I Love the VMware vCenter Server Appliance

Most things in my life that I think are good & excellent are things I started out being very critical of, or at the least greatly disliking. Some of my best friends were some of the most annoying people ever when I first met them. My wife loves to tell the story about us camping in Denali National Park a few years ago, where I absolutely hated the place at first, just to end up a complete fan. And, speaking of my wife, ask me sometime how we met.

It seems fitting that I’ve gone from hating the idea of the VMware vCenter Server Appliance (vCSA) to having an inappropriate man-tech crush on it. To be fair there are a lot of good reasons to hate virtual appliances, most of which stem from the fact that most virtual appliances are assembled by people that should never be allowed to admin a server. Virtual appliances tend to be security nightmares (e.g. anything from VKernel, hopefully Dell/Quest taught them how to patch), they are hard to update, they don’t perform well, they’re impossible to back up, they aren’t supported equally by their vendor, and they don’t conform to best practices. For example, absolutely none of them seem to align their storage properly, including appliances from storage vendors themselves (if I remember correctly the NetApp Balance appliance — their performance analysis tool — is worthy of a facepalm in this regard).

So the vCSA found itself in my mental classification of “boondoggle.” But then three things happened. First, VMware released vSphere 5.1, and with it the vCSA actually became a supported way to run vCenter alongside most of the other VMware products. Second, I found myself having to build a number of independent vCenter instances, and the amount of work had me thinking about building my own Windows-based vCenter VM template. Third, vSphere 5.1 shipped with a crap sandwich called “SSO,” which is the single biggest reason I see people refusing to upgrade from vSphere 4.1. Rightfully so. It’s a mess.

But it’s way less of a mess if you use the vCSA, where it’s all just set up for you.

Oh, and hey, look at that, I don’t need a Windows license.

Or a SQL Server license.

I don’t need to be a DBA, or pay one.

Hell, I don’t even need to be a sysadmin.

By god, the update & upgrade functionality works well if you can proxy/NAT/PAT out of the network to VMware.

VMware actually releases updates for it alongside installable vCenter, treating it like a first-class citizen.

The SSL certificate situation for the vCSA is a ridiculous 81-step process, and you can’t use the SSL Certificate Automation Tool (a fancy batch file to sign SSL certs), but if you’ve got cut & paste, a decent SSH tool, and some thoughts from William Lam you’ll be fine.

Speaking of William, he unearthed that the vCSA can simulate a full vSphere deployment, too. Unsupported but very useful for developers.

It all works with Active Directory, but can have local accounts.

I can back it up using any number of VM-level backup methods. When’s the last time I restored a single file to my vCenter Server anyhow?

Most other VMware products are certified to run with the vCSA, and third-party tools can’t tell the vCSA from a Windows vCenter instance.

And I was already running vCenter as a VM, so what’s the big difference?

Most tools I see actually don’t save much time, because the time they save you in one area gets eaten by the time it takes to maintain the tool itself. I don’t see the vCSA like that anymore, and I wish more of VMware’s products shipped this way. I’d love to have supported vCloud Director Server Appliances clustered together, or a Configuration Manager appliance, or an SRM appliance, all with the same standards of operation the vCSA folks have. So good work, VMware. Now get working on the rest of your products. 🙂

Update: yes, I’m aware that there are limitations on the size of the environment that can be supported by a vCSA, mainly due to the way they have the embedded Postgres configured. I sincerely hope that VMware increases those.