VMware Platform Services Controller

What is the VMware Platform Services Controller? With vSphere 6, VMware updated the architecture for vCenter. One of those changes was the introduction of the Platform Services Controller, or PSC. The PSC combines a number of components, including those that used to be deployed independently, like vCenter Single Sign-On, or were part of vCenter, such as the license service, into a single product. This simplifies deployment and allows vCenter to be a more focused product itself.

Under the Hood

So what’s actually included in the Platform Services Controller? Here’s the official list:

  • VMware Appliance Management Service*
  • VMware Authentication Framework
  • VMware Certificate Service
  • VMware Common Logging Service
  • VMware Component Manager
  • VMware Directory Service
  • VMware HTTP Reverse Proxy
  • VMware Identity Management Service
  • VMware License Service
  • VMware Security Token Service
  • VMware Service Control Agent
  • VMware Syslog Health Service

* Only when PSC is deployed as an appliance.

The little footnote above hints that PSC can be deployed as an appliance, but isn’t restricted to that. Indeed, PSC can be deployed either as a virtual appliance or on a Windows Server based system, either physical or virtual. That’s just the start of all the deployment permutations possible for PSC.

That Poor Cat

So PSC can be an appliance or installed on Windows Server. Typically you’ll find that it’s convenient to mirror the approach you’re taking with vCenter, which can also be deployed as an appliance or installed on Windows Server. If you were to ask me, I’d strive to go with the appliance model. There are less licensing concerns about operating systems and databases, and VMware has some appliance-exclusive features on the horizon.

After the appliance vs. Windows Server decision is made (go appliance!), there are still many ways to skin the PSC deployment. Let’s look at VMware’s recommended topologies for PSC and vCenter. Needless to say, the titles I use here for the topologies are my own, and do not come from VMware. So fair warning if you use them while on a support call and meet an uncomfortable silence on the line.

The Lone Wolf


A single deployment including both vCenter and PSC on the same box. The simplest, and least fault tolerant, deployment you can pick.


  • 1 Single Sign-On Domain
  • 1 Single Sign-On Site
  • 1 vCenter Server with Embedded Platform Services Controller

Path to Multiple Fault Domains


Scale out the vCenters! This adds a bit of load distribution by accounting for one or more vCenter servers. Still has single points of failure.


  • 1 Single Sign-On Domain
  • 1 Single Sign-On Site
  • 1 External Platform Services Controller
  • 1+ vCenter Server

Path 2 Multiple Fault Domains 2: 2’s Company


We can now accommodate multiple sites. This provides service locality within the sites, as well as allowing us to split the guests between multiple vCenters.


  • 1 Single Sign-On Domain
  • 2+ Single Sign-On Sites
  • 2+ External Platform Services Controllers
  • 2+ vCenter Servers

With a Little Help From My Friends


This model introduces a third-party load balancer into the mix, but we’re back to a single site. Note that the load balancer is for handling connections to the PSC instances. This provides high availability for the PSC’s, but alas, HA for vCenter still eludes us.


  • 1 Single Sign-On Domain
  • 1 Single Sign-On Site
  • 2+ External Platform Services Controllers
  • 1+ vCenter Server
  • 1 3rd Party Load Balancer

Getting the Band Back Together


Extending the load balancer approach to multiple sites.


  • 1 Single Sign-On Domain
  • 2 Single Sign-On Sites
  • 2+ External Platform Services Controllers
  • 1+ vCenter Server
  • 2 3rd Party Load Balancers

How to Lose Friends And…


Somewhere along the way we’ve lost the load balancers. This model effectively provides a dedicated PSC per vCenter. A bit heavy, but does the trick if you don’t have, or don’t want to rely on, third party load balancers.


  • 1 Single Sign-On Domain
  • 2 Single Sign-On Sites
  • 2+ External Platform Services Controllers
  • 1+ vCenter Server

Romancing the Keystone

Looking at the topologies, even the way they’re drawn, it’s clear that PSC is the keystone to a successfully deployed vSphere environment. vCenter and a whole raft of other VMware products depend on its components to get do their job. Being familiar with the PSC, what it is and how it’s deployed, will serve you well as you design and work with your vSphere environments.

Featured image photo by sagesolar

Dee Abson

Dee Abson is a technical architect from Alberta, Canada. He's been working in the field of technology for over 20 years and specializes in server and virtualization infrastructure. Working with VMware products since ESX 2, he holds several VMware certifications. He was awarded VMware vExpert for 2014-2020. You can find him on Twitter.

You may also like...

10 Responses

  1. @deeabson says:

    New Post: VMware Platform Services Controller https://t.co/vw45medToH #design #vdm30in30

  2. @xinity_bot says:

    VMware Platform Services Controller https://t.co/ACcuQe6jbx #General #Design

  3. @deeabson says:

    ICYMI: VMware Platform Services Controller https://t.co/meWKp5wr0L #design #vdm30in30

  4. @deeabson says:

    ICYMI: VMware Platform Services Controller https://t.co/kMdCu5xgoZ #design #vdm30in30 #ICYMI

  5. @kfalconspb says:

    RT @erailine: #VMware #vSphere Platform Services Controller #PSC https://t.co/VaEX3fkQAD https://t.co/aBi0Y1mlSr

  6. @deeabson says:

    ICYMI: VMware Platform Services Controller https://t.co/c3LapLDAjv #design #vdm30in30 #vExpert

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: