WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Can you really deploy the vCenter Server Appliance (VCSA) without DNS and NTP?

Can you really deploy the vCenter Server Appliance (VCSA) without DNS and NTP?

10.21.2021 by William Lam // 12 Comments

The simple answer is Yes. Now, you might be wondering why anyone would want to put themselves through the pain without setting up proper DNS and NTP?

Well, not all environments have the luxury of having either outbound connectivity and/or access to basic infrastructure services like DNS and NTP. This may come as a surprise to some, but there are customers out there that need to operate in very unique and constrained environments. One such example of this is typically from customers that need to deploy vSphere in a "dark site" where local infrastructure services like DNS and NTP are not available.


I recently re-validated this deployment model using the latest vSphere 7.0 Update 3 release running on an Intel NUC 11 which had no outbound connectivity and it was only connected to my laptop, which also had no outbound connectivity or access to DNS or NTP. Since this question recently came up from a customer who was looking to automate this, so I ran through the deployment workflow using the VCSA CLI Installer but this should also be possible with VCSA UI Installer as the same options are supported.

OK, so how do you make this work?

NTP

Lets cover the easy one first. If you do not have an NTP server, you can simply configure the VCSA to sync with the underlying ESXi host which is a capability that is provided by VMware Tools, which the VCSA will be running. When using the VCSA UI Installer, you can specify the option as part of the Stage 2 configuration which occurs after the initial VCSA OVA is deployed. When using the VCSA CLI Installer, you simply remove ntp_servers entry and add the configuration setting time_tools_sync with value of true. If you plan on deploying an NTP server after your VCSA has been configured, you can always login to the Virtual Machine Management Interface (VAMI) of the VCSA and change the NTP configuration to sync to an external NTP server.

DNS

When it comes to DNS for the VCSA, there are two diffrent things to consider:

  • DNS resolution of the VCSA itself
  • DNS resolution of external systems and services

The first pertains to whether your VCSA will have a DNS entry in your DNS server that will allow you to resolve it by a fully qualified domain name (FQDN) rather than just an IP Address. Assuming you do not have a DNS server that will be used to configure an FQDN for your VCSA, then you can simply use an IP Address. This has been possible since the inception of the VCSA and when it asks for the system name also known as the Primary Network Identifier (PNID), you simply provide the IP Address. This is something I have used personally in my homelab for many years without any issues. If you decide to use an arbitrary FQDN which is not in your local DNS, then the VCSA will fail to load as the PNID is used throughout the VCSA configuration. One way that folks have workaround this issue when connecting to the VCSA from their workstation is to simply add an entry into their hosts file that maps the FQDN to IP Address. If you only have a single VCSA and you do not want to remember the IP Address, this can be helpful but I normally just remember the IP Address I use for VCSA ๐Ÿ™‚

The second part deals with the DNS server that the VCSA will used for various DNS resolution such as how to reach VMware.com for patches, ESXi hosts connectivity if they were deployed with DNS entries and other services including its own DNS resolution. This is important because, you may not have your own DNS server that can resolve your infrastructure systems like the VCSA and ESXi hosts but you still can reach a DNS server like your local ISP or even Google's DNS (8.8.8.8), then you would use those addresses since the DNS server configuration is a required setting. Now, since we are talking about a dark site where none of this infrastructure exists, what value do you use here? Historically, I would normally use the network gateway as you need to provide an address that is reachable via ICMP. Since my setup was completely isolated and there is no real gateway, I decided to use the localhost address (127.0.0.1) which also works. In VCSA UI Installer, simply use 127.0.0.1 for DNS server and for VCSA CLI Installer, just update dns_servers setting.

If you look at what is actually needed to deploy a VCSA without a DNS and NTP server, it is pretty basic and in my opinion, pretty straight forward. I also know a number of customers who have been doing this for quite some time now. For those that have ran into issues, what I have seen in my experience is that incorrect values were used for either the PNID field and/or DNS server field which then caused an undesired behavior where VCSA is attempting to perform a lookup and of course, DNS is not available and fails the deployment.

For completeness sake, here is fully functional example of the JSON configuration that I had used to deploy my VCSA without DNS and NTP servers.

{
    "__version": "2.13.0",
    "__comments": "Sample template to deploy a vCenter Server Appliance to an ESXi host without a DNS and NTP server",
    "new_vcsa": {
        "esxi": {
            "hostname": "172.30.0.10",
            "username": "root",
            "password": "VMware1!",
            "deployment_network": "VM Network",
            "datastore": "datastore1"
        },
        "appliance": {
            "thin_disk_mode": true,
            "deployment_option": "tiny",
            "name": "VCSA-70u3"
        },
        "network": {
            "ip_family": "ipv4",
            "mode": "static",
            "system_name": "172.30.0.100",
            "ip": "172.30.0.100",
            "prefix": "24",
            "gateway": "172.30.0.1",
            "dns_servers": [
                "127.0.0.1"
            ]
        },
        "os": {
            "password": "VMware1!",
            "time_tools_sync": true,
            "ssh_enable": true
        },
        "sso": {
            "password": "VMware1!",
            "domain_name": "vsphere.local"
        }
    },
    "ceip": {
        "settings": {
            "ceip_enabled": false
        }
    }
}

More from my site

  • Is a DNS server still required when using a Static IP for VCSA?
  • Using PowerCLI to automate the retrieval of VCSA Identity Sources
  • How to deploy the vCenter Server Appliance (VCSA) with a custom MAC Address?
  • How to exclude VCSA UI/CLI Installer from MacOS Catalina Security Gatekeeper?
  • Using PowerCLI to automate the retrieval of VCSA Password Policies

Categories // Automation, VCSA, vSphere 7.0 Tags // dns, ntp, vcenter server appliance, VCSA

Comments

  1. *protectedTom C says

    10/21/2021 at 2:12 pm

    I have no experience with situations whdre resources are this limited. But why not set up a local DNS server? It takes little resources, even if you run Windows server let alone some lightweight Linux distro.

    Still, interesting article.

    Reply
  2. *protectedVirtualCR says

    10/21/2021 at 8:18 pm

    Thank you for the useful information. Is it supported from VMware in production environments or is it suggested only for lab/test purposes?

    Reply
    • William Lam says

      10/21/2021 at 8:30 pm

      The former ๐Ÿ™‚

      Reply
  3. *protectedAhmed H says

    10/23/2021 at 2:44 am

    Thanks for sharing dear William

    Reply
  4. *protectedSteve Galbincea says

    12/09/2021 at 7:05 am

    Once I realized that the hostname needed to be 'localhost' everything worked well deploying to Workstation - thanks for the write up William!

    Reply
  5. *protectedjason says

    12/28/2021 at 6:49 pm

    is changing DNS server to 127.0.0.1 after the vcenter deployment also supported in production environment?
    This sharing is so great!

    Reply
  6. *protectedmarki says

    07/13/2022 at 1:01 am

    Haha, They no longer accept 127.0.0.1 in UI for DNS.
    Actually I'm getting "Failed to run vdcpromo" at stage 2 but I haven't tried everything yet ๐Ÿ˜‰

    Reply
    • *protectedJohn says

      07/29/2022 at 12:59 am

      did you find a solution ?

      Reply
      • *protectedGert says

        12/13/2022 at 8:36 am

        If you use the vCenter IP as DNS, the deployment proceeds. I'd change it back to 127.0.0.1 after deployment though.. You'll never think to change that DNS if you ever change the vCenter IP.

        Reply
    • *protectedTom says

      05/26/2023 at 1:09 am

      on the UI you can install Stage1 using the gateway IP for your DNS IP.
      once Stage1 is completed, putty/SSH into vCenter as root.
      shell.set --enabled true
      shell
      cd /etc/hosts
      vi /etc/hosts
      edit the file to include:
      127.0.0.1 localhost.localdomain localhost
      vCenterIP vCenterhostname
      vCenterIP vsphere.local

      close Putty, Stage2 should now install ok.

      Reply
  7. *protectedrodolphe says

    04/15/2023 at 2:18 pm

    Hello

    In VCSA 8, in the template there is an element we don't see in your tuto.
    What are we supposed to fill ?

    "new_vcsa": {
    "vc": {
    "__comments": [
    "'datacenter' must end with a datacenter name, and only with a datacenter name. ",
    "'target' must end with an ESXi hostname, a cluster name, or a resource pool name. ",
    "The item 'Resources' must precede the resource pool name. ",
    "All names are case-sensitive. ",
    "For details and examples, refer to template help, i.e. vcsa-deploy {install|upgrade|migrate} --template-help"

    Reply
  8. *protectedrodolphe says

    04/15/2023 at 3:33 pm

    Hello

    How to downsize the need of memory (by example for "tiny" to pass from 14Gb to 4) ?

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Tokenย  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...