Important: How to recover vCenter server while using vDS
What happens when you want to configure network settings of a VM directly from the ESXi host while using vDS, like changing the mapped port group for a VM? this action will not be allowed and you will be getting an error since vDS is only managed via the vCenter server, but what happens if vCenter itself is down/crashed and you have to recover the entire vCenter VM, or perform a manual restoration using the vCenter installation wizard? I am afraid to tell you that you will be facing your worst nightmare ever, unless you understand and follow these simple protective steps here in this article.
First solution: is to configure the ESXi host that is going to host the recovered vCenter VM to use a standard vSwitch, in some cases this is not possible specially if you are implementing port-channel groups on the physical switches, and the host may have only two interfaces. This solution will take a lot of time to prepare the host, and may fail.
Second Solution: is to be able to assign a distributed port group to the vCenter VM through the ESXi host, detailed here under:
vCenter server virtual appliance (VCSA) could be backed up by two ways:
- Backing up the entire VM (image-based) by using Veeam, or any other VM-backup solution. Best Practices for backing up vCenter server VCSA using Veeam.
- Or by making file-level backups using VAMI (vCenter Virtual Appliance Management Interface). Learn more here.
Be prepared for vCenter server crashes by doing the following:
- Backup vCenter server, either by using a VM-backup solution, or exporting the configuration (file-level backup) using VAMI, or both (recommended).
- Backup the distributed switches (vDS) in your production as it’s not backed up with the vCenter as the configuration is stored in the ESXi hosts, you can either back it up manually via the vSphere Web Client, or via a script.
- Protect vCenter by using vCenter High Availability (available only in vSphere 6.5, or later). Read more about vCenter HA.
Preparation and restoration steps:
To be able to assign distributed port groups to VMs via ESXi host, not vCenter, you need to use a specific “port-binding” type for distributed port groups, let’s learn here more about the different types of port bindings, and then I will tell you which one you should be using.
The following description is copied from VMware (KB:1022312)
Types of port binding
These three different types of port binding determine when ports in a port group are assigned to virtual machines:
When you connect a virtual machine to a port group configured with static binding, a port is immediately assigned and reserved for it, guaranteeing connectivity at all times. The port is disconnected only when the virtual machine is removed from the port group. You can connect a virtual machine to a static-binding port group only through vCenter Server.
Note: Static binding is the default setting, recommended for general use.
In a port group configured with dynamic binding, a port is assigned to a virtual machine only when the virtual machine is powered on and its NIC is in a connected state. The port is disconnected when the virtual machine is powered off or the NIC of the virtual machine is disconnected. Virtual machines connected to a port group configured with dynamic binding must be powered on and off through vCenter.
Dynamic binding can be used in environments where you have more virtual machines than available ports, but do not plan to have a greater number of virtual machines active than you have available ports. For example, if you have 300 virtual machines and 100 ports, but never have more than 90 virtual machines active at one time, dynamic binding would be appropriate for your port group.
Note: Dynamic binding is deprecated from ESXi 5.0, but this option is still available in vSphere Client. It is strongly recommended to use Static Binding for better performance.
In a port group configured with ephemeral binding, a port is created and assigned to a virtual machine by the host when the virtual machine is powered on and its NIC is in a connected state. When the virtual machine powers off or the NIC of the virtual machine is disconnected, the port is deleted.
You can assign a virtual machine to a distributed port group with ephemeral port binding on ESX/ESXi and vCenter, giving you the flexibility to manage virtual machine connections through the host when vCenter is down. Although only ephemeral binding allows you to modify virtual machine network connections when vCenter is down, network traffic is unaffected by vCenter failure regardless of port binding type.
Note: Ephemeral port groups must be used only for recovery purposes when you want to provision ports directly on host bypassing vCenter Server, not for any other case. This is true for several reasons””
End of Quote
According to this KB, the binding type we should be using is the “Ephemeral”, and as stated above, it should only be used for recovery purposes, not for production.
Let’s continue the steps of preparing the vDS for recovery modes:
- Create a new distributed port group: go to the “Network” node >> select a vDS >> right click >> “Distributed Port Group” >> “New Distributed Port Group”.
- Specify a name for it, like “VCENTER-RECOVERY”, and don’t forget to inform your staff that this port group is used only with vCenter recovery.
2- Set the port-binding type to: “Ephemeral – no binding”, and then set a VLAN (if required) >> and then click Next.
Now, your vDS is ready for vCenter crashes, and I hope that you won’t face any indeed J.
Let’s assume that you’ve already restored vCenter to one of your hosts, when you try to hock the vnic of the VM to a distributed port group, the operation will fail (as shown below)
Now, choose the port group that you’ve created with port-binding set to “Ephemeral”, and then try to save the settings, the operation will now succeed, and the VM will be powered on successfully.
I hope this has been informative, and I’d like to thank you for viewing.