Protecting the vCenter Server system is important because it is the central point of management and monitoring for the SDDC. You protect vCenter Server according to the maximum downtime tolerated and whether fail-over automation is required.

You can use the following methods for protecting the vCenter Server Appliance:

Table 1. Methods for Protecting the vCenter Server Appliance

Redundancy Method

Protects vCenter Server Appliance

Automated protection using vSphere HA


Manual configuration and manual failover, for example, using a cold standby clone.


HA cluster with external load balancer

Not Available

vCenter Server HA


Table 2. Design Decisions on High Availability of a Workload Domain vCenter Server

Decision ID

Design Decision

Design Justification

Design Implication


Protect the workload domain vCenter Server appliance by using vSphere HA.

Supports the availability objectives for vCenter Server appliances without requiring manual intervention if a failure occurs.

vCenter Server becomes unavailable during a vSphere HA failover.

In vSphere HA, set the restart priority policy for the vCenter Server appliance to high. vCenter Server is the management and control plane for physical and virtual infrastructure. In a HA event, vCenter should be available first before other management components come online to ensure the rest of the SDDC management stack comes up cleanly. If the restart priority for another virtual machines is set to highest, the connectivity delays for management components will be longer.