vSphere 6.0 Install Pt. 10: Install VCSA PSC

New to my vSphere installation series is using the pre-packaged vCenter appliance (VCSA). Now that the VCSA is on par with the Windows vCenter server, I suspect more and more people will migrate to the appliance. So to that end, let’s install an external PSC using the VCSA. If you are using a Windows-based external PSC, then you can skip this blog post and go directly to Part 11 (VMCA as subordinate) when that gets published.

Blog Series

vSphere 6.0 Install Pt. 1: Introduction
vSphere 6.0 Install Pt. 2: Platform Services Controller
vSphere 6.0 Install Pt. 3: Certificate Management
vSphere 6.0 Install Pt. 4: vCenter Upgrade Best Practices
vSphere 6.0 Install Pt. 5: ESXi Upgrade Best Practices
vSphere 6.0 Install Pt. 6: Install Windows PSC
vSphere 6.0 Install Pt. 7: Config SQL DBs
vSphere 6.0 Install Pt. 8: Toolkit Configuration
vSphere 6.0 Install Pt. 9: SSL Templates
vSphere 6.0 Install Pt. 10: Install VCSA PSC
vSphere 6.0 Install Pt. 11: VMCA as Subordinate
vSphere 6.0 Install Pt. 12: PSC Machine Certificate
vSphere 6.0 Install Pt. 13: Directory Services Certificate
vSphere 6.0 Install Pt. 14: Windows vCenter Install

Permalink to this series: vexpert.me/Derek60
Permalink to my Toolkit script: vexpert.me/toolkit60

Deploy VCSA PSC

1. Download the VCSA ISO (yes ISO, not OVA) and mount it on a Windows VM.

2. Open the root of the ISO and click on the vcsa-setup.html file.

3. Since I’m assuming a fresh install, click on Install.2015-03-29_19-42-35 4. Accept the license agreement and click Next.

5. Enter the FQDN or IP address of the ESXi server which you want the PSC deployed on. Enter the associated credentials. Click next and wait for the verification to complete. You may get a warning about an untrusted SSL certificate. Accept it.

2015-03-29_19-48-33

6. On your DNS server configure A and PTR records for the PSC’s address. This is critical!

7. Enter the FQDN of your appliance, and a complex password. If your password is not complex enough it will warn you and provide the complexity requirements.

2015-03-29_19-51-28a8. Next up, select the PSC option and click Next.

2015-03-29_19-53-06

9. Now we get to configure SSO. Yippee! Since I’m assuming a new install, I’ll create a new SSO domain, enter a complex password, and SSO site name. Remember that you should NOT set your SSO domain name to the same as your Windows domain. You could use a sub-domain, such as sso.contoso.local. I’m sticking with vSphere.local.

2015-03-29_19-55-03

10. The appliance is automatically sizes for 2 vCPUs and 2GB of RAM. Not bad for a PSC. Click Next.

11. Next up is datastore selection. In my home lab I have datastores on my QNAP and VSAN. I’ll go with VSAN here.

2015-03-29_19-58-07

12. Now you get to configure your network settings. Everything here is self-explanatory. I used the public NTP servers for accurate time, and also enabled SSH (lower down on the screen).

2015-03-29_20-02-05a

13. On the summary screen review all of the details to ensure they are correct.

2015-03-29_20-04-18

14. Sit back for a few minutes and wait for your VCSA-based PSC to be installed!

2015-03-29_20-11-58

Summary

We walked through the manual process of deploying a VCSA-based PSC in your environment. The VMware wizard is very straight forward, and makes deploying the VCSA very easy. If you want to automate the deployment of the VCSA, check out William Lam’s awesome multi-part guide here. You can also check out an ‘official’ method of command line deployment here. Next up will be configuring the VMCA as a subordinate CA, which you can find here.

Print Friendly, PDF & Email

Related Posts

Subscribe
Notify of
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Matt B.
April 1, 2015 4:45 am

Hey Derek…have you run into any issues with adding a license key to Windows-based vCenter that's only using an external VCSA-based PSC? Thinking this may be a VMware bug. I'm getting a SOAP error – (while logged in as ad***********@vs*****.local) GetLicenses Authorization result: User does not have admin rights to perform the operation using the C++ client to add a valid license key and "The following serial keys are invalid: JH028-XXXXX-XXXXX-XXXXX-XXXXX" when attempting to add a key in the vCenter Web Client. Can you confirm if you're running into this?

Dina
October 17, 2017 8:07 am
Reply to  Matt B.

Hi Matt, I'm facing this same issue.. would you please share the resolution?
Thanks in advance