In the following examples, a VMware vSAN Cluster is protected by a Single or Advanced UPS Configuration. vCenter Server is running on a Virtual Machine.
PowerChute can be located on a physical Windows machine outside the vSAN Cluster or deployed as a VM inside the vSAN Cluster. The vCenter Server account configured in PowerChute Network Shutdown must have Administrator permissions on vCenter Server and on each of the ESXi hosts being managed by PowerChute. This can be an Active Directory account or a local user account. For more information see Active Directory VMware Configuration. The vSAN hosts must have SSH access enabled for the vSAN cluster preparation script to run correctly and successfully.
Setup
PowerChute is installed on a physical Windows machine.
Single UPS configuration.
Delay Maintenance Mode is enabled (required for vSAN hosts) with duration set to X seconds.
vCenter Server is running on a VM inside the vSAN Cluster.
vSAN Witness Appliance is deployed on the Management Host and added to the inventory as a Host.
VM Prioritization is enabled.
An Active Directory controller VM is added to the High priority group with appropriate duration for shutdown and startup. This VM needs to be shut down after the vCenter Server VM and started before it.
vCenter Server VM is added to the Medium priority group with appropriate duration for shutdown and startup.
The option to turn off the UPS or Outlet Group is enabled.
A shutdown command file has been configured with a 120 second duration.
When a critical UPS event, such as UPS on Battery occurs the following sequence is triggered:
Shutdown Sequence
PowerChute reports that the UPS is on battery.
Shutdown delay for the On Battery event elapses. PowerChute sends a command to turn off the UPS or Outlet Group.
PowerChute starts VM and vApp shutdown on each Host.
PowerChute gracefully shuts down the vCenter Server VM in the Medium priority group followed by the Active Directory controller VM in the High priority group during VM Shutdown.
VM/vApp Shutdown durations elapse.
PowerChute starts executing the shutdown command file.
Shutdown command file duration elapses and PowerChute starts a Maintenance Mode task on the first vSAN host, and waits the Delay Host Maintenance Mode Duration. If there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
Once the Delay Host Maintenance Mode Duration has elapsed, PowerChute will start a Maintenance Mode task on the next vSAN host, and waits the Delay Host Maintenance Mode Duration. If there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
PowerChute starts a Maintenance Mode task on the Witness Host, waits the Delay Host Maintenance Mode Duration and shuts down the host.
PowerChute starts a Maintenance Mode task on the Management Host, waits the Delay Host Maintenance Mode Duration of X seconds and shuts down the host.
OS shutdown sequence starts on the PowerChute physical machine. After a 70 second delay, the OS starts to shut down.
UPS waits for the duration that is greatest of Low Battery Duration/Maximum Required Delay (Non-Outlet Aware UPS's) or the Outlet Group Power Off Delay.
After this delay, a further non-configurable two-minute delay is counted down.
UPS turns off after the user-configurable Shutdown Delay time has elapsed or the Outlet Group turns off after the power off Delay elapses.
NOTE: In a vSAN configuration, Witness and Management hosts will get placed into Maintenance Mode and shut down after Cluster hosts if Delay Maintenance Mode is enabled. vSAN Hosts are placed into Maintenance mode using “No data migration” for the vSAN data evacuation mode.
Setup
PowerChute is installed on a physical Windows machine.
Single UPS configuration.
Delay Maintenance Mode is enabled (required for vSAN hosts) with duration set to X seconds.
Disable vSphere Cluster Services (vCLS) Duration set to 180 seconds.
Disable HA on Shutdown enabled with a duration of 20 seconds.
vCenter Server is running on a VM inside the vSAN Cluster.
vSAN Witness Appliance is deployed on the Management Host and added to the inventory as a Host.
VM Prioritization is enabled.
An Active Directory controller VM is added to the High priority group with appropriate duration for shutdown and startup. This VM needs to be shut down after the vCenter Server VM and started before it.
vCenter Server VM is added to the Medium priority group with appropriate duration for shutdown and startup.
The option to turn off the UPS or Outlet Group is enabled.
A shutdown command file has been configured with a 120 second duration.
When a critical UPS event, such as UPS on Battery occurs the following sequence is triggered:
Shutdown Sequence
PowerChute reports that the UPS is on battery.
Shutdown delay for the On Battery event elapses. PowerChute sends a command to turn off the UPS or Outlet Group.
PowerChute disables vSphere Cluster Services (vCLS) and High Availability (HA) on the cluster.
After 3 minutes (Disable vSphere Cluster Services (vCLS) Duration = 180, Disable HA Duration = 20), PowerChute starts VM and vApp shutdown on each Host.
PowerChute gracefully shuts down the vCenter Server VM in the Medium priority group followed by the Active Directory controller VM in the High priority group during VM Shutdown.
PowerChute performs cluster stop operations:
PowerChute disables cluster member updates by executing the esxcfg-advcfg -s 1 /VSAN/IgnoreClusterMemberListUpdates SSH command on all protected vSAN nodes.
PowerChute prepares the vSAN cluster for shutdown by executing the python /usr/lib/vmware/vsan/bin/reboot_helper.py prepare command on 1 of the vSAN nodes.
PowerChute starts executing the shutdown command file.
Shutdown command file duration elapses and PowerChute starts a Maintenance Mode task on the first vSAN host, and waits the Delay Host Maintenance Mode Duration. If there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
Once the Delay Host Maintenance Mode Duration has elapsed, PowerChute will start a Maintenance Mode task on the next vSAN host, and waits the Delay Host Maintenance Mode Duration. If there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
PowerChute starts a Maintenance Mode task on the Witness Host, waits the Delay Host Maintenance Mode Duration and shuts down the host.
PowerChute starts a Maintenance Mode task on the Management Host, waits the Delay Host Maintenance Mode Duration of X seconds and shuts down the host.
OS shutdown sequence starts on the PowerChute physical machine. After a 70 second delay, the OS starts to shut down.
UPS waits for the duration that is greatest of Low Battery Duration/Maximum Required Delay (Non-Outlet Aware UPS's) or the Outlet Group Power Off Delay.
After this delay, a further non-configurable two-minute delay is counted down.
UPS turns off after the user-configurable Shutdown Delay time has elapsed or the Outlet Group turns off after the power off Delay elapses.
NOTE: In a vSAN configuration, Witness and Management hosts will get placed into Maintenance Mode and shut down after Cluster hosts if Delay Maintenance Mode is enabled.vSAN Hosts are placed into Maintenance mode using “No data migration” for the vSAN data evacuation mode.
NOTE: PowerChute could be installed on a VM on the Management Host.
Setup
Advanced configuration containing 4 single UPS setups:
UPS Setup 1: PowerChute is installed on a physical Windows machine.
UPS Setup 2: Primary site ESXi Host A, ESXi Host B, ESXi Host C
UPS Setup 3: Secondary site ESXi Host A, ESXi Host B, ESXi Host C
UPS Setup 4: Witness Host and Management Host
Advanced configuration containing 2 single UPS setups:
UPS Setup 1: vSAN Host A, vSAN Host B.
UPS Setup 2: Witness Host and Management Host.
Delay Maintenance Mode is enabled (required for vSAN hosts) with duration set to X seconds.
Execute Virtualization Shutdown on Hosts in all UPS Setups is enabled on UPS #2 (the PowerChute host) and this setting is disabled on UPS #1.
Shut down all Cluster VMs is enabled.
PowerChute virtual appliance is running on the Management Host.
vCenter Server is running on a VM inside the vSAN Cluster on the primary site.
vCenter Server VM is added to the High priority group with appropriate duration for shutdown and startup.
Fault Tolerance Threshold (FTT) is disabled.
The option to turn off the UPS or Outlet Group is enabled.
A shutdown command file has been configured with a 120 second duration.
When a critical UPS event, such as UPS on Battery occurs on UPS #1 on the primary site, the following sequence is triggered:
Shutdown Sequence
PowerChute reports that the UPS #1 protecting the vSAN Cluster is On Battery.
Shutdown delay for the On Battery event elapses. PowerChute sends a command to turn off the UPS or Outlet Group.
PowerChute disables vSphere Cluster Services (vCLS) and High Availability.
PowerChute determines that Fault Tolerance Threshold (FTT) has not been exceeded, since the number of critical groups = 1, which is not greater than the FTT Level of 1. PowerChute starts Virtualization shutdown tasks on the primary site only.
PowerChute migrates the vCenter Server VM in the High priority group during VM Migration. Other VMs are also migrated to Hosts on the secondary site during this step.
Any VMs or vApps that could not be migrated are shut down.
After 3 minutes (Disable vSphere Cluster Services (vCLS) Duration = 180, Disable HA Duration = 20), PowerChute starts VM and vApp shutdown on each Host.
After 120 seconds (VM/vApp Shutdown Duration), PowerChute performs cluster stop operations:
a. PowerChute disables cluster member updates by executing the esxcfg-advcfg -s 1 /VSAN/IgnoreClusterMemberListUpdates SSH command on all protected vSAN nodes.
b. PowerChute prepares the vSAN cluster for shutdown by executing the python /usr/lib/vmware/vsan/bin/reboot_helper.py prepare command on 1 of the vSAN nodes.
After 120 seconds (Cluster stop operations delay), PowerChute starts executing the shutdown command file.
Shutdown command file duration elapses and all vSAN Cluster Hosts enter Maintenance Mode using No Action as FTT is disabled and the entire cluster is protected by 1 UPS.
Shutdown command file duration elapses and PowerChute starts a Maintenance Mode task on the first vSAN host on the primary site with "Ensure Data Accessibility" as FTT is not exceeded. The Delay Host Maintenance Mode Duration is waited and if there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
PowerChute starts a Maintenance Mode task on the next vSAN host on the primary site with "Ensure Data Accessibility". The Delay Maintenance Mode Duration is waited and if there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
PowerChute starts a Maintenance Mode task on the next vSAN host on the primary site with "Ensure Data Accessibility". The Delay Maintenance Mode Duration is waited and if there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
UPS waits for the duration that is greatest of Low Battery Duration/Maximum Required Delay (Non-Outlet Aware UPS's) or the Outlet Group Power Off Delay.
After this delay, a further non-configurable two-minute delay is counted down.
UPS turns off after the user-configurable Shutdown Delay time has elapsed or the Outlet Group turns off after the power off Delay elapses.
NOTE: In a vSAN configuration, Witness and Management hosts will get placed into Maintenance Mode and shut down after Cluster hosts if Delay Maintenance Mode is enabled.
NOTE: If Fault Tolerance Threshold (FTT) is enabled, vSAN hosts are placed into Maintenance Mode using "Ensure Data Accessibility" if the number of critical groups is less than or equal to the FTT Level.
Putting a host into Maintenance Mode with "Ensure Data Accessibility" can trigger data re-synchronization on the host. In this event, PowerChute will wait until the data re-synchronization is complete (with retry limit) before placing the host into maintenance mode and shutting it down. See Host Maintenance Mode for more information.
Setup
Advanced configuration containing 4 single UPS setups:
UPS Setup 1: PowerChute is installed on a physical Windows machine.
UPS Setup 2: ESXi Host A
UPS Setup 3: ESXi Host B
UPS Setup 4: ESXi Host C
Advanced configuration containing 2 single UPS setups:
UPS Setup 1: PowerChute is installed on a physical Windows machine.
UPS Setup 2: vSAN Host A, vSAN Host B, vSAN Host C.
Delay Maintenance Mode is enabled (required for vSAN hosts) with duration set to X seconds.
Fault Tolerance Threshold is disabledenabled, FTT Level is set to 1.
Shut down all Cluster VMs is enabled.
vCenter Server is running on a VM inside the vSAN Cluster.
vCenter Server VM is added to the High priority group with appropriate duration for shutdown and startup.
The option to turn off the UPS or Outlet Group is enabled.
A shutdown command file has been configured with a 120 second duration.
Execute Virtualization Shutdown on Hosts in all UPS Setups is enabled on UPS #1 (the PowerChute host) and this setting is disabled on UPS #1.
Shutdown Sequence
PowerChute reports that the UPS #2 protecting the vSAN Cluster is On Battery.
Shutdown delay for the On Battery event elapses. PowerChute sends a command to turn off the UPS or Outlet Group.
PowerChute disables vSphere Cluster Services (vCLS) and High Availability.
After 3 minutes (Disable vSphere Cluster Services (vCLS) Duration = 180, Disable HA Duration = 20), PowerChute starts VM and vApp shutdown on each Host.
After 120 seconds (VM/vApp Shutdown Duration), PowerChute gracefully shuts down the vCenter Server VM in the High priority group.
After 60 seconds (vCenter Server VM Duration), PowerChute performs cluster stop operations:
a. PowerChute disables cluster member updates by executing the esxcfg-advcfg -s 1 /VSAN/IgnoreClusterMemberListUpdates SSH command on all protected vSAN nodes.
b. PowerChute prepares the vSAN cluster for shutdown by executing the python /usr/lib/vmware/vsan/bin/reboot_helper.py prepare command on 1 of the vSAN nodes.
After 120 seconds (Cluster stop operations delay), PowerChute starts executing the shutdown command file.
Shutdown command file duration elapses and all vSAN Cluster Hosts enter Maintenance Mode using No Action as FTT is disabled and the entire cluster is protected by 1 UPS.
The OS Shutdown Command is issued and an additional 70 second delay is counted down before the operating system on the physical machine running PowerChute starts to shut down.
UPS waits for the duration that is greatest of Low Battery Duration/Maximum Required Delay (Non-Outlet Aware UPS's) or the Outlet Group Power Off Delay.
After this delay, a further non-configurable two-minute delay is counted down.
UPS turns off after the user-configurable Shutdown Delay time has elapsed or the Outlet Group turns off after the power off Delay elapses.
When a critical UPS event, such as UPS on Battery occurs on a host in the vSAN Cluster, for example, ESXi Host C, the following sequence is triggered:
Shutdown Sequence
PowerChute reports that the UPS Setup 3 (ESXi Host C) is On Battery .
Shutdown delay for the On Battery event elapses. PowerChute sends a command to turn off the UPS or Outlet Group.
PowerChute determines that Fault Tolerance Threshold has not been exceeded, since the number of critical groups = 1 which is not greater than the FTT Level of 1. PowerChute starts Virtualization Shutdown tasks on ESXi Host C . PowerChute migrates VMs to non-critical Hosts (ESXi Host A, ESXi Host B) in the vSAN Cluster
VM Migration durations elapse. PowerChute starts VM/vApp Shutdown.
VM/vApp Shutdown durations elapse. PowerChute starts executing the shutdown command file.
Shutdown command file duration elapses and PowerChute starts a Maintenance Mode task on ESXi Host C with "Ensure Data Accessibility" as FTT Level is not exceeded. The Delay Host Maintenance Mode Duration is waited and if there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
UPS waits for the duration that is greatest of Low Battery Duration/Maximum Required Delay (Non-Outlet Aware UPS's) or the Outlet Group Power Off Delay.
After this delay, a further non-configurable two-minute delay is counted down.
UPS turns off after the user-configurable Shutdown Delay time has elapsed or the Outlet Group turns off after the power off Delay elapses.
NOTE: If Fault Tolerance Threshold (FTT) is enabled, vSAN hosts are placed into Maintenance Mode using "Ensure Data Accessibility" if the number of critical groups is less than or equal to the FTT Level.
Putting a host into Maintenance Mode with "Ensure Data Accessibility" can trigger data re-synchronization on the host. In this event, PowerChute will wait until the data re-synchronization is complete (with retry limit) before placing the host into maintenance mode and shutting it down. See Host Maintenance Mode for more information.
When a critical UPS event, such as UPS on Battery occurs on a host in the vSAN Cluster, for example, ESXi Host B, the following sequence is triggered:
NOTE: ESXi Host C is already critical.
Shutdown Sequence
PowerChute reports that the UPS Setup 2 (ESXi Host B) is On Battery .
Shutdown delay for the On Battery event elapses. PowerChute sends a command to turn off the UPS or Outlet Group.
PowerChute determines that Fault Tolerance Threshold has been exceeded since the number of critical groups = 2 which is greater than the FTT Level of 1.
PowerChute starts Virtualization Shutdown on critical host ESXi Host B and non-critical host ESXi Host A as Shut down all Cluster VMs is enabled.
VM Migration durations elapse. PowerChute starts VM/vApp Shutdown.
PowerChute gracefully shuts down the vCenter Server VM in the High priority group during VM Shutdown of ESXi Host A.
VM/vApp Shutdown durations elapse. PowerChute starts executing the shutdown command file.
Shutdown command file duration elapses and PowerChute starts a Maintenance Mode task on ESXi Host B with "No Data Migration" action as FTT Level has been exceeded. The Delay Maintenance Mode Duration is waited and if there is a vSAN synchronization active, PowerChute will wait the specified vSAN Synchronization Duration and check if it has completed with respect to the value set for "vsan_synch_retry_time" in the pcnsconfig.ini file until data re-synchronization is no longer active, or the retry limit has been reached. PowerChute then shuts down the host.
UPS waits for the duration that is greatest of Low Battery Duration/Maximum Required Delay (Non-Outlet Aware UPS's) or the Outlet Group Power Off Delay.
After this delay, a further non-configurable two-minute delay is counted down.
UPS turns off after the user-configurable Shutdown Delay time has elapsed or the Outlet Group turns off after the power off Delay elapses.