VMworld 2014: vCenter Server Architecture and Deployment Deep Dive
1. vCenter Server Architecture and
Deployment Deep Dive
INF2311
Justin King, VMware
Harish Niddagatta, VMware
Robert Perugini, VMware
2. Disclaimer
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
CONFIDENTIAL 2
5. CONFIDENTIAL 5
vCenter Server Configuration Options
ISSSO Web
1 VM/Host
2 VMs/Hosts
ISWebSSO
ISSSO Web
4 VMs/Hosts
Sufficient for most environments
Easiest to maintain and deploy
Large customers with numerous vCenter Servers
Reduces footprint by sharing SSO across vCenter Servers
Most complex to maintain and deploy
Some customers have experienced performance issues with
Inventory Service and vCenter in separate VMs
5.1 and 5.5
5.0
One configuration for all environments
6. CONFIDENTIAL 6
Configuration #1 - Single vCenter Server 5.5
VC Database
vCenter Server Host or VM
vCenter
Server
SSO Server
Web Client
Inventory Service
Use Simple Installer
Installs / Upgrades core components with
a single virtual machine
1. vCenter Single Sign-On
2. vSphere Web Client
3. vCenter Inventory Service
4. vCenter Server
§ No change to architecture
§ All services are local
• Reduced complexity
§ Supports 1-1000 Hosts /
1-10,000 Virtual Machines
7. CONFIDENTIAL 7
Configuration #1 - Multiple vCenter Server 5.5
By Default
§ Each site is independent
§ Does not provide a single pane of glass view
§ SSO builtin replication
§ SSO Users & Groups
§ SSO Policies
§ Identity sources
§ Use custom installer to expend vSphere.local domain
§ Linked Mode
§ Maintains single pane of glass
§ Replicates Licenses, permissions and roles
vCenter Server
vCenter
Server
New York
vCenter Server
vCenter
Server
Miami
vCenter Server
vCenter
Server
Web Client
Inventory Svc
SSO Server – vsphere.local
Los Angeles
Web Client
Inventory Svc
Web Client
Inventory Svc
SSO
Site
1
SSO
Site
2
SSO
Site
3
Single
SSO
Authen0ca0on
Domain
8. CONFIDENTIAL 8
Configuration #2 – Centralized Single Sign-On Server 5.5
A Datacenter with 3 or more solutions
Centralized SSO authentication
– Same Physical location
Availability (Required)
– vSphere HA
– Network Load Balancer
Solution 2
vCenter
Server 5.5
SSO
Server
Web Client
vCenter SSO
Server 5.5
Database
Server
VCDB1,VCDB2
Solution 3
vCloud
Automation
Center
Solution 1
vCenter
Server 5.1
Inventory Svc
Backwards
compa0ble
to
vCenter
Server
5.1
for
staging
of
upgrades
Web Client Web Client
Inventory Svc
9. CONFIDENTIAL 9
Upgrading 5.1 Architecture when Distributed
Upgrade the current vCenter Single Sign-On 5.1 to 5.5
Deploy a new vCenter Single Sign-On server to the vCenter Server or single virtual machine specifying that
vCenter Single Sign-On is an additional instance placing it in the already created vsphere.local security
domain
On the vCenter Server install the vSphere Web Client 5.5 using the local vCenter Single Sign-On instance
On the vCenter Server install the vCenter Inventory Service using the local vCenter Single Sign-On instance
On the vCenter Server install the vCenter Server using the local vCenter Single Sign-On instance
Power off and remove the original separate vCenter Single Sign-On instance
Host or VM
SSO
Host or VM
Web Client
Host or VM
vCenter
IS
Host or VM
vCenter
SSO
Web Client
IS
10. CONFIDENTIAL 10
Utilize a Management Cluster
1. Run multiple vCenter components together on same
virtual machine
• Database excluded (for performance)
2. Recommendations
– 3 vSphere Hosts (minimum)
– Enable vSphere HA
• Enable VM Monitoring
– Enable DRS
• Affinity / Anti Affinity Rules
– Understand and configure service dependency order
vCenter
Server (2)
vSphere
Update
Manager
Site
Recovery
Manager
Management Cluster
vCenter
Server (1)
Database
Server
vCenter
Operations
Log Insight
vCenter
Orchestrator
vCAC
13. CONFIDENTIAL 13
Simple Install • Simple Install Changes
– Added Web Client
– Installer Order changes
5.1
Single Sign-On
Inventory Service
vCenter
5.5
Single Sign-On
vSphere WebClient
Inventory Service
vCenter
§ Why?
• In the rare case SSO goes wrong, users can log into Web
Client and troubleshoot
• Simple Install puts all components in a single server
• VMware’s suggested best practice
14. CONFIDENTIAL 14
Custom Install • Why would you run this?
– Distribute services across
multiple servers
• Customize location
• Advanced configurations
• E.g. additional vCenter servers
1 2 3 4
Order of Installation
15. CONFIDENTIAL 15
vCenter Single Sign-On Recomendations
• Embedded vCenter Single Sign-On reduces complexity
– Up to 8 instances peer to peer
– 12ms Latency
• Same vSphere.local domain
– Single point of administration
• Centralized vCenter Single Sign-On
– 3 or more Solutions (vCenter, vCAC, etc)
– Redundancy required (HA, NLB)
– Single pane of glass (per central instance)
• All configurations
– Backup each instance
– Recovery of additional instances may require manual re-sync (if changes were made)
• Worst case, redeploy new and reregister solutions
16. CONFIDENTIAL 16
Choose the correct deployment option!
The installation choices of the vCenter Single Sign-On will dictate how SSO functions
• Middle Radio Button – Merges Lookup Services – For SSO HA, requires loadbalancer
• Bottom Radio Button – Configures new Lookup Services – For multiple deployments
• http://kb.vmware.com/kb/2058239 and http://kb.vmware.com/kb/2058249
17. CONFIDENTIAL 17
What Is the vCenter Server Inventory Service?
Maintains a cache of the vCenter Server
inventory
– (VMs, Hosts, etc)
Reduces the load on VPXD by offloading client
requests
Installs locally to vCenter Server (do not install
to a separate virtual machine)
– Separate spindles or SSD (better)
Enables use of Tags
Enables Storage Based Policy Management
– Remember to backup Inventory service data files
to provide recovery of tags and SBPM
Inventory Service provides a query service for the web client
18. CONFIDENTIAL 18
vSphere Clients
vSphere Web Client (use this)
– Primary client for vSphere administrators
– Matched functionality to legacy VI Client
– New functionality available only thru the Web Client
– Browser based on Windows and Mac
– Install local to vCenter Server
• If installing to alternative drive, enable 8.3 paths
vSphere Client (not this)
– Available with legacy features
– Use it for all supported host client functionalities
– Update Manager Remediation
– Added HW10 support (5.5 Update 2)
20. CONFIDENTIAL 20
VMware Platform Services
ISSSO Web
1 VM/Host
2 VMs/Hosts
ISWebSSO
ISSSO Web
4 VMs/Hosts
Single Sign-On (SSO)
5.1 – 1st release of platform services (SSO 1.0)
5.5 – 2nd release of platform services (SSO 2.0)
5.1 and 5.5
5.0
No Platform Services
21. CONFIDENTIAL 21
VMware Platform Services Controller
We’re adding additional services
No longer just Single Sign-On
Platform Services Controller includes a set of common
infrastructure services that are used by the vCloud Suite
(vCenter, vCAC, vCOPS, etc)
• Single Sign-On (SSO)
• Licensing
• Certificate Authority
• Certificate Store
• Service (Product) Registration
• Other Services will be added in future releases
Platform Services Controller supports data replication
Platform
Services
Controller Platform
Services
Controller
Platform
Services
Controller
22. CONFIDENTIAL 22
vCenter Server – Embedded PSC vs. External PSC
vCenter Server with Embedded PSC
• Sufficient for most environments
• Easiest to maintain and deploy
• Supports up to 8 vCenter Servers
• Supports embedded & external vCenter DB
• Supports Windows & Appliance
vCenter Server with External PSC
• For larger customers with numerous vCenter
Servers
• Reduces footprint by sharing Platform Services
Controller across several vCenter Servers
• Recommended for 3+ vCenter Servers per site
• Supports embedded & external vCenter DB
• Supports Windows & Appliance
PSC vCenter
vCenterPSC
23. CONFIDENTIAL 23
vCenter Server – Embedded Configuration
5.1 & 5.5
vSphere Tech Preview
Configuration isn’t changing, we’re just adding more services
VCSSO VCSSO VCSSOVCSSO
VCPSC VCPSC VCPSCVCPSC
25. CONFIDENTIAL 25
vCloud Suite Embedded And External Configurations
Embedded PSC
External PSC
Extending this concept to the rest of the vCloud Suite
VCPSC vCACPSC
PSC
VC vCOPs VCOVC vCAC
26. CONFIDENTIAL 26
Growth – Transition from “Embedded PSCs” to “External PSCs”
• Supports “Embedded” and “External” in the same SSO Domain
• Hybrid configuration – Windows and Appliance
SAN FRANCISCO
VC
PSC
vCAC
VCPSC
vCOpsPSC
vCACPSC
VCPSC
NEW YORK LONDON SINGAPORE
VCPSC
VCPSC
VC
LONDON
28. CONFIDENTIAL 28
vCenter Server Tech Preview - Install For Windows
One installer
Choose deployment type
All input up front & validated
Pre-Check functionality
• Min CPU/Memory/Disk
requirements
• Internal/External Ports Availability
• OS/DB support check
Scripted Install for Advanced
Administrators
29. CONFIDENTIAL 29
vCenter Server Tech Preview - Appliance Install
New Guided Install
Choose deployment type
All input up front & validated
Pre-Check functionality
Scripted Install for Advanced
Administrators
30. CONFIDENTIAL 30
vCenter Server Upgrade: 5.0 to Tech Preview
5.0 Tech Preview
Tech Preview5.0
vCenter PSC
To External PSC
(pre-requisite: PSC must exist)
Step 1: Install PSC
vCenter PSCTo Embedded PSC
Step 2: Upgrade 5.0 to .Next
31. CONFIDENTIAL 31
vCenter Server – 5.1 / 5.5 Upgrade to Tech Preview
5.1 / 5.5 Tech Preview
ISSSO Web
1 VM/Host
To Embedded PSC
To External PSC
Step 1: Upgrade SSO to PSC
Step 2: vCenter Server to Tech
Preview
vCenter PSC
2 VMs/Hosts
ISWebSSO vCenter PSC
Separate Web Client and Inventory Service migrated to vCenter
ISSSO Web
4 VMs/Hosts
vCenter PSC
32. CONFIDENTIAL 32
vCenter Server Appliance Improvements
Metric Windows Appliance*
Hosts per VC 1k ✔
Powered on VMs per VC 10k ✔
Hosts per cluster 64 ✔
VMs per cluster 6k ✔
Linked Mode 10 ✔
* Single instance VC with embedded vPostgres
33. CONFIDENTIAL 33
Comparing Linked Mode (LM) and Enhanced Linked Mode (ELM)
vSphere 5.5 (LM) Tech Preview (ELM)
vCenter for Windows Yes Yes
vCenter Server Appliance No Yes
Single Sign On Yes Yes
Single Inventory View Yes Yes
Single Inventory Search Yes Yes
Replication Technology Microsoft ADAM Native
• Roles and Permissions Yes Yes
• Licenses Yes Yes
• Policies No Yes
• Tags No Yes
34. CONFIDENTIAL 34
Clients Update
Use case vSphere Web Client vSphere Client
vCenter management ✔ ✔
Host management ✔ ✔
ESXi patch updates ✖ ✔
Hardware version 9-11 ✔ ✔*
New features ✔ ✖
* Read only access
37. Fill out a survey
Every completed survey is entered into a
drawing for a $25 VMware company store
gift certificate
38. vCenter Server Architecture and
Deployment Deep Dive
INF2311
Harish Niddagatta
Sr. Product Manager, vCenter Install And Upgrade
harishn@vmware.com
Bob Perugini, Sr. Product Manager, Suite Install And Upgrade
rperugini@vmware.com
Justin King
Architect, Technical Product Manager
justinking@vmware.com