When having more than once vCenter installation within our datacenter, as part of the best practices, it is recommended to have a centralized Platform Services Controller (PSC). Most of the vCenter Server installations work with an embedded version of the PSC.


PSC was introduced on vSphere 6, this includes services such as Single Sign-on (SSO), licensing and VMCA. PSCs replicate information such as Licenses, roles, and permissions, the external PSC can be deployed as a virtual machine.


The advantage of having an embedded Platform Services Controller (PSC) is that the communication does occur across the network, less Windows licenses (in case that is deployed on a Windows installation) and does not require the use of load balancers.


The advantage of having an external PSC is the support for Enhanced Linked mode and HA across multiples PSCs.


Things that PSCs handle:

VMware Appliance Management Service (only in Appliance-based PSC)
VMware License Service
VMware Component Manager
VMware Identity Management Service
VMware HTTP Reverse Proxy
VMware Service Control Agent
VMware Security Token Service
VMware Common Logging Service
VMware Syslog Health Service
VMware Authentication Framework
VMware Certificate Service
VMware Directory Service


Important: You better implement an external PSC if you want to use more than one vCenter.


For this tutorial, we are going to deploy and external PSC running on a VM.

  • Make sure to mount the VCSA iso and run the installer, do not forget to accept the End User License Agreement



  • Connect to the vCenter or ESXi that you want to host the PSC VM.



  • Select the Datacenter


  • Select the resource where to deploy the VM.



  • Time to specify the VM’s settings (Password & Appliance Name)


  • Here is the important part, we must select Install Platform Services Controller under External Platform Services Controller


  • Join your existing Single Sign-on domain – This is very important if you want to repoint the embedded to an external PSC.



  • Also, join the Sign-on Site


  • Selec the data store and provide the Network Settings of the new VM.


Once deployed it is time to repoint our vCenter to the external PSC. You must SSH in the VCSA and run:



cmsso-util reconfigure --repoint <External-psc-Machine> --username <username> --domain-name <domain> --passwd <password>

cmsso-util reconfigure --repoint lab-psc01.jperales.com --username administrator --domain-name vsphere.local --passwd [email protected]


Resulting as:



Hope you enjoyed it.




Buy me a coffeeBuy me a coffee