Providing availability of vCenter Server v5.x with Symantec ApplicationHA v6.1

It’s been a while coming but I’ve finally got some time to write this article on protecting vCenter Server availability. It’s probably also come as an opportune time as not so long ago VMware announced the end of availability of vCenter Heartbeat so now many of you are probably looking for ways to protect vCenter Server more than ever especially due to the criticality that it brings in management and operations of your vSphere environment. This article will highlight areas that need to be protected and what options you have.

With release after release of vSphere more functionality goes into vCenter Server and more of the virtualized environment relies on it being available to serve the needs of the administrator. although vCenter Server can typically reside on a single server, it is made up of many critical parts. If you’ve sat through an install of vCenter Server you will know that its broken up into 4 core areas, these are Single Sign-on (SSO), Inventory Service, vCenter Server itself and lastly there is also the vSphere Web Client & Services. SSO is a core component of vSphere since its introduction in v5.1, it’s there to handle authentication requests and also is a security broker handling requests coming from the various vSphere solutions. Although there were some operational hiccups in v5.1, subsequent versions have become stronger and deployment options have increased, I’ll take a look at those in a minute. The Inventory Service is another key component that has two functions firstly it stores the custom tags for the vSphere Web Client and secondly it’s also a proxy for the vSphere Web Client which actually assists in reducing the load on the vCenter Server (VXPD), knowing this little tidbit can actually help in deployment scenarios so if you are breaking up the components onto separate servers then it’s best to keep the Inventory Service close to the vSphere Web Client Services. Next there is the vCenter Server itself which is made up of a number of services and critical to the whole environment. Lastly there is the vCenter Web Server/Services which provides the administrator with a web UI for management and operations of the entire environment.

Now we’ve gone through the critical services let’s take a look at deployment and availability options within each group. Ignoring the simple install option of vCenter for the moment, options available when using the custom install method for SSO provide the ability to install in 3 types of deployment modes, these are single SSO, SSO installed in HA mode and SSO installed for multi-site environment. With single deployment it’s just that, SSO is installed onto a system and acts as a single entity for the whole vSphere environment. HA mode provides the ability to add another SSO system to an existing SSO system and provides a failover mechanism in case the primary SSO system fails; typically a load balancer is used in front of the SSO servers for ease of configuration. Lastly the multisite option provides local authentication in a multiple site scenario, be aware though that there is no failover between sites so if a failed site fails then local authentication for that site will fail too. I don’t want to focus too much on the different scenarios too much as there are plenty of blogs out there which highlight best practices for deploying SSO. What is important is the availability of the services especially in a single SSO deployment which let’s face it will be used by large number of SMBs and enterprise customers.

When deployed on a single system SSO services consist of 5 key services, these are the VMware Certificate Services, VMware Directory Services, VMware Identity Management Services, VMware KDC Services and the VMware Secure Token Services when these services are installed the default Windows Service Manager recovery configuration for most of these services are set to restart upon 1st and 2nd failure, you may think this will be OK for availability but what if the service keeps failing, what if the service doesn’t restart, what effect will it have on the other key components in the environment which as we know now are critical to operations. What’s needed is a method to monitor these services and the other components intelligently and remediate any issues that occur within the environment. The other services such as Inventory, vCenter Server and Web Services do not have any recovery options enabled so the administrator is pretty much left to manage those independently.

Using a solution like Symantec ApplicationHA can assist in protecting all of the vCenter Server services and still have the ability to utilize VMware features like VMwareHA and DRS especially useful if vCenter Server has been deployed onto a virtual machine, which I assume you have. Symantec ApplicationHA provides the ability to monitor all of the key components and in the event it is unable to resolve issues it can pass control to VMwareHA to reset the virtual machine. ApplicationHA has a number of application agents it supports and also has a vCenter agent which can be used to protect vCenter. There is also a wizard which can be launched from with vSphere Web/Desktop Client which can be used to protect vCenter. The current version of the wizard does not include SSO configuration but can be added after the wizard is run. Symantec are aiming to update their wizard to include SSO so for the moment we can script the additional services pretty easily with ApplicationHA commands.

Symantec ApplicationHA auto detects the services within the deployment and provides the ability to also monitor the connection between the SQL database and vCenter itself.

This is of available vCenter services are displayed within the configuration

The dependency of the services is shown by viewing the dependency component view.

Finally the additional SSO services can be added to the configuration by running the script containing the commands below.

haconf -makerw

hatype -modify GenericService RestartLimit 1

hares -add VMWareCertificateService GenericService vCenterServer_SG

hares -modify VMWareCertificateService ServiceName VMWareCertificateService

hares -modify VMWareCertificateService Enabled 1

hares -add VMwareDirectoryService GenericService vCenterServer_SG

hares -modify VMwareDirectoryService ServiceName VMwareDirectoryService

hares -modify VMwareDirectoryService Enabled 1

hares -add VMwareIdentityMgmtService GenericService vCenterServer_SG

hares -modify VMwareIdentityMgmtService ServiceName VMwareIdentityMgmtService

hares -modify VMwareIdentityMgmtService Enabled 1

hares -add VMwareKdcService GenericService vCenterServer_SG

hares -modify VMwareKdcService ServiceName VMwareKdcService

hares -modify VMwareKdcService Enabled 1

hares -add VMwareSTS GenericService vCenterServer_SG

hares -modify VMwareSTS ServiceName VMwareSTS

hares -modify VMwareSTS Enabled 1

hares -add vmwarelogbrowser GenericService vCenterServer_SG

hares -modify vmwarelogbrowser ServiceName vmwarelogbrowser

hares -modify vmwarelogbrowser Enabled 1

hares -link vspherewebclientsvc vpxd

hares -link vimQueryService vctomcat

hares -link vpxd VMwareKdcService

hares -link vpxd VMwareSTS

hares -link vpxd VMWareCertificateService

hares -link VMwareIdentityMgmtService VMwareDirectoryService

hares -link VMwareSTS VMwareIdentityMgmtService

hares -link vmwarelogbrowser vspherewebclientsvc

hares -unlink vimQueryService vpxd

haconf –dump –makero


Here is the final list of all services being monitored by ApplicationHA

And the dependency component view is also updated to include all of the services and the correct dependencies.

Now that the configuration is complete testing for fault scenarios can commence. For more information on ApplicationHA please follow the product link below.

Symantec ApplicationHA


Using VMware vSphere Web Client with Symantec ApplicationHA and Symantec Cluster Server (VCS)

Using VMware vSphere Web Client with Symantec ApplicationHA and Symantec Cluster Server (VCS)

Since v5.1 of vSphere, VMware have focused on providing web based management for the vSphere environment, with v5.5 more functionality has been placed into the vSphere Web Client to bring its capabilities on par to that of the Windows based vSphere Client. Moving forward VMware have stated that any new feature VMware introduces typically is only going to be available within the vSphere Web Client. Due to the move by VMware away from the Windows based vSphere Client Symantec has also developed integration into the vSphere Web Client so that customers using Symantec High Availability solutions can leverage the vSphere Web Client also. This paper describes the steps needed to enable management of Symantec high availability solutions with the vSphere Web Client.

Solution features and support

Symantec High Availability Solutions that leverage vSphere Web Client management include Symantec ApplicationHA and Symantec Cluster Server (VCS), traditionally these solutions use a Windows system that runs the Symantec HA Console for management, guest deployment and application single sign-on all of which are managed via a plugin into the Windows vSphere client. To support the vSphere Web Client the Symantec architecture, Veritas Operations Manager 6.1 (VOM) is used for presenting the information into the Web Client including registration of the plugin for vCenter Servers within the environment. With this release certain functionality is omitted but will be added in subsequent releases.

Operations that are enabled within the vSphere Web Client include

  • Registration of the Symantec High Availability plugin for vSphere Web Client.
  • Configuration/discovery of applications to be placed under Symantec ApplicationHA & VCS control.
  • Management of applications including start/stop and other management tasks.
  • Single sign-on for application authentication from VOM to the vSphere Web Client.
  • Dashboard view and management of applications configured visible from the Cluster or Datacenter views of the vSphere Web Client.

Management tasks omitted in the 6.1 release from the Symantec HA plugin for vSphere Web Client include.

  • Ability to install guest component via vSphere Web Client: You cannot use the vSphere Web Client to install the Symantec ApplicationHA or VCS guest component into the virtual machine. Use either the Windows vSphere Client to install the guest components and then migrate them to the Web Client or use the installer from the Symantec solutions DVD image to push the components to multiple VMs.
  • Symantec High Availability home page will not be available on the vSphere Web Client, and the operations related to Symantec High Availability License Management, single sign-on configuration between sites (for VMware Site Recovery Manager) are not available. The keyless license model is recommended which can be managed through VOM.
  • Integration with Symantec Backup Exec is not supported.


Supported environments.

To use the Symantec HA Console plugin for VMware vSphere Web Client the following platforms and software are supported.

  • VMware vSphere 5.1 or later
  • Symantec ApplicationHA 6.1 or later

    * Earlier versions can be used but the VOM managed host package VRTSsfmh needs to be updated

  • Symantec Cluster Server (Windows) 6.0.1 or later
  • Symantec Cluster Server (Linux) 6.0.2 or later

    * Symantec Cluster Server below v6.1 for both Windows and Linux require the VOM managed host package VRTSsfmh to be updated.

  • Veritas Operations Manager 6.1 or later.

Steps Required to implement solution.

Step 1 – Installation of Veritas Operations Manager.

Veritas Operations Manager (VOM) 6.1 is required to be installed and configured for use with the vSphere environment. VOM is available to download from the Symantec website at click the download link on the page and follow the steps required to download the code. Note that the full package will include the add-ons required by default, select the full package download file to minimize the steps otherwise the add-ons required will need to be installed separately. The VOM management server can be installed on either a Windows or Linux host information on current supported platform is at . Carry out the install by running the installation bin or exe file depending on the desired platform that was downloaded from the Symantec website and follow the install wizard including the management configuration. There are a great set of videos at which have been posted and these are great to review to understand the steps required. Once configured, log in to the VOM server with system administrator privileges and the home page will be presented.

Step 2 – Configuration of the Control Host and Virtualization Add-on.

Once the VOM server is installed, the Control Host (CH) add-on needs to be installed next. The Control host facilitates the discovery of the environment and will be used to discover the vSphere environment, this is carried out via the “Settings icon and then selecting the “Deployment” section, depending on your environment the CH may need to be installed on separate server but for this paper it will be installed on the VOM server. Expand the “Add-on” section and right click on “Control Host and select “Install“. After a few minutes the Control Host will be enabled and installed.

Once the CH is installed next step is to enable the Symantec HA Plugin for vCenter Web Client, this is enable by selecting the “Symantec HA Plugin for vSphere Web Client” Add-on in the left hand column and then right click on the Symantec HA Plugin and select “Install“.


The Add-on must be installed on the VOM Management Server; the VOM Web Server will need to be restarted after the Installation of the add-on. To restart the Web server, click “Restart Web Server” button on the task bar.



Log back into the management server after the restart of the web services. Once logged in, the verification of the add-on installation can be made by selecting the “Repository” or the “Add-on” section in the left hand column and verify that the Control Host and Symantec HA plugin for vSphere Web Client have both been enabled.

Next step is to enable the Virtualization management within VOM. This is carried out by going to the “Settings” section and select “Virtualization“.

Click “Add Virtualization Server” from the task pane and fill in details of the vCenter Server environment that requires the plugin. Multiple vCenter Servers can be added if required.

Discovery of the environment is carried out and selection of ESX servers can be made.

Discovery process completes and information on the environment is displayed.

Side Note: The ESX servers are not used for the registration process but information from the environment can be gained and can be useful. Information such as memory/CPU/network and storage is discovered by the Control Host. Specific information on the environment that has been discovered also includes Storage and Datastores associated to the environment. Information on the environment is viewed from VOM within the virtualization perspective; access to this type of information can be given to users where access via the vSphere Client is restricted.

Step 3 – Registration of the Symantec HA plugin for vSphere Web Client.

Register the plugin against the discovered vCenter servers by carrying out a register task within the Virtualization perspective from the home view. Select the “Solutions” panel at the left hand side and click on “Symantec HA plugin for vSphere Web Client“. Right click on the vCenter Servers that require the plugin to be registered and select “Register“.

Step 4 – Adding Symantec ApplicationHA and VCS guest hosts to the VOM server.

With the plugin registered the next step is to add the virtual machines with ApplicationHA and VCS installed to the VOM server. Do this by selecting “Settings” from the home page and select “Add Hosts” on the task pane, select “Agent” as the type and fill in the required information. Note if you have multiple VMs to be added then a CSV file can be uploaded to the wizard to fill in the required information. The format of the CSV follows.

Host, User, Password


host2, user2,password2

host3, user3,password3


Once the VMs have been added and discovery completes the information of the VMs is displayed. Make sure that the VMs Agent is in a connected state.

Step 5 – Management of the Symantec HA plugin via vSphere Web Client.

Next and final step is to check connectivity via the vSphere Web Client. The VOM Management Servers SSL security certificate must be added to the workstations Trusted Root Cert Authorities repository within the internet options so that a secure communication can be made from the Web Client to VOM.

The Symantec HA plugin should be displayed under the “Monitor” tab within the vSphere Web Client as displayed below. From this point onwards the configuration or management of the application can be carried out.

The Symantec HA Dashboard which provides visibility across all VMs with ApplicationHA or VCS installed within a single view and is available from the vSphere Cluster or Datacenter views as displayed below.

This concludes the steps required to enable the Symantec HA plugin from within the vSphere Web Client. For more information on ApplicationHA and VCS please review the links below.

Symantec Cluster Server

Symantec ApplicationHA