Learning vSphere 6.5-Part-9-Configuring vCenter Server High Availability (VCHA)

In last post of this series we discussed about the High Availability feature for vCenter 6.5 and saw the architecture of VCHA and how it works. In this post we will go ahead and actually configures that in lab.

If you have missed earlier post of this series, you can read them from below links:

1: Installing and Configuring Esxi

2: VCSA Overview

3: vCenter Server and PSC Deployment Types

4: System Requirements for Installing vCenter Server

5: Installing vCenter Server on Windows

6: Deploying vCSA with embedded PSC

7: Deploying External PSC for vCSA

8: Understanding vCenter Server High Availability (VCHA)

Before jumping into lab and start configuring VCHA, its important to understand the deployment options and prerequisites  for VCHA first.

vCenter HA Deployment Options

You can set up your vCenter HA environment with an embedded PSC or with an external PSC. If you decide to use an external Platform Services Controller, you can place it behind a load balancer for protection in case of Platform Services Controller failure.

To know more about deployment option please refer  VMware documentation for vSphere 6.5

vCenter High Availability (VCHA) Prerequisites

  • An instance of the vCenter Server Appliance deployed.
  • Separate datastores to deploy all three nodes. (If possible)
  • At the least three ESXi hosts to deploy the three nodes.
  • A public IP Address that will be used to connect to the active node. (provided during the installation of the appliance).
  • Three private IP addresses (1 IP per node) for replication and internal communication called the internal cluster network.
  • Separate port group for vCenter HA network. When you configure vCenter server 6.5 HA, second vNIC  will get added (eth1) during the configuration.This vCenter HA network is used for internal communication between the vCenter HA nodes.

Network Configuration

Before proceeding with deployment ensures networking has been setup correctly. VMware recommends to have a separate network configured for VCHA traffic. To set the foundation for the vCenter HA network, you add a port group to each ESXi host, and add a new virtual NIC (eth1) to the vCenter Server Appliance that later becomes the Active node.

Requirements for vCenter HA network

  • The vCenter HA network IP addresses for the Active, Passive, and Witness nodes must be static and map to FQDNs.
  • The vCenter HA network must be on a different subnet than the management network. The three nodes can be on the same subnet or on different subnets.
  • Network latency between the Active, Passive, and Witness nodes must be less than 10 milliseconds.

Lets jump into lab and see the actual deployment process.

1: To configure vCenter HA login to the vCSA appliance and select vCenter from top and navigate to Configuration > vCenter HA and click on configure button.


2: In select configuration option you get 2 choices i.e go with Basic or Advanced option. Lets discuss a little bit about these before moving forward.

Basic Configuration Workflow

Basic configuration automatically clones the Active node. You must meet one of the following requirements to perform Basic configuration.

  • Either the vCenter Server Appliance that will become the Active node is managing its own ESXi host and its own virtual machine. This configuration is sometimes called a self-managed vCenter Server.
  • Or the vCenter Server Appliance is managed by another vCenter Server (management vCenter Server) and both vCenter Server instances are in the same vCenter Single Sign-On domain. That means they both use an external Platform Services Controller and both are running vSphere 6.5.

If you meet the requirements the Basic workflow is as follows.

1: Deploy the first vCenter Server Appliance, which will become the Active node.

2: Adds  second network (port group) for vCenter HA traffic on each ESXi host.

3: Sart the vCenter HA configuration, selects Basic and supplies the IP addresses, the target ESXi host or cluster, and the datastore for each clone.

4: The system clones the Active node and creates a Passive node with precisely the same settings, including the same host name.

5: The system clones the Active node again and creates a more light-weight Witness node.

6: The system sets up the vCenter HA network on which the three nodes communicate, for example, by exchanging heartbeats and other information.

Advanced Configuration Workflow

If you environment do not meet criteria for  Basic option or you want more control over your deployment, you can perform Advanced configuration.

With this option, you are responsible for cloning the Active node yourself as part of vCenter HA setup. If you select this option and remove the vCenter HA configuration later, you are responsible for deleting the nodes that you created.

For the Advanced option, the workflow is as follows.

1: Deploy the first vCenter Server Appliance, which will become the Active node.

2: Add a second network (port group) for vCenter HA traffic on each ESXi host.

3: Add a second network adapter (NIC) to the Active node.

4: Login to the vCenter Server Appliance (Active node) with the vSphere web client and start the vCenter HA configuration, selects Advanced, and supplies IP address and subnet information for the Passive and Witness nodes. Optionally youcan override the failover management IP addresses.

5: Login to the management vCenter Server and creates two clones of the vCenter Server Appliance (Active node).

7: Return to the configuration wizard on the vCenter Server Appliance and completes the configuration process.

8: The system sets up the vCenter HA network on which the three nodes exchange heartbeats and replication information. The vCenter Server Appliance is  now protected by vCenter HA.

In my lab I chose to go with Advanced option.


3: Provide the IP for the Passive Node and Witness node.

Note: This IP should be in different subnet than your management network to which first NIC of vCSA is connected.


4: On the clone VM page do not hit finish.

Keep this page opened until additional steps is completed.


5: Return to the management vCenter server and chose the vCSA appliance and create a clone of this VM.


6: Chose where you want to deploy the cloned VM and hit Next.


7: Select the cluster/host where you want to deploy the clone. You can chose individual Esxi host for deployment or leave the selection to cluster if you have a DRS enabled cluster.


8: Select destination datastore for cloned VM. Its recommended to keep Active, passive and Witness nodes on different datastores.


9: On select clone options page, check mark ‘customize the OS’ and ‘Power on VM’ option.


10: On customize guest os page, click the + button to create a new guest os customization specification template.


11: Provide a name for the template and hit Next.


12: Under computer name, give the same hostname which you had set on vCSA that is going to be active Node. Also provide the domain name same as Active vCSA node.


13: Ensure the timezone is consistent with the Active node.


14: Under configure Network option, select “Manually select custom settings’. Select NIC 1 and click on pencil button to edit the settings.


15: Select IPv4 and chose 3rd option and enter the IP information for the passive node.

Provide the same IP address here which you have set on management NIC (eth0) of the Active vCSA node. 

If you give any other IP address here, the VCHA deployment is going to fail.


16: For NIC 2 of the passive node, enter the same IP address which you had given in step 3.

Do not enter any gateway IP for NIC 2


17: Hit Next when you have configured both NIC cards for passive node.


18: Under DNS settings, enter Primary DNS server and in search path provide your domain name and hit Next.


19: On ready to complete page, review your settings and hit Finish.


20: Now under customize guest os page you can see the newly created customization specification template. Chose that and hit Next.

The cloned VM will take the values (which you provided in step 12-19) from this template.


21: Under customize vApp properties, review the values that is going to be applied on the cloned VM and hit next.


22: On ready to complete page, have a good look on the values again because this is best chance to modify any values that you might have supplied wrong. Once you hit finish and realize that you have missed something, then again creating a clone is the only option.

Hit finish post reviewing your settings.


23: Repeat Steps 5-22 for witness node.

24: Once both Passive and Witness node have been deployed and are up and running, go back to Active vCSA where you have to finish the HA configuration which you paused in step 4.


25: Now you will see the message on vCenter HA page that “vCenter HA is being configured”


26: Under Tasks you can monitor the status of configuration. You will see a new HA cluster being configured which comprises of your Active Node, Passive Node and Witness node.



27: Once the configuration is completed, You can see the message that vCenter HA is enabled and also can see the status of Active, passive and Witness node here.


28: Clicking on vCenter HA monitoring, will take you to the monitoring tab where you can see more details about VCHA like replication status etc. You can also monitor tasks and events or if there are any issues with VCHA config from here.


I hope this post is informational to you. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

2 thoughts on “Learning vSphere 6.5-Part-9-Configuring vCenter Server High Availability (VCHA)

  1. Pingback: Learning vSphere 6.5-Part-10-VCHA failover testing | Virtual Reality
  2. Pingback: vSphere 6.5 Link-O-Rama » Welcome to vSphere-land!