vCenter 6.5 High Availability – Deploy vCenter (Part 4)

This is Part 4 of the multi-series for deploying and configuring vCenter 6.5 High Availability. Up to this point we have accomplished the following…

  1. Deployed two External Platform Service Controller (PSC) appliances.
  2. Configured our custom Certificates for the PSC appliances.
  3. Deployed our Network Load Balancer and configured it to provide HA for the two PSC appliances.

The deployment of the vCenter Server 6.5 virtual appliance is accomplished using an installer located on the downloaded installation media. There is CLI installer and a UI installer. We are going to use the UI installer during this procedure.

Next is the Hardware Requirements for the vCenter Server appliance. Whether the PSC is embedded or external these requirements remain the same. Remember the PSC appliance is deployed with 2 vCPU and 4GB of memory. The appliance we are deploying will be of the SMALL variety (4 vCPU and 16 GB or memory).

vCenter Server Appliance HW Requirements

For additional information regarding the Installation and Setup of vCenter 6.5 click here.

We are only deploying a single instance of a vCenter Server. When we go through the vCenter HA configuration process this system will become the Active Node. The Passive Node and Witness Node will be created during that process. We do not have to deploy these appliances beforehand.

PSC Configuration Scripts

Prior to installing the vCenter Server appliance you must run two configuration scripts on the PSC appliances. The first script must be executed on each PSC appliance. The second script it only executed on one of the PSC appliances.

Script #1 : SSO Config Script

SSH into each PSC appliance and access the BASH shell. Once you are in the bash shell execute the following script (w/ parameters). I used the following steps to run the scripts on my two newly deployed PSCs in my lab. You can find this process in VMware KB 2147384.

  1. Navigate to the following directory:
    cd /usr/lib/vmware-sso/bin/
  2. Execute the following command to run the script (use the FQDN of your PSC HA appliances):
    python --lb-fqdn=psc-ha.initech.local
  3. Repeat on each PSC.

Script #2:  LS Endpoint Script

Maintain your SSH connection with one of your PSC appliances. This script is only going to be executed ONCE!

  1. Navigate to the following directory (same as in Script #1):
    cd /usr/lib/vmware-sso/bin
  2. Execute the following command to run the script:
    python --lb-fqdn=psc-ha.initech.local --user=Administrator@vsphere.local --password=P@ssw0rD%

    NOTE: You do not have to enter the password in the command above. You can omit it from the command and it will prompt you for the password once you press enter.

Installing the vCenter Server Appliance

We are going to initiate the installation of the appliance using the same installer that we used to deploy the PSC appliances. Once you have the installation media downloaded (ISO image) and mounted, browse to the \vcsa-ui-installer\win32 directory.

  1. Double-click on installer.exe. The installer window will appear. Click on the Install option to begin.
  2. On the Introduction page, click Next.
  3. Check the box to accept the EULA and click Next.
  4. On the ‘Select deployment type’ page choose the vCenter Server (Requires External Platform Services Controller) option and click Next.
    3 Deployment-Type.jpg
  5. On the ‘Appliance deployment target’ page you will specify the target ESXi host that will run your VM appliance. Enter the FQDN of the ESXi host, user account and password and click Next. You will receive a Certificate Warning, click YES.
  6. On the ‘Set up appliance VM’ page enter the name of the VM along with the root password. The name you enter here will be how the VM will appear in the inventory.
    5 Appliance-VM.jpg
  7. On the ‘Select deployment size’ window, select the size of the VM from the drop-down menu and leave the default storage size. Click Next when ready. I chose ‘Small’ for my deployment size because that is the minimal requirement for vCenter HA in production. My goal in my POC is to emulate a production deployment as much as possible. I have enough CPU and Memory resources to accommodate this so I’m going to work with this deployment size.
    6 Deployment-Size.jpg
  8. On the ‘Select datastore’ page, choose the datastore to where you want to place the virtual appliance. I chose to Enabled Thin Disk Mode because this is a simple POC environment and my capacity is limited. Click Next.
    7 Select-Datastore.jpg
  9. On the ‘Configure network settings’ page choose the virtual network from the drop-down menu, enter the FQDN, static TCP/IP information and click Next when you are ready. IMPORTANT: make sure your DNS host and PTR records are 100% accurate before proceeding here.
    8 Network-Settings.jpg
  10. Review the information on the ‘Ready to complete stage 1’ page and click Finish.
    9 Complete-Stage-1.jpg
  11. The appliance will begin deployment and then complete. Click Continue to proceed to Stage 2 of the Installation process.
  12. The ‘Install – Stage 2’ wizard will appear. Click Next on the Introduction page.
    11 Stage 2 Intro.jpg
  13. On the ‘Appliance configuration’ page, choose the Time synchronization mode type (ESXi host or NTP servers) and enable SSH access. I’m synchronized with an external NTP time source and plan on immediately using SSH. If you do not enable SSH here you can always enable it later on the appliance management web interface. Click Next.
    12 Stage 2 AppConfig.jpg
  14. On the ‘SSO Configuration’ page enter the FQDN host name of the PSC that maps to the load balanced IP address. In this case I am using psc-ha.initech.local which resolves to the VIP address on my load balancer. Click Next when ready.
    12 Stage 2 SSOConfig.jpg
  15. Review the information on the ‘Ready to complete’ page and click Finish. A Warning will appear. Click OK.
    13 Stage 2 Complete.jpg
  16. The vCenter Appliance configuration will proceed and then complete. Click Close when finished and your web browser will automatically open.
  17. Log into the vCenter Server Web Client (Flash Version) using the SSO Administrator credentials.
  18. Next thing to do is build out the vSphere HA/DRS cluster as you normally would do. I want to emulate as much as possible in my POC and try to make it look like a production environment. So I’ve enabled vSphere HA and DRS on my cluster, vMotion on my ESXi hosts and also created a Distributed Switch. You will notice I have my ‘vCenter-HA-Network’ distributed port group already created and ready to go. This will come in handy in the next section.
  19. That concludes the deployment and configuration of the vCenter Server 6.5 appliance that I will use to enable vCenter HA next.

Next Step – Enable vCenter HA

In Part 5 of my multi-series for enabling vCenter HA we will cover the requirements and steps needed to enable vCenter HA. We will use Advanced Workflow versus the Basic Workflow when enabling this feature.

Quick Links

vCenter 6.5 HA – Overview (Part 1)

vCenter 6.5 HA – External PSC Deployment (Part 3)

vCenter 6.5 HA – Load Balancer Config (Part 3)

vCenter 6.5 HA – Enable vCenter HA (Part 5)


13 thoughts on “vCenter 6.5 High Availability – Deploy vCenter (Part 4)

  1. Could you please let me know the output of this command, what am I suppose to get ?

    python –lb-fqdn=psc-ha.initech.local –user=Administrator@vsphere.local –password=P@ssw0rD%


    1. I cannot remember exactly the output from that command but I believe you don’t see any output unless an error occurs. If I remember recorrectly this executes in the background and once it completes successfully it just returns to a prompt.


  2. Each time I deploy vcenter, whatever version it is windows or appliance I have same error
    ERROR: 1, join vmdir failed site
    Any idea why?


  3. Hi,
    Do you happen to know what the procedure would be if you’ve already deployed vCenter and are setting up a load balanced PSC and HA vCenter afterwards?
    I have 1 vCenter and 2 PSCs. The two PSCs have already had their machine SSL certificates setup as detailed in parts 1-3. The vCenter is already deployed (VCSA). What is the ramifications (if any) of running the SSO scripts above on an existing environment?

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s