Platform Services Controller (PSC) provides infrastructure security functions such as vCenter Single Sign-On, licensing, certificate management and server reservation.

About this task

After you configure the NSX load balancer, you can provide the NSX Edge device uplink interface IP address for vCenter Single Sign-On.

Prerequisites

  • Perform the PSC High Availability preparation tasks listed in the knowledge. See http://kb.vmware.com/kb/2113315.

  • Save the /ha/lb.crt and /ha/lb_rsa.key from first PSC node to configure certificates.

  • Verify that an NSX Edge device is configured.

  • Verify that you have at least one uplink for configuring VIP and one interface attached to internal logical switch.

Procedure

  1. Add PSC CA certificates to the NSX Edge.
    1. Save the PSC root.cer and certificate, RSA and passphrase generated from the OpenSSL command.
    2. Double-click the Edge and select Manage > Settings > Certificate .
    3. Add the saved content root.cer file to the CA certificate contents.
    4. Add the saved passphrase to the private key section.
  2. Enable the load balancer service.
    1. Select Manage > Load Balancer > Edit.
    2. Check the Enable Load Balancing and Logging options.
  3. Create application profiles with TCP and HTTPS protocols.
    1. Select Manage > Load Balancer > Application Profiles.
    2. Create a TCP application profile.

      TCP application profile with source IP persistence mode.

    3. Create an HTTPS application profile.

      HTTPS application profile with source IP persistence mode.

  4. Create application pools to add member PSC nodes.
    1. Select Manage > Load Balancer > Pools.
    2. Create two application pools with monitor port 443.

      Use the PSC node IP address.

      Application pool with monitor port 443.

    3. Create two application pools with monitor port 389.

      Use the PSC node IP address.

      Application pool with monitor port 389.

  5. Create virtual servers for the TCP and HTTPS protocols.
    1. Select Manage > Load Balancer > Virtual Servers .
    2. Create a virtual server for TCP VIP.

      Virtual server settings for TCP VIP.

    3. Create a virtual server for HTTPS VIP.

      Virtual server settings for HTTPS VIP.