Dreaming Andy - Fotolia


Use VCHA to set up a three-node cluster and protect your workloads

VCenter Server High Availability depends on a three-node cluster -- consisting of active, passive and witness nodes -- to limit the damage caused by system failures.

In order to use vCenter Server High Availability, you need to set up a three-node cluster. This cluster containers...

the primary vCenter Server Appliance and a clone. This clone becomes an active node and, eventually, becomes a passive node. The third node, created through the assistant, is called a witness node. The witness node runs tie-breaker code to determine which node is active and which is passive in the event of a host failure or network partition between these two nodes.

VCenter Server High Availability (VCHA) provides a recovery time objective of about five minutes for vCenter Server. It mitigates the effect of host, hardware and application failures. VCHA has automatic failover between the active and passive nodes; the witness node can never become the active or passive node.

Replication between nodes happens on another network -- which you must create -- called the vCenter HA network. The management interface of the active node remains completely independent.

In this article we'll walk through a basic VCHA setup. You can use the advanced mode when you need to deploy the active, passive and witness nodes to different clusters, vCenter Server instances or other data centers. Before you can set up VCHA, you must first make sure that you have the necessary hardware and are running vSphere 6.5.

VCHA 6.5 HA basic setup

VCenter Server High Availability provides a recovery time objective of about five minutes for vCenter Server. It mitigates the effect of host, hardware and application failures.

There are two main system requirements for a basic VCHA. First, you need a vSphere 6.5 cluster with at least three ESXi hosts. And second, you must have a VCHA network.

Start by creating the VCHA network. As shown in Figure A, this is a simple VM network that must be created on each host within the cluster. To do so, we'll simply create a new VM Port group on a different virtual LAN (VLAN). This network will be used for HA communication between nodes, but it cannot exist on the same subnet as the management network interface. The only requirement is that the VCHA network be different from the vCenter Server Management network.

VCHA network.
Figure A. vCenter High Availability network.

Next, use the vSphere Web Client and connect to your infrastructure. Click the Hosts and Clusters icon, select vCenter Server on the left, and go to the Configure tab. Locate the Configure button at the top right of the page -- as shown in Figure B -- and click it to start the assistant.

Start the VCHA configuration assistant.
Figure B. Start the vCenter High Availability configuration assistant.

The first page of the VCHA configuration assistant prompts you to choose a configuration; the configuration assistant selects the "Basic" option by default, but you can change this. If you choose the "Advanced" option, you will have to manually clone all of the vCenter HA nodes. For this example, we'll choose the "Basic" option. Once you've created the VCHA network to satisfy the prerequisite, click Next to continue.

The next page will ask you to provide IP information for the VCHA network. I created the VCHA network and used VLAN 9 for this example, but that's just my environment -- yours may differ. Click the Browse button and select the VCHA network you just added.

Next, assign an IP addresses to the passive and witness nodes on the page (Figure C). These two IP addresses should be on the same subnet as the one on the previous screen so that all three nodes can communicate together through the VCHA network.

Configure networking for nodes.
Figure C. Configure networking for passive and witness nodes.

You're nearly finished. The "Basic" version of the configuration assistant creates a Distributed Resource Scheduler (DRS) rule, which comes in handy if the cluster on which you're deploying uses DRS. This DRS rule makes sure that the active, passive and witness nodes run on different hosts.

You may notice that the passive and witness nodes come with default names -- "-peer" and "-witness," respectively -- but these can easily be changed.

Hit Finish and wait for the assistant to clone the VMs and reconfigure them according to the information you provided. Once configuration is complete, you should see a screen that looks something like Figure D.

VCHA nodes.
Figure D. vCenter High Availability nodes.

You've now successfully configured VCHA. When you click the Monitor tab, another screen will appear showing the state and replication status. As you can see in Figure E, PostgreSQL, appliance configuration, appliance state and appliance sqlite db have all been replicated.

VCHA monitoring status.
Figure E. vCenter High Availability monitoring status.

Go back to the VCHA settings by clicking the vCenter HA Settings link. You'll see two buttons: Edit and Initiate Failover.

The Edit button allows you to put the system into maintenance mode, which is useful if you want to perform hardware maintenance but are unwilling to initiate failover. The Edit button also gives you the option to either disable VHCA, but preserve the configuration or to remove the VCHA configuration entirely and delete the passive and witness nodes. Note that this last option does not remove the second virtualized Network Interface Card from the active node.

The Initiate Failover button allows you to test the failover. In this situation, the passive node will become active and the active node will become passive. It takes some time for the system to fail over, as the latest delta copies have to be made and services started and initialized on the passive node.

A basic VCHA configuration is easy enough to set up. The three-node cluster, however, will consume some additional resources, including memory, storage, network and CPU cycles. VCHA provides better protection than vSphere HA, which protects against host failure, but not against data store or application failure; this level of protection is essential for larger environments and environments that require simple automated protection for vCenter Server. VCHA is bundled with vCenter Standard at no additional cost.

Next Steps

Tips for choosing a vCenter Server upgrade option

Upgrade to ESXi 6.5 quickly and painlessly

VCenter Server 6.5 reduces downtime, but needs work

Dig Deeper on VMware new releases and updates