Skip to content

PSC

Script to add vSphere 6.5 VMCA Root Certificate to Trusted Certs Store

When running vSphere 6.5 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.
there-is-a-problem-with-this-security-certificate

I made a little script (VBS) that pulls the CA certificate from a vCenter Server or Platform Services Controller and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.

Read More »Script to add vSphere 6.5 VMCA Root Certificate to Trusted Certs Store

How to add AD Authentication in vCenter 6.5/6.7

The vCenter Server has an internal user database that allows you to add and manage users with the vSphere Web Client. Users management and Single Sign-On is provided by the Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 6.5 and how to get the "Use Windows session authentication" checkbox to work with the enhanced authentication plugin. This works for both, the vCenter Server 6.5 installed on a Windows Server and the vCenter Server Appliance (vCSA).

Read More »How to add AD Authentication in vCenter 6.5/6.7

How to Join the vCSA 6.5/6.7 to an Active Directory Domain

In vSphere 6.5 the underlying operating system from the vCenter Server Appliance (vCSA) has been changed to VMwares PhotonOS. With the new OS, you can still join an Active Directory domain to comply with company policies, or if you want to use windows session authentication. Joining an Active Directory domain is included in the infrastructure node configuration which is part of the Platform Services Controller. Please verify standard AD requirements like time synchronization and naming prior to joining a domain.

If you want to log in with the "Windows session authentication" checkbox, you have to add the appliance running the Platform Services Controller (PSC) to the domain. For embedded deployments, join the appliance running both, the vCenter and the PSC to the domain.

Read More »How to Join the vCSA 6.5/6.7 to an Active Directory Domain

How to Increase VCSA External PSC Disk Space in vSphere 6

The vCenter Server Appliance 6.0 uses the Linux Logical Volume Management (LVM) that allows you to dynamically increase the disk size of the vCenter Server disks. For the vCenter server itself the process to increase the capacity is well documented in KB2126276. When you have an external Platform Services Controller, the tool mentioned in the KB is missing. You can't use "vpxd_servicecfg storage lvm autogrow" to increase the space automatically so you have to do it manually.

This post explains how to increase the disk space for an external platform service controller.

Read More »How to Increase VCSA External PSC Disk Space in vSphere 6

Script to add vSphere 6 VMCA Root Certificate to Trusted Certs Store

When running vSphere 6 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.
there-is-a-problem-with-this-security-certificate

I've written a little script (VBS) that pulls the CA certificate from a vCenter Server and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.
script-vmca-certificate

Read More »Script to add vSphere 6 VMCA Root Certificate to Trusted Certs Store

Resilient vSphere 6.0 PSC deployment without Load Balancer

With vSphere 6.0 VMware has separated their vCenter Server into two components - vCenter Server and Platform Services Controller. They also created a list of topologies they recommend  for deployments. The deployment they recommend for high availability includes an External Load Balancer where vCenter Servers are pointed to. An alternate solution is to have multiple Platform Services Controllers and vCenters pointed directly to them. There is no need to have one PSC for each vCenter. Each PSC can manage up to 4 vCenters, so with 2 PSC you can manage 8 vCenters, with 3 you can manage 10 vCenters, which is the configuration maximum at the moment.

psc-deployment-with-or-without-loadbalancer

Platform Services Controller with or without Loadbalancer?

The solution with a Load Balancer sounds nice, and I'm sure it's operable, but it has some drawbacks:

  • It requires a third-party Load Balancer (Compatible Load Balancers are NSX-v, Citrix NetScaler and F5 Network Big-IP)
  • Configuration is complex
  • Troubleshooting is even complexer
  • Does not scale (1 PSC can handle 4 vCenters, with a Load Balancer (which is used for redundancy) 2 PSC are required to handle 4 vCenters)

Read More »Resilient vSphere 6.0 PSC deployment without Load Balancer

How to add AD Authentication in vCenter 6.0 (Platform Service Controller)

Platform Service Controller is a new component in vSphere 6.0. The PSC contains all the services that vCenter needs for its functions including Single Sign-On (SSO). This post describes how to configure AD authentication in vCenter Server 6.0.

The method shown in this post allows you to manage users and groups in your central directory. This works for both, the vCenter Server 6.0 installed on Windows Server and the vCenter Server Appliance (VCSA).vsphere60-login-screen

Read More »How to add AD Authentication in vCenter 6.0 (Platform Service Controller)