Greetings friends, I told you exactly a year ago about the new HA that VMware had included in vSphere 6.5 for vCenter, you can browse the article here if you continue in vSphere 6.5.
Today I bring you the updated article for vSphere 6.7 Update 1 and later, since now everything is done from the HTML 5 Client, aka vSphere Client.
What is vCenter HA, and why is it important?
The HA for our vCenter Appliance was announced a year ago. This new HA allows us to add extra protection to our most critical element in any VMware Infrastructure, the vCenter. For years we have had to use HA on SQL Server, and manage to give a HA to services on Windows, but it has never been fully supported by VMware, and they have always recommended using its basic HA function, which is nothing more than lifting the VM on another Host.
But since VMware vSphere 6.5, VMware already brings native HA for vCenter, only for the Linux appliance, not supported for Windows since this implementation is already in End-of-Life, besides configuring it is a job that will take just a few minutes, and suitable for any level of Admin VMware.
How to enable HA in VCSA 6.7 U1 – vSphere Client
We will move to our vCenter in the view of Hosts and Clusters and press on Configure, once there we will go down to the new option called vCenter HA and press on Set up vCenter HA
Previously in the Flash client, we were offered options to configure VCSA HA, Basic mode and Advanced, now everything has been simplified and unified, so that it automatically creates the NIC, the names of the VCSA witness and peer, and so on.
The first step we have to configure is the network we want for our vCenter HA, also we will have to configure the parameters for the VM Passive:I have not shown you the so simple steps, since it is a question of selecting the resources as they are names, and disks where we want to execute the Passive, besides of course to select the VM of production and the one of HA equal that has our VCSA in production, I leave you the summary of how it remains: It’s time to configure the Witness VM, we’ll still click Edit and although I don’t show you the configuration is really very simple: Once the configuration is finished we’ll see something like the following: Once we click Next, it’s the turn to configure the IPs, as they have their own virtual switch, the range we select will be separate, I recommend you to separate if you can also physically the links of others, switches, etc. We will see the deployment process, for now already shows us our asset as Up, while deploying the Passive and Witness cloning our production VCSA: After about 10/15 minutes, depending on your disks, RAM, CPU, etc, and we can see that our vCenter Server Appliance HA has been configured successfully:
Performing a Failover simulation
In my case I have made a shutdown, button, of the VCSA 6.7 that was like active of the Cluster, to simulate what a real case could be, it has taken me several seconds until the Passive has taken possession of the IP of the vCenter as you can see in this Ping:
C:\>ping vcsa.zimbra.io -t Pinging vcsa.zimbra.io [192.168.1.47] with 32 bytes of data: Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Reply from 192.168.1.47: bytes=32 time=3ms TTL=64 Reply from 192.168.1.47: bytes=32 time=3ms TTL=64
And once the peer becomes active, it has taken about 10 minutes until the vCenter services have returned to be active, first I saw the following message in the browser, that the Failover was in progress, a window that I have appreciated very much because it shows a very clear message 🙂
Once you have finished this window you have started the typical vCenter services boot message that takes the last minutes of the process.If you are in a hurry, or want to know which services are being started, you can view them as follows with service-control -status
service-control --status Stopped: pschealth vmcam vmware-content-library vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-perfcharts vmware-pod vmware-rbd-watchdog vmware-sps vmware-updatemgr vmware-vsan-health vmware-vsm vsan-dps Running: applmgmt lwsmd vmafdd vmcad vmdird vmdnsd vmonapi vmware-analytics vmware-cis-license vmware-cm vmware-eam vmware-postgres-archiver vmware-rhttpproxy vmware-sca vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-vapi-endpoint vmware-vcha vmware-vmon vmware-vpostgres vmware-vpxd-svcs StartPending: vmware-vpxd vsphere-client vsphere-ui
Once all services are up, I have been able to enter my vCenter to check the status of the HA, as I expected, the node that was previously Active now appears in Passive, and has also moved to Passive, while the peer is now Active and is where all operations are being performed, bravo VMware!If we deploy a new Witness node again, or turn on the original VCSA, then we would be left with the following, with the 48 that was passive before being active, and the node that has just been turned on now being passive:
Options for VMware VCSA 6.7 HA
Once we have HA configured we can perform several basic options such as dehsbailitar vCenter HA or remove it completely if we wish:Another option we have to test a Failover in a more orderly way is to use the option that VMware provides us in the consolePress Initiate Failover and press Yes in the window where we are asked if we are safe, we could also force the failover without waiting for the active to shut down correctly and end synchronization (not recommended).
Extra: How to create a New Network for VMware VCSA 6.7 HA
These steps are basic and I don’t think we should mention them, but no less interesting because VMware recommends having a dedicated network for VCSA HA, we will go to our Networking and create a new Network, in my case New Distributed Port Group.I have called it DPortGroup-HA
In the DSwitch-LON I have left everything by default: And I would already have the switch ready If you wanted to create a simple switch, you have the steps in the article for VCSA 6.5 HA.
Extra 2: Disable anti-affinity rules to launch VCSA HA 6.7 U1 on a single ESXi
This little trick comes from William Lam’s Blog, as usual his material is impressive. William, just as I had the need to launch VCSA HA 6.7 in a single ESXi, to do it we have to edit a parameter at vCenter level, as you can see is the value config.vpxd.vcha.drsAntiAffinity
Final Note: This is it, this Blog Post is quite complete, and I recommend you to try it in your lab, if you can complement this new HA with an Appliance Backup strategy, as well as the VMs using Veeam, better than better.
athi1234 says
Any experiences when it comes to updating an VCSA-HA?
jorgeuk says
Hello,
Yes, you can follow the next blog article, Vladan has already written about it https://www.vladan.fr/patch-vcenter-server-appliance-configured-with-high-availability-ha/
Thank you!