How to Install vSphere 7.0 – vCenter Server Appliance

How to Install vSphere 7.0 – vCenter Server Appliance

Introduction

This opening post in a new lab series provides a walkthrough for installing the latest iteration of vSphere 7.0; bringing cloud-native workloads to the data centre with embedded Kubernetes and Tanzu. vSphere 7.0 was initially released in June 2020, and followed up with vSphere 7.0 Update 1 in October 2020. The current version at the time of writing is vSphere 7.0 Update 1c. You can track the latest releases and build numbers in this KB article.

ESXi is the market leading hypervisor, able to abstract and pool compute resources across commodity hardware, and implement granular based controls and automation. ESXi needs to be installed first on a physical machine to provide at least one host for the vCenter virtual appliance to be deployed to. vCenter Server then provides the single management pane for physical hosts and virtual machines, along with enterprise functionality like vMotion for live workload portability, High Availability for workload failover, and Distributed Resource Scheduler for automatically balancing resources. To read about what’s new in vSphere 7 see vSphere 7 and vSAN 7 Headline New Features.

In this example vCenter Server will be deployed in a lab environment to an Intel NUC Bean Canyon running ESXi 7.0 U1C. If you’re looking for more information on running a vSphere lab on the Intel NUC range check out the VMware Homelab section of virten.net, which has some great guides and resources.

vCenter 7.0 Install Guide

Several design decisions have been removed in vSphere 7 as component topology and lifecycle management have been drastically simplified. The external Platform Services Controller (PSC) deployment model available in versions 6.0 and 6.5 has been removed, only the embedded option is offered in vSphere 7.

Furthermore, running vCenter Server on Windows has finally been deprecated, and all deployments must now use the vCenter Server Appliance (VCSA). A migration path from Windows vCenter Servers 6.5 and 6.7 to VCSA 7.0 is available. The VCSA is an optimised virtual appliance running Photon OS 3.0, and contains all the vCenter required services, such as SSO, Certificate Authority, PostgreSQL, Lifecycle Manager, etc. You can find more information on the full list of services in detail from the vCenter Server Installation and Setup documentation.

The installer file for vSphere can be downloaded here, a 60 day evaluation period is automatically applied. The vCenter Server installation bundle comes as an ISO file mountable on a Windows, Linux, or Mac device. The installer must be run from a machine with network connectivity to the ESXi host or vCenter Server where the new appliance will be deployed. The target host or vCenter must be running vSphere version 6.5 or later. For multiple or repeated installations in large environments the vCenter Server Appliance and configuration can also be silently deployed using CLI and JSON file. Make sure you review the release notes with your download before starting, in this example I am using vCenter Server 7.0 Update 1c.

The vSphere download packages available from my.vmware.com

System Requirements

  • Before beginning the installation; Fully Qualified Domain Name (FQDN) resolution should be in place with forward and reverse DNS A records added, and replicated if applicable, for the vCenter Server hostname.
  • vCenter Server 7.0 can only be deployed to, and manage, ESXi hosts v6.5 or later. There is no direct upgrade path for hosts running ESXi v5.5 or 6.0 to v7.0.
  • If you are deploying to an ESXi host the host must not be in maintenance mode or lockdown mode. The ESXi host and all vSphere components should be configured to use Network Time Protocol (NTP), the installation can fail or the vpxd service may not be able to start if the clocks are not synchronised.
  • Check the compatibility of any third party products and plugins that might be used for backups, anti-virus, monitoring, etc. as these may need upgrading for vSphere 7.0 compatibility.
  • To check version compatibility with other VMware products, see the VMware Product Interoperability Matrices.
  • In addition to software, you should also check the hardware in use is compatible with vSphere 7 using the VMware Compatibility Guide. VMware support enterprise hardware, and therefore the Intel NUC devices are not listed. This isn’t an issue in a lab environment but should not be implemented in production.
  • The vCenter Server Appliance requires the following compute specifications, this includes vSphere Lifecycle Manager running as a service on the appliance:
    • Tiny (up to 10 hosts, 100 VMs) – 2 CPUs, 12 GB RAM
    • Small (up to 100 hosts, 1000 VMs) – 4 CPUs, 19 GB RAM
    • Medium (up to 400 hosts, 4000 VMs) – 8 CPUs, 28 GB RAM
    • Large (up to 1000 hosts, 10,000 VMs) – 16 CPUs, 37 GB RAM
    • X-Large (up to 2000 hosts, 35,000 VMs) – 24 CPUs, 56 GB RAM
  • Storage resources for the vCenter Server Appliance also vary based on the database requirements above:
    • Tiny – Default: 415 GB, Large: 1490 GB, X-Large: 3245 GB
    • Small – Default: 480 GB, Large: 1535 GB, X-Large: 3295 GB
    • Medium – Default: 700 GB, Large: 1700 GB, X-Large: 3460 GB
    • Large – Default: 1065 GB, Large: 1765 GB, X-Large: 3525 GB
    • X-Large – Default: 1805 GB, Large: 1905 GB, X-Large: 3665 GB
  • If your environment has firewalls review the list of Required ports for vCenter Server.
  • For large and enterprise environments review the vSphere 7.0 Configuration Limits.

Installation Stage 1

The vCenter Server 7 installation is practically identical to its predecessors’ versions 6.5 and 6.7. Download and mount the ISO on your computer, then browse to the corresponding directory for your operating system and open the installer file. In my case \vcsa-ui-installer\mac\installer.app. As we are installing a new instance, click Install.

vCenter 7.0 Installer: all options are consolidated into a single ISO

The installation is split into 2 stages, we begin with deploying the appliance in OVF format to an ESXi or vCenter target. The second stage configures the appliance. Note that the External PSC deployment is no longer available. Click Next.

Deploy vCenter Server: introduction page

Accept the license agreement and click Next.

Deploy vCenter Server: End User License Agreement (EULA)

Enter the FQDN or IP address of VCSA deployment target, this can be a vCenter Server or ESXi host that meets the system requirements outlined above. Enter the credentials of an administrative or root user and click Next, the installer will validate access.

When prompted with an untrusted SSL certificate warning, confirm the SHA1 thumbprint displayed is that of the target ESXi host or vCenter Server, and click Yes to accept. Also note that if you are connecting to an ESXi host you will only see networks on the local hosts standard switch when it comes to configuring network settings in an upcoming step. If you require a network on an existing vSphere Distributed Switch (VDS) then you will need to connect to the VDS source vCenter as your deployment target. Alternatively you can make this change post-deployment.

Deploy vCenter Server: deployment target settings

Enter the VM name for the VCSA, the appliance name must not be more than 80 characters in length and cannot contain the characters percent (%) forward slash (/) or backslash (\). Set the root password, which needs to be at least 8 characters, with a number, uppercase and lowercase letters, and a special character. Click Next to continue.

Deploy vCenter Server: VCSA credentials

Select the deployment size in line with the number of hosts and virtual machines that will be managed, click Next.

Deploy vCenter Server: VCSA compute and storage assignment

Select the datastore where the appliance will be deployed, choose thin provisioning if required, and click Next again.

Deploy vCenter Server: datastore and disk mode configuration

Enter the network settings to be applied to the appliance, including IPv4, DNS, and network adapter settings, then click Next.

Deploy vCenter Server: VCSA network settings

On the summary page, click Finish. The appliance will now be deployed.

Deploy vCenter Server: stage 1 installation

Installation Stage 2

Once complete the VCSA is deployed but the services aren’t running, click Continue to move on to stage 2. If at this point you find that the DNS entry was added without leaving sufficient time for client you’re working from to update; then you can still initiate the setup from https://vCenter-FQDN-or-IP:5480 when the vCenter Server hostname is resolving correctly

Deploy vCenter Server: stage 1 complete

Click Next to begin the VCSA setup.

Configure vCenter Server: stage 2

Configure the Network Time Protocol (NTP) servers to enable time synchronisation, and choose the Secure Shell (SSH) state for the appliance; this can be changed later. Then click Next.

Configure vCenter Server: NTP and SSH settings

Enter a unique Single Sign-On (SSO) domain name, the default is vsphere.local. vSphere uses SSO to communicate across its different software components through a secure token exchange mechanism. SSO users can be members of the local domain, or an external trusted source like Active Directory (AD). Most organisations use Microsoft AD and therefore the SSO domain name should not be the same as your Active Directory domain. Configure a password for the SSO administrator, and click Next.

If you already have existing vCenter Servers in an SSO domain that you want to join, using Enhanced Linked Mode functionality (up to 15), enter the administrator credentials for the existing SSO domain.

Configure vCenter Server: SSO settings

Select or deselect the Customer Experience Improvement Program (CEIP) box and click Next.

Configure vCenter Server: Customer Experience Improvement Program (CEIP)

Review the details on the summary page and click Finish.

Configure vCenter Server: finalise details

Click Ok to acknowledge that the VCSA setup cannot be paused or stopped once started. When the installer is complete click Close to close the wizard.

Configure vCenter Server: stage 2 complete

Post-Installation Steps

Connect to the vCenter Server after the 2-stage installation is complete using the IP address or FQDN configured from a web browser: https://vCenter-FQDN-or-IP/ui. Accessing vSphere through the Flash (FLEX) web client has been depreciated, and so the User Interface (UI) defaults to HTML5.

vCenter Server HTML5 client

Once you’re logged into vCenter you can start creating your data centre environments and adding in ESXi hosts. Both vCenter and ESXi are armed with automatic 60 day evaluation periods.

vCenter Server HTML5 client

The following steps may also be useful post-installation of vCenter Server 7.0:

  • You must apply a new vCenter Server license key before the end of the 60 day evaluation. Since this is a home lab environment I am able to use personal keys supplied by the VMware vExpert program:
    • Log into the vSphere Client using the SSO administrator credentials. An orange banner is displayed that will link you directly to the licenses page, alternatively you can select Administration from the Menu drop-down, and click Licenses.
  • Next up if you have an Active Directory domain, then you may want to add it to vCenter as an identity source. This can be configured in the Administration page under Single Sign On and Configuration.
  • The newly deployed vCenter Server can be backed up using file-based backups to a remote file share, or image-based backups of the virtual machine.:
    • For file-based backups supported protocols include FTP, FTPS, HTTP, HTTPS, SFTP, NFS, or SMB. One of the available secure protocols should be used in production environments.
    • File-based backups can be configured in the appliance management interface accessible from a web browser at https://vCenter-FQDN-or-IP:5480, using the root credentials set during deployment.
    • If needed, a file-based backup can be restored to a new vCenter Server on deployment using the Restore option in the opening vCenter Server Installer page. Review the File-Based Backup and Restore of vCenter Server documentation for a full list of included configuration.
  • Windows users may want to enable the VMware Enhanced Authentication Plug-in for integrated Windows authentication.
  • For information on applying an SSL certificate to the vCenter Server Appliance see How-to Secure vCenter Server 7 (VCSA) with a Let’s Encrypt SSL Certificate.
  • If you are having problems with starting vCenter Server double check the system requirements are all in place, then check the installation log outputs identified in the Troubleshooting vCenter Server Installation or Deployment documentation. You may also be able to generate a log bundle for VMware support if you have an appropriate support contract in place.
vCenter Server with ESXi hosts

Featured image by Jonas Svidras on Unsplash

How to Consolidate vCenter External PSC with the vSphere Converge Tool

VMware vSphere 6.0 reached end of general support 12 March 2020, with vSphere 6.5 scheduled for 15 October 2022, both referenced in the VMware Lifecycle Matrix. See also How to Install vSphere 7.0. Upgrade to vSphere 7 can be achieved directly from vSphere 6.5.0 and above, whereas vSphere 6.0 requires an intermediate upgrade to 6.5 or 6.7 first. For more information see the VMware Upgrade Matrix. Finally, the Windows vCenter Server and external PSC deployment models are now depreciated and not available with vSphere 7.0.

This post gives an overview of the vCenter Server converge process using the HTML5 vSphere client. The converge functionality was added to the GUI with vSphere 6.7 U2, and enables consolidation of external Platform Services Controller (PSC) into the embedded deployment model. This was previously achieved in vSphere 6.5 onwards using a CLI tool.

Following an upgrade of 4 existing vCenter Servers with external PSC nodes I log into the vSphere client. From the drop-down menu click Administration, on the left hand task pane under Deployment I select System Configuration. The starting topology is as follows:

PSC_4

You can view a VMware produced tutorial below, or the documentation here.

As the vCenter Server appliances do not need internet access I need to mount the ISO I used for the vCenter upgrade, see here for more information. This step is not required if internet connectivity exists.

For each vCenter Server with external PSC I select Converge to Embedded.

PSC_1

Next I confirm the Single Sign-On (SSO) details and click Converge.

PSC_3

If I am logged into the vCenter Server being converged I will be kicked out while services are restarted.

PSC_5

Alternatively if I am logged into another vCenter Server in linked mode I can monitor progress.

PSC_6

Once all 4 vCenter Servers have been converged I check that each of the vCenter Servers is using the embedded PSC, SSH to the vCenter appliance in shell run:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

The command should return the vCenter Server for the lookup service, and not the external PSC node. Once you are happy there are no outstanding connection to the external PSC nodes remove them by selecting them individually and clicking Decommission PSC.

PSC_7
PSC_8

With the converge process now complete and the PSC nodes decommissioned, the topology is as desired with all vCenter Servers running embedded PSC.

PSC_9

At this point I needed to re-register any external appliances (such as NSX Manager) or third party services that are pointing at the lookup service URL, or referencing the old external PSC node. I also cleaned up DNS as part of the decommission process.

Migrating Windows vCenter Server to VCSA 6.7

VMware vSphere 6.5 and 6.7 reaches end of general support 15 October 2022, both referenced in the VMware Lifecycle Matrix. See also How to Install vSphere 7.0. Upgrade to vSphere 7 can be achieved directly from vSphere 6.5.0 and above, for more information see the VMware Upgrade Matrix. Finally, the Windows vCenter Server and external PSC deployment models are now depreciated and not available with vSphere 7.0.

VMware vCenter Server pools ESXi host resources to provide a rich feature set delivering high availability and fault tolerance to virtual machines. The vCenter Server is a centralised management application and can be deployed as a virtual appliance or Windows machine. It should be noted that vCenter 6.7 is the final release where Windows modules will be available, see here for more information. All future releases will only be available as vCenter Server Appliance (VCSA) which is the preferred deployment method of vCenter Server. This post gives a walk through on migrating from a Windows based vCenter Server (VCS) to the Photon OS based vCenter Server Appliance (VCSA).

vCenter 6.7: Download | Release Notes | What’s New | VMware DocsvSphere Central

About VCSA

migrate2vcsa

The VCSA is a pre-configured virtual appliance built on Project Photon OS. Since the OS has been developed by VMware it benefits from enhanced performance and boot times over the previous Linux based appliance. Furthermore the embedded vPostgres database means VMware have full control of the software stack, resulting in significant optimisation for vSphere environments and quicker release of security patches and bug fixes. The VCSA scales up to 2000 hosts and 35,000 virtual machines. A couple of releases ago the VCSA reached feature parity with its Windows counterpart, and is now the preferred deployment method for vCenter Server. Features such as Update Manager are bundled into the VCSA, as well as file based backup and restore, and vCenter High Availability. The appliance also saves operating system license costs and is quicker and easier to deploy and patch.

Migrating to VCSA involves the deployment of a new appliance and migration of all configuration (including distributed switches) and historical data using the upgrade installer. The VCSA uses a temporary IP address during migration before switching to the IP and host name of the VCS, the Windows box is then powered off.

Software Considerations

  • The Windows VCS must be v.6.0 or v6.5 (any build / patch) to migrate to VCSA 6.7. Both physical and virtual vCenter Server installations are compatible.
  • Any database, internal or external, supported by VCS can be migrated to the embedded vPostgres database within the target VCSA.
  • The ESXi host or vCenter where VCSA will be deployed must be running v5.5 or above. However, all hosts you intend to connect to vCenter Server 6.7 should be running ESXi 6.0 or above, hosts running 5.5 and earlier cannot be managed by vCenter 6.7 and do not have a direct upgrade path to 6.7.
  • The Windows server is powered off once the VCSA is brought online, this means any other components, VMware or third party, need to be migrated off the Windows server in advance or they will no longer work (don’t forget to move and update any scripts that may live on the Windows server).
  • If you are using Update Manager the VCSA now includes an embedded Update Manager instance.
  • You must check compatibility of any third party products and plugins that might be used for backups, anti-virus, monitoring, etc. as these may need upgrading for vSphere 6.7 compatibility.
  • To check version compatibility with other VMware products see the Product Interoperability Matrix.
  • The points above are especially important since at the time of writing vSphere 6.7 is new enough that other VMware and third party products may not have released compatible versions. Verify before installing vSphere 6.7 and review the Release Notes and Important information before upgrading to vSphere 6.7 KB.

Hardware Considerations

  • The VCSA with embedded PSC requires the following hardware resources (disk can be thin provisioned)
    • Tiny (up to 10 hosts, 100 VMs) – 2 CPUs, 10 GB RAM.
    • Small (up to 100 hosts, 1000 VMs) – 4 CPUs, 16 GB RAM.
    • Medium (up to 400 hosts, 4000 VMs) – 8 CPUs, 24 GB RAM.
    • Large (up to 1000 hosts, 10,000 VMs) – 16 CPUs, 32 GB RAM.
    • X-Large (up to 2000 hosts, 35,000 VMs) – 24 CPUs, 48 GB RAM – new to v6.5.
  • Storage requirements for the smallest environments start at 250 GB and increase depending on your specific database requirements. See the Storage Requirements document for further details.
  • Where the PSC is deployed as a separate appliance this requires 2 CPUs, 4 GB RAM, 60 GB disk.
  • Environments with ESXi host(s) with more than 512 LUNs and 2048 paths should be sized large or x-large.
  • To help with selecting the appropriate storage size for the appliance calculate the size of your existing VCS database here.

Architectural Considerations

  • The migration tool supports different deployment topologies but can not, make changes to the topology and SSO domain configuration.
  • For more information on the deployment topologies available with vCenter 6.x see vCenter Server and Platform Services Controller Deployment Types.
  • A series of videos covering vCenter Server and Platform Services Architecture can be found here. If you require further assistance with vCenter planning see also the vSphere Topology and Upgrade Planning Tool here,
  • Most deployments will include the vCenter Server and PSC in one appliance, following the embedded deployment model, which I will use in this guide.
  • Consider if the default self-signed certificates are sufficient or if you want to replace with custom CA or VMware CA signed certs, see Installing vCenter Internal CA signed SSL Certificates for more information.
embedded

Other Considerations

  • Ensure you have a good backup of the vCenter Server and the database.
  • Variables such as FQDN resolution, database permissions and access to the licensing portal should all be in place since we are upgrading an existing vCenter solution.
  • All vSphere components should be configured to use an NTP server. The installation can fail or the vCenter Server Appliance vpxd service may not be able to start if the clocks are unsynchronized.
  • The ESXi host on which you deploy the VCSA should not be in lockdown or maintenance mode.
  • You will need the SSO administrator login details and if the Windows VCS service runs as a service account then the account must have replace a process level token permission.
  • Local Windows users that have vSphere permissions are not migrated since they are specific to the Windows server, all SSO users and permissions are migrated.
  • The upgrade can be easily rolled back by following this KB.
  • Migration of vCenter using DHCP, or services with custom ports, is not supported. The settings of only one physical network adapter are migrated.
  • Downtime varies depending on the amount of data you are migrating and is calculated when running the migration wizard.
  • A list of Required Ports for vCenter Server and PSC can be found here.
  • The configuration maximums for vSphere 6.7 can be found here.
  • In vSphere 6.7 TLS 1.2 is enabled by default. TLS 1.0 and TLS 1.1 are disabled by default, review the Release Notes for more information.
  • There are a number of Intel and AMD CPUs no longer supported with vSphere 6.7, review the Release Notes for a full list of unsupported processors.

Process

Before we begin if your existing Windows vCenter is virtual it may be beneficial to rename the vCenter virtual machine name in the vSphere inventory to include -old or equivalent. While the hostname and IP are migrated the vSphere inventory name of the VM cannot be a duplicate. The old server is powered down but not deleted so that we have a back out.

Download the VMware vCenter Server Appliance 6.7 ISO from VMware downloads: v6.7.0. Mount the ISO on your computer. The VCSA 6.5 installer is compatible with Mac, Linux, and Windows. Copy the migration-assistant folder to the Windows vCenter Server (and PSC server if external). If the PSC is running on a different Windows server then you must run the Migration Assistant on the PSC server first and migrate following the instructions below, then complete the same process on the Windows vCenter Server.

Start the VMware-Migration-Assistant and enter the SSO Administrator credentials to start running pre-checks.

VCSA_Migration_1

If all checks complete successfully the Migration Assistant will finish at ‘waiting for migration to start’.

On a different machine from your Windows vCenter and PSC server(s) open the vcsa-ui-installer folder file located on the root of the ISO. Browse to the corresponding directory for your operating system, e.g. \vcsa-ui-installer\win32. Right click Installer and select Run as administrator. The vCenter Server Appliance Installer will open, click Migrate.

VCSA_Migration_2

The migration is split into 2 stages; stage 1 deploys the new appliance with temporary network settings, there is no outage to the Windows vCenter at this stage. Stage 2 migrates data and network settings over to the new appliance and shuts down the Windows server. We begin with deploying the appliance. Click Next.

VCSA_Migration_3

Accept the license terms and click Next.

VCSA_Migration_4

Enter the details of the vCenter Server to migrate, then click Next.

VCSA_Migration_5

Enter the FQDN or IP address of the host, or vCenter upon which you wish to deploy the new VCSA. Enter the credentials of an administrative or root user and click Next. The installer will validate access, if prompted with an untrusted SSL certificate message click Yes to continue. Tip – connect to the vCenter for visibility of any networks using a distributed switch, connecting to the host direct will only pull back networks using a standard switch.

VCSA_Migration_6

Enter the virtual appliance VM name, this is the name that appears in the vSphere inventory as mentioned earlier. The host name of the vCenter Server will automatically be migrated. Click Next.

VCSA_Migration_7

Select the appropriate deployment size for your environment and click Next.

VCSA_Migration_8

Select the datastore to locate the virtual appliance and click Next. Configure the temporary network settings for the appliance. These will only be used during migration of the data, once complete the temporary settings are discarded and the VCSA assumes the identity, including IP settings, of the Windows vCenter Server. Click Next.

VCSA_Migration_9

Review the settings on the summary page and click Finish. The VCSA will now be deployed. Once complete click Continue to being the second stage of the migration.

VCSA_Migration_10

Click Next to begin the migration wizard.

VCSA_Migration_11

The source vCenter details are imported from stage 1.

VCSA_Migration_12

As my source Windows vCenter was joined to a domain I am prompted for credentials to join the VCSA to the domain.

VCSA_Migration_13

Select the data to migrate and click Next.

VCSA_Migration_14

Select whether or not to join the VMware Customer Experience Improvement Program and click Next.

VCSA_Migration_15

Review the summary page and click Finish. Data will now be migrated to the VCSA, once complete the Windows vCenter Server will be powered off and the network settings transferred to the VCSA. If you urgently need to power back on the Windows server to retrieve files or such like, then do so with the vNICs disconnected, otherwise you will cause an IP/host name conflict on the network.

VCSA_Migration_16

Post-Installation

Connect to the vCenter post install using the IP or FQDN of the vCenter. Access vSphere by clicking either Launch vSphere Client (HTML5) or Launch vSphere Web Client (FLEX). As the web client will be depreciated in future versions, and the HTML5 client is now nearly at full feature parity, we will use the HTML5 vSphere client.

Windows_vCenter67_14

Management features of the VCSA can be accessed by browsing to the IP or FQDN of the vCenter on port 5480. The login is the root account we configured a password for during the migration wizard.

VCSA_Management