Hello Team,
One step of deplying Trend Micro deep security virtual appliance is to disable HA on cluster ... can you please explain what is the reason to disable it ?
If you do this step and try to enable HA again .. vCenter will give you error message that there's insufficient vSphere HA failover resources.
Thank you,
Mohammad
I am not asking to disable HA, I am suggesting that the vm power on settings is enabled by HA by default, so any new vm which does not match the HA requirements is not allowed to power on.
Right click on cluster> ClusterFeatures>vSphere HA> Check Disable :"Allow VM Power on operation that violate availability constraint.
Could this be a problem of vSphere ?
This could not be the problem of vSphere. But it is a feature in vSphere.
Hi Welcome to the forums.
One step of deplying Trend Micro deep security virtual appliance is to disable HA on cluster ... can you please explain what is the reason to disable it ?
I am not sure about the requirement of disabling HA. From what I have read in the dsva documentation:
"If you intend to take advantage of VMware High Availability (HA) capabilities, make sure that the HA environment is established before you begin installing Deep Security. All ESX servers used for recovery operations must be imported into the Deep Security Manager with their vCenter, they must be ―prepared‖, and a Deep Security Virtual Appliance must be installed on each one. This will ensure that Deep Security protection will remain in effect after a HA recovery operation."
If you do this step and try to enable HA again .. vCenter will give you error message that there's insufficient vSphere HA failover resources.
The above is a HA related setting that can be change. Right click on cluster> ClusterFeatures>vSphere HA> Check Disable :"Allow VM Power on operation that violate availability constraint:
You don't need to disable HA.
Install one Trend Micro appliance on each ESX/ESXi server.
Ensure that the Appliance does not migrate to another server (using DRS). So either disable vmotion for the appliance or install the appliance on local storage (not shared)
Thanks for the reply guys. The problem is that once the first virtual appliances is deployed, the insufficient resources error message appear on every new virtual machine/appliance to be powered on ( unless we disable admission control for violating VMs) // disabling HA or DRS for these virtual appliances won't make any difference.
We also tried to deploy non-trend micro virtual appliance and got the same result.
Could this be a problem of vSphere ?
We are currently running vSphere 5 update 1.
Regards,
Sent from my BlackBerry® wireless device from STC
I am not asking to disable HA, I am suggesting that the vm power on settings is enabled by HA by default, so any new vm which does not match the HA requirements is not allowed to power on.
Right click on cluster> ClusterFeatures>vSphere HA> Check Disable :"Allow VM Power on operation that violate availability constraint.
Could this be a problem of vSphere ?
This could not be the problem of vSphere. But it is a feature in vSphere.
Hello zXi<http://communities.vmware.com/people/zXi_Gamer>,
I’m doing the same to get rid of this error message and I know this is a feature of vSphere. The questions is that why we are getting this error message although there’s enough resources for HA ( Two hosts up and running in a cluster ).
We have this problem only when we have virtual appliance deployed on one of the two hosts that we are using. When you power off this virtual appliance everything works just fine.
Regards,
how much memory/cpu is on each ESXi host?
you could reduce the memory allocated to TrendMicro but that would negatively impact performance
32GB on each host. Appliances have 2GB of memory. Also if you reserve much less than this we have the same problem.
you may want to review resource pools or other allocations of memory/cpu allocations/reservations
I think this "disable HA" recommendation may be related to each appliance being somewhat attached or something to a specifc host. If that´s the case I think it would be a nice test to disable HA restart for those specific appliances (Cluster Settings > VMware HA > Virtual Machine Options > for each VM > VM Restart Priority > Change from "Use cluster settings" to "Disabled")
the Deep Security appliance must be tied to the ESXi host it protects, and not vmotion to other hosts
This can be done with a DRS rule or by installing the appliance to local disk storage (not shared)