In a previous article we explored the deployment and setup procedure for the VCSA install. The purpose of this article is to provide a quick overview of the VMware VCSA configuration as a first time setup. Ideally a quick walkthrough to get familiar with the new UI interface for the VMware VCSA Appliance Management.
There are plenty of changes and new configuration maximums starting from VMware VCSA 6.5. To name a few the VCSA configuration now supports up to 2000 Hosts running up to 35000 virtual machines. In addtion, starting from vSphere 6.5 the VCSA configuration now includes the VMware vSphere Update Manager. This means a VUM instance on Windows is no longer required just to keep a central location for patches and updates of thr vSphere environment.
And there’s more. Starting from vSphere 6.5 release the vCenter High Availability is supported. Really a nice new feature also considering that is possible to run File Level Backup and Restores. Indeed will cover this topic in more detail in a separate article.
So at this point let’s get familiar with the new VCSA configuration management interface.
VMware VCSA configuration
With a web browser let’s point to the https://VCSA_FQDN:5480.
In case we are using Internet Explorer let’s verify that TLS 1.0, TLS 1.1 and TLS 1.2 are enabled in the security settings. At that point we can enter the chosen username (root by default) and password during VCSA install phase.
The first screen is the Summary section. Within this section we have access to the main details for the VCSA virtual Appliance. In fact we can quickly review the Health status of the services for CPU, Memory and Storage. The Health check also includes the software updates and when these are not run on a regular basis we can get an out-of-date Health status.
Plus from the same page we have the option of creating a File Based Backup which will include all the main VCSA configuration settings. For troubleshooting purposes we can easily create a Support Bundle to analyze logs or sending them to VMware Support.
From the Access section we have the options to control services for both the SSH Login and Bash Shell. As per previous versions it is also possible to specify the amount of time such services should be enabled before automatically stopping for security reasons. Thus making the VCSA virtual Appliance not accessible to unauthorized users.
From the Networking view we have two sections: Monitor and Manage. The first one obviously is very handy to quickly see the network utilisation. Something we can use when we experience slow networks due to heavy loads. It is important from the VCSA configuration point of view to always have a constant and reliable connection with the Hosts making sure all changes to the virtual infrastructure are detected and processed in the VCSA database. From this perspective it is a best practice to keep separate the Management traffic from the VMs and Storage traffic.
There are multiple ways of doing this which include the option to create dedicated Port Groups using separate VMKernel adapters. Even better managing them all with virtual Distributed Switches for large environments.
In the Manage tab instead we can change the Networking settings with the exception of the Hostname. For the simple reason that stage 2 of the deployment creates a certificate used by the SSO and cannot be changed in a later stage. So the best practice from this perspective is to use an FQDN name for the virtual Appliance and eventually make sure the DNS (A) and (PTR) records are up to date.
We can also enable IPv6. And Web Proxy configuration to be able to get the software updates from the VMware Repository site.
In the Time section of course we can configure the preferred Network Time Protocol Servers and also make sure both vSphere Hosts and virtual Appliance are in sync or at least not too far away (more than 5 mins) to avoid configuration and operations issues. Ideally the VCSA configuration should sync with the vSphere Host or follow the same configuration pointing at the same NTP servers.
There is also an option to set the desired time zone which will update the timestamp for the logs as well.
In the update section we have the ability to check for software updates made available from the VMware Repository sites. At the time of writing the public URL for version VCSA 6.5u1 is:
It is possible to check for updates both manually (default) and automatically. As a local Repository there is the option to mount a CDROM ISO including the latest updates.
From the Administration section we can easily reset and change the expiration time (in days) for the root password.
What is interesting in the Syslog configuration section is the option to redirect the logs to another machine on the network. This way we can help preserve space within the VCSA virtual Appliance and eventually analyse logs with a third-party application.
There are different types of logs we can redirect. From the edit button we can simply choose them all with a “*” or select the desired ones between:
The names for the log types are pretty self-explanatory. In a separate article we’ll review the configuration on how to redirect them to a Syslog Server.
From the CPU and Memory section we can review the realtime performance counters and also flip through historical data with the following time windows:
- 1 Day
- 1 Week
- 1 Month
- 1 Quarter
Last but not least in terms of Monitoring there is also a section dedicated to the Embedded VCSA database including trends.
In particular it is possible to monitor:
VC DB SEAT: vCenter Database Stats, Events, Elarms and Tasks data that generated for the hosts and virtual machines managed by the vCenter Server instance running in the VCSA Appliance.
Transaction Logs: Refers to the Transaction Logs for the Embedded Databases with the option to roll back in case of errors or failures.
VC Inventory: Refers to the actual vCenter Inventory Data for the Embedded Database. This includes the VCSA configuration settings along with vSphere Hosts, Virtual Machines, vSphere Networking and more.
The next article for the VCSA configuration series will cover the setup of an external Syslog Server and how to Backup VCSA virtual Appliance.