PSC

Introduced in vSphere 6.0, the PSC is a component used to provide common infrastructure services for VMware products.

The PSC is an essential component in the design that provides services not only for vCenter Server and vSphere but the VMware product suite in general. SSO, for example, can also be shared with other VMware products to provide centralized user authentication (for example, vRealize Orchestrator, and  vRealize Automation).

Depending on your environment and the infrastructure design, vCenter Server and the PSC can be deployed in two different ways—embedded or external:

  • Embedded: Preferred deployment for single-sites where you do not need to interconnect different vCenter Servers to the SSO domain. vCenter Server can be deployed with an embedded PSC to simplify the management and, because both components are not connected over the network, outages due to connectivity and name resolution issues between vCenter Server and PSC are avoided. If the vCenter Server used is the Windows-based version, you can also save some Windows licenses. If you install vCenter Server with an embedded PSC, you can reconfigure the setup and switch to vCenter Server with an external PSC later on.
  • External: Installing the vCenter Server with an external PSC is a solution suitable for large environments with the benefit that shared services in the PSC instances consume fewer resources. This setup increases the management complexity and, in the event of connectivity issues between the vCenter Server and PSC, could cause some outages.

Which method to use strictly depends on the requirements regarding availability for your vCenter Server. You can have a PSC that serves multiple sites or a highly available PSC in a single cluster.

VMware recommends six high-level PSC topologies:

  • vCenter Server with embedded PSC
  • vCenter Server with external PSC
  • PSC in replicated configuration
  • PSC in HA configuration
  • vCenter Server deployment across sites
  • vCenter Server deployment across sites with a load balancer
For more information about moving from a deprecated to a supported vCenter server deployment topology before upgrade or migration, you can visit https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vcenter.upgrade.doc/GUID-080CA000-4BD0-40F8-8324-DABB3A136390.html.

Some topologies have changed from version 5.5 and are now deprecated. The choice of the right topology depends on different aspects, such as features (do you need enhanced linked mode between multiple vCenters?), availability, scalability, physical topology, and so on.

Although a mixed environment is supported, it is recommended that you use the same platform (only appliances or only Windows-based installations) for both vCenter Server and PSC to ensure easy manageability and maintenance.

There are three core services provided by the PSC essential for the vSphere functionality— SSO, VMware License Service, and certificate management:

  • SSO: This is a prerequisite to installing vCenter Server (it cannot be installed without SSO). This service solves the problem of authentication in an environment with multiple ESXi hosts. Using a secure token mechanism, vSphere components can communicate with each other without requiring a separated authentication for each component. For each administrator who needs access to a specific server, without having a vCenter Server in your environment, you need to create a separate user account and grant access permissions for each ESXi. If the number of ESXi hosts grows, the number of accounts to manage also grows. Joining the ESXi to AD to centralize the authentication can be an option, but adds another dependency in the infrastructure—the Domain Controller (DC). The SSO authentication service is easier to manage and more secure for the authentication against VMware products.
  • VMware License Service: This centralizes the management of all the information related to the license of the vSphere environment and VMware products that support PSC. This capability allows licensing information between vCenter Servers not configured in the Linked Mode group installed in geographically different locations to replicate every 30 seconds (by default). 
  • Certificate Management: This is required to communicate securely with each other and, with ESXi hosts, vCenter Server services make use of SSL. The VMware Certificate Authority (VMCA) provisions ESXi hosts and services with a certificate signed by VMCA by default.

Other services provided by PSC are as follows:

  • VMware Appliance Management Service (only in appliance-based PSC)
  • VMware Component Manager
  • VMware Identity Management Service
  • VMware HTTP Reverse Proxy
  • VMware Service Control Agent
  • VMware Security Token Service
  • VMware Common Logging Service
  • VMware Syslog Health Service
  • VMware Authentication Framework
  • VMware Directory Service

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset