Bad Idea: Disabling HA Admission Control With vCloud

Gabe has written up a really nice article recently about HA Admission Control you should read.  It made me think of a very recently conversation I had with some folks about HA Admission Control and vCloud Director specifically.  Namely, the fact they disabled it entirely.  Even when I was a vSphere administrator, before I was more educated, I made the same mistakes of disabling HA admission control.  When I talk to people now at least 9 times out of 10 people who have disabled HA Admission Control did it because “No more virtual machines would power on”….Yeah of course! It was doing its job, ensuring that what was running would be able to power on in the event of a failure.  The other reason is I think people felt they could be smarter than the feature itself.  For whatever reason you basically are turning off the “Virtual Bouncer” as my friend Frank Denneman so eloquently put it the other day on a Skype call.

I have seen it get disabled so many times to “Power on Just one more Machine”, but that excuse gets repeated 100 times over, without actually addressing the real problem which is usually cluster capacity.  Or worse yet HA admission control gets disabled on a cluster never to be re-enabled again, because the vSphere administrators got to busy and forgot.  Then months later when the cluster is falling down with no more capacity, OR a host actually fails and things don’t power on  they blame vSphere.  After you investigate you see that HA admission control was in fact disabled, most times without a proper change request.  Okay, can you tell I have seen this one too many times?

Now what about vCloud Director and HA admission control?  Well the same rules still apply, but it’s even more important in my mind.  This is because you don’t only have vSphere administrators adding virtual machines, you have consumers doing it.  Without HA admission control, vCloud Director has no idea that the cluster can or cannot support a failure.  That is a vSphere function to tell vCloud Director when the tank is full.  If you go under the covers and mess with HA admission control under vCloud Director, you add the potential to over subscribe your provider vDC cluster.

Don’t forget in reading Gabe’s article that if you knew it or not HA Admission Control uses per virtual machine reservations.  in vCloud director, there are TWO allocation models that assign per virtual machine reservations Specifically.  Pay as you go and Allocation pool, do this, and you can read more about that in this article.  Per mine and Duncan’s comments in Gabe’s article you also do not want to forget about overhead reservation with or without vCloud Director.

The real trick is to make sure you configure HA admission control policy for the best fit to your needs.  Many people still use N+1, but more people are starting to use percentage based.  Then be sure to add capacity to those clusters that are the provider vDC’s behind vCloud Director.  Simply disabling it will do nothing for you but get you in a situation that will be hard to level back out.  I treat HA admission control with vCloud Director like DRS…Don’t Disable DRS….or HA admission control.  If someone can provide me with some valid useful reasons why you would want to disable it I’m all ears.