Monday, 13 March 2017

VCSA HA Stuff

VCSA HA Stuff


There's already loads of great posts out there on the VCSA 6.5 HA option but I wanted to cover three things here:

  • DNS issues with vCenter HA setup
  • Failover Times
  • vCenter HA Footprint

When I tried to deploy HA for my Lab VCSA it gave me an error message:
"Failed to get management network information. Verify if management interface (NIC0) is configured correctly and is reachable"

Check this Forum post for a fix:
https://communities.vmware.com/thread/547117?start=0&tstart=0

Basically you should ensure your vCenter name and DNS records are in the SAME CASE. I had my vCenter called "Labvc.lab.local" so I'd to edit /etc/vmware/systemname_info.json on the VCSA appliance to update the name to "labvc.lab.local" and then delete / recreate my DNS records to match the same case. After rebooting the VCSA I was able to deploy HA. Not critical but annoying!
Note: You will need three Hosts in your Lab (no less)!

I set up a vCenter HA configuration (terminology is a bit confusing with VMware HA?!) using three nested ESXi servers and each having local storage and an extra port group setup on the default standard switch.

From boot my Lab VCSA VM takes 5 minutes to boot until the old Web Client has initialized and is ready for logging on.

The vCenter HA Failover feature when initiated manually takes 6.5 minutes to perform a failover until the web interfaces are ready for logging on. (The newer UI is ready 20 seconds or so sooner than the older flash based legacy web interface).

So, would I use traditional VMware HA to recover vCenter or deploy this vCenter HA to perform a service failover instead? With an embedded PSC, vCenter HA has it's merits, it's only three VMs. If you are using it for VDI or other heavily vCenter dependant services it could be of use.
Once you get to an external PSC and load balancers, I think it's too complicated. Maybe with the next version of vCenter VCSA it might improve but 7 VMs for vCenter:

  • 2 x PSCs
  • 2 x Load Balancers
  • 3 x vCenter VMs (A/P/W)

The old VMware HA to protect against host failures still delivers and can recover a VCSA in less time. Postgres corruption will still cause both VCSAs Active & Passive, to fail. A good VM backup strategy while using the inbuilt VCSA backup option should provide sufficient recovery options for all scenarios. If you need to go beyond this then vCenter HA is the next obvious choice but you had better have a load balancer or three handy!vCenter HA with two PSCs using manual repointing of vCenter still presents potential downtime between discover and remediation.

As for footprint, this is for a new build with no data or significant inventory:

So, some things to think about anyway. It's always good to have options and it's better / cheaper than the previous Heartbeat solution. If you're using Enhanced Linked Mode / have scaling requirements, then the number of VMs makes me think twice.....

These are just my thoughts, so evaluate for yourself and your environment before coming to any conclusions!

Friday, 10 March 2017

VCSA Updating and Backing Up

VCSA Updating and Backing Up


I've now switched to using the VCSA for my Home Lab. Version 6.5 has a nice UI for web management but it's not quite there yet, some key features are missing. As it's an all in one appliance I wanted to test backup options but also see how it handles updates.

The appliance URL relies on specifying a particular port 5480:
https://labvc.lab.local:5480/#/login?locale=en
Once you get logged in you can view the backup button on the main summary page (right hand side) and the update section as follows:

I'll do a backup first, then update the appliance and carry out another backup.

You first need a Target Store that supports Http/Https/Scp/Ftp/Ftps file transfers

I've gone and installed the Server 2012 R2 FTP server Role and this will do the job I think.....I created a new FTP Site with a local user that has write permissions. I tested this from a windows client first. Next I configured VCSA to use it:
(Note the destination FTP folder must be empty - clear out any test files)
Then you decide what to backup - crumbs, thought the config would be smaller! That's over 2GB!
 Then sit back and wait:
It only takes about 2 minutes, which is nice and you end up with:
Now we can update the appliance risk free. Notice Update Manager is 1.4GB as listed above! This is nearly 4GB of backup data!

You can also backup the VCSA VM itself but I'm not covering that here. You will need to connect Veeam directly to the ESXi Host as I have to in my Lab as I've only 1 host and it's managing itself!

Go to the VCSA Admin UI Update section, check the Repository for available updates (this is VMware's Repository) and choose to install them. Accept the license agreement:
 Then hit install and wait:
During the update the VCSA Admin UI refreshes once but doesn't kick you out or anything.

Now you can reboot to apply the changes. By the time I'd connected to the console it was already on it's way back up!! The Admin UI was reachable but the new HTML5 interface was down for a while:
Don't forget to check your Root password expiration!!

So, to a final backup. One you have to reenter the same information all over again. There is no concept of incremental and your last backup will cause the following error:
So, can this be automated? Yes, but this is above my pay grade!! See the brilliant article below for how to do this:
https://www.brianjgraf.com/2016/11/18/vsphere-6-5-automate-vcsa-backup/