vCenter 6.5 Server Architecture & Platform Services | vSphere

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi my name is Adam a curly I'm a senior technical marketing architect with the cloud platform business unit at VMware my name is Ahmad Yunus I'm a senior technical marketing engineer also in the cloud platform business unit here at VMware and today in this video we're going to discuss the vCenter server and platform services controller or PSC 6.5 architecture we're going to cover the platform services controller what's actually being replicated it's common question exactly we're also going to talk about multi master and what does that really mean SSO sites we're going to kind of discuss what is going on with these sites what what they really mean as well and then finally we're going to talk about some scenarios and examples when it comes to this topology and the PSC and how it all fits together so let's get started okay so the first thing we're going to talk about what's actually being replicated right so we've kind of pre-populated some words here at the top and we'll go through them but the first thing is SSO our single sign-on which comprises basically of identity sources so the PSD handles authentication for vCenter server right so we have to be able to configure some sort of authentication resource that we can authenticate again is that why when I log in and I look at my browser it flips from vCenter to the PSC and then after a meet has that authentication piece it flips back to the center and so exactly correct on it so we do we have to proxy all the communicate are all the authentication through the platform services controller so SSO are the SSL configuration comprises of those identity sources which could be active directory we can authenticate to multiple active directories if we have a ADL / LDAP and even open LDAP types of question there you said we can use ad can I point it to a specific ad because that question comes up a lot like specific domain controller yeah so if we do Active Directory over LDAP as our authentication source we can give it a primary and a secondary specific domain controllers to authenticate towards okay that's really good to know yeah or we can join the PSCs to Active Directory and we'll use the computer account to authenticate so that way it just uses the native Active Directory mechanisms to figure out where to authenticate toward now if I have multiple pscs in an SSO domain if I join one of them to Active Directory does that get replicated with all of them join Active Directory not automatically so that's a very important point I'm glad you brought it up so when we join one PSC within the SSO domain two Active Directory we should join all of them so that's a process where I need to go to each PSC ok and actually join it to the Active Directory domain ok and that requires a reboot each time absolutely but once we join those PFCs to the domain and we create an identity source for Active Directory that configuration we only do that once it replicates across gotcha so in same similar principle for tags and tag categories so create a tag one place you can consume in other places we'll talk more about that in a minute custom roles so when we have a good example of this is like a backup application right usually they require some sort of permissions and we can create a custom role just for that backup service account so that is you know we do that once and it replicates out global permissions so this is a new construct in vSphere 6 and higher where we can create a set of permissions at the top level and that'll waterfall down to all of the vCenter servers within the SSO domain and then last is licensing so you know license keys are always a pain right and so now we can put those license keys in one place at the SSO domain layer and they replicate out to all the PS PS and then we can consume them from any vCenter servers so just to kind of button this whole concept up let's say that we each have our own vCenter servers they're in the same as as Oh domain right that's kind of the secret sauce and I'm going to I'm going to create some tags and I want to assign those to some VM so I create those tags I assign them to VM that my be Center server is managing and then you can log into your V Center and those tags will show up for you as well so you can consume those to assign those tags to your VMs ok and then if I wanted to create my own tags I can do so as well and they will appear on your side is that correct that's absolutely correct okay alright so I think we we've got the concept down of what is actually being replicated now this replication has to have some sort of model where you know there's a time or I mean what is the occurrence for this yeah all these things are replicated every 30 seconds so we kind of call that a ripple replication or but it is multi master so one of the important things about this architecture is unlike Active Directory one of the few differences is that we can you know the first PSC that we deploy in the environment there's nothing special about it so we can lose that PSC or any other PFC and it would be exactly the same we don't have like a primary domain controller like what we would have in Active Directory and we can kind of dig into that yeah I think we should and you just kind of brought up multi master so that's a good segue into what is really multi master yeah so let's draw our first PSC within our environment and I think as you know we draw our first PSC here we should also put it in a site let's just since we're out here at HQ let's use some airport codes people can relate to those so we'll say San Francisco okay our SFO is our first site okay now one thing that comes up a lot when we talk to customers is look I don't want to have multiple pscs per site I'm going to just deploy one I think we should go through that scenario and show what's going to happen as we deploy one per site and then talk about what will happen if don't say one fails okay that sounds great all right so now that we have our first one this is our first site and again as we talked about in the previous video a site is a logical boundary and a way to group PSCs so let's create a second PSC in a different site I'll let you pick the site name again okay I'll give my home some love it will say it's IND for Indianapolis should we put some some V Center servers in here as well yeah we should but before you do that we should create the replication agreement the bi-directional replication agreement that happens by default there is nothing you need to do there yeah right because when we when we deploy this second PSC right we are telling it that we're joining an existing SSO domain it asks us for another PSC that we're going to use to replicate with and that's the PSC that will automatically form the replication agreement for you right the only difference here is we told that it's a new site because the first site was s fo now we got IND as a completely new site so you can have different sites within the same SSO domain yep that's a little okay so now let's go ahead and add our V Center servers so we have what we're going to do one or two and H let's let's go to here okay say just one over here okay so I almost feel like we should add another site what do you think yeah I think that's pretty common all right so I'm going to go ahead and add one and let's say NYC used to live there so why not okay so let's talk about this replication agreement briefly sure so again when you deploy your your New York City PSC you have a choice right the wizard asks you for a PFD to replicate with sir why did you choose Indiana in this case well we want to create as few replication agreements as possible we also want to have a nice linear topology and the reason for this is for performance reasons right the PSC is supposed to run Mison and lean but to be honest sometimes this is hard to remember what PSC was you know the last one I deployed to so really would there be an issue if every time I deployed to the first PSC I mean you know if I had another one here and just continuously deploy to SFO yeah their initiative that's pretty common well let's let's explore that so let's again let's let's just draw out my first PSC here PSC number one okay let's deploy how about we do five PSC okay sure that works to carry three four we have five okay okay so yeah and like Ahmad said we're going to create an agreement back towards PSC number one right we're just always going to choose number one very may install wizard see isn't that easy yeah that's not too bad but there's a problem with this what if I lose PSC number one oh wow well if one goes down no one can talk because everybody was talking to number one we've got a lot of isolation going on you know what I can fix that though okay what if I do this right so now all of these guys can talk boom done yeah more like a mesh yeah so that will mitigate the issue of having that failed PSC because now you have additional paths to get the replication traffic out but what if you want to add PSC number six that's easy go ahead okay I'll add PSC number six okay now Who am I going to replicate right we always say we're going to do PSC number one well piously number one is downs oh yeah so int very integrated right okay so then well I mean you got three right before because it's a mesh that means I need to make sure that all the PS es are replicating alright alright you you've proved your point here it's starting to become it's becoming a management nightmare and as we add more it's the replication agreements keep growing and growing a hard to keep track of and these are all manual things that we have to do right these it's not like Active Directory where there's some sort of service running that determines these replication agreements every time that you know I'm drawing the line right we're going in and having to manually create that agreement so it just really is a ton of work to build and maintain this type of topology is there a way for me to see these replication agreements I mean we talked about them but how can I see what I have like if I wanted to see this today or that which that's a bad thing again what should I use yeah great question so there's a command called VDC rep admin that we can use to not only view and monitor the replication agreements and the status of each of those agreements but we can also use this command to create and destroy replication agreements okay so this is a tool you definitely want in your toolkit yeah and I think it's important to also read up about it so we're going to put a link to the VMware knowledgebase article down at the bottom of the screen so that you can read up all about the capabilities of EDC rip admin and be able to understand how to use it that's a great idea okay so back to our scenario here so we have again three sites but what if let's say I'm going to draw another V Center just so we complete our topology but what if we have a failure yeah well let's look at the Indianapolis piece I mean it would never fail my PSV but let's for the sake of the the white board let's assume that it does fail yeah now we kind of had that same kind of isolation that we had before right where the SFO and the New York City PSPs can't replicate with each other right so let's mitigate that okay we're going to use VDC web admin and we're going to create an agreement from New York to SFO full-weight I thought we decided that we didn't want to create extra agreements in this case because we have a nice linear topology right we're creating a ring to help with the data paths because right now as you can see SFO can't replicate anything to NYC and vice versa so to mitigate that we're going to go ahead and create this ring right another agreement simple agreement linear to mitigate okay but what if we add an additional site is that you know do we continue to have sort of this mess even the ring so let's add another site here and we're going to pick let's say Orlando and as we add this let's go ahead and add multiple VCS here as well now to do this and not have downtime the best thing to do is we're going to go ahead and create another one first okay then we're going to go back and we're going to clean up this guy here just use BDC rep adnan to remove the old ring again we'll have an already built the new ring right replace it and then we can go back and say you know show us the agreements and now we should see that there is bi-directional between these two these two these two and then SFO and MCL yeah so basically to sum that up were with this nice linear topology we're able to mitigate sort of the man-in-the-middle failure by just having one single additional replication partnership instead of yeah just forgetting this right and it's nice linear very simple deployment model and easy to expand and maybe even contract if you had to right okay so let's take this a step further and let's talk about the topology in regards to you know how we can solve this type of scenario because right now this vCenter server you can't do anything right we can't repoint him across sites because in 6.5 we don't support repointing across sites so right now we cannot manage this vCenter server right when it's PSC is bound right because we can authenticate so in essence okay workloads are still doing their thing but from a management perspective we can't login we can't do anything any changes all that stuff so how do we get to a point where we can do that well can we put more than one PFC and a site we can put as many as we want in a site as long as we adhere by the maximum in 6.5 which are 10 and again in 6.5 Update 1 PSC number doesn't change it's 10 as well it's only the vc number that changes ok so I think we should draw out another one but showing now what would happen if we had multiple PSCs within each site so let's start here so maybe we can just replicate what we have up top down below sure so you can start out with San Francisco so here we go PSC and I'm going to put SFO here SFO here and then I'm going to basically draw this and that represents that they are in a site okay so we've gotten two PSVs within the san francisco site right what does it look like when we deploy a V Center well why don't you go ahead and deploy the two V centers that you had in San Francisco I'll let you pick how you want them to be represented okay well so the first one is easy right I'd you know I'll just pick the first PSD but when I deploy the second one I have a choice right then I deployed to the first one or two the second one is there a right answer no there's no right answer it's whatever you want all right I think one thing you have to keep in mind is the relationship between PSC and vc when it comes to V Center V Center can only point to one platform service controller at a time when it comes to the PSC it is a one-to-many relationship it can manage up to the maximum which again in six five is I'm going to content okay and in six five update one we're increasing so fifteen out of the box and then there's a configuration change you can make to get up to twenty right so that's something you have to keep in mind because a common question is okay well how many PSC should I deploy in my environment to manage X amount of VCs and that all really depends on how much failure you can with stain yeah so again let's let's move on and let's add our next site and draw a few more boxes here so when you deploy your PSCs to let's say this is going to be the indie side again right I've noticed that you're replicating your first MVP SD back to the second PSC that's because we're trying to avoid this right we're doing this linear topology right exactly right we want to make sure that it's nice and linear and at the same time we want to avoid any kind of split brain or isolation so now we have again Indies deployed we have you know the opportunity we only have one VC which one should I deploy to but once it does it shouldn't matter so you can pick pick whichever PFC you like all right so I'm going to deploy it to this one okay now what if I want to add another site well it should just be rinse and repeat of the indi site okay so we're going to go ahead and do NYC we're going to have another one in NYC and we're going to draw our now as you're deploying NYC the question that pops into my head is do you have to deploy the same number of PS in each site because you have up to this point that's a good question and the answer is no it's all about what I can withstand when it comes to a failure so if you look at the example we had up here and we you know certainly did will not want to have this failure but we did and because of that we now can't manage this so depending on your SLA and what you can withstand in regards to a failure maybe in SFO we can't withstand a failure right indeed we can't but you know if New York we can then you can just draw the deploy one and have the vCenter pointing it and then later on you can always add another PSC if you need to ok so then are we also going to do the ring in this scenario as well yeah so we've got our third site all deployed the final step is creating that replication agreement and now we are within a nice linear topology and if for some reason let's say we have a data path loss here or data path loss here we are in good shape and we can mitigate that and then when we look back at the failure here that we had so if we if we come here let's say - in D and this PSC goes down what can we again I don't know why that would happen in Indianapolis well I know the admin there what what can we do to fix that because before we couldn't we couldn't repoint across site but to fix this now we can actually repoint because we are within our site and and now vCenter can authenticate and we can manage it until we can fix this PSC if we cannot fix this PSC via troubleshooting then what we wind up doing since again back to the multi-master same data is being replicated is we decommission it we delete it from inventory and then we deploy a new one well that sounds fantastic because from my experience as an admin it was usually a pretty big pain or a big to-do to try to get a restore completed multiple tickets involve multiple teams involved it took a while to bring that VM from backup and actually perform the restore it'd be great if we could just delete it and just deploy a fresh one right and with the PSC being multi master that's perfect the only caveat to that is if you've lost all these pscs then you would just restore one any one of them and then the next step is to start deploying the additional ones and they'll start receiving the information from the the first initial deployed PSC and then you're going to run the vCenter server restore script on any V Center that was pointing to a PSC okay that makes sense maybe we can provide a link to that documentation down at the bottom of the screen so it makes it easy to find of course now you mentioned the repoint when we have a failure I'm just curious I thought there was a familiar command that we use in order to perform that repoint yeah so as we mentioned earlier in another video we can use DCM SSO you till right Shane to mine yeah so exactly there you go learn and we can repoint from this PSC to this PSC no issues right because before we were doing going from embedded to external so we're doing a big configuration but if we just want to change what PSC the V Center is pointing to it's just a simple repoint that sounds fantastic with that I think we've covered all the topics that we had in this video and I think in the next video we're going to cover some high availability so look forward to that and thanks for watching thanks [Music]

Info

Channel: VMware vSphere

Views: 24,168

Rating: 4.8974357 out of 5

Keywords: high availability server architecture, high availability website architecture, esxi, vsphere, vmware, high availability architecture

Id: 68OlDARa2ag

Channel Id: undefined

Length: 25min 12sec (1512 seconds)

Published: Mon Aug 07 2017