Configuring Platform Service Controller HA in vSphere 6.5
search cancel

Configuring Platform Service Controller HA in vSphere 6.5

book

Article ID: 336275

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides information on configuring Platform Service Controller High Availability in a vSphere 6.5 (PSC HA 6.5) environment that has been installed or upgraded from vSphere 5.5 or 6.0.

For information on configuring Platform Service Controller High Availability in vSphere 6.7, see Configuring Platform Service Controller HA in vSphere 6.7

Environment

VMware vCenter Server 6.5.x

Resolution

Notes:
Available supported Installation, Upgrade and, Migration paths:

New environment installation

Configuring vSphere 6.5 Platform Service Controllers for High availability for a new vSphere 6.5 installation with SSL pass through

  1. Install the primary external Platform Services Controller node.
  2. Deploy the secondary SSO node as a replication partner to the primary Platform Service Controller node.
  3. Create a new machine SSL certificate. For more information, see:
  4. Configure the load balancer. For more information, see:
  5. Run the configuration scripts on the Platform Service Controllers. For more information, see
  6. Verify the machine Certificate:
    • Windows vCenter Server - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • vCenter Server Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
       
  7. Verify the Load Balancer is presenting the same certificate, for more information see To validate the PSC HA in vCenter Server 6.5.
    • Platform Services Controller - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • Platform Services Controller Appliance - openssl s_client -connect SSOLB.vmware.local:443
  8. Install the vCenter Server using the Load Balancer virtual IP for the Platform Service Controller when prompted.

Upgraded environment

Configuring Platform Services Controller High Availability after upgrading from vSphere 5.5 to 6.5 with SSL pass through

 

  1. Verify the Load Balancer configuration. For more information, see:
  2. Upgrade the Single Sign-On 5.5 Platform Services Controller 6.0 nodes to 6.5 sequentially.
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify if vCenter functionality is still available.
  5. Upgrade vCenter Server to 6.5.

Configuring Platform Services Controller High Availability upgrading from vSphere 6.0 to 6.5 with SSL pass through

  1. Upgrade the Platform Services Controller 6.0 nodes to 6.5.
  2. Create a new machine SSL certificate. For more information, see:
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify the Load Balancer configuration/ For more information, see:
  5. Verify vCenter functionality is still available.
  6. Upgrade vCenter Server nodes.
  7. Verify the machine Certificate:
    • Platform Services Controller - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • Platform Services Controller Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
       
  8. Verify the Load Balancer is presenting the same certificate:
    • Windows vCenter Server - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • vCenter Server Appliance - openssl s_client -connect SSOLB.vmware.local:443

Configuring Platform Services Controller High Availability upgrading from vSphere 6.0 to 6.5 Update 1 with SSL termination

  1. Upgrade the Platform Services Controller 6.0 nodes to 6.5 U1.
  2. Create a new machine SSL certificate. For more information, see:
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify the Load Balancer configuration/ For more information, see:
  5. Verify vCenter functionality is still available.
  6. Upgrade vCenter Server nodes.

Migrated Environment

Configuring Platform Services Controller High Availability migrating a 5.5 vCenter Server to vCenter Server Appliance 6.5 with SSL Pass through

  1. Verify the Load Balancer configuration. For more information, see:
  2. Migrate the Platform Services Controller 5.5 nodes to 6.5.
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify if vCenter functionality is still available.
  5. Migrate vCenter Server to vCenter Server Appliance 6.5.

Configuring Platform Services Controller High Availability migrating a 6.0 vCenter Server to vCenter Server Appliance 6.5 with SSL Pass through

  1. Migrate the Platform Services Controller 6.0 nodes to 6.5.
  2. Create a new machine SSL certificate. For more information, see:
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify the Load Balancer configuration. For more information, see:
  5. Verify if vCenter functionality is still available.
  6. Migrate vCenter Server nodes.
  7. Verify the machine Certificate:
    • Windows vCenter Server - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • vCenter Server Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
       
  8. Verify the Load Balancer is presenting the same certificate:
    • Platform Services Controller - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • Platform Services Controller Appliance - openssl s_client -connect SSOLB.vmware.local:443

 

  1. Verify the machine Certificate:
    • Platform Services Controller - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • Platform Services Controller Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
       
  2. Verify the Load Balancer is presenting the same certificate:
    • Windows vCenter Server - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • vCenter Server Appliance - openssl s_client -connect SSOLB.vmware.local:443

Configuring Platform Services Controller High Availability migrating a 6.0 vCenter Server to vCenter Server Appliance 6.5 Update 1 with SSL termination

  1. Migrate the Platform Services Controller 6.0 nodes to 6.5 U1.
  2. Create a new machine SSL certificate. For more information, see:
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify the Load Balancer configuration. For more information, see:
  5. Verify if vCenter functionality is still available.
  6. Migrate vCenter Server nodes.
  7. Verify the machine Certificate:
    • Windows vCenter Server - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • vCenter Server Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
       
  8. Verify the Load Balancer is presenting the same certificate:
    • Platform Services Controller - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • Platform Services Controller Appliance - openssl s_client -connect SSOLB.vmware.local:443

 

  1. Verify the machine Certificate:
    • Platform Services Controller - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • Platform Services Controller Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text
       
  2. Verify the Load Balancer is presenting the same certificate:
    • Windows vCenter Server - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • vCenter Server Appliance - openssl s_client -connect SSOLB.vmware.local:443


Additional Information

Configuring Platform Service Controller HA in vSphere 6.7
Configuring Netscaler Load Balancer to provide the PSC 6.5 High Availability
Configuring F5 BIG-IP Load Balancer for use with vSphere Platform Services Controller (PSC) 6.5
How to configuring NSX Edge Load Balancer for use with PSC 6.5
Configuring PSC Appliance for High Availability in vSphere 6.5
Configuring Windows PSC for High Availability in vSphere 6.5
Important information before upgrading to vSphere 6.5
Configuring certificates for Windows Platform Services Controller for High Availability in vSphere 6.5
Configuring certificates for PSC for High Availability in vSphere 6.5
Deploying or Installing an additional Platform Service Controller 6.0 Update 1b fails during vmafd firstboot
vSphere 6.5 での Platform Service Controller HA の構成
在 vSphere 6.5 中配置 Platform Services Controller HA
Konfigurieren von Platform Services Controller HA in vSphere 6.5

Powered by Wolken Software