I would like to share with you some more information/details regrading how to configure vCenter HA

vCenter High Availability (vCenter HA) protects vCenter Server against host and hardware failures. The active-passive architecture of the solution can also help you reduce downtime significantly when you patch vCenter Server.

After some network configuration, you create a three-node cluster that contains Active, Passive, and Witness nodes. Different configuration paths are available. What you select depends on your existing configuration.

Plan the vCenter HA Deployment

Before you can configure vCenter HA, you have to consider several factors. A deployment with components that use different versions of vSphere requires different considerations than a deployment that includes only vSphere 7.0 components. Resource and software requirements and the networking setup must also be considered carefully.

vCenter Architecture Overview

A vCenter HA cluster consists of three vCenter Server instances. The first instance, initially used as the Active node, is cloned twice to a Passive node and to a Witness node. Together, the three nodes provide an active-passive failover solution.

Deploying each of the nodes on a different ESXi instance protects against hardware failure. Adding the three ESXi hosts to a DRS cluster can further protect your environment.

When vCenter HA configuration is complete, only the Active node has an active management interface (public IP). The three nodes communicate over a private network called vCenter HA network that is set up as part of configuration. The Active node is continuously replicating data to the Passive node.

All three nodes are necessary for the functioning of this feature. Compare the node responsibilities.

vCenter HA Nodes

vCenter HA Hardware and Software Requirements

Before you set up vCenter HA, ensure that you have sufficient memory, CPU, and datastore resources, and ensure that you are using versions of vCenter Server and ESXi that support vCenter HA.

Your environment must meet the following requirements.

vCenter HA Requirements

Configuration Workflow Overview in the vSphere Client

You can use the Set Up vCenter HA wizard in the vSphere Client to configure the Passive and Witness nodes. The Set Up vCenter HA wizard automatically creates the Passive and Witness nodes as part of vCenter HA configuration. With the manual option, you are responsible for manually cloning the Active node to create the Passive and Witness nodes.

Automatic Configuration with the vSphere Client

You must meet the following requirements to perform automatic configuration.

• The vCenter Server that will become the Active node is managing its own ESXi host and its own virtual machine. This configuration is sometimes called a self-managed vCenter Server.

If you meet the requirements the automatic workflow is as follows.

1. The user deploys the first vCenter Server, which will become the Active node.

2. The user adds a second network (port group) for vCenter HA traffic on each ESXi host.

3. The user starts the vCenter HA configuration and supplies the IP addresses, the target ESXi host or cluster, and the datastore for each clone.

4. The system clones the Active node and creates a Passive node with precisely the same settings, including the same host name.

5. The system clones the Active node again and creates a more light-weight Witness node.

6. The system sets up the vCenter HA network on which the three nodes communicate, for example, by exchanging heartbeats and other information.

Manual Configuration with the vSphere Client

If you want more control over your deployment, you can perform a manual configuration. With this option, you are responsible for cloning the Active node yourself as part of vCenter HA setup. If you select this option and remove the vCenter HA configuration later, you are responsible for deleting the nodes that you created.

For the manual option, the workflow is as follows.

1. The user deploys the first vCenter Server, which will become the Active node.

2. The user adds a second network (port group) for vCenter HA traffic on each ESXi host.

3. The user must add a second network adapter (NIC) to the Active node if the credentials of the Active management vCenter Server are unknown.

4. The user logs in to the vCenter Server (Active node) with the vSphere Client.

5. The user starts the vCenter HA configuration, selects the checkbox to manually configure and supplies IP address and subnet information for the Passive and Witness nodes. Optionally, the user can override the failover management IP addresses.

6. The user logs in to the management vCenter Server and creates two clones of the vCenter Server (Active node).

7. The system sets up the vCenter HA network on which the three nodes exchange heartbeats and replication information.

8. The vCenter Server is protected by vCenter HA.

Configure the Network

Regardless of the deployment option and inventory hierarchy that you select, you have to set up your network before you can start configuration. To set the foundation for the vCenter HA network, you add a port group to each ESXi host.

After configuration is complete, the vCenter HA cluster has two networks, the management network on the first virtual NIC and the vCenter HA network on the second virtual NIC.

Management network

The management network serves client requests (public IP). The management network IP addresses must be static.

vCenter HA network

The vCenter HA network connects the Active, Passive, and Witness nodes and replicates the server state. It also monitors heartbeats.

· The vCenter HA network IP addresses for the Active, Passive, and Witness nodes must be static.

· The vCenter HA network must be on a different subnet than the management network. The three nodes can be on the same subnet or on different subnets.

· Network latency between the Active, Passive, and Witness nodes must be less than 10 milliseconds.

· You must not add a default gateway entry for the cluster network.

Prerequisites

• The vCenter Server that later becomes the Active node, is deployed.

• You can access and have privileges to modify that vCenter Server and the ESXi host on which it runs.

• During network setup, you need static IP addresses for the management network. The management and cluster network addresses must be IPv4 or IPv6. They cannot be mixed mode IP addresses.

Procedure

1. Log in to the management vCenter Server and find the ESXi host on which the Active node is running.

2. Add a port group to the ESXi host.

This port group can be on an existing virtual switch or, for improved network isolation, you can create a new virtual switch. It must be different from the management network.

3. If your environment includes the recommended three ESXi hosts, add the port group to each of the hosts.

Configure vCenter HA With the vSphere Client

When you use the vSphere Client, the Set Up vCenter HA wizard creates and configures a second network adapter on the vCenter Server, clones the Active node, and configures the vCenter HA network.

Prerequisites

• Deploy vCenter Server that you want to use as the initial Active node.

• The vCenter Server must have a static IP address.

• SSH must be enabled on the vCenter Server.

• Verify that your environment meets the following requirements.

• The vCenter Server that will become the Active node is managing its own ESXi host and its own virtual machine. This configuration is sometimes called a self-managed vCenter Server.

• Set up the infrastructure for the vCenter HA network. See Configure the Network.

• Determine which static IP addresses to use for the two vCenter Server nodes that will become the Passive node and Witness node.

Procedure

1. Log in to the Active node with the vSphere Client.

2. Select the vCenter Server object in the inventory and select the Configure tab.

3. Select vCenter HA under settings.

4. Click on the Set Up vCenter HA button to start the setup wizard.

• If the vCenter server is self-managed, the Resource settings page is displayed. Proceed to step 7.

• If your vCenter server is managed by another vCenter server in the same SSO domain, proceed to step 7.

• If your vCenter server is managed by another vCenter server in a different SSO domain, input the location and credential details of that management vCenter server.

1. Click Management vCenter Server credentials. Specify the Management vCenter server FQDN or IP address, Single Sign-On user name and password and click Next.

If you do not have the Single Sign-On administrator credentials, select the second bullet and click Next.

1. You may see a Certificate warning displayed. Review the SHA1 thumbprint and select Yes to continue.

2. In the Resource settings section, first select the vCenter HA network for the active node from the drop-down menu.

3. Click on the checkbox if you want to automatically create clones for Passive and Witness nodes.

Note:If you do not select the checkbox, you must manually create clones for Passive and Witness nodes after you click Finish.

1. For the Passive node, click Edit.

a. Specify a unique name and target location.

b. Select the destination compute resource for the operation.

c. Select the datastore in which to store the configuration and disk files.

d. Select virtual machine Management (NIC 0) and vCenter HA (NIC 1) networks.

If there are issues with your selections, errors or compatibility warnings are displayed.

e. Review your selections and click Finish.

1. For the Witness node, click Edit.

a. Specify a unique name and target location.

b. Select the destination compute resource for the operation.

c. Select the datastore in which to store the configuration and disk files.

d. Select vCenter HA (NIC 1) network.

If there are issues with your selections, errors or compatibility warnings are displayed.

e. Review your selections and click Finish.

2. Click Next.

3. In the IP settings section, select the IP version from the drop-down menu.

4. Enter the IPv4 address (NIC 1) and Subnet mask or prefix length information for the Active, Passive and Witness nodes.

You can Edit management network settings for the Passive Node. Customizing these settings are optional. By default, the management network settings of the Active node are applied.

5. Click Finish.

Results

The Passive and Witness nodes are created. When Set Up vCenter HA is complete, vCenter Server has high availability protection. After vCenter HA is enabled, you can click Edit to enter Maintenance Mode, Enable or Disable vCenter HA. There are separate buttons to remove vCenter HA or initiate vCenter HA failover.

Manage the vCenter HA Configuration

After you configure your vCenter HA cluster, you can perform management tasks. These tasks include certificate replacement, replacement of SSH keys, and SNMP setup. You can also edit the cluster configuration to disable or enable vCenter HA, enter maintenance mode, and remove the cluster configuration.

• Set Up SNMP Traps You can set up Simple Network Management Protocol (SNMP) traps to receive SNMP notifications for your vCenter HA cluster. [Read more]

• Set Up Your Environment to Use Custom Certificates The machine SSL certificate on each node is used for cluster management communication and for encryption of replication traffic. If you want to use custom certificates, you have to remove the vCenter HA configuration, delete the Passive and Witness nodes, provision the Active node with the custom certificate, and reconfigure the cluster. [Read more]

• Manage vCenter HA SSH Keys vCenter HA uses SSH keys for password-less authentication between the Active, Passive, and Witness nodes. The authentication is used for heartbeat exchange and file and data replication. To replace the SSH keys in the nodes of a vCenter HA cluster, you disable the cluster, generate new SSH keys on the Active node, transfer the keys to the passive node, and enable the cluster. [Read more]

• Initiate a vCenter HA Failover You can manually initiate a failover and have the Passive node become the Active node. [Read more]

• Edit the vCenter HA Cluster Configuration When you edit the vCenter HA cluster configuration, you can disable or enable the cluster, place the cluster in maintenance mode, or remove the cluster. [Read more]

• Perform Backup and Restore Operations For additional security, you can back up the Active node in the vCenter HA cluster. You can then restore the node in case of catastrophic failure. [Read more]

• Remove a vCenter HA Configuration You can remove a vCenter HA configuration from the vSphere Client. [Read more]

• Reboot All vCenter HA Nodes If you have to shut down and reboot all nodes in the cluster, you must follow a specific shutdown order to prevent the Passive node from assuming the role of Active node. [Read more]

• Change the Server Environment When you deploy a vCenter Server, you select an environment. For vCenter HA, Small, Medium, Large, and X-Large are supported for production environments. If you need more space and want to change the environment, you have to delete the Passive node virtual machine before you change the configuration. [Read more]

• Collecting Support Bundles for a vCenter HA Node Collecting a support bundle from all the nodes in a vCenter HA cluster helps with troubleshooting. [Read more]

Troubleshoot Your vCenter HA Environment

In case of problems you can troubleshoot your environment. The task you need to perform depends on the failure symptoms. For additional troubleshooting information, see the VMware Knowledge Base system.

• vCenter HA Clone Operation Fails During Deployment If the vCenter HA configuration process does not create the clones successfully, you have to resolve that cloning error. [Read more]

• Redeploy the Passive or Witness node If the passive or witness node fails and vCenter HA cluster was configured using the automatic cloning method, you can redeploy it in the vCenter HA Settings page. [Read more]

• vCenter HA Deployment Fails with an Error Deployment failures can be caused by configuration issues, especially problems with the networking setup. [Read more]

• Troubleshooting a Degraded vCenter HA Cluster For a vCenter HA cluster to be healthy, each of the Active, Passive, and Witness nodes must be fully operational and be reachable over the vCenter HA cluster network. If any of the nodes fails, the cluster is considered to be in a degraded state. [Read more]

• Recovering from Isolated vCenter HA Nodes If all nodes in a vCenter HA cluster cannot communicate with each other, the Active node stops serving client requests. [Read more]

• Resolving Failover Failures When a Passive node does not become the Active node during a failover, you can force the Passive node to become the Active node. [Read more]

• VMware vCenter® HA Alarms and Events If a vCenter HA cluster is in a degraded state, alarms and events show errors. [Read more]

Patching a vCenter High Availability Environment

You can patch a vCenter Server which is in a vCenter High Availability cluster by using the software-packages utility available in the vCenter Server shell.

For more information, see Patch a vCenter High Availability Environment in vSphere Upgrade.

How vSphere HA Works:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.avail.doc/GUID-33A65FF7-DA22-4DC5-8B18-5A7F97CCA536.html

Reducing Planned Downtime:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.avail.doc/GUID-6CA570F0-BEDD-4005-97D0-3F718F2762E0.html

Preventing Unplanned Downtime:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.avail.doc/GUID-F6088A3D-EE09-4C17-B327-FEEEA6FA4879.html