Deploy VxRail 4.7 Embedded vCenter 6.7 U1 with Embedded PSC – VMware VVD

vcentervxrail

Introduction:

Dell EMC VxRail latest release 4.7.001 is based on vSphere and vCenter 6.7 Update 1 which is currently the latest release from VMware. vCenter 6.7 U1 included many new features such as HTML5 full functionality, vMotion for vGPU VMs, VAMI FW, enhancements to native HA, and most importantly is embedded PSC is the recommended way to go from now on.

Up to this point, VxRail 4.7.001 does not have the option of deploying its embedded (Embedded vCenter refers to an vCenter VM and PSC VM deployed by VxRail Manager) vCenter with an embedded PSC rather it deploys it with an external PSC which is not recommended anymore by VMware. Now Dell EMC will bring up that VVD 4.3 is still on vCenter 6.5 which recommends an external PSC never the less that is completely irrelevant.

Reason being, VVD is all about a validated specific set of products at a specific set of version working on a specific set of configuration. Its not about what is or is not recommended for individual products when not integrating with other solution components that may or may not be applicable depending on the overall solution. In the end, products should always adhere to the best practices of its vendor out of the box and any other set of configuration would be looked on independently in a case-by-case situation.

Problem:

I am currently designing a Multi-Site VDI solution that is going to include VxRail, Horizon, NSX, and many other components. In this design, based on customer requirements, I will need to adhere to the latest and greatest when it comes down to VDI specifically. I will be following the VVD for general best practices but when it comes to vCenter, I will be taking a different approach, one that complies with latest VMware best practices until the new VVD is released which understandably takes a lot of time and effort given the type of test and verification conducted.

One should never load balance PSC or vCenter anymore, I firmly believe in this statement, yet to achieve it, PSC needs to be embedded so that native vCenter HA covers both vCenter and PSC functionalities without needing a load balancer. A design constraint here is that VxRail does not deploy an embedded PSC while a design requirement is to adhere to VVD architecture  in terms of VxRail needs to host its vCenter on the same cluster which from VxRail perspective is only supported when doing an external vCenter, one that is hosted outside the VxRail cluster so ultimately the risk here is that Dell EMC may choose not to support it.

Solution:

A great solution from Dell EMC is the VVD migration script, one which tells VxRail manager to change its comprehension of the automatically deployed embedded vCenter and PSC VMs to external ones. Simply tell VxRail Manager that these VMs you deployed are no longer managed or maintained or updated by you and consider them as external VMs built by the customer, yet hosted on the same VxRail cluster. This is great but the problem is we will be still stuck with an external PSC that would be load balanced independently from vCenter native HA.

A great solution from VMware vCenter team is the convergence tool when running vCenter and PSC 6.7 U1. This tools allows you to convert an external PSC to an embedded one on the already deployed vCenter. This would solve my problem but not my constraint because I still need to tell VxRail Manager after the VVD conversion that even the external PSC has now changed and it is an embedded PSC on the vCenter VM.

So why not run the VxRail VVD script again after converging the PSC into the vCenter VM and when it asks for the PSC just point it to the vCenter FQDN. Well the good thing is that it will accept the variable and try to run but remember that this PSC was initially deployed by VxRail before we told it to consider it as external so the issue here is that it will keep on trying to connect to the PSC as administrator@localOS instead of administrator@vsphere.local and this cannot be changed from VxRail manager GUI.

Now that everything in VxRail Manager internal configuration DB and JSON points to the vCenter with an embedded PSC, VxRail is not able to authenticate to the embedded PSC because of the user not being correct. Now Dell EMC has another script when migrating an embedded VxRail to an external VxRail, after looking at the script, I found out that this script allows us to set the user for PSC authentication so that would conceptually solve the last hurdle in getting this operational and so it did.

Eventually the result of the above is we have an operational VxRail 4.7.001 running with an external vCenter 6.7 U1 with an embedded PSC hosted on the VxRail cluster itself. This vCenter is now treated as external and is not considered in any update or operational task done by VxRail Manager. BTW this works on both Quanta and 14G servers as the procedure has nothing to do with the hardware. Note that this will also work for an VxRail deployed with an external vCenter that you are looking to converge.

Support:

At this stage, you might be wondering, what would Dell EMC have to say about this in terms of official support. From a technical perspective this should be 100% supported because it is exactly the same as the supported VVD model where the external vCenter is hosted on the VxRail cluster. Yes vCenter version is different yet the procedure is exactly the same so there is no reason what so ever for Dell EMC to state it is not supported. More so now that vCenter is considered external, VxRail has nothing to do with it, and when updating VxRail which includes vSphere, it will be treated as a normal VM and DRS will move it to operational hosts.

Procedure:

  • Initialize and Deploy VxRail with an Embedded vCenter.
  • Run the VVD migration script on VxRail Manager.
  • Converge the vCenter and PSC into an embedded PSC.
  • Run the migration tool on VxRail Manager.
  • Upgrade VxRail and vCenter for testing and verification.

Deploy:

I will not go through initializing a VxRail cluster but will state that this would work regardless if its an embedded vCenter ( deployed by VxRail ) or an existing external vCenter with an External PSC that you are converting into an embedded vCenter noting that it is only supported on 6.7 U1 .

First Run the VVD migration script on VxRail Manager to tell VxRail JSON and DB configuration that vCenter is now considered external and you have nothing to do with it in terms of configuration or updates ( it will still need to authenticate to it and pull cluster health data ).

1- Download the VVD migration script from Dell EMC support website named vvd_vc_conversion.pyc.zip . Extract this on your machine and connect to VxRail manager using SFTP with username mystic and the password set when initializing VxRail. Upload the extracted script to VxRail manager.

Take a snapshot of VxRail Manager, vCenter, and PSC VMs.

image

2- Connect to VxRail Manager web console from vSphere and login with user Root and the password you set when initializing the VxRail.

image

3- Open xterm and input the following ( Remember these are the embedded vCenter details that was deployed by VxRail, this will keep the same VMs and configuration but tell VxRail Manager not to consider them as embedded anymore):

  • vCenter FQDN
  • vCenter Credentials
  • PSC FQDN

After which it will ask to verify the cluster (only one will exist so press y) and choose the number of the VxRail manager VM. The script will restart VxRail Manager when completed after confirmation.

image

3- After the restart, give VxRail manage around 10 minutes before trying to connect and authenticate. Now VxRail manager should not include vCenter in any update or patching as part of the VxRail upgrade package bundle. To verify that VxRail manager now considers this as an external vCenter, Shutting down the cluster from VxRail Manager should fail prerequisites check as below.

image

image

I did face some issues logging in into VxRail Manager the first time I ran the script so I reverted to the earlier snapshot ( only VxRail Manager snapshot ) and did it again which worked perfectly. Also the script takes a backup of the JSON and DB config files in : /var/lib/vmware-marvin with an _bak extension so you can also restore these files (“config.json”, “config-journal.json” and “runtime.properties” ) and try again.

———————————————–

Second we need to converge the external PSC into an embedded PSC on the vCenter server and then decommission the external PSC VM and get rid of it. vCenter 6.7 U1 comes with a convergence CLI tool that does this seamlessly with minimal manual effort.

1- Download the vCenter 6.7 U1 ISO from MyVMware and make sure that the version downloaded is the same as the currently deployed vCenter. Open the ISO, go to vcsa-converge-cli\templates\converge and copy the file to a local directory. Open the file with a JSON editor, I used Notepad++ , and make sure to fill the required information bolded in yellow. Now there are other sections that will fail the whole process if not filled and do not apply to a VxRail embedded vCenter so just copy the below into notepad++ with changing the required info, name it converge.json , and save on the C: drive.

———-

{
“__version”: “2.11.0”,
“__comments”: “Template for VCSA with external Platform Services Controller converge”,
“vcenter”: {
“description”: {
“__comments”: [
“This section describes the vCenter appliance which you want to”,
“converge and the ESXi host on which the appliance is running. ”
]
},
“managing_esxi_or_vc”: {
“hostname”: “ESXi host IP that vCenter VM is currently residing on, for VxRail its node 1“,
“username”: “root“,
“password”: “Password
},
“vc_appliance”: {
“hostname”: “vCenter IP address“,
“username”: “administrator@vsphere.local“,
“password”: “Password for vCenter administrator“,
“root_password”: “Password for vCenter root
}
}
}

———-

2- Open a command prompt from the converge directory on the vCenter ISO E:\vcsa-converge-cli\win32 and run the following command. VCSA will restart during the process and access will not be available to vCenter for about 15 minutes.

vcsa-util converge –no-ssl-certificate-verification –backup-taken –verbose c:\converge.json

image

image

To verify that this vCenter is now operational with an embedded PSC, lets login to VAMI and verify the same.

image

3- Time to decommission the existing external PSC to remove it from the SSO domain completely. Copy the following into notepad++, input the relevant information, and save to decommisionPSC.json on C: drive.

———-

{
“__comments”: “Template for decommissioning PSC node with converge CLI tool.”,
“__version”: “2.11.0”,
“psc”: {
“description”: {
“__comments”: [
“This section describes the PSC appliance which you want to”,
“decommission and the ESXi host on which the appliance is running. ”
]
},
“managing_esxi_or_vc”: {
“hostname”: “ESXi host IP that PSC VM is currently residing on, for VxRail its node 1“,
“username”: “root“,
“password”: “Password
},
“psc_appliance”: {
“hostname”: “PSC VM IP“,
“username”: “administrator@vsphere.local“,
“password”: “Password“,
“root_password”: “Password
}
},
“vcenter”: {
“description”: {
“__comments”: [
“This section describes the embedded vCenter appliance which is in “,
“replication with the provided PSC”
]
},
“managing_esxi_or_vc”: {
“hostname”: “ESXi host IP that vCenter VM is currently residing on, for VxRail its node 1“,
“username”: “root“,
“password”: “Password
},
“vc_appliance”: {
“hostname”: “vCenter VM IP“,
“username”: “administrator@vshere.local“,
“password”: “Password“,
“root_password”: “Password
}
}
}

———-

4- Open a command prompt from the converge directory on the vCenter ISO E:\vcsa-converge-cli\win32 and run the following command. After which the VM can be deleted from the cluster.

vcsa-util decommission –no-ssl-certificate-verification –verbose c:\decommisionPSC.json

image

image

image

———————————————–

Third Run the migration tool so that VxRail manager is able to authenticate properly to the now embedded PSC on the vCenter server. The VVD script will not work here because it does not have an option to change the account VxRail Manager will use to authenticate to the embedded PSC.

1- Download the migration tool from Dell EMC Support Website named migrationtool.py.zip . Extract this on your machine and connect to VxRail manager using SFTP with username mystic and the password set when initializing VxRail. Upload the extracted script to VxRail manager.

image

2- Connect to VxRail Manager web console from vSphere and login with user Root and the password you set when initializing the VxRail.

image

3- Open xterm and input the following ( this will again tell VxRail Manager Config JSON and DB that vCenter and PSC are external yet we have the option of saying it is an embedded PSC and can provide the correct user/pass to authenticate to this PSC).

  • vCenter FQDN
  • vCenter Credentials
  • New PSC FQDN ( keep this empty since its embedded ).
  • Search Domain
  • DNS Server
  • Management User (This is what is missing from the VVD script, put this as administrator@vsphere.local )

image

After the script has completed and VxRail restarted , wait 15 minutes, and then try to login to VxRail manager in which it should authenticate you properly and get the cluster health.

image

image

image

———————————————–

Fourth I wanted to make sure 100% that VxRail is now completely operational and in a supported configuration which should not impact newly added nodes or updating the whole VxRail environment so I am going to perform an upgrade from VxRail 4.7.000 to 4.7.001 . Package has been downloaded and ready to install.

image

image

image

We can clearly see that the VxRail update package does not have vCenter as part of the upgrade process which is expected when vCenter is External. VxRail Manager upgrade will restart the VxRail Manager VM initially so don’t panic, after it reconnects, the upgrade procedure will show again.

image

image

Conclusion:

I hope that Dell EMC next release would have an option to deploy the embedded vCenter with an embedded PSC which would save us the hassle of going through different workarounds to achieve the same.

May the Peace, Mercy, and Blessing of God Be Upon You

6 thoughts

    1. As of 4.7.100 , the option is still NOT available . Dell EMC has made it very clear that they do not endorse or support what I did but then again its exactly the same as joining or moving an VxRail environment to an external vCenter. Anyhow ass of 4.5.2XX , migrating an external vCenter to the VxRail cluster itself is supported so I have found that just building an external vCenter on any server , building the VxRail cluster, then migrating the vCenter to the VxRail cluster ( Used Cross vCenter vMotion tool with cloning option) an easier approach.

  1. Hi,
    Great article. I came across it as I am looking for documentation around moving vcenter from the VxRail deployed vcenter to a customer managed (external) vcenter. We need to do this as we are deploying NSX and to do so we need to enable enhanced linked mode between our two clusters to make use of universal security tags. We are dealing with Dell support & have just upgraded to 4.7.200 as there is now a script that can be run to perform the vcenter move.
    I wonder if the scripts you have used are similar. Have you ever performed a vcenter move this way?
    Thanks

    1. Hi , so one of the scripts I used was originally used for the purpose of moving the VxRail config from the embedded vCenter to an external vCenter but the script is just a single step in a long line of steps to be done when you want to move to an external vCenter. There is a document on the SolVe portal for that , you will need to pre-recreate some settings on your external vCenter and then lastly run the script which is also referenced in the SolVe procedure and yes I have done the same a while back but did not document it. That been said, if your second vCenter is not yet deployed, you can use the procedure in this post to convert your vCenter to an embedded PSC first then external vCenter to VxRail then build your other site vCenter and join it to the PSC SSO of this vCenter you converted from the default deployed VxRail one. Hope that makes sense.

      1. Thanks, yes that makes sense. I have looked on the SolVe portal but cannot find any documents relating to moving the vcenter.
        Can you remember when you moved to an external vcenter in VxRail if you had to power off virtual machines? This is what we are being told from Dell support.
        Thanks again!

        1. You either convert the vCenter that was automatically built by VxRail using this post or you can refer to the migration guide in Solve named Migrate a VxRail Cluster from a Source vCenter Server to a Target vCenter Server but you would need to build the target vcenter first and it can be hosted on the VxRail cluster itself if required. If hosted elsewhere, after everything is finalized, use the cross vcenter migration tool to clone it to the VxRail cluster, turn off the original one, and turn it on the VxRail cluster.

Leave a Reply

Your email address will not be published. Required fields are marked *