Platform Service Controller commonly known as PSC is a bundle of components such as single sign on, licensing and certificate management.
It basically deals with identity management for administrators and applications that interact with the vSphere platform.
It has a built-in feature for automatic replication between different logical SSO sites.
On the other side services like inventory service web client remain to stay with vCenter server making it pretty simple and easily manageable.
Complete list of components installed along with platform services controller are mentioned below
- VMware Identity Management Service
- VMware Appliance Management Service (only in Appliance-based PSC)
- VMware License Service
- VMware Component Manager
- VMware HTTP Reverse Proxy
- VMware Service Control Agent
- VMware Security Token Service
- VMware Common Logging Service
- VMware Syslog Health Service
- VMware Authentication Framework
- VMware Certificate Service
- VMware Directory Service
Basically PSC can be deployed in 2 ways.
- Embedded PSC
- External PSC
Embedded PSC
The term itself is self-explanatory where vCenter and PSC is deployed on the same server. This kind of deployments are generally observed in customer’s environment where you basically have one vCenter server making it easy to manage.
But there are certain challenges while using this deployment model since linked mode configuration is not supported from embedded to embedded PSC due different single sign on domain being used.
it is not recommended to setup replication partnerships with External Platform Services controllers or other embedded Platform Services Controllers.
As of vSphere 6.0 Update 1, customers can now move their vCenter Server with Embedded Platform Services Controller to a vCenter Server with External Platform Services Controller
External PSC
While having certain challenges with embedded PSC that is when external PSC comes in to picture. If you have multiple vCenter servers which would be having one single sign on domain then external PSC should do the trick. External PSC can also be used when you have a single vCenter server in order to easily manage and expand your environment if necessary in future.
In the current scenario PSC would be deployed initially on a different server and later vCenter server would be deployed pointing it to external PSC deployed earlier.
We can deploy multiple external PSC as a part of the one single sign on domain which automatically establishes a enhanced linked mode across the vCenter server unlike vCenter 5.5 where linked mode configuration was configured separately.
Some of the deployment ways are mentioned below.
PSC High Availability
To my understanding PSC high availability feature is used using certain load balancer such as F5,Citrix Netscaller in order to ensure when primary node goes down, vCenter would automatically fail over to second PSC. The main idea here involves ensuring both the PSC are in active active state. But ideally all the incoming requests are accepted by one single PSC node.
Compared to the other deployment model where you have 2 external PSC in enhanced linked mode registered with one vCenter.If one PSC goes down you can still manually repoint the vCenter to second PSC. The only difference would be if you have load balancer failover would happen automatically else you need to manual intervention is required to repoint the vCenter to the second PSC . But the end goal achieved in both the case would be same.
Configuring load balancer on the PSC can be followed with via https://kb.vmware.com/kb/2113315
There are certain supported and unsupported topologies in vsphere 6.0 for PSC. Please find the below KB article for more details
https://kb.vmware.com/kb/2108548
For vCenter deployment along with embedded and external PSC please go through my previous articles for step by step procedure.
