PSC

Introduced in vSphere 6.0, the PSC is a component used to provide common infrastructure services for VMware products.

The PSC is an important component in the design that provides services not only for vCenter Server or vSphere but for the VMware products in general. SSO, for example, can be shared also to other VMware products to provide a centralized user authentication (for example, vRealize Orchestrator, vRealize Automation).

Depending on your environment and the infrastructure design, vCenter Server and the PSC can be deployed in two different ways—embedded or external:

  • Embedded: This is the preferred choice for small environments. vCenter Server can be deployed with an embedded PSC to simplify the management and, because both components are not connected over the network, outages due to connectivity and name resolution issues between vCenter Server and PSC are avoided. If the vCenter Server used is the Windows-based version, you can also save some Windows licenses. This setup, however, is resource consuming because for each product there is a PSC, that is not always required. If you install vCenter Server with an embedded PSC, you can reconfigure the setup and switch to vCenter Server with an external PSC later on:
PSC and vCenter Server can be installed on a physical or virtual machine
  • External: Installing the vCenter Server with an external PSC is a solution suitable for large environments with the benefit that shared services in the PSC instances consume fewer resources. This setup increases the management complexity and, in the event of connectivity issues between the vCenter Server and PSC, could cause some outages.

If the vCenter Server is the Windows-based version, you need additional Windows licenses:

An external PSC can manage multiple vCenter Servers

Which method to use strictly depends on the requirements in terms of availability for your vCenter Server. You can have a PSC that serves multiple sites or a highly available PSC in a single cluster.

VMware recommends six high-level PSC topologies:

  • vCenter Server with embedded PSC
  • vCenter Server with external PSC
  • PSC in replicated configuration
  • PSC in HA configuration
  • vCenter Server deployment across sites:
 vCenter Server deployment across sites
  • vCenter Server deployment across sites with load balancer
For more information, see also KB 2147672—Supported and deprecated topologies for VMware vSphere 6.5 at https://kb.vmware.com/kb/2147672. Some topologies have changed from version 5.5 and are now deprecated. The choice of the right topology depends on different aspects, such as features (do you need enhanced linked mode between multiple vCenters?), availability, scalability, physical topology, and so on.

Although a mixed environment is supported, it is recommended that you use the same platform (only appliances or only Windows-based installations) for both vCenter Server and PSC to ensure easy manageability and maintenance:

Mixed environment deployment is not a recommended design

There are three core services provided by the PSC essential for the vSphere functionality— SSO, VMware License Service, certificate management:

  • SSO: This is a prerequisite to install vCenter Server (it cannot be installed without SSO). This service solves the problem of authentication in an environment with multiple ESXi hosts. Using a secure token mechanism, vSphere components can communicate with each other without requiring a separated authentication for each component. For each administrator who needs access to a specific server, without having a vCenter Server in your environment you need to create for each ESXi, a separate user account and grant access permissions. If the number of ESXi hosts grows, the number of accounts to manage also grows. Joining the ESXi to Active Directory to centralize the authentication can be an option (Active Directory integration will be covered in Chapter 5, Configuring and Managing vSphere 6.5), but adds another dependency in the infrastructure—the Domain Controller (DC). The SSO authentication service is easier to manage and more secure for the authentication against VMware products.
  • VMware License Service: This centralizes the management of all the information related to the license of the vSphere environment and VMware products that support PSC. This capability allows licensing information between vCenter Servers not configured in Linked Mode group installed in geographically different locations to replicate every 30 seconds (by default). vCenter Servers in a Linked Mode group will be examined in detail in Chapter 5, Configuring and Managing vSphere 6.5.
  • Certificate Management: This is required to communicate in a secure way with each other and with ESXi hosts, vCenter Server services make use of SSL. The VMware Certificate Authority (VMCA) provisions ESXi hosts and services with a certificate signed by VMCA by default.

Other services provided by PSC are as follows:

  • VMware Appliance Management Service (only in appliance-based PSC)
  • VMware Component Manager
  • VMware Identity Management Service
  • VMware HTTP Reverse Proxy
  • VMware Service Control Agent
  • VMware Security Token Service
  • VMware Common Logging Service
  • VMware Syslog Health Service
  • VMware Authentication Framework
  • VMware Directory Service

Additional details and configuration of PSC will be discussed in Chapter 5Configuring and Managing vSphere 6.5.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.123.193