vCenter Server Enhancements in vSphere 6
With the release of vSphere 6, there are few significant changes in vCentre server architecture and the way it will be deployed. As far as I can see I think that the deployment has been simplified compared to the previous versions.
There are two ways for the vCentre server deployment:
As you can see below, in the embedded configuration vCenter server and Platform Service controller are installed on the same physical/virtual machine.
The approach of embedded vCenter server configuration comes with its own advantages and disadvantages. Let me cover the advantages first.
- The biggest advantage is the connection between vCenter Server and the Platform Services Controller is not over the network, therefore vCenter Server is not prone to outages because of connectivity and name resolution issues between vCenter Server and the Platform Services Controller
- In case you are doing a windows based vCentre server installation, you will need fewer Windows licenses
- No need of a load balancer to distribute the load across Platform Services Controller
- You will have to manage fewer virtual machines or physical servers
- There is a Platform Services Controller for each product which might be more than required. This consumes more resources.
- The model is not scalable and is suited for the small scale environment.
Installing vCenter Server with an external Platform Services Controller has the following advantages:
- Less resources consumed by the combined services in the Platform Services Controllers enables a reduced footprint and reduced maintenance.
- Your environment can consist of more vCenter Server instance.
Installing vCenter Server with an external Platform Services Controller has the following disadvantages:
- The connection between vCenter Server and Platform Services Controller is over the network and is prone to connectivity and name resolution issues.
- If you install vCenter Server on Windows virtual machines or physical servers, you need more Microsoft Windows licenses
- You must manage more virtual machines or physical servers.
With the new release, PSC (Platform service controller) is responsible for the following vCenter services:
- VMware vCenter Single Sign-On
- VMware Certificate Authority (CA)
- License service
- Lookup service
- VMware Directory Services
The vCenter server will take care of reminder of the services, which are:
- vCenter Server
- vSphere Web Client
- Inventory Service
- VMware vSphere Auto Deplo
- VMware vSphere ESXi Dump Collector
- vSphere Syslog Collector on Windows and vSphere Syslog Service for the VMware vCenter Server Appliance
We can also install multiple instances of PSC for high availability, in this scenario the Platform Service Controller replicates information such as licenses, roles and permissions, and tags with other Platform Service Controllers , this allows for a single pane of glass of the environment with Enhanced Linked mode.
Enhanced Linked Mode:
Linked mode using Microsoft ADS/ADAM replaced with Enhanced Linked mode. Platform Service Controller’s now replicate all information required for Linked mode.
- Enhanced Linked mode is now enabled by default in an environment
- vCenter Appliance now supported with Enhanced Linked mode
- Mixing Windows and Appliance platforms supported
VMware Certificate Authority (CA)
- VMware CA is a solution to this complexity as it now acts as the Root certificate authority for vSphere to which all certificates are generated
- Allows for enhanced security as all certificates for components are signed and valid
- Root certificate can be replaced with one from a corporate CA to integrate vSphere into an existing infrastructure
VMware Endpoint Certificate Store
- Certificate store on each Platform Services Controller or vCenter host that stores all certificates for components on the server
Individual certificate no longer required for each component
- In previous releases each component (vCenter Service, Inventory Service, and so on) required a unique certificate
- In vSphere 6.0 all communication is directed through the Reverse Proxy Endpoint, therefore, only a single certificate per server is required