VMware Cloud Community
TopHatProductio
Hot Shot
Hot Shot
‎05-27-2023 12:10 AM

Attempting to Move vCenter Server Appliance to New VLAN

I have a vCenter Server Appliance that currently needs to be put onto a new VLAN. The VLAN is an opaque network, managed by a dedicated network appliance (not created or managed through vSphere). The vCSA is running version 6.7. The ESXi host that the vCSA is hosted on has access to (and IPv4 addresses on) both the current/old network and the new VLAN intended for the vCenter Appliance. When attempting to change networks in the vCSA's VM configuration, only the VM Network (current network) appears. I've tried adding one and two other vNICs to the vCSA, but they had the same restriction(s) as mentioned previously (only the VM Network appears). When looking into VAMI, I also can't find anything that would indicate support for VGT. On all other VMs, I was able to tell each vNIC which VLAN to join by giving it a VLAN ID (and then setting IPv4 configuration afterward). At this point, I'm wondering if I should do the following:

  • set vCSA to use DHCP for IPv4 configuration
  • temporarily disable/remove firewall rules
  • create new vSphere Distributed Switch (VDS)
  • create distributed port group on VDS, matching VLAN's ID
  • attempt migrating vCSA to distributed port group
  • re-enable/re-add firewall rules after migration
  • Disable DHCP on vCSA, set static IPv4 configuration

The issues I have with this are that I don't see any official documentation backing such a process, and that I've already tried this before with undesired results. Any VMs where migration was attempted in this manner either refused to migrate or lost all Internet connectivity after the migration. Need Internet connectivity to install security patches and software updates, so the latter result creates a security nightmare for me. That was part of what led me to use VGT for all other VMs. When looking for others who have attempted something similar, I only get these results:

Everything that I'm seeing seems to suggest using a VDS and attempting migration, which hasn't worked well for me thus far. And to re-create the vCSA if migration fails, from one source. How should I go about this process? Am I missing something obvious?

Reply
0 Kudos
4 Replies
hadjer1
Enthusiast
Enthusiast
‎05-27-2023 09:50 AM

Hello,

Have you tried to enable vCenter HA, it will create a passive vcenter and a witness and it will allow you add another network adapter in a different network.

Also, you can check this link : https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vcsa.doc/GUID-56C3BA9A-234E-4D81-A4...

Regards,

Reply
0 Kudos
TopHatProductio
Hot Shot
Hot Shot
‎05-30-2023 11:11 PM

I went on and attempted to configure vCenter HA. During the configuration stage, I encountered an issue. When selecting Networks for the Mangement and vCenter HA NICs, the only network option(s) available was VM Network. It didn't see any other port groups or VLANs present on the vSwitch. I'm thinking that it's looking for port groups/VLANs on a vSphere Distributed Switch, which would kinda take me back to the first four bullet points mentioned in the OP. Do I need to do those, move all current vNICs over to it, and try again?

Reply
0 Kudos
TopHatProductio
Hot Shot
Hot Shot
‎06-04-2023 05:00 PM

Dropping by to provide an update on the situation. I'm going to try to create a vSphere Distributed Switch (again), to see if that is visible the setup wizard for vCenter HA. This will take a bit, alongside other tasks that I'm working on.

Reply
0 Kudos
TopHatProductio
Hot Shot
Hot Shot
‎06-06-2023 10:03 PM

I've decided not to use vCenter HA for this purpose, since it would:

  • consume more storage on the ESXi host
  • require creation of a dedicated HA network
  • place multiple vCSA nodes on the same ESXi host
  • not necessarily work (well) with a standard vSwitch/port group

 

vCenter HA is meant to enhance/increase availability of the vCenter appliance, through redundancy. The redundancy is achieved, in part, by running multiple vCenter instances across multiple hypervisor (ESXi) hosts. A dedicated HA network (can be created as a VLAN) is needed, to isolate associated traffic. I presume this is done for security and performance reasons. Putting multiple vCenter instances on a single ESXi host would not only defeat the purpose of HA, but also consume more storage (and other compute resources) on said ESXi host. It also forces the creation of a new network, for potentially misconfigured HA. While these side effects could be considered nominal, there is one more point to add -- it won't necessarily allow you to add vCenter to the desired VLAN (separate from the required HA network).

 

This last point was the nail in the coffin in my case, as vCenter failed to see the existing VLAN/port group. This was despite the fact that ESXi and multiple VMs on the ESXi host had no issues detecting (and connecting to) said VLAN. As a result, I've decided to go a different route. Since the vCenter appliance is built on Photon OS, I tried out a few Linux commands instead:

 

 

// View the current NIC config
ifconfig

// Add a named VLAN NIC, and assign VLAN ID to it
ip link add link eth0 name <NIC_Name> type vlan id <VLANID>

// Raise the VLAN NIC
ip link set dev <NIC_Name> up

// Set new IPv4 address on VLAN NIC
ip addr add <IPv4_Address>/<CIDR> dev <NIC_Name>

// View the updated NIC config
ifconfig

 

 

After running these commands, I was able to access vCenter from the new <IPv4_Address>. My next task is to figure out how to make this configuration permanent in Photon OS, which may require information from here:

 

Still looking for a way to edit text files, but I supposed I'll get there eventually. Wishing that nano came pre-installed on Photon OS...

Reply
0 Kudos