automatically allocate appropriate certificates)
Key System Requirements
- ESXi system requirements
- Physical components
- Need a minimum of 2 CPU cores per host
- HCL compatibility (CPU released after sept 2006 only)
- NX/SD bit enabled in BIOS
- Intel VT-x enabled
- SATA disks will be considered remote (meaning, no scratch partition on SATA)
- Booting
- Booting from UEFI is supported
- But no auto deploy or network booting with UEFI
- Local Storage
- Disks
- Recommended for booting from local disk is 5.2GB (for VMFS and the 4GB scratch partition)
- Supported minimum is 1GB
- Scratch partition created on another local disk or RAMDISK (/tmp/ramdisk) – Not recommended to be left on ramdisk for performance & memory optimisation
- USB / SD
- Installer DOES NOT create scratch on these drives
- Either creates the scratch partition on another local disk or ramdisk
- 4GB or larger recommended (though min supported is 1GB)
- Additional space used for the core dump
- 16GB or larger is highly recommended
- Prolongs the flash cell life
- Disks
- Physical components
- vCenter Server System Requirements
- Windows version
- Must be connected to a domain
- Hardware
- PSC – 2 cpu / 2GB RAM
- Tiny environment (10 hosts / 100 VM- 2 cpu / 8GB RAM
- Small (100 hosts / 1000 VMs) – 4 cpus / 16GB RAM
- Medium (400 hosts / 400 VMs) – 8cpus / 24GB RAM
- Large (1000 hosts / 10000 VMs) – 16 cpus / 32GB RAM
- Appliance version
- Virtual Hardware
- PSC- 2 cpu / 2GB RAM
- Tiny environment (10 hosts / 100 VM- 2 cpu / 8GB RAM
- Small (100 hosts / 1000 VMs) – 4 cpus / 16GB RAM
- Medium (400 hosts / 400 VMs) – 8cpus / 24GB RAM
- Large (1000 hosts / 10000 VMs) – 16 cpus / 32GB RAM
- Virtual Hardware
- Windows version
In the next post, we’ll look at the key deployment steps involved.