Combining High Availability and Multisite PSCs in vSphere 6

There has been some confusion around creating a combined Highly Available and Multisite topology in vSphere 6.0. Its true that you can create a fully replicating string of PSCs right from the installation. However, the problem is that a default replication agreement only exists between two PSCs. So what happens when you have more than two? This offers limited redundancy options when one fails. The solution to this is to manually create a ring topology after the PSCs are installed. You might note that I’m using ring over mesh. The reasoning behind this is to limit the amount of replication traffic being sent over the network. Mesh topologies tend to be very chatty and mostly overkill for fail-over scenarios. Using a ring will still protect against a single PSC or a complete site failure.

For brevity, I will not be going over each individual installation, but instead providing the details of each node.

 

Install the Platform Services Controllers

 
Step 1. Install the first PSC as a new Site and domain

  • Hostname:PSC-A
  • Site: Site1
  • Domain: vsphere.local
  • Partner PSC: None

 
Step 2. Install the second PSC in the same site and domain as PSC-A

  • Hostname: PSC-B
  • Site: Site1
  • Domain: vsphere.local
  • Partner PSC: PSC-A

 
Step 3. Install the third PSC in a new site and the same domain as PSC-A

  • Hostname: PSC-C
  • Site: Site2
  • Domain: vsphere.local
  • Partner PSC: PSC-A

 
Step 4. Install the fourth PSC in the same site and same domain as PSC-C

  • Hostname: PSC-D
  • Site: Site2
  • Domain: vsphere.local
  • Partner PSC: PSC-C

 
 

Create replication agreements

 
The PSCs now need to have a replication agreement created to complete a Ring Topology.

The current replication agreements are as below.

0303802d-dbf5-4a27-a703-db65fc31d998
 
Step 5. Creating the new agreement to complete the ring is achieved with the vdcrepadmin tool.
 

vdcrepadmin -f createagreement -2 -h SOURCE-PSC -H  NEW-REPLICATION-PARTNER -u Administrator -w SSO-PASSWORD

 
For example, from PSC-B, you would run:
 
VCSA:

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f createagreement -2 -h PSC-B.vcloud.local -H PSC-D.vcloud.local -u Administrator -w SSO-PASSWORD

Windows:

C:\Program Files\VMware\vCenter Server\vmdird\vdcrepadmin -f createagreement -2 -h PSC-B.vcloud.local -H PSC-D.vcloud.local -u Administrator -w SSO-PASSWORD

 

The new replication agreement topology should now look like this.
 
5d3f169e-2377-4292-9d6c-fcf378c707af
 
 

Finish configuring the High Availability pairs.

 
Step 6. Once all of the replication agreements are configured, you can proceed with completing the high availability PSC configurations. This does not differ from a non-multisite configuration. I wont go into how to do this as it has already been well documented in Sean’s post here and in the Deployment Guide here.
 
 

Install the vCenter Servers

 
Step 7. At this point you can install vCenter Servers against the load balancers configured.
 
 

Posted by:

Chris Morrow

9 Comments

  1. VMwareguy -  January 18, 2016 - 6:02 am 369

    Hi Sean,

    Thanks for sharing the valuable info. I am planning to have 3 sites with 2 PSCs in each site. Lets say SiteA, SiteB & SiteC with PSC1/2, PSC3/4 & PSC5/6 respectively in each site. So I believe by default replication flow will be between PSC1PSC2 (Within SiteA), PSC1PSC3(SiteASiteB) & PSC1PSC5(SiteASiteC).
    I guess I need to manually create replication agreement between PSC2PSC4(SiteASiteB), PSC4PSC6(SiteBSiteC) & PSC3PSC5(SiteBSiteC)

    Reply
    • Chris Morrow -  January 18, 2016 - 8:53 am 374

      Hi VMwareguy,
      With 3 sites, you just expand on the same idea, while still maintaining a ring topology. Its only a little different since there is another site involved now.

      The install order would look roughly like this, where sites are indicated with brackets and replication partners by arrows.
      [PSC1 < -> PSC2] < -> [PSC3 < -> PSC4] < -> [PSC5 < -> PSC6]

      After all the installs are done, you can manually create the last agreement between PSC1 and PSC6 to complete the ring.

      Reply
      • VMwareguy -  January 21, 2016 - 3:23 am 375

        Hi Chris,

        May be, by sharing the pictorial view, I would be able to say exactly, is there any email address on which i can send the doc file of image and then it would be easier for me to understand. As per the first diagram in the article, Site 1 & 2, a manual agreement was created between B & D, similarly, in case of Site 3, in addition to B & D agreement, we may require agreement between D & F as well.

        Thanks,

        Reply
  2. VMwareguy -  January 21, 2016 - 3:31 am 376

    Hi Sean & Chris,

    I have another concern, would be great to hear from you, as per the figure 5 in following article, http://blogs.vmware.com/vsphere/2015/03/vcenter-server-6-topology-ha.html,
    I am planning to have same infrastructure with 3 sites with 2 PSCs behind HA, however as they are connected with 3 different LBs meaning they have 3 different VIPs independently, however I am looking to have 1 global VIP (virtual IP), so teams from different regions do not have to remember their local VIP.

    Reply
    • Chris Morrow -  January 29, 2016 - 2:38 pm 383

      Im not sure I understand what the ask is here. could you clarify?

      Reply
  3. VMwareguy -  January 29, 2016 - 6:25 am 381

    Hi Chris,

    I was wondering if you had a chance to look at my query above.

    Thanks

    Reply
  4. scale -  October 18, 2016 - 3:28 pm 530

    DO you need to create a ring topology in this way? Is this best practice or is the default single link betweeen A and C enough because it is created via the second site first installation of the C PSC?

    Basically does D need to talk to B? What is the benefit it doing so?

    Reply
  5. JeffinFL -  December 5, 2016 - 5:28 pm 543

    I’ve already setup an HA pair of PSCs in site one and in the process of installing another HA pair of PSCs in site two. I didn’t configure any replication partners after the initial install. How do I see the current agreements and can I change them now?

    Thanks!
    JeffinFL

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top