Deploying vCenter High Availability with network addresses in separate subnets - vSphere 6.5
search cancel

Deploying vCenter High Availability with network addresses in separate subnets - vSphere 6.5

book

Article ID: 325066

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides steps to deploy vCenter High Availability (VCHA) in vSphere 6.5 environments where the Primary and Secondary vCenter Server nodes are in separate subnets.

NOTE: Updated Steps for vCenter Server 6.7 and 7.0
Deploying vCenter High Availability with network addresses in separate subnets - vSphere 6.7 & 7.0 (85579)


Terminology

  • Management Network: The main interface used to connect to the vCenter server (eth0)
  • VCHA Network: The private network configured strictly for VCHA replication traffic (eth1)
  • Management vCenter Server: When deploying the vCenter Server Appliance (VC1) to an ESXi host managed by another vCenter Server (VC2), the latter (VC2) is considered the “Management vCenter Server”.
Requirements
  • TCP ports 22, 5432, and 8182 are open and uninterrupted between all the nodes.
  • VCHA network latency between each node cannot exceed 10ms.
  • VCHA network throughput must be 1Gbps or higher.
  • vCenter HA has been tested and certified to perform on physically adjacent ESXi hosts, and is not designed as a disaster recovery solution for locations connected over long distances. The replication traffic is too sensitive to disruption in these configurations and commonly becomes a point of failure, even after a successful deployment.  For these reasons, the VCHA network does not support being configured over a WAN topology."
Note: The use of routers within the VCHA Network LAN segment is discouraged for multi-subnet configurations.

For more information, see FAQ: vCenter High Availability (2148003).


Environment

VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.5.x

Resolution

Deploying the vCenter Server Appliance with an Embedded PSC or External PSC

Deploy the vCenter Server Appliance that is used to setup VCHA:
  • When deploying the vCenter Server Appliance 6.5 to a ESXi 6.0 or 5.5 host managed by vCenter Server 6.0 or 5.5, it is considered the Management vCenter Server.
  • When deploying a new environment VMware recommends deploying the vCenter Server Appliance 6.5 to a ESXi 6.5 host.
  • VMware recommends that the VCHA nodes are deployed to a DRS enabled cluster containing at minimum three ESXi hosts.

Configuring the Management and vCenter HA traffic networks

  1. Configure the ESXi hosts that is running vCenter HA nodes for the vCenter Management traffic and the vCenter HA traffic with these conditions:
    • The ESXi hosts must have at least 2 networks (VM portgroups) attached either to a Standard or a Distributed Switch.
    • The management and VCHA networks must be on different subnets.
    • The vCenter HA network must be within a single physical datacenter LAN
    • A private network exists between the ESXi hosts with 1Gbps throughput dedicated for vCenter HA network traffic.

      To configure the network routes, see the Additional Routing configuration section.
  2. Ensure the following are configured:
    • Two static IP's for the vCenter Server Management network (Active and Passive).
          Note: DNS will need to be configured to use the passive node's management IP address during a failover.
      - Three static IPs on the same network for the vCenter HA network (Active, Passive, Witness)
  3. Add a second Network Adapter to the vCenter Server Appliance 6.5 and attach it to the vCenter HA network port group. Ensure that the adapter type is same as the default Network Adapter the vCenter Server Appliance deployed with (the vCenter Server Appliance deploys with the VMXNet3 adapter). Configure the IP address for the second Network Adapter using the addresses for the vCenter HA network. For more information on configuring a second adapter, see How to manually add a second NIC to the vCenter Server Appliance 6.5 for VCHA (2147155).

    Notes:
    • Under IPv6 settings, ensure that Obtain IPv6 settings automatically is not enabled.
    • In vCenter Server 6.5, using dual IP stacks (IPv4 and IPv6) is not supported.

Deploy vCenter High Availability

  1. Log in to the Active node using the vSphere Web Client.
  2. Right-click the vCenter Server object in the inventory and select vCenter HA Settings.
  3. Click Configure.
  4. Select the Advanced configuration option and click Next.
  5. Enter the HA Network IP and subnet mask for the Passive Node.
  6. Select the Override management network upon failover option and enter the IP address for the Passive node's vCenter Server Management Network.

    Note: The Failover IP (Passive node vCenter's Management Network) is different from the Active as they will be in different networks.
     
  7. Enter the HA network IP and Subnet mask for the Witness node.
  8. Click Next.
  9. Depending on the version of vCenter Flash Client:
    1. If vCenter version is older than 6.7 U3 (including 6.5), DO NOT click Finish.
    2. If vCenter version is 6.7 U3 and newer, Click Finish.

Create the vCenter HA Passive and Witness nodes by cloning the vCenter Server Appliance

Clone a Passive Node
  1. From Management vCenter Server, clone the Passive Node from the Active Node customizing the. Provide a name for the virtual machine (for example: vcha-peer).
  2. Select the Cluster, ESXi host, and datastore for the Passive node.
  3. Select Customize the Operating System and Power on virtual machine after creation and click Next.
  4. Select the Create New Customization Specification icon and provide a name (For example: vcha-passive-spec).
  5. Complete the wizard with the information gathered earlier.

    Notes:
    • The Computer Name must be the same as Active node's hostname/DNS hostname and the Domain name must be specified separately.
    • Ensure to choose the same Time Zone as vCenter's Active node.
    • Clone customization defaults the NIC1 and NIC2 IP addresses to DHCP. These will need to be changed to static and the IP's gathered earlier entered.
       
  6. Click Finish.
  7. Select the newly created Customization Specification from the list and click Next.
  8. Review the settings and click Finish to begin the clone operation of the Passive node
Clone a Witness Node
  1. From Management vCenter, clone and customize the Witness from the Active Node. Provide a name for the virtual machine (for example vcha-witness).
  2. Select the Cluster, ESXi host, and datastore for the Witness node.
  3. Select Customize the Operating System.

    Note: Do not select Power on virtual machine after creation this time.
     
  4. Click Next and select Create New Customization Specification and provide a name (for example, vcha-witness-spec)
  5. Complete the wizard with the information gathered earlier.

    Notes:
    • The Computer Name must be the same as Active node's hostname/DNS hostname and the Domain name must be specified separately.
    • Ensure to choose the same Time Zone as vCenter's Active node.
    • Witness nodes do not use the Management NIC and it will not need to be configured. Edit the vCenter HA Network interface and provide the same info as provided during vCenter HA configuration wizard.
       
  6. Click Finish.
  7. Select the newly created Customization Specification from the list and click Next.
  8. Review the settings and click Finish to begin the clone operation of the Witness node.
  9. Optional: Once the Witness node has finished cloning, edit the settings of the virtual machine and lower the vCPU count to 1 and the Memory to 1GB. This will save resources in the cluster and will not affect the performance of the vCenter Server.
  10. Power on the Witness Node virtual machine.

Finish Deploying vCenter HA in the wizard

After the Passive and Witness cloning is complete and the virtual machines are powered on:
  • Set the static Routes if needed as explained in Additional Routing configuration section below.
  • Ensure the networking is set correctly by pinging the eth1/HA network IP address across Active, Passive and Witness nodes
Additional Routing Configurations
 
If the Active, Passive and, Witness virtual machine's are on different subnets/networks, additional configuration is required.
 
In order to route the HA network traffic packets properly, you must set the static routes ([Route]) section manually in /etc/systemd/network/10-eth1.network.
 
After cloning the Passive and Witness virtual machine, set the static [Route] in the Active, Passive and Witness nodes
  1. Active node: Set the [Route] to establish communication to Passive and Witness nodes.
  2. Passive node: Set the [Route] to establish communication to Active and Witness nodes.
  3. Witness node: Set the [Route] to establish communication to Active and Passive nodes.

    For example:

     
  4. Restart the eth1/HA network using this command: systemctl restart systemd-networkd
  5. Ensure pinging between the Active, Passive and Witness nodes succeeds for the HA network (eth1 IP address).
  6. Return to the vCenter HA wizard and click Finish.


Additional Information


How to manually add a second NIC to the vCenter Server Appliance 6.5 for VCHA
異なるサブネットのネットワーク アドレスを使用して vCenter High Availability を展開する
使用单独子网中的网络地址部署 vCenter High Availability

Powered by Wolken Software