Access control is one of the most confusing concepts of the day, because it is often disabled, and when availability needs to be secured, access control is required, is this the reason for enabling ha to configure it first?
What is HA access control? Why does ha contain the concept of an access control? The availability guide points to the following points:
Reference
Vcenter Server uses access control to ensure that there is sufficient resources in the cluster to provide fault protection while ensuring that the virtual machine has sufficient reserved resources.
Please read the reference again, in fact vcenter is responsible for access control, and contrary to what many people think, although this may seem like a common fact, it is important to understand that access control does not allow HA trigger reboots, ha triggers reboot on the host layer, and do not pass vcenter.
As is said, access control guarantees that the cluster has sufficient reserved resources available to allow the HA to trigger failover, and it calculates the required capacity based on the resources available to the cluster failover. In other words, if a host is placed in maintenance mode or disconnected, the resource is removed from the calculation formula, and if a host fails or is not responding but has not been removed from the cluster, the resource is in the calculation formula, and "available resources" represents the resource that has been subtracted from the total for the virtual machine overhead.
For instance, Vmkernel memory is the total amount of memory minus the memory of the virtual machine memory, when you study different access control strategy, here is a difficult point to you, when the access control is turned on, HA is unable to limit it, that is, it always ensure that many hosts start and run strategy, Hosts that include manual maintenance mode. For example, VMware Distributed power Management (DPM), therefore, if the host is stuck when attempting to enter maintenance mode, keep in mind that it is possible that HA does not allow the host to run in maintenance mode because it violates the access control policy, in which case the user can manually migrate the virtual machines on the host and then turn off the virtual machines , or temporarily turn off access control to allow the host to enter maintenance mode.
In the Vsphere 4.1 and earlier versions, when you disable access control, turn on distributed power management, it may seriously affect availability, when access control is disabled, DPM will turn off all the hosts to reduce power consumption, in addition to 1 standby mode of the host, when this host failure, there is no standby host , this can cause some trouble and alarm, and in Vsphere 5.0, this behavior has changed, and when distributed power management is turned on, HA will ensure that at least 2 hosts are powered on at any time to ensure the availability of failed cluster transfers.
In Vsphere 4.1, when the HA triggers a failed cluster transfer, when the host exits standby mode, DPM is fairly intelligent to ensure that there is sufficient resources, and if resources are not available, Ha waits for DPM to provide sufficient resources and then attempts to restart the virtual machine, in other words, The number of retries (mode 5) will not be wasted with insufficient resources.
If you still use the old version of vsphere, or "God protection" VI3 version, because only one host on standby, so you should consider the end of them, when a specific host failure or resources are more nervous, it may cause potential problems, may not be able to open the virtual machine host available, This scenario description can look at the Knowledge Base article http://kb.vmware.com/kb/1007006.
Access Control Strategy
The mechanism of access control ensures that adequate resources are available when HA initiates cluster failover, this section provides an overview of access control policies, and describes the impact of each strategy, including our recommendations, in the following sections. Ha has three mechanisms to ensure that virtual machines have sufficient resources available.
Figure 26 Access control strategy
Below we list the access control policies for all three options currently available. Each option has a different mechanism to ensure that resources are available for failover, and each option has its considerations.
Access control mechanism
Each access control strategy has its own access control mechanism. It is important to understand these access control mechanisms when you are designing a cluster to identify the impact of each strategy. For example, to reserve specific virtual machine resources to ensure the corresponding proportions, this section will be through the access control strategy and their respective mechanisms and algorithms to more in-depth understanding of it.