VMware Cloud Community
adr1an5
Contributor
Contributor
‎10-16-2015 01:37 PM

Single VCSA 6.0 with External PSC failover to another Datacenter

Using a single vCenter 6.0 with external (primary) PSC, I'm looking to test failover to a DR datacenter. I have another external (secondary) PSC already deployed in the DR datacenter joined to the same site and SSO domain as the primary PSC. This way I just need to failover vCenter to the DR datacenter, change the IP and re-point it to (secondary) PSC. (This assumes vCenter is being replicated via recover point to the DR datacenter)

In testing, I see the following error after trying to login to vCenter using the web client:

A server error occurred.

[500] SSO error: Cannot connect to the VMware Component Manager  https://vcenter-FQDN/cm/sdk?hostid=98fce630-a380-4f39-934d-f5e5481d2d2b

Check the vSphere Web Client server logs for details.

I am able to login to the vCenter client with no issues but this is not preferred.

I already tried regenerating the VMCA certs on the PSC and updating the machine and solution user cert on vCenter.

0 Kudos
6 Replies
greco827
Expert
Expert
‎10-19-2015 08:27 AM

Rather than replicating your vCenter from one site to another, I would have another vCenter at the DR site, tied to the secondary external PSC, and use enhanced linked mode between the two vCenters.

If you find this or any other answer useful please mark the answer as correct or helpful https://communities.vmware.com/people/greco827/blog
0 Kudos
adr1an5
Contributor
Contributor
‎10-19-2015 08:47 AM

I'm trying not to have a dedicated 2nd vCenter in the DR site since I'm are looking at NSX. NXS has limited functionality when managing multi-site vCenters specifically with the VFW feature.

0 Kudos
greco827
Expert
Expert
‎10-19-2015 09:28 AM

I'm not sure of all the requirements, but you can have NSX across multiple vCenters is the same SSO domain.  However, if that's not a route you want to take, I'll see if I can find what may be causing your error.

If you find this or any other answer useful please mark the answer as correct or helpful https://communities.vmware.com/people/greco827/blog
0 Kudos
adr1an5
Contributor
Contributor
‎10-20-2015 08:27 AM

The issue with NSX in a multi-vCenter deployment is the vFW can only use IPs instead of vCenters inventory, security tags, etc. This becomes a challenge when creating many firewall rules across vCenters.

0 Kudos
greco827
Expert
Expert
‎10-20-2015 09:10 AM

I think the newest version of NSX takes care of that.  I could be mistaken.

VMware NSX for vSphere 6.2.0 Release Notes

If you find this or any other answer useful please mark the answer as correct or helpful https://communities.vmware.com/people/greco827/blog
0 Kudos
adr1an5
Contributor
Contributor
‎10-20-2015 09:17 AM

It's still using either IP sets or Mac sets which can be a challenge when you have to create multiple rules. I tested on this version btw.

0 Kudos