Personal computing discussed

Moderator: Dposcorp

 
Omniman
Gerbil XP
Topic Author
Posts: 304
Joined: Sat Dec 13, 2008 1:24 am
Location: White River Junction, Vermont

VMWare Question

Sat Jan 20, 2018 8:16 pm

I'm trying to better understand a standard VMWare ESXi production system. I'm wondering for the VCenter portion is this supposed to be installed on a physical server and then have your hosts tie into it or do people toss it on a guest VM which to me sounds like shooting yourself in the foot?
Intel i7-7700, MSI Trident, 32GB DDR4 2133mhz, Geforce 1060GTX, and Samsung Evo 1TB.
 
Chrispy_
Gold subscriber
Maximum Gerbil
Posts: 4185
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: VMWare Question

Sat Jan 20, 2018 9:46 pm

In a typical production environment there will be multiple hosts and the vCenter VM can be moved around with HA and DRS so that it's still available if you need to take down a host for maintenance.

Personally, I don't like vCenter running on a VM. Having to move the vCenter VM around just to do simple maintenance is just one more step, and I feel that if you ever had to perform a disaster recovery it would be a nightmare chicken-and-egg scenario because you'd want to use vCenter to restore your whole VMWare estate, but you can't because it's part of that estate. Sure, there are workarounds but the last things you want in your DR plan are increased complexity and timescale.

I prefer to keep things simple and so have a low-spec, 1U, half-depth physical server sitting in the comms rack just to handle vCenter and the odd legacy function that doesn't play well in a VM (VMWare's real-time clock isn't exactly precise; You need NTP configured otherwise it'll drift - and I've seen a few different environments where Kerberos failures caused by a 5-minute time-skew are the result of a fully virtualised environment. NTP is trivial to configure but it's not always possible - either an isolated/segregated network for security reasons or software testing environment where time/date are simulated)

Annoyingly, vCenter can't be installed on a domain controller, IIRC. And that's a shame because it's advisable to have one physical domain controller per tree in the AD forest, and that's typically the number of vCenter servers you'd expect per tree, too.
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.
 
End User
Gold subscriber
Minister of Gerbil Affairs
Posts: 2568
Joined: Fri Apr 16, 2004 6:47 pm
Location: Upper Canada

Re: VMWare Question

Sat Jan 20, 2018 11:35 pm

Chrispy_ wrote:
In a typical production environment there will be multiple hosts and the vCenter VM can be moved around with HA and DRS so that it's still available if you need to take down a host for maintenance.

Personally, I don't like vCenter running on a VM. Having to move the vCenter VM around just to do simple maintenance is just one more step, and I feel that if you ever had to perform a disaster recovery it would be a nightmare chicken-and-egg scenario because you'd want to use vCenter to restore your whole VMWare estate

+1

My company transitioned to AWS.
1800X | 32GB | 1TB M.2 | Vega 64 + 38UC99-W | RX 480 + U2711
1950X | 64GB | 500 GB M.2 | 1 TB M.2 | 1 TB M.2 | GTX 1080 + XB271HU | GTX 1060 + U2713H
 
Omniman
Gerbil XP
Topic Author
Posts: 304
Joined: Sat Dec 13, 2008 1:24 am
Location: White River Junction, Vermont

Re: VMWare Question

Sun Jan 21, 2018 4:09 pm

Thank you both for the info! For my home test environment I'll go the route of one physical server for VCenter and then I'll have two or three beefier servers as hosts.
Intel i7-7700, MSI Trident, 32GB DDR4 2133mhz, Geforce 1060GTX, and Samsung Evo 1TB.
 
blitzy
Gerbil Jedi
Posts: 1826
Joined: Thu Jan 01, 2004 6:27 pm
Location: New Zealand

Re: VMWare Question

Sun Jan 21, 2018 4:56 pm

Chrispy_ wrote:
(VMWare's real-time clock isn't exactly precise; You need NTP configured otherwise it'll drift - and I've seen a few different environments where Kerberos failures caused by a 5-minute time-skew are the result of a fully virtualised environment. NTP is trivial to configure but it's not always possible - either an isolated/segregated network for security reasons or software testing environment where time/date are simulated)


Got this problem in an esxi 5.5 environment at work, every once in a while logins stop working for some people. PITA, may have to look at NTP as you suggest. Servers due to be replaced anyway, but annoying until it does get replaced.
 
MOSFET
Silver subscriber
Gerbil Team Leader
Posts: 229
Joined: Fri Aug 08, 2014 12:42 am

Re: VMWare Question

Sun Jan 21, 2018 6:46 pm

Good answer but opposite opinion here. You’re virtualizing to virtualize, and a good backup system (Veeam, Nakivo) will help keep you out of the avian situation mentioned above. VCSA is very stable, low resource in Tiny mode (2 cores, 8GB, 50GB) and if you really mess one up, you’re not dead if you had to start over while learning how to recover. Set VCSA to auto start on its host and you don’t even have to migrate it, if you just want to restart a host.

For at least your hosts and your vCenter, static IPs and static DNS entries prior to setup will make life easier. As mentioned, NTP also. Get used to UTC.
Be careful on inserting this (or any G34 chip) into the socket. Once you pull that restraining lever, it is either a good install or a piece of silicon jewelry.
 
Chrispy_
Gold subscriber
Maximum Gerbil
Posts: 4185
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: VMWare Question

Tue Jan 23, 2018 7:27 am

The reason I don't use vCSA is that I run a Microsoft datacenter and vCSA doesn't play well with ActiveDirectory, SQL databases.
More importantly, if you want to use server heartbeat for uptime monitoring and automatic failover/HA/DRS you can't use it.
Less importantly, you cannot use VMware Update Manager with vCAS, so you have to create a Windows VM anyway
Finally, and the nail in the coffin for me, was that Site Recovery Manager needs to be installed on a seperate server anyway.

vCSA has its place and its own advantages but there are too many caveats for me to justify it, and something like Veeam is expensive. It's like $1000 per socket, making it 3x the cost of VMWare and vCenter.
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.

Who is online

Users browsing this forum: Bing [Bot] and 3 guests