One of the questions I received recently from a reader was a question concerning how to patch vCenter Server Appliance configured with High Availability (HA). If you're still on Windows based vCenter, on an older version of VMware vsphere (5.5 or 6.0) then you might listen up.
As you know, the latest VMware vCenter Server Appliance (VCSA) based on Photon OS came also with a possibility to setup HA environment for vCenter. It means that the system will create a copy of the active node, and puts in place a third node – Witness node. We can consider vCenter HA as a “3-node cluster”.
All 3 nodes communicate through a separate network and are in sync. The passive node is continuously receiving data flowing from the active node.
From the architectural perspective, both, vCenter server and Platform Service Controller (PSC)embedded or vCenter server with separate PSCs are supported.
So here we come to a situation when VMware releases patches to our VCSA. Now what? What's the correct order of doing things? What's the correct sequence? Do I have to patch only the Active node, and the passive node will just copy the missing bits? Or, do I have to patch both (active and passive?). Let's have a look.
Patch vCenter Server Appliance configured with High Availability (HA)
VMware supports the following way:
Here are the steps:
Step 1: Download the latest VCSA Patch from the VMware Patch Download Center(https://my.vmware.com/group/vmware/patch) and select VC from the Search by Product drop down, and then vSphere 6.5. (it should be an ISO file).
Step 2: Put the vCenter HA into Maintenance Mode. (replication still works but no failover). You'll have to use vSphere Web client (HTML5 client for vSphere does not have this functionality just yet implemented). Settings > Select vCenter HA > Edit > Maintenance Mode
Step 3: Attach the ISO to the Witness appliance VM > connect to the appliance via Putty via SSH session or directly into the console > enter:
software-packages install –iso –acceptEulas
Then Exit SSh > Disconnect the ISO > Reboot the Witness VM > Done.
Step 4: Attach the ISO to the passive node > Patch the Passive Node via the same steps as above.
Step 5: Initiate manual failover Settings > vCenter HA > Initiate Failover > Yes. (perform the synchronization). The current passive node will become an active node.
Step 6: Same as step 4: Attach the ISO to the passive node > Patch the Passive Node via the same steps as above.
Step 7: Exit the maintenance mode of VCSA HA.
Optional Step: You can perform failback if you want to get back to the initial configuration. From the vSphere Web Client, Select vCenter > Configure > vCenter HA >
Initiate Failover > Yes.
VCSA HA adds two more VMs to the environment which consumes storage, memory and CPU cycles. In fact, it more than doubles the RAM requirement for both Active-passive configurations. In the lab, one VCSA takes 16Gb of RAM so all 3 appliances (with the Witness only taking about 1Gb of RAM) requires more than 33 Gb of RAM.
Depending on your requirements it is up to you to decide if you need such a functionality. It is a built-in new feature of vSphere 6.5 and we have already done a write up (including tests):
- VMware VCSA 6.5 Active-Passive Setup With Simple Configuration – [LAB]
- VMware VCSA 6.5 Active-Passive Setup – Advanced Configuration
- VMware vCSA 6.5 HA Failover Test – Video
- VMware vSphere 6.5 – Native vCenter High Availability (VCSA 6.5 only) – Intro
Note that you'll experience some downtime during failover. You won't be able to access the system via vSphere web client. The latest deltas are copied over to passive node > Passive node is becoming active > starting up the services > Initializing the web client services….
During my initial tests of the failover, the Passive node has become Active, and it took about 10 min for all the services and web client to be fully initialized so I could log back in. (you can check the third link).
During the failover, all you'll see is this image… but then, you have a fully resilient system fully patched, up and running again.
Whether to protect vCenter via HA or just rely on backups or vSphere HA, it really depends on things like the size of your organization, how critical is vCenter uptime etc. Because at the end of the day, many things like day to day VM operations, can be done through ESXi Host Client which in its latest version displays also some VMware vSAN information as well, without being dependent on VMware vCenter server.
It would certainly be very cool to push into some kind of decentralized management of vSphere infrastructure where you would be able to connect to any ESXi within your cluster and manage cluster services such as HA, DRS, etc… for a situations when vCenter server is unavailable.
Source: VMware Documentation Online.
More from ESX Virtualization:
- VMware vSAN Upgrade Scenarios For Small Clusters
- Increase Boot Delay to Edit the BIOS of a VM
- VMware vSphere 6.5 U1 Released
- What is VMware Hot-Add RAM and How to use it?
- How to reset root password in vCenter Server Appliance 6.5
- How To Reset ESXi Root Password via Microsoft AD