Search the VMware Knowledge Base (KB)
View by Article ID

Configuring Platform Service Controller HA in vSphere 6.5 (2147018)

  • 7 Ratings
Language Editions

Purpose

This article provides information on configuring Platform Service Controller High Availability (HA) in a vSphere 6.5 environment that has been installed or upgraded from vSphere 5.5 or 6.0.

Resolution

Notes:
Available supported Installation, Upgrade and, Migration paths:

New environment installation

Configuring vSphere 6.5 Platform Service Controllers for High availability for a new vSphere 6.5 installation with SSL pass through

  1. Install the primary external Platform Services Controller node.
  2. Deploy the secondary SSO node as a replication partner to the primary Platform Service Controller node.
  3. Create a new machine SSL certificate. For more information, see:
  4. Configure the load balancer. For more information, see:
  5. Verify the machine Certificate:
    • Windows vCenter Server - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • vCenter Server Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text

  6. Verify the Load Balancer is presenting the same certificate:
    • Platform Services Controller - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • Platform Services Controller Appliance - openssl s_client -connect SSOLB.vmware.local:443

  7. Run the configuration scripts on the Platform Service Controllers. For more information, see
  8. Install the vCenter Server using the Load Balancer virtual IP for the Platform Service Controller when prompted.

Upgraded environment

Configuring Platform Services Controller High Availability after upgrading from vSphere 5.5 to 6.5 with SSL pass through

  1. Verify the Load Balancer configuration. For more information, see:
  2. Upgrade the Single Sign-On 5.5 Platform Services Controller 6.0 nodes to 6.5 sequentially.
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify if vCenter functionality is still available.
  5. Upgrade vCenter Server to 6.5.

Configuring Platform Services Controller High Availability upgrading from vSphere 6.0 to 6.5 with SSL pass through

  1. Upgrade the Platform Services Controller 6.0 nodes to 6.5.
  2. Create a new machine SSL certificate. For more information, see:
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify the Load Balancer configuration/ For more information, see:
  5. Verify vCenter functionality is still available.
  6. Upgrade vCenter Server nodes.
  7. Verify the machine Certificate:
    • Platform Services Controller - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • Platform Services Controller Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text

  8. Verify the Load Balancer is presenting the same certificate:
    • Windows vCenter Server - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • vCenter Server Appliance - openssl s_client -connect SSOLB.vmware.local:443

Migrated Environment

Configuring Platform Services Controller High Availability migrating a 5.5 vCenter Server to vCenter Server Appliance 6.5 with SSL Pass through

  1. Verify the Load Balancer configuration. For more information, see:
  2. Migrate the Platform Services Controller 5.5 nodes to 6.5.
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify if vCenter functionality is still available.
  5. Migrate vCenter Server to vCenter Server Appliance 6.5.

Configuring Platform Services Controller High Availability migrating a 6.0 vCenter Server to vCenter Server Appliance 6.5 with SSL Pass through

  1. Migrate the Platform Services Controller 6.0 nodes to 6.5.
  2. Create a new machine SSL certificate. For more information, see:
  3. Run the configuration scripts on the Platform Service Controllers. For more information, see:
  4. Verify the Load Balancer configuration. For more information, see:
  5. Verify if vCenter functionality is still available.
  6. Migrate vCenter Server nodes.
  7. Verify the machine Certificate:
    • Windows vCenter Server - "%VMWARE_CIS_HOME%"/vmafdd/vecs-cli.exe entry list --store MACHINE_SSL_CERT --text
    • vCenter Server Appliance - /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text

  8. Verify the Load Balancer is presenting the same certificate:
    • Platform Services Controller - "%VMWARE_OPENSSL_BIN%"openssl s_client -connect SSOLB.vmware.local:443
    • Platform Services Controller Appliance - openssl s_client -connect SSOLB.vmware.local:443

See Also

Language Editions

ja,2148018;zh_cn,2148250;de,2148856

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 7 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 7 Ratings
Actions
KB: