I was recently involved in recording a series of Webinars to help customers understand how to upgrade to vSphere 6.5. You can see the on demand recordings here:
https://vts.inxpo.com/scripts/Server.nxp?LASCmd=AI:4;F:APIUTILS!51004&PageID=747A2F8A-E3DD-451B-8172-0F8F16EB464B
A number of live questions were asked and I figured I would highlight some frequently asked questions from the series:
Architecture
Q. Is having three platform service controllers and three vCenters each vCenter pointing to their own PSC supported.
A. Yes 100% supported up to 10 PSC’s and 10 VC’s total pointing any combination you want. If you want enhanced linked mode the PSC’s will have to be external.
Q. Is there a manual step to make the load balancer switch to the secondary PSC?
A. Both PSC’s are active but only one PSC at a time can service requests. So assume we have two PSCs: PSC1 and PSC2 the load balancer points to PSC1 and it fails then the load balancer points all traffic to PSC2 and resumes traffic.
Q. What is the link for the decision tree to choose platform services controller topologies?
A. https://blogs.vmware.com/vsphere/2016/04/platform-services-controller-topology-decision-tree.html
Q. Do you need external PSC if using products such as site recovery manager?
A. The *only* reason you need an external PSC in v6.5 is if you want to use Enhanced Linked Mode (ELM).
Q. Why should we use the vCenter appliance on 6.5 instead of windows?
A. There are a number of features only available to the appliance including: native vCenter HA, native backup and restore, single click upgrade and simplified support models.
Predictive DRS
Q. What are the added requirements on the vCenter server for predictive DRS?
A. You will need to install vROps – at least the standard addition
Recovery
Q. What happens if the PSC is ‘down’? What functionality do you lose?
A. If a PSC is not functioning new authentication attempts to vCenter will not work. Already authenticated sessions will remain connected.
Q. When using VCHA how many vCenter licenses are required for the three machines?
A. A single vCenter license for a VCHA setup of three machines.
Q. Can the vCenter appliance backups be scheduled to run on a regular basis?
A. Yes, You can set the tool up to do a one time or a schedule.
Security
Q. Is there a hardening guide for vSphere 6.5?
A. Absolutely we just released the hardening guide for vSphere 6.5 at http://www.vmware.com/security/hardening-guides.html.
Q. Can you still encrypt VMs with 3rd party vendors?
A. Of course – those APIs are still available to those vendors.
Q. Will the vmotion encryption slow down the vmotion?
A. Less than 5% but yes. You’ll have to account for time to encrypt / decrypt.
Q. What KMS servers are supported?
A. We support any KMIP 1.1 compliant key management server.
Q. Where are the keys stored for VM encryption?
A. Encryption keys are stored in whatever KMIP 1.1 compliant KMS you decided to deploy. The keys never persist in vCenter and simply pass-through to the cluster hosting the workload. The actual key encrypting the VM is stored encrypted using the KMIP key inside the vmx file. Should you lose your vCenter you would simply re-connect with your KMS infrastructure.
Upgrade
Q. Is there any way to change SSO domain in 6.5 after initial installation?
A. Unfortunately No. If you need to change your SSO domain you must do it in v5.5 before you upgrade (also not possible in v6.0).
Q. If you are upgrading from 6.0 to 6.5 with multiple PSC & VCSA on same SSO domain across 2 sites can you upgrade PSC’s over multiple days/weeks & then VCSA’s over days/weeks. Or does it all need to be done in one window?
A. Our official answer is: Mixed-version environments are not supported for production. Use these environments only during the period when an environment is in transition between vCenter Server versions.
Q. Does the upgrade from 6.0 to 6.5 keep your root certificate store?
A. Yes it does – the upgrade does not affect your certificate Store
Q. Do we have vCenter 6.0 Windows with MSSQL to Appliance 6.5 Converter?
A. The migration tool from 6.0 Windows vCenter to 6.5 vCenter Server Appliance is included as part of the vCenter 6.5 Appliance ISO.
Q. If we want to move vCenter from embedded to external SSO what is the best path?
A. I’d recommend you perform your upgrade to the vCenter appliance using the migration wizard and then post migration deploy a new PSC appliance joined to the embedded and repoint your vCenter to this new PSC.
Let me know if you have additional questions.