5

Take the following common scenario... A basic vSphere cluster running two or three hosts, shared storage and a token set of virtual machines under Essentials Plus or greater licensing.

Should HA Admission Control be enabled on such a small setup? Does it make sense?

  • If yes, what are the appropriate parameters?
  • If no, then why is it enabled by default on so many vSphere configurations? (assuming that the majority of vSphere installations are smaller)

This two-host cluster was configured with an admission control policy that "tolerates" one host, hence the Configuration Issues warning. enter image description here

enter image description here

Edit:

I'm also leaning towards NO... Nothing worse than getting this 

Not enough resources to failover this virtual 
machine. vSphere HA will retry when resources 
become available.
warning
2/25/2014 4:57:19 PM
MSSQL
ewwhite
  • 197,159
  • 92
  • 443
  • 809

1 Answers1

4

Usually, no; you probably aren't running environments that will see benefit from it. But it depends on the circumstances.

Admission control acts as a kind of dummy-proofing for HA, to ensure that all the VMs on a dropped host will actually be able to be powered on. But this isn't a risk at all in the vast majority of environments - all a host needs to boot a given VM is enough RAM for the memory overhead of all total running VMs (it doesn't need free CPU, and it doesn't need any free physical RAM, that can all be in swap).. except when the VM has a reservation.

The trick here is in the slot size calculations. See here for more info than you probably care to have on the subject.

Most environments have a lot of VMs with no reservation, and maybe a small handful with a reservation of some type. Those VMs with reservations determine the slot size.. so you can easily find yourself with a cluster at 20% resource usage refusing to power on more VMs.

An environment with no reservations will almost never have admission control complain; it will happily allow you to put yourself in a situation where half of your VM memory is sitting in swap files, because that's not violating a reservation, so it doesn't compromise the ability for the VMs to be started.

The circumstance when HA admission control will help you is when you have lots of reserved resources, potentially to the point where if you lose a host, VMs will be unable to reboot because the running VMs have all resources reserved. In that case, an appropriately aggressive (probably manually tuned with das.slotCpuInMHz and das.slotMemInMB) admission control policy can help you make sure that all VMs will successfully boot in an HA event.

  • If no, then why do I find it enabled on so many vSphere configurations?

Because it's on by default on cluster creation when HA is enabled.

Community
  • 1
Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • But perhaps it shouldn't be default... In the example I give below in my question, I was unable to run an update remediation without disabling HA. In fact, DRS wasn't even really working because of the inappropriate settings. – ewwhite Jun 14 '13 at 06:45
  • @ewwhite In VUM 5.x there's a checkbox in the remediate wizard to have it temporarily turn of admission control, but yeah, it can definitely cause unexpected results and isn't helping in most deployments. My guess is that they leave it as the default so that HA being enabled serves as a guarantee, and that you need to specifically turn off that safeguard. But the incorrect popular assumption is that it serves as capacity planning, blocking you from turning on VMs when you overcommit resources "too much".. which can sometimes be true by accident, but is rarely how it ends up functioning. – Shane Madden Jun 14 '13 at 07:05
  • Yes, there's a checkbox in Update Manager. I ended up walking a support person through this, and noticed how many small clusters were configured this way. – ewwhite Jun 14 '13 at 07:20
  • So when people ask for "n+1" protection at the host level, how can this be achieved with the 2 and 3-host clusters? – ewwhite Sep 16 '13 at 13:02
  • @ewwhite Unless there's a lot of reservations in place, then they already have N+1 even on a two-host cluster with most of its RAM allocated. The problem with this is that there's no guarantee of the quality of the resources - there might be CPU contention, or the systems might be running heavily in host swap due to lack of physical RAM. HA Admission control ensures N+1, so you have it.. but it is not built to provide assurance of quality of the resources. – Shane Madden Sep 16 '13 at 15:20
  • So is Admission Control just a mess? I've started to set my own systems up with a representative slot-size calculations so that Admission Control actually means something. Move this to chat? – ewwhite Sep 16 '13 at 15:32
  • @ewwhite Yeah, it's pretty much a mess - manually set slot sizes can definitely make it worth something, though. Got a meeting in a minute, chat later? – Shane Madden Sep 16 '13 at 15:37