vSphere 6.5 FAQ

I recently participated in a vSphere 6.5 What’s New Webcast and there was a clear trend in questions being asked.

The questions asked fall into three distinct topics.

  1. vCenter Server Appliance Migration
  2. vCenter Server HA
  3. vSphere Web Client

In this post I’ll aim to address these frequently asked questions.

Continue reading “vSphere 6.5 FAQ”

Advertisements

vSphere 6.x Certificates – Just because you can, doesn’t mean you should.

As I work closely with VMware Support, it’s clear that issues and confusion around vSphere 6.x certificates are still very much a pain-point for customers.

I’ve spoken a bit about this topic in the past (but have been meaning to get back to it). You can see my previous posts below: (Note: even though they say 6.0 they are applicable for 6.5 too)

What I want to achieve by this post is to hopefully dispel some of the confusion. First, repeat the title of this post to yourself – “Just because you can, doesn’t mean you should.

Just because you can replace any and all certificates in a vSphere environment, doesn’t mean necessarily should.

The only question you need to be able to answer is – “What problem am I trying to solve?

tl;dr

Long story short, for the majority of use cases, replacing the Machine SSL certificate on each vCenter / PSC should be sufficient. Keep reading for more information.


Continue reading “vSphere 6.x Certificates – Just because you can, doesn’t mean you should.”

PSC HA 6.5 Guide

Configuring two or more PSC 6.5 nodes behind a Load Balancer can be done to provide High Availability to the PSC services.

This can be useful to have a central PSC HA pair and have multiple vCenter Servers registered against the PSC HA pair for enhanced linked mode.

It would also be required if using vCenter HA with an external PSC, otherwise you’re only providing HA to half the vCenter Server instance.

I hope this guide helps perform the setup with ease and clarity.

Continue reading “PSC HA 6.5 Guide”

vSphere 6.x SSL Trust Anchors

In vSphere 6.x all services and components have Service Registration details recorded in the VMware Directory Service of the Platform Services Controller.

Each Service Registration can contain one or more Endpoint entries.

Each Endpoint may contain an SSL Trust value.

The SSL Trust value must always match the current Machine SSL certificate of the PSC or VC or Embedded node it refers to.

If you use the Certificate-Manager from 6.0 U1b or later – the tool will take care of updating these entries. If you replace the Machine SSL manually or have used the tool before 6.0 U1b then you may encounter this issue.

Continue reading “vSphere 6.x SSL Trust Anchors”

Caution: VCHA user password

When VCHA is enabled, a new OS user “vcha” is created and used for the file based replication.

This morning I experienced an issue on one of my VCHA setups (but not the other) where replication was failing when I arrived into the office.

Update 23/01/2017 – This is a real issue and not a once off. VMware Engineering are aware.

Continue reading “Caution: VCHA user password”