VMware Cloud Community
Dryv
Enthusiast
Enthusiast
‎08-07-2017 04:43 AM
Jump to solution

VCSA HA Deployment: Different Sites

Hi Guys,

I wanted to understand if its possible to deploy VCSA in HA deployment across 3 different sites using different IP Subnets, but all can route to each other, as follows:

VCSA-Active

Mgmt IP: a.a.a.a

HA IP: x.x.x.x

VCSA-Passive

Mgmt IP: b.b.b.b

HA IP: y.y.y.y

Witness

Mgmt IP: c.c.c.c

HA IP: z.z.z.z

If the above is possible then:

- When a failover happens from Active to Passive, do clients stop using IP a.a.a.a and start using IP b.b.b.b to reach vCenter services? Or would I need to manually make a change in DNS to point the VCSA FQDN from a.a.a.a to b.b.b.b and get that refreshed out across my network?

- Is there a guide that explains how to set it up this way?

As usual, thanks

Dryv

0 Kudos
1 Solution

Accepted Solutions
vladimir1974
Enthusiast
Enthusiast
‎08-16-2017 06:45 AM
Jump to solution

Deploying vCenter High Availability with network addresses in separate subnets (2148442) | VMware KB

says that we need 2 DNS A records (for both active and passive external ips).

We managed to set up vCenter HA, but we have issues with clients delay/timeout because of two DNS A records, with one of them being down (passive node).

So it works, but with issues. We're thinking about setting up load balancer in front of active/passive node.

Regards,

Vladimir

View solution in original post

0 Kudos
3 Replies
vladimir1974
Enthusiast
Enthusiast
‎08-16-2017 06:45 AM
Jump to solution

Deploying vCenter High Availability with network addresses in separate subnets (2148442) | VMware KB

says that we need 2 DNS A records (for both active and passive external ips).

We managed to set up vCenter HA, but we have issues with clients delay/timeout because of two DNS A records, with one of them being down (passive node).

So it works, but with issues. We're thinking about setting up load balancer in front of active/passive node.

Regards,

Vladimir

0 Kudos
rpasche
Contributor
Contributor
‎11-03-2017 06:12 AM
Jump to solution

Hi,

also also saw the hint here VMware Knowledge Base to configure DNS with 2 A records, but this - as you said - does not work in 50% of your tries as the passive Node is down and won't answer requests.

Thus, I think the best way would be to hide both behind another load balancer, for example haproxy (with another service IP).

This is what I want to configure within the next days.

We also want to deploy VCHA in 2 different datacenters (with 2 different management IPs), so we still setup VCHA in "advanced mode" and "override management ip on failover". My plan is then to setup a high available (or use an already available) HAPROXY loadbalancer (in tcp mode) and forward all used ports by VCHA to the primary node and use the backup node as "backup"

This should look something like this (not yet tested)

frontend vcenter

bind <srv_ip>:443,<srv_ip>:8443: and all other ports

mode tcp

use_backend vcha_backend

backend vcha_backend

server vcha1 <ip_of_node_1> check

server vcha2 <ip_of_node_2> check backup

Then, only the "srv_ip" should be set within DNS to point to the FQDN of the VCHA.

One point not yet ready....how to check, if the "active" node is *really* gone? (which port to check?)

In the setup above....if the primary node is assumed "online" again, all requests will then go to the primary node, so the "check" is really important... We need a good way to see, if the active node is really down.

I do not yet have an idea.

rpasche

0 Kudos