By release of vSphere 6.0 Update 1 VMware introduce Platform Service Controller to separate management and controlling some of important services like SSO, as the virtual infrastructure athentication broker, licensing service to manage vsphere licenses, lookup service and also Certificate Authority (VMCA). when you install vcenter components for the first time, you should install PSC before all or join your vcenter server to another installed PSC in the post-installation execution of vcenter server.
If you want to install a new PSC server you can select one of these two way: Embedded (Setup with vCenter server togather in one Server/VM/Appliance) or External (Separated from vCenter Server/VM/Appliance).
Now there is an ambiguous question, which of these ways is better for us to setup?
As a broad concept view, embedded is better for small or medium environment and external is suitable for enterprise, but let's check more details:
The first and important point is network connection between PSC and VC servers when you decide to install in external mode. If any connectivity lose happened or a physical accident cause outage on connection between two server, all components of virtual infrastructure will be compromised. Although role of DNS servers that provides name resolution is now very important, because any issue on this service will cause connection problem.
So if you want to setup external PSC, you must provide a high-reliable and fully-redundant network connections between VC and PSC (physical servers or their ESXi hosts if you setup on VM/VA) so it's management will be more complex (fewer physical or Virtual Server made management procedures easier and simpler, and no need to more licenses for their OS too.)
After release of vSphere 6.5 update 2 you can join other instances of VC with embedded PSC to enable enhanced linked mode (15 VCSA instance as a single inventory view) and it's a perfect improvement from VMware. So one of the main reason of choosing external PSC has been set aside.
When you provide embedded PSC you cannot provision windows and linux-appliance in mixed-OS environment. (On later versions embedded PSC linked mode was not supported for windows-based vCenter server and only available on VCSA, but thanks to VMware, i think it's fixed in vSphere 6.7 update 1 Build 10244745, because we could join an embedded VCSA to an embedded WBVC in our pilot environment today)
However it's possible to migrate PSC from embedded mode to external after deployment, but first of all it's recommended take a backup from VC / PSC servers, then VC must be reconfigured to an external PSC before pointing it to a new external PSC in different domain name. (Embedded re-pointing is supported only by vCenter 6.7 Update 1)
As the last hint, vCenter High Availability feature can be activated in embedded PSC and only vCenter Server standard license is enough to enable HA (Note that VCHA is only available for VCSA not WBVC). So this method of PSC provisioning will be simplified and there is no need to use Load-Balancer for PSC and VC servers/VMs/VAs.
