All credit for this post belongs to one of my colleagues called Imran Mughal, a very talented vSphere engineer!
We recently came across an issue during some site migration work on our PSC’s. The scenario which drove our PSC site migration work was the fact that we noticed all of our vCenter Servers were trying to authenticate users via a single load balanced pair of PSCs regardless of physical location instead of the PSCs in the datacentre local to the vCenter. This was due to us only using a single site name that covered 4 separate datacentre locations. All of our PSCs regardless of which physical location formed part of this single site.
As we already had live service running on out vCenters we decided to re-direct vCenters to another PSCs and rebuild in pairs (as there is currently no way to manually change the site name or create new sites over an existing deployment).
This was done using a combination of these two KB articles:
KB2131191 & KB2113917
Platform Service Controller replication can be setup in multiple ways, when I ran through a test configuration of 4 sites, each with a single PSC. I was wondering how replication would be automatically configured out of the box. When I installed the PSCs I used the previously configured PSC to configure the newly built PSC:
PSC1 (Built First) <—- PSC2 (built second) <—- PSC3 (built third) <—- PSC4 (built fourth)
The following commands allowed me to view the replication configuration and then setup a topology of my choice:
vdcrepadmin -f showservers -h FQDN_of_Local_PSC -u administrator -w password
What is Platform Services Controller 6.0 (PSC)?
The Platform Services Controller (PSC) is a component of the vSphere Suite. The PSC deals with identity management for administrators and applications that interact with the vSphere platform.
What are the key capabilities of PSC 6.0?
- PSC 6.0 remains a multi-master model, as was introduced in vSphere 5.5 in the form of vCenter Single Sign-On.
- It can be deployed either in an Appliance-based or Windows-based flavor, both able to participate in multi-master replication also both Appliance-based or Windows-based PSCs can interoperate with Appliance-based or Windows-based vCenter Servers.
- It can handle the storing and generation of the SSL certificates within your vSphere environment.
- It handles the storing and replication of your VMware License Keys
- It handles the storing and replication of your permissions via the Global Permissions layer.
- It handles the storing and replication of your Tags and Categories.
- It has a built-in feature for automatic replication between different, logical SSO sites.
- There is only one single default domain for the identity sources.
What are the components that are installed with Platform Services Controller 6.0?
Components that are installed with PSC 6.0 include:
- VMware Appliance Management Service (only in Appliance-based PSC)
- VMware License Service
- VMware Component Manager
- VMware Identity Management Service
- VMware HTTP Reverse Proxy
- VMware Service Control Agent
- VMware Security Token Service
- VMware Common Logging Service
- VMware Syslog Health Service
- VMware Authentication Framework
- VMware Certificate Service
- VMware Directory Service