Platform Services Controller (PSC) provides infrastructure security functions, such as vCenter Single Sign-On, licensing, certificate management, and server reservation.

After configuring the NSX load balancer, provide the NSX Edge device uplink interface IP address for vCenter Single Sign-On.

Note: The following procedure explains the steps for configuring an NSX Edge load balancer for use with Platform Services Controller 6.0. For configuring the Edge load balancer for use with Platform Services Controller 6.5, see the VMware knowledge base article at https://kb.vmware.com/s/article/2147046.

Prerequisites

  • Perform the PSC High Availability preparation tasks that are mentioned in the VMware knowledge base article at http://kb.vmware.com/kb/2113315.
  • Save the /ha/lb.crt and /ha/lb_rsa.key from the first PSC node to configure certificates.
  • Verify that an NSX Edge device is configured.
  • Verify that you have at least one uplink for configuring VIP and one interface attached to an internal logical switch.

Procedure

  1. Add a PSC certificate to the NSX Edge.
    1. Save the PSC root.cer certificate, RSA, and passphrase that you generated with the OpenSSL command.
    2. Double-click the Edge and click Manage > Settings > Certificates .
    3. Click Add > Certificate.
    4. In the Certificate Contents text box, add the contents of the root.cer file.
    5. In the Private key text box, add the passphrase.
  2. Enable the load balancer service.
    1. Click Manage > Load Balancer > Global Configuration.
    2. Click Edit and enable the load balancer.
  3. Create application profiles with TCP and HTTPS protocols.
    1. Click Manage > Load Balancer > Application Profiles.
    2. Click Add and create a TCP application profile.
      For example, specify the following parameters in the TCP profile.
      Option Description
      Application Profile Type Select TCP.
      Name For example, enter sso_tcp_profile.
      Persistence Select Source IP
    3. Create an HTTPS application profile.
      For example, specify the following parameters in the HTTPS profile.
      Version Procedure
      NSX 6.4.5 and later
      1. In the Application Profile Type drop-down menu, select HTTPS Offloading.
      2. In the Name text box, enter the name of the profile. For example, enter sso_https_profile.
      3. Click Client SSL > Service Certificates.
      4. Select the PSC certificate that you added earlier.
      NSX 6.4.4 and earlier
      1. In the Type drop-down menu, select HTTPS.
      2. In the Name text box, enter the name of the profile. For example, sso_https_profile.
      3. Select the Configure Service Certificate check box.
      4. Select the PSC certificate that you added earlier.
  4. Create server pools and add member PSC nodes.
    1. Click Manage > Load Balancer > Pools, and then click Add.
    2. Create a pool with the following configuration settings.

      For example:

      Option Description
      Name Enter sso_tcp_pool1.
      Algorithm Select Round-Robin.
      Monitors Select default_tcp_monitor.

      Add the following members to the sso_tcp_pool1 pool with monitor port 443.

      State Name IP Address Weight Monitor Port Port Max Connections Min Connections
      Enabled PSC01 192.168.1.1 1 443 0 0
      Enabled PSC02 192.168.1.2 1 443 0 0
    3. Create another pool with the following configuration settings.

      For example:

      Option Description
      Name Enter sso_tcp_pool2.
      Algorithm Select Round-Robin.
      Monitors Select default_tcp_monitor.

      Add the following members to the sso_tcp_pool2 pool with monitor port 389.

      State Name IP Address Weight Monitor Port Port Max Connections Min Connections
      Enabled PSC01 192.168.1.1 1 389 0 0
      Enabled PSC02 192.168.1.2 1 389 0 0
  5. Create virtual servers for the TCP and HTTPS protocols.
    1. Select Manage > Load Balancer > Virtual Servers , and then click Add.
    2. Create a virtual server for TCP VIP with the following configuration settings.

      For example:

      Option Description
      Virtual Server Enable the virtual server.
      Acceleration Disable acceleration.
      Application Profile Enter sso_tcp_profile.
      Name Enter sso_tcp_vip
      IP Address Select 10.156.209.158.
      Protocol Select TCP.
      Port Enter 389,636,2012,2014,2020.
      Default Pool Select the sso_tcp_pool2 server pool that you created earlier.
      Connection Limit Enter 0.
      Connection Rate Limit Enter 0.
    3. Create a virtual server for HTTPS VIP with the following configuration settings.

      For example:

      Option Description
      Virtual Server Enable the virtual server.
      Acceleration Disable acceleration.
      Application Profile Enter sso_https_profile.
      Name Enter sso_https_vip
      IP Address Select 10.156.209.158.
      Protocol Select HTTPS.
      Port Enter 443.
      Default Pool Select the sso_tcp_pool1 server pool that you created earlier.
      Connection Limit Enter 0.
      Connection Rate Limit Enter 0.