VMware vSphere 7.x Study Guide for VMware Certified Professional – Data Center Virtualization certification. This article covers Section 1: Architectures and Technologies. Objective 1.2 – Describe vCenter Server topology.
This article is part of the VMware vSphere 7.x - VCP-DCV Study Guide. Check out this page first for an introduction, disclaimer, and updates on the guide. The page also includes a collection of articles matching each objective of the official VCP-DCV.
Describe vCenter Server topology
In this objective, we need to identify vCenter Server appliance package and services and the vCenter Server topology. This includes authentication services and services installed with vCenter Server. Also, here we overview vCenter Single Sign-On Domain, vCenter Enhanced Linked Mode, and vCenter High Availability. Finally, see what happened to the Platform Services Controller used in the previous vSphere version.
These are the topics that will help you to describe vCenter Server topology
1. vCenter Server Appliance Package And Services
The vCenter Server Appliance is a preconfigured virtual machine optimized for running vCenter Server and the associated services. When you deploy the vCenter Server Appliance, vCenter Server, the vCenter Server components, and the authentication services are deployed on the same system.
The vCenter Server appliance package contains the following software:
- The vSphere authentication services
- Photon OS 3.0
- VMware vSphere Lifecycle Manager Extension
- VMware vCenter Lifecycle Manager
Version 7.0 of vCenter Server is deployed with virtual hardware version 10, which supports 64 virtual CPUs per virtual machine in ESXi. The following components are included in the vCenter Server appliance deployments:
- The authentication services contain vCenter Single Sign-On, License service, Lookup Service, and VMware Certificate Authority.
- The vCenter Server group of services contains vCenter Server, vSphere Client, vSphere Auto Deploy, and vSphere ESXi Dump Collector.
2. Authentication Services
vCenter Single Sign-On (SSO)
The vCenter Single Sign-On authentication service provides secure authentication services to the vSphere software components.
- It uses vsphere.local as the domain where the vSphere solutions and components are registered.
- Authenticated users can then be assigned registered solution-based permissions or roles within a vSphere environment.
- vCenter Single Sign-On is required with vCenter Server.
VMware Directory Service
The directory service for the vCenter Single Sign-On (SSO) domain (vsphere.local). vCenter SSO authenticates users from internal users and groups or connects to trusted external directory services such as Microsoft Active Directory.
Security Token Service (STS)
The vCenter Single Sign-On server includes a Security Token Service (STS).
- The vSphere components will communicate through a secure token exchange mechanism.
- The Security Token Service is a Web service that issues, validates, and renews security tokens.
- You can manually refresh the existing Security Token Service certificate from the vSphere Web Client when the certificate expires or changes.
vCenter Lookup Service
A service that contains the topology of the vSphere infrastructure, allowing secure communication between vSphere components.
vSphere License Service
The vSphere License service provides common license inventory and management capabilities to all vCenter Server systems within the Single Sign-On domain.
VMware Certificate Authority
VMware Certificate Authority (VMCA) provisions each ESXi host with a signed certificate that has VMCA as the root certificate authority by default.
- Provisioning occurs when the ESXi host is added to vCenter Server explicitly or as part of the ESXi host installation process.
- All ESXi certificates are stored locally on the host.
3. Services Installed with vCenter Server
Additional components are installed silently when you install vCenter Server. These components cannot be installed separately as they do not have their own installers.
A bundled version of the VMware distribution of PostgreSQL database for vSphere and vCloud Hybrid Services.
The HTML5-based user interface lets you connect to vCenter Server instances using a Web browser. This vSphere Client replaces the Flex-based vSphere Web Client in vSphere 7.0.
vSphere ESXi Dump Collector
The vCenter Server support tool. When the system encounters a critical failure, you can configure ESXi to save the VMkernel memory to a network server rather than to a disk. The vSphere ESXi Dump Collector collects such memory dumps over the network.
vSphere Auto Deploy
The vCenter Server support tool can provide hundreds of physical hosts with ESXi software. You can specify the image to deploy and the hosts to provision with the image. Optionally, you can specify host profiles to apply to the hosts and a vCenter Server location (folder or cluster) for each host.
VMware vCenter Lifecycle Manager
The vCenter Lifecycle Manager automates virtual machines and removes them from service at the appropriate time.
- It automatically places servers based on their location, organization, environment, service level, or performance levels.
- When a solution is found for a set of criteria, the machine is automatically deployed.
VMware vSphere Lifecycle Manager Extension
It is an optional service of the vCenter Server Appliance.
vCenter Server plug-ins
Plug-in are applications that add functionality to vCenter. These usually consist of server and client components.
VMware tc Server provides tooling to create a tc Runtime (Tomcat) instance easily, deploy your application, and start the instance. The service is co-installed with vCenter and is used by web services such as ICIM/Hardware status, Performance charts, WebAccess, Storage Policy Based Services, and vCenter Service status.
4. vCenter Single Sign-On Domain
When you deploy a vCenter Server appliance, you are prompted to create a vCenter Single Sign-On domain or join an existing domain.
- The domain name is used by the VMware Directory Service (vmdir) for all Lightweight Directory Access Protocol (LDAP) internal structuring.
- You can give your domain a unique name.
- To prevent authentication conflicts, use a name not operated by OpenLDAP, Microsoft Active Directory, and other directory services.
- After you specify the name of your domain, you can add users and groups.
- You can add an Active Directory or LDAP identity source and allow the users and groups in that identity source to authenticate.
- You can also add vCenter Server instances, or other VMware products, such as vRealize Operations, to the domain.
5. vCenter Enhanced Linked Mode
vCenter Enhanced Linked Mode allows you to log in to any single instance of vCenter Server and view and manage the inventories of all the vCenter Server systems in the group.
- You can join up to 15 vCenter Server appliance deployments with vCenter Enhanced Linked Mode in a single vSphere Single Sign-On domain.
- You can create a vCenter Enhanced Linked Mode group during the deployment of vCenter Server appliance.
- You can also join a vCenter Enhanced Linked Mode group by moving, or repointing, a vCenter Server from one vSphere domain to another existing domain.
Enhanced Linked Mode with Read Only Replication
If a vCenter High Availability (vCenter HA) instance is connected with another vCenter Server instance with enhanced linked mode and vCenter HA failover occurs to the passive node and is unable to communicate with its replication partner on the other vCenter Server node, the replica on the vCenter HA node enters read-only mode.
6. vCenter High Availability
vCenter High Availability (vCenter HA) protects vCenter Server against host and hardware failures. The active-passive architecture of the solution can also help you reduce downtime significantly when you patch vCenter Server.
- A vCenter HA cluster consists of three vCenter Server instances. The first instance, initially used as the Active node, is cloned twice to a Passive node and a Witness node. Together, the three nodes provide an active-passive failover solution.
- Deploying each of the nodes on a different ESXi instance protects against hardware failure. Adding the three ESXi hosts to a DRS cluster can further protect your environment.
- When vCenter HA configuration is complete, only the Active node has an active management interface (public IP). The three nodes communicate over a private network called vCenter HA network that is set up as part of the configuration. The Active node is continuously replicating data to the Passive node.
Below, compare the node responsibilities of vCenter HA Nodes
- Runs the active vCenter Server instance.
- Uses a public IP address for the management interface.
- Uses the vCenter HA network for replication of data to the Passive node.
- Uses the vCenter HA network to communicate with the Witness node.
- It is initially a clone of the Active node.
- Constantly receives updates from and synchronizes state with the Active node over the vCenter HA network.
- Automatically takes over the role of the Active node if a failure occurs.
- It is a lightweight clone of the Active node
- Provides a quorum to protect against split-brain situations
7. What Happened to the Platform Services Controller
Beginning in vSphere 7.0, deploying a new vCenter Server or upgrading to vCenter Server 7.0 requires using the vCenter Server appliance, a preconfigured virtual machine optimized for running vCenter Server. The new vCenter Server contains all Platform Services Controller services, preserving the functionality and workflows, including authentication, certificate management, tags, and licensing.
- It is no longer necessary to deploy and use an external Platform Services Controller.
- All Platform Services Controller services are consolidated into vCenter Server, and simplified deployment and administration.
- In vSphere 7.0, the vSphere Authentication publication replaces the Platform Services Controller Administration publication.
- The new publication contains complete information about authentication and certificate management.
The topic reviewed in this article is part of the VMware vSphere 7.x Exam (2V0-21.20), which leads to the VMware Certified Professional – Data Center Virtualization 2021 certification.
Section 1 - Architectures and Technologies.
Objective 1.2 – Describe vCenter Server topology