Ensure your load-balancing is right for a vRealize Automation 7.x HA install

/ Mark Brookfield

20161114-1Last week I had cause to build a fully distributed/HA installation of vRealize Automation as a proof-of-concept. After encountering an issue with DTC communication, it led to a question of load-balancer configuration. Not how to do it (VMware have documented this very well), but the order of things.

In the lab I have deployed numerous F5 virtual appliances, both GTMs and LTMs. For this scenario, I created a new subnet behind the LTMs (VLAN66) for both vRA appliances and all six IaaS boxes. In total this came to:

  • Two vRA appliances
  • Two IaaS web servers / model manager
  • Two IaaS manager servers
  • Two DEM/Agents

The first three components are load-balanced, and a pool will be created for each pair.

As vRealize Orchestrator is only being used by vRA, I decided to use the built-in vRO that comes with the appliances.

Installation

Prior to installing vRealize Automation in a HA scenario it is important to have pre-configured your load-balancers, including all pools and health monitors.

To configure this correctly, check out the following document from VMware:

http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-load-balancing.pdf

However whilst performing the installation, it is important to note that each pool should only have one member, and health checking should be disabled.

Post-installation

Once vRA has been deployed it is important to change the health check on each pool to the correct one, before adding tertiary nodes.

For some pools, is does not matter if you accidentally leave  the health check to the default (eg. ICMP), as the nodes operate in an active/active configuration. The vRA appliances and IaaS web hosts are good examples of this. Please note though that if a key service fails (eg. IIS) then ICMP service checking will not detect this – and the load-balancer will continue to send traffic to a host it thinks it is alive (but is effectively dead).

However, the IaaS model manager hosts operate in an active/passive configuration, and the VMware vCloud Automation Center service on the passive node must be set to manual. If both are running at the same time, bad things will happen. If the correct health checks are enabled, the load-balancer will detect IIS is not running on the passive node and will not forward traffic to it.

Upgrading to vRealize Automation 7.2

When upgrading/patching vRA, the same sequence must be used as if performing a full installation, albeit in reverse:

  1. Disable or remove the second (or passive) member from each pool
  2. Disable load-balancer service checking (or set to default/ICMP)
  3. Perform upgrade on primary member
  4. Perform upgrade on second/tertiary members
  5. Set load-balancer service checking to correct one
  6. Re-add additional members

The following steps use F5 load-balancers, but the principle is the same for other vendors.

Use the vRA VAMI to determine which vRA appliance is the primary node. To do this, select the vRA Settings tab, followed by Database:

20161124-5

The above shows the primary is vra1.nl.mdb-lab.com.

On the F5 load-balancer, select the pool you need to modify (in this example the vRA appliance pool):

20161124-1

Select the secondary node and click Disable:

20161124-2

Select the properties tab of the pool:

20161124-3

Remove the correct health monitor, or replace it with the default one:

20161124-4

Click Update.

Repeat the above steps for the IaaS web pool. As those hosts operate as active/active, is does not matter which member of the pool you disable.

Determine which IaaS model manager host is the primary by using the following PowerShell code on each box:

Get-Service | Where-Object {$_.name -eq "VMware vCloud Automation Center Service"}

Once you have determined the passive node(s), disable these in the pool too.

You will now be able to proceed with upgrading the necessary components.

Finishing off

I won’t demonstrate how to patch/upgrade vRealize Automation as this is well documented elsewhere. If you’re interested in starting the process from scratch, checkout one of Jad El-Zein‘s awesome posts on the topic.

Alternatively, fellow vExpert Michael Rudloff has written an blog awesome series regarding vRA, which can be found at:

http://open902.com/vrealize-automation-7-2-installation-and-configuration/

One thought on “Ensure your load-balancing is right for a vRealize Automation 7.x HA install

  1. Pingback: Newsletter: November 26, 2016 | Notes from MWhite

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.