vSphere 6 HA SSO (PSC) with NetScaler VPX Load Balancer for vRealize Automation

Posts in this series
  1. vSphere 6 HA SSO (PSC) with NetScaler VPX Load Balancer for vRealize Automation
  2. Deploying vRealize Automation 6.2 Appliance Cluster with Postgres Replication

vCenterProviding a highly available single sign on for vRealize Automation is a fundamental part of ensuring the availability of the platform. Traditionally, (vCAC) vRA uses the Identity Appliance and relies on vSphere HA to provide the availability of the SSO platform, but in a fully distributed HA environment that’s not really good enough. It’s also possible to use the vSphere 5.5 SSO install in a HA configuration – however, many companies are making the move to the latest version of vSphere and don’t necessarily want to maintain a 5.5 HA SSO instance.

The vSphere 6 Platform Services Controller can be deployed as an appliance or installed on a Windows host – personally I am a huge fan of the appliances and I tend to use them in my designs because of the simplicity and ease of use. A pair of PSCs can be deployed as a highly available SSO solution for vRealize Automation 6.2, replacing the Identity Appliance or vSphere 5.5. SSO, using either a NetScaler or F5 load balancer to load balance connections and provide the availability.

Personally, I’d prefer to use an NSX Edge Services Gateway to load balance the PSCs, but at the time of writing the Edge does not support the “Ability to have session affinity to the same PSC node across all configured ports”. See KB2112736 for more details.

So, this guide will show you how to create a highly available pair of Platform Service Controllers, configure one as a subordinate Certificate Authority to a Microsoft Certificate Services CA, and then load balance them with a NetScaler VPX. Although I am using just two node, you can in fact use the same method to load balance up to four. [Read more…]

vSphere 6 Lab Upgrade – vCenter Server Appliance

vsphere logoI tested vSphere 6 quite intensively when it was in beta, but I didn’t ever upgrade my lab – basically because I need a stable environment to work on and I wasn’t sure that I could maintain that with the beta.

Now 6 has been GA a while and I have a little bit of time, I have begun the lab upgrade process. You can see a bit more about my lab hardware over on my lab page.

[Read more…]

Slow or failed logon to VCSA 5.5 with vCOps in the environment

vsphere logoRecently I encountered this problem in a customer site whereby the logon to VCSA 5.5 would either time out, or take 3-5 minutes to actually log on.

Running a netstat on the VCSA during the attempt to logon showed there was a SYN packet sent to the vCOps appliance on port 443 that never established a connection. Another check was attempting to connect using curl https://<vCOpsIP> –k  – this would time out.

Ensuring connectivity to the vCOps appliance over port 443 fixed the logon timeout issue – presumably a the connection attempt holds up the logon process (single threaded?!) which causes a timeout in the logon process.

Book Review: Learning Veeam Backup and Replication for VMware vSphere

I was recently sent a copy of Christian Mohn’s new book “Learning Veeam Backup and Replication for VMware vSphere” to review, and as ever this is my honest opinion of this book. I am not receiving anything other than the copy of the book for this review. I don’t work for a vendor, so I have no axe to grind!


The book starts of with explanations of basic backup strategies and explains principals like Grandfather-Father-Son media rotation and RPO/RTOs. From there it dives into the architecture of Veeam BR and its components. The remainder of chapter 1 covers a walk through of the installation of the product.

Chapter 2 covers the configuration of backups, and gives some background into the different types of backups within Veeam, their drawbacks, and how Veeam have addressed them. For example solving the problem of having to combine incremental backups with the last full, which Veeam solve with synthetic full backups. The chapter also covers backup proxies, and configuring backup jobs, copying to tape or remote repository, and the WAN accelerator.

The next chapter walks through performing restores with Veeam, including full VMs, VM files (like a vmx) and VMDKs, and guest OS files.

Chapter 4 covers the replication part of Veeam Backup and Replication, and after explaining the differences between backup and replication it covers the infrastructure required before stepping through the set-up of a replication job. It also covers the process for fail over and fail-back, and here is one example of where I’d like to see some comparison – e.g. with VMware’s SRM, which has a similar feature set.

The fifth and final chapter covers some of the more unique features of Veeam’s offering, and I thought it provided a good explanation of those features – here is where I think walk through of setup/config would be most valuable, but it reads more as a feature list than a learning guide.


I found the writing style easy to read and I thought it flowed quite well throughout the book – this is always impressive when the author’s first language isn’t English.

I did find that I had to keep reminding myself that the book is specifically written about a single product rather than a more agnostic approach – I felt it read more like a vendor produced document. Personally, I would have liked some comparison with other well-known backup products to ground it a little and perhaps some more real-world explanations to distinguish it from vendor install documentation.

Perhaps that’s a little unfair as the book is specifically about that one product, and there is added value in the explanations provided. The introduction specifically states that it’s aimed at “vSphere administrators looking for an introduction to Veeam Backup & Replication v7 for VMware” and it definitely does provide that.

Learning Veeam Backup and Replication for VMware vSphere is available on Amazon and Packt


Book review: Networking for VMware Administrators

NetworkingForVMwareAdministratorsI recently got my hands on a copy* of Chris Wahl and Steve Pantol’s Networking for VMware Administrators and was very keen to read it – especially given the reputation of the authors. I came to the book as someone who is at CCNA level (although now expired) and someone who regularly designs complex VMware networks using standard and distributed switches. I would class myself as having a fairly decent understanding of networking, though not a networking specialist.

The book starts out at from a really basic level explaining OSI, what a protocol is etc. and builds on the foundation set out as it progresses. Part I of the book gives are really good explanation of not only the basics of networking, but a lot of the “why” as well. If you’ve done CCNA level networking exams then you will know most of this stuff – but it’s always good to refresh, and maybe cover any gaps.

Part II of the book translates the foundations set out in Part I into the virtual world and takes you through the similarities and differences with between virtual and physical. It gives a good overview of the vSphere Standard Switch (VSS) and vSphere Distributed Switch (vDS) and even has a chapter on the Cisco 1000v. One of the really useful parts of the book are the lab examples and designs, which takes you though the design process and considerations to get to the solution. [Read more…]