VMworld 2013: Virtualization Rookie or Pro: Why vSphere is Your Best Choice
SER1166BU VMware vSphere Platform Services …...–Latency between PSCs –Low as possible...
Transcript of SER1166BU VMware vSphere Platform Services …...–Latency between PSCs –Low as possible...
Jishnu Surendran ThankamaniAgnes James
SER1166BU
#VMworld #SER1166BU
VMware vSphere Platform Services Controller Housekeeping Strategies – Expert Talk
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
1 Know more about PSC
2 Right decisions at right time
3 Know what to do, what not to do
4 Safe recovery
#SER1166BU CONFIDENTIAL 3
VMworld 2017 Content: Not fo
r publication or distri
bution
1 Know more about PSC
2 Right decisions at right time
3 Know what to do, what not to do
4 Safe recovery
#SER1166BU CONFIDENTIAL 4
VMworld 2017 Content: Not fo
r publication or distri
bution
VMware
Certificate
Authority
Single Sign-On
Infrastructure Services Offered by PSC
5
Platform Services Controller
VMDir
VMware Certificate
authority
IDMD
STS
LookupService
SSOAdmin
Service Registration
Service Name
Service product
Service Type
Site ID
Node ID
Owner ID
End Point(s)
Type
Protocol
URL
SSL Trust /Anchor points
Attributes
#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Certificates
6
VECS
VECS
#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
1 Know more about PSC
2 Right decisions at right time
3 Know what to do, what not to do
4 Safe recovery
#SER1166BU CONFIDENTIAL 7
VMworld 2017 Content: Not fo
r publication or distri
bution
Topology Based Best Practices
• Embedded PSC
– Expected to be simple topology with easy maintenance
– Availability management is a matter of protecting a single machine
• VCHA
• External PSC
– Expected to used with multiple vCenter involved
– Availability management based on Load balancer options
– When more than one PSCs involved replication becomes the point of interest
– Maintain same build of PSCs
– Use sites to group PSCs in multiple HA groups – PSCs behind load balancer
– Latency between PSCs – Low as possible
8#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Configuration Maximums
• Max number of PSCs supported in replication – 8 (6.0), 10 ( 6.5)
• Max number of PSCs behind load balancer – 4
• Maximum vCenters in single SSO domain – 10 ( 6.0 & 6.5 ), 15 ( 6.5 U1)
• Group membership per user for best performance : 1015
9#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Factors for Design Decisions
10
Area Choices Justification Implication
Deployment
topology
EmbeddedReduced resource utilization for Management. VCHA availability need on PSC as well
VCs in linked mode is not a supported topology
External Multi-VC and Single Management access More VMs to manage
SSO Domain
One Share Authentication and license data across components and regions/Disposable PSC.
More than oneEmbedded PSCs/Replication requirements are not met
Separate availability/Management practice
Replication
Topology
LinearNo manual intervention. Agreements made in deployment order
Single point of failure possible in more than two PSC case
Ring Each PSC with two replication partnersCommand-line interface must be used
PSC HA
Stand by PSC without Load balancer
Load balancer management overhead is a constraint/Manual Failover acceptable
Manual repointing on PSC failure
Two PSC behind a load balancer High availability Administrative overhead
vSphere HA VM/Platform level failures
#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
More Options
• SSH access – Disable/Enable
• Certificates – Custom/VMCA/VMCA as Subordinate ( Hybrid recommended )
• TLS configurator – http://kb.vmware.com/kb/2147469
• Patching – Update using updaterepo.zip bundles / Full Product and VIMpatch iso
• NTP – Sync from ESXi / NTP server
11#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
References for Architectural Decisions
• VMware Validated Design
• vSphere Topology Decision Tree Poster
• Topology upgrade planning tool
• VMware Digital Marketing whitepaper
12#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
1 Know more about PSC
2 Right decisions at right time
3 Know what to do, what not to do
4 Safe recovery
#SER1166BU CONFIDENTIAL 13
VMworld 2017 Content: Not fo
r publication or distri
bution
Do's and Don'ts
14
Do’s:
• Best practice and FAQ reviews
• Be aware of health monitoring options
• Backup and restore points before any
change
• Know the complexity of implementation
• Ensure minimum one PSC availability
for vSphere domain and site
Don’ts:
• Unmanaged decommission procedure –
Delete the Appliances directly
• Snapshot revert and backup restore of
Single PSC when replication involved
• Using same vSphere domain name and
Active directory domain name
• Make replication agreement between PSC
of different SSO domains
• PSC PNID change
#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Health Check Options and Maintenance
GUI
15
Two almost identical GUI to manage PSC
CPU and Memory stats
Storage Stats
Network StatsVMworld 2017 Content: N
ot for publicatio
n or distribution
Health Check Options and Maintenance
Commands:
16
Solution users
Information about nodes
Service registrations
Replication quick status
Replication Detailed Status
PSC used by VC
VMworld 2017 Content: Not fo
r publication or distri
bution
Managing Complexity of Implementation
• Know the site topology
• Service registration to Site mapping
• Know the Replication agreements
• VC to PSC dependency
Disclaimer: Please take extreme caution when connecting to the vmdird database, this is primarily for educational purposes. You should take extreme care in making changes while in the database else you can negatively impact your environment.
17
VMworld 2017 Content: Not fo
r publication or distri
bution
Services list empty for a search with decommissioned PSC machine nameList of nodes from GUI
Search for Endpoint URLs with node name, it should be no match
Before After
Two solution users reduced
Before After
List of nodes
Unregister command execution
Additional validation while decommissioning a PSC
Ensure all VCs are pointing to a PSC other than the one getting decommissioned
Decommission PSC psc01a.vcloud.local
Before After
Solution users list
Unregister from respective source solution
Along with VC one of the NSX manager also can to be decommissioned
Decommission NSX associated with VC
Empty service list for a search using decommissioned VC nameList of nodes in GUI post decommission of vc2
Search for Endpoint URLs with node name, it should be no match
Before After
Node list from command line
Before After
Four Solution users reduced
Unregister command execution
KB article to decommission VC/PSC nodeshttp://kb.vmware.com/kb/2106736
Search for Endpoint URLs with node name
Save the output to a file and review
OR
Review output directly piping to less
List of nodes from command lineSolution users from command lineList of vCenters in Inventory
List of Solution UsersList of services from the node by searching with node name
Decommission vc2.vcloud.local
List of nodes from GUI
Decommission - Demo
18
VMworld 2017 Content: Not fo
r publication or distri
bution
Certificate Replacement
19
Machine certificate of node as End point’s SSL trust in service registrations
VMworld 2017 Content: Not fo
r publication or distri
bution
1 Know more about PSC
2 Right decisions at right time
3 Know what to do, what not to do
4 Safe recovery
#SER1166BU CONFIDENTIAL 20
VMworld 2017 Content: Not fo
r publication or distri
bution
Backup Plan
• Image level backup and File level backup (vSphere 6.5)
• Snapshots before changes – temporary restore points
• Keep a copy of lstool.py list output for reference
Special consideration of restore when replication is involved:
– Use powered off state snapshot of PSCs created together to revert changes.
#SER1166BU CONFIDENTIAL 21
VMworld 2017 Content: Not fo
r publication or distri
bution
Quick Recovery Options
• Repoint VC to available PSC at the same site
• Quick temporary PSC deployment
• Image based restore with two methods (6.0):
– psc_restore
– psc_restore with --ignore-sync
• File based backup and Image based backup (6.5):
– /usr/bin/vcenter-restore
#SER1166BU CONFIDENTIAL 22
VMworld 2017 Content: Not fo
r publication or distri
bution
23
1 Know more about PSC
2 Right decisions at right time
3 Know what to do, what not to do
4 Safe recovery
#SER1166BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Q&A
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution