New to my vSphere installation series is using the pre-packaged vCenter appliance (VCSA). Now that the VCSA is on par with the Windows vCenter server, I suspect more and more people will migrate to the appliance. So to that end, let’s install an external PSC using the VCSA. If you are using a Windows-based external PSC, then you can skip this blog post and go directly to Part 11 (VMCA as subordinate) when that gets published.
vSphere 6.0 Install Pt. 1: Introduction
vSphere 6.0 Install Pt. 2: Platform Services Controller
vSphere 6.0 Install Pt. 3: Certificate Management
vSphere 6.0 Install Pt. 4: vCenter Upgrade Best Practices
vSphere 6.0 Install Pt. 5: ESXi Upgrade Best Practices
vSphere 6.0 Install Pt. 6: Install Windows PSC
vSphere 6.0 Install Pt. 7: Config SQL DBs
vSphere 6.0 Install Pt. 8: Toolkit Configuration
vSphere 6.0 Install Pt. 9: SSL Templates
vSphere 6.0 Install Pt. 10: Install VCSA PSC
vSphere 6.0 Install Pt. 11: VMCA as Subordinate
vSphere 6.0 Install Pt. 12: PSC Machine Certificate
vSphere 6.0 Install Pt. 13: Directory Services Certificate
vSphere 6.0 Install Pt. 14: Windows vCenter Install
Deploy VCSA PSC
1. Download the VCSA ISO (yes ISO, not OVA) and mount it on a Windows VM.
2. Open the root of the ISO and click on the vcsa-setup.html file.
5. Enter the FQDN or IP address of the ESXi server which you want the PSC deployed on. Enter the associated credentials. Click next and wait for the verification to complete. You may get a warning about an untrusted SSL certificate. Accept it.
6. On your DNS server configure A and PTR records for the PSC’s address. This is critical!
7. Enter the FQDN of your appliance, and a complex password. If your password is not complex enough it will warn you and provide the complexity requirements.
9. Now we get to configure SSO. Yippee! Since I’m assuming a new install, I’ll create a new SSO domain, enter a complex password, and SSO site name. Remember that you should NOT set your SSO domain name to the same as your Windows domain. You could use a sub-domain, such as sso.contoso.local. I’m sticking with vSphere.local.
10. The appliance is automatically sizes for 2 vCPUs and 2GB of RAM. Not bad for a PSC. Click Next.
11. Next up is datastore selection. In my home lab I have datastores on my QNAP and VSAN. I’ll go with VSAN here.
12. Now you get to configure your network settings. Everything here is self-explanatory. I used the public NTP servers for accurate time, and also enabled SSH (lower down on the screen).
13. On the summary screen review all of the details to ensure they are correct.
14. Sit back for a few minutes and wait for your VCSA-based PSC to be installed!
We walked through the manual process of deploying a VCSA-based PSC in your environment. The VMware wizard is very straight forward, and makes deploying the VCSA very easy. If you want to automate the deployment of the VCSA, check out William Lam’s awesome multi-part guide here. You can also check out an ‘official’ method of command line deployment here. Next up will be configuring the VMCA as a subordinate CA, which you can find here.