introducing vmware validated design - vmware validated ... · after you download all sddc products,...
TRANSCRIPT
Introducing VMwareValidated Design
Modified on 03 SEP 2019VMware Validated Design 5.1VMware Validated Design for Software-Defined DataCenter 5.1
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com
Copyright © 2016-2019 VMware, Inc. All rights reserved. Copyright and trademark information.
Introducing VMware Validated Design
VMware, Inc. 2
Contents
About Introducing VMware Validated Design for Software-Defined Data Center 4
1 Features of VMware Validated Designs 5
2 SDDC Architectures 7
3 Design Objectives of VMware Validated Designs 10
4 Automated Deployment of VMware Validated Designs 14
5 Workload Domains in VMware Validated Design 15
6 Documentation Structure and Audience 20
7 Post-Deployment Documentation and Technical Notes 25
8 Overview of Standard SDDC 28Physical Infrastructure Layer in Standard SDDC 29
Virtual Infrastructure Layer in Standard SDDC 31
Operations Management Layer in Standard SDDC 35
Cloud Management Layer in Standard SDDC 43
Business Continuity Layer in Standard SDDC 45
Multiple Availability Zones in Standard SDDC 47
9 Overview of Consolidated SDDC 51Physical Infrastructure Layer in Consolidated SDDC 51
Virtual Infrastructure Layer in Consolidated SDDC 54
Operations Management Layer in Consolidated SDDC 57
Cloud Management Layer in Consolidated SDDC 64
Business Continuity Layer in Consolidated SDDC 65
10 Overview of ROBO SDDC 67Physical Infrastructure Layer in ROBO SDDC 67
Virtual Infrastructure Layer in ROBO SDDC 70
Operations Management Layer in ROBO SDDC 73
Cloud Management Layer in ROBO SDDC 79
Business Continuity Layer in ROBO SDDC 80
VMware, Inc. 3
About Introducing VMware ValidatedDesign for Software-Defined Data Center
The Introducing VMware Validated Design for Software-Defined Data Center guide provides directions onusing the content of VMware Validated Design™ for Software-Defined Data Center. The guide alsocontains a high-level overview of the Software-Defined Data Center (SDDC) design supported in thisVMware Validated Design version.
Introducing VMware Validated Design for Software-Defined Data Center focuses on providing guidanceabout using the VMware Validated Design and includes the following information:
n Design objectives
n Document structure and purpose
n Supported VMware product versions
n SDDC design overview
Intended AudienceIntroducing VMware Validated Design for Software-Defined Data Center is intended for cloud architects,infrastructure administrators, cloud administrators and cloud operators who want to get familiar withVMware Validated Design to deploy and manage an SDDC that meets the requirements for capacity,scalability, business continuity and disaster recovery.
Required SoftwareIntroducing VMware Validated Design for Software-Defined Data Center is compliant and validated withcertain product versions. See VMware Validated Design Release Notes for more information aboutsupported product versions
VMware, Inc. 4
Features of VMware ValidatedDesigns 1Use VMware Validated Designs to build a Software-Defined Data Center that is based on managementcomponents by VMware, and has a scalable and best-practice configuration.
VMware Validated Designs have the following advantages:
One path to SDDC After you satisfy the deployment requirements, follow one consistent pathto deploy an SDDC.
VMware Validated Designs offer a tested solution path with informationabout product versions, networking architecture, capabilities, andlimitations.
SDDC design for use inproduction
A VMware Validated Design supports an SDDC that has the followingfeatures:
n High-availability of management components
n Backup and restore of management components
n Monitoring and alerting
n Disaster recovery of management components
n Protection of management application by using NSX DistributedFirewall
Validated design anddeployment
The prescriptive documentation of a VMware Validated Design iscontinuously validated by VMware.
Validation provides the following advantages to your organization:
n Validated product interoperability
n Validated SDDC features
n Churn rate of tenant workloads
n High availability of management components
n Operational continuity
n Design with dual-region support in mind
VMware, Inc. 5
n Reduced risk of deployment and operational problems
n Reduced test effort
Fast SDDC standup You can implement a data center without engaging in design work andproduct research. After you download all SDDC products, follow thedetailed design and step-by-step instructions.
Support for latestproduct releases
Every version of a VMware Validated Design accommodates new productreleases. If you have deployed an SDDC according to an earlier version ofa VMware Validated Design, you can directly follow the validated design toupgrade your environment.
Foundation ofscenarios for industrysegments
This VMware Validated Design provides the foundation for implementingscenarios for individual organizations or industry segments, such as micro-segmentation, IT automating IT, and intelligent operations.
Introducing VMware Validated Design
VMware, Inc. 6
SDDC Architectures 2VMware Validated Design supports several SDDC architectures according to the requirements of yourorganization and the resource capabilities of your environment. Implement a dual-region architecture forworkload provisioning and disaster recovery according to production best practices, and extend it withmultiple Remote Office and Branch Office (ROBO) sites. If you are working on an SDDC proof-of-concept,or plan to deploy a small-scale environment and extend it according to tenant adoption, implement aconsolidated architecture in a single region.
High-Level Logical Design of the SDDCThe SDDC according to VMware Validated Design for Software-Defined Data Center contains the mainservices that are required to cover workload provisioning, operations management and businesscontinuity.
VMware, Inc. 7
Figure 2-1. Logical Design of the SDDC
vRealizeLog Insight
launch in context,notification events,
UI integration
load balancing,logical switching,logical routing,
logical firewalling
load balancing,logical switching,logical routing,
logical firewalling
vSphere Cluster
monitorfailover
failover
failover and VM replication orchestration
central user management
central user management
central user management
inventory information
patch and upgrade
central management of virtual infrastructure
vRealizeOperationsManager
vRealizeBusiness
vRealizeOrchestrator
vRealizeAutomation
VMware Skyline
advanced blueprint provisioning workflows
virtualnetworkingprovisioningrequests
VM provisioningrequests
patchbinaries
download
Site RecoveryManager/ vSphere
Replication
vSphere Storage APIs-Data
Protection-based solution
Update ManagerDownload Service
ActiveDirectory
ESXi
NSX Data Center for vSphere
ESXi ESXi ESXi
workloadcost
management
vSphere UpdateManager
vCenter Server
Platform ServicesController
authentication management,certificate management
backup and restore
backup and restore
authentication management
authentication management
proactive support
proactive support
proactive support
backupand
restore
vRealize SuiteLifecycle Manager
workload metrics
load balancing,logical switching,logical routing,logical firewalling
lifecycle and configurationdrift management
lifecycle and configurationdrift management
management VM provisioning request
monitor
failover
backupand
restore
backupandrestore
monitor
lifecycle and configurationdrift management
lifecycle and configurationdrift management
monitor
SDDC ArchitecturesThe VMware Validated Design for Software-Defined Data Center family provides the following SDDCimplementations:
Introducing VMware Validated Design
VMware, Inc. 8
SDDC Architecture Product Name Description
Standard SDDC VMware Validated Design for Software-Defined Data Center
Implements a production-ready SDDC thatis dual-region, each region deployed ontwo workload domains - management andvirtual infrastructure.
Consolidated SDDC VMware Validated Design forManagement and WorkloadConsolidation
Consolidates the resources that are usedin the Standard SDDC to provide a single-region environment with a smallerhardware footprint and less strictavailability. For example, you can use thisdesign in a smaller environment with lessvirtual machines, or as a proof of conceptor production pilot.
ROBO SDDC VMware Validated Design for RemoteOffice and Branch Office
Extends the Standard SDDC with supportfor remote offices that are located at adistance from the main office. The mainoffice runs an instance of the StandardSDDC.
The ROBO SDDC provides decentralizedmanagement, such as on-site vCenterServer and NSX Manager, but connects toan existing Standard SDDC over a WANlink. Monitoring and cloud managementfunctions are centralized.
Introducing VMware Validated Design
VMware, Inc. 9
Design Objectives of VMwareValidated Designs 3According to the SDDC implementation type, a VMware Validated Design has a number of objectives todeliver prescriptive content about an SDDC that is fast to deploy and is suitable for use in production.
Table 3-1. Objectives of VMware Validated Design for Software-Defined Data Center
VMware Validated Design Objective Description
Main objective SDDC capable of automated provisioning of workloads
Scope of deployment Greenfield and brownfield deployment of the SDDC management components
Cloud type Private cloud
Number of regions and disaster recoverysupport
Dual-region SDDC that supports disaster recovery
The documentation provides guidance for a deployment that supports tworegions for failover in the following way:
n The design documentation provides guidance for an SDDC whosemanagement components are designed to operate in the event of plannedmigration or disaster recovery. This part also includes design of thecomponents that support the failover.
n The deployment documentation provides guidance for an SDDC thatsupports two regions for both management and tenant workloads.
n The operational guidance contains detailed instructions about performingdisaster recovery and planned migration.
Maximum number of virtual machines n 10,000 running virtual machines
n Churn rate of 150 virtual machines per hour
Churn rate is related to provisioning, power cycle operations, anddecommissioning of one tenant virtual machine by using a blueprint in the cloudmanagement platform. A churn rate of 100 means that 100 tenant workloads areprovisioned, pass the power cycle operations, and are deleted.
VMware, Inc. 10
Table 3-1. Objectives of VMware Validated Design for Software-Defined Data Center(continued)
VMware Validated Design Objective Description
Number of workload domains in a region Two-domain setup, with minimum 4 VMware ESXi™ hosts in a domain
The validated design requires the following workload domains for SDDCdeployment:
n Management domain. Contains the virtual machines of the managementproducts.
n Virtual infrastructure workload domain
n Contains the tenant workloads.
n Contains the required services based on VMware NSX® Data Center forvSphere® or on VMware NSX-T™ Data Center to enable North-Southrouting between the SDDC and the external network, and East-Westrouting inside the SDDC.
See Chapter 5 Workload Domains in VMware Validated Design.
Data center virtualization n Compute virtualization
n Software-defined storage in the management cluster
n Network virtualization
Scope of guidance n Storage, compute and networking for the management cluster.
n Number of hosts, amount of storage and configuration.
n Deployment and initial setup of management components at the levels ofinfrastructure, cloud management platform, and operations.
n Basic tenant operations such as creating a tenant, assigning tenantcapacity, configuring user access, and adding virtual machines to a servicecatalog from single-machine blueprints.
n Operations on the management components of the SDDC such asmonitoring and alerting, backup and restore, post-maintenance validation,disaster recovery and upgrade.
Overall availability 99% availability
Planned downtime is expected for upgrades, patching, and on-goingmaintenance.
Authentication, authorization, and access control n Use of Microsoft Active Directory as a central user repository.
n Use of service accounts with minimum required authentication and AccessControl List configuration.
n Use of basic tenant accounts.
Certificate signing Certificates are signed by an external certificate authority (CA) that consists of aroot and intermediate authority layers.
Hardening Tenant workload traffic can be separated from the management traffic.
The design uses a distributed firewall to protect all management applications. Tosecure the SDDC, only other management solutions and approvedadministration IP addresses can directly communicate with individualcomponents.
Introducing VMware Validated Design
VMware, Inc. 11
Table 3-2. Objectives of VMware Validated Design for Management and WorkloadConsolidation
VMware Validated Design Objective Description
Main objective SDDC capable of automated provisioning of workloads
Scope of deployment Greenfield deployment of the SDDC management components
Cloud type Private cloud
Number of regions and disaster recoverysupport
Single-region SDDC that you can scale out to dual-region.
Maximum number of virtual machines n 1,500 running virtual machines
n Churn rate of 50 virtual machines per hour
Number of clusters in a region 1-cluster setup, with minimum 4 ESXi hosts in the cluster
The 1-cluster validated design includes a consolidated virtual infrastructure layerfor management, edge and compute components.
Data center virtualization n Compute virtualization
n Software-defined storage in the consolidated cluster
n Network virtualization
Scope of guidance n Storage, compute and networking for the consolidated cluster.
n Number of hosts, amount of storage and configuration.
n Deployment and initial setup of management components at the levels ofinfrastructure, cloud management platform, and operations.
n Basic tenant operations such as creating a tenant, assigning tenantcapacity, configuring user access, and adding virtual machines to a servicecatalog from single-machine blueprints.
Overall availability 95% availability
Planned downtime is expected for upgrades, patching, and on-goingmaintenance.
Authentication, authorization, and access control n Use of Microsoft Active Directory as a central user repository.
n Use of service accounts with minimum required authentication and AccessControl List configuration.
n Use of basic tenant accounts.
Certificate signing Certificates are signed by an external certificate authority (CA) that consists of aroot and intermediate authority layers.
Hardening Tenant workload traffic can be separated from the management traffic.
The design uses a distributed firewall to protect all management applications. Tosecure the SDDC, only other management solutions and approvedadministration IP addresses can directly communicate with individualcomponents.
Table 3-3. Objectives of VMware Validated Design for Remote Office and Branch Office
VMware Validated Design Objective Description
Main objective SDDC capable of automated provisioning of workloads
Scope of deployment Greenfield deployment of the SDDC management components
Cloud type Private cloud
Introducing VMware Validated Design
VMware, Inc. 12
Table 3-3. Objectives of VMware Validated Design for Remote Office and Branch Office(continued)
VMware Validated Design Objective Description
Maximum number of remote regions 10
Maximum number of virtual machines n 100 virtual machines per remote region
n 1,000 running virtual machines across all remote regions
n Churn rate of 100 virtual machines per hour
Number of workload domains in a remote region Single-domain, with minimum 4 hosts in the cluster
The single-domain region includes a consolidated virtual infrastructure layer formanagement, edge and compute components.
WAN capacity 10 Mbps, latency up to 100 ms
Data center virtualization n Compute virtualization
n Software-defined storage in the consolidated cluster
n Network virtualization
Scope of guidance n Storage, compute and networking for the consolidated cluster.
n Number of hosts, amount of storage and configuration.
n Deployment and initial setup of management components at the levels ofinfrastructure, cloud management platform, and operations.
n Basic tenant operations such as creating a tenant, assigning tenantcapacity, configuring user access, and adding virtual machines to a servicecatalog from single-machine blueprints.
Overall availability 95% availability
Planned downtime is expected for upgrades, patching, and on-goingmaintenance.
Authentication, authorization, and access control n Use of Microsoft Active Directory as a central user repository.
n Use of service accounts with minimum required authentication and AccessControl List configuration.
Certificate signing Certificates are signed by an external certificate authority (CA) that consists of aroot and intermediate authority layers.
Hardening The design uses a distributed firewall to protect all management applications. Tosecure the SDDC, only other management solutions and approvedadministration IP addresses can directly communicate with individualcomponents.
Introducing VMware Validated Design
VMware, Inc. 13
Automated Deployment ofVMware Validated Designs 4Starting from version 5.0 of VMware Validated Design, the deployment of the SDDC is automated. Youuse VMware Cloud Builder™ to deploy the SDDC management domain end-to-end and a virtualinfrastructure workload domain for tenant workloads.
For each region, the workflow for automated SDDC deployment consists of the following stages:
1 Prepare the data center.
Configure the physical servers, network, and storage in the data center. Then, download the requiredsoftware. See the VMware Validated Design Planning and Preparation documentation.
2 Prepare a deployment specification in Microsoft® Excel® spreadsheet format (XLS).
Work with the technology team of your organization to collect details about the environment in theregion where you plan to deploy the SDDC. Write down the details in a Deployment Parameters XLSfile. See the VMware Validated Design Planning and Preparation documentation.
3 Prepare the environment.
In each region, install ESXi on the physical servers. Deploy virtual machines as ready-to-use units oras templates for management components that are installed on a guest operating system, such asVMware vRealize® Automation™ and VMware vSphere® Update Manager Download Service™. Seethe VMware Validated Design Deployment documentation.
4 Prepare Cloud Builder.
Download and deploy the Cloud Builder virtual appliance in each region. Then, upload the softwarebundles that contain the product binaries in this version of VMware Validated Design and thecertificates, signed by a certificate authority, for the management nodes. See the VMware ValidatedDesign Deployment documentation.
5 Run the SDDC deployment.
Generate a JSON file for each cluster in the region from the Deployment Parameters XLS file,perform an audit of the JSON files and target environment, and bring up the SDDC. See the VMwareValidated Design Deployment documentation.
6 Remove Cloud Builder.
Use Cloud Builder only for a deployment of the SDDC on a clean environment. Remove the virtualappliance after the deployment is complete for resource optimization.
For details on the latest available documentation, see Documentation Map for VMware Validated Design.
VMware, Inc. 14
Workload Domains in VMwareValidated Design 5In VMware Validated Design, a workload domain represents a logical unit that groups ESXi hostsmanaged by a vCenter Server instance with specific characteristics according to VMware SDDC bestpractices.
A workload domain exists in the boundaries of an SDDC region. A region can contain one or moredomains. A workload domain cannot span multiple regions.
Each domain contains the following components:
n One VMware vCenter Server™ instance connected to a pair of Platform Services Controller™instances in the same or another workload domain.
n At least one vSphere cluster with vSphere HA and vSphere DRS enabled.
n If you deploy a workload domain with NSX for vSphere, one vSphere Distributed Switch formanagement traffic and NSX logical switching.
n If you deploy a workload domain with NSX-T, NSX-T Virtual Distributed Switch (N-VDS) formanagement traffic and NSX logical switching.
n NSX components that connect the workloads in the cluster for logical switching, logical dynamicrouting, and load balancing.
n One or more shared storage allocations.
Management DomainContains the SDDC management components.
The management domain has the following features:
Table 5-1. Features of the Management Domain
Feature Description
Types of workloads Management workloads and networking components for them.
Cluster types Management cluster
Virtual switch type vSphere Distributed Switch
Software-defined networking NSX for vSphere
VMware, Inc. 15
Table 5-1. Features of the Management Domain (continued)
Feature Description
Shared storage type n vSAN for primary storage
n NFS for secondary storage
Time of deployment First domain to deploy during initial SDDC implementation
Table 5-2. Management Workloads for the Management Domain
Component Cluster Location Domain-Specific Instance
vCenter Server Management cluster X
Platform Services Controller pair Management cluster X
NSX Manager Management cluster X
NSX Controller cluster Management cluster X
NSX Edge devices for North-South routingand load balancing
Management cluster X
NSX universal dynamic router Management cluster X
Initial Virtual Infrastructure Workload DomainContains tenant workloads that use NSX for vSphere for logical networking.
The initial virtual infrastructure (VI) workload domain has the following features:
Table 5-3. Features of the Initial VI Workload Domain
Feature Description
Types of workloads Tenant workloads and networking components for them.
Cluster types n Shared edge and compute cluster
n Additional compute clusters
Software-defined networking NSX for vSphere
Shared storage type FC/FCoE, iSCSI, NFS, or vSAN
Time of deployment During initial SDDC implementation
Table 5-4. Management Workloads for the Initial VI Workload Domain
Component Cluster Location Domain-Specific Instance
vCenter Server Management cluster X
Platform Services Controller pair Management cluster
NSX Manager Management cluster X
NSX Controller cluster Shared edge and compute cluster X
NSX Edge devices for North-South routingand load balancing
Shared edge and compute cluster X
Introducing VMware Validated Design
VMware, Inc. 16
Table 5-4. Management Workloads for the Initial VI Workload Domain (continued)
Component Cluster Location Domain-Specific Instance
NSX universal dynamic logical router Shared edge and compute cluster X
NSX dynamic logical router Shared edge and compute cluster X
Virtual Infrastructure Workload Domains with VMwareNSX-TContains tenant workloads that use NSX-T for logical networking. According to the requirements of yourorganization, you can deploy multiple workload domains with NSX-T.
A virtual infrastructure workload domain with NSX-T has the following features:
Table 5-5. Features of a VI Workload Domain with NSX-T
Feature Description
Types of workloads Tenant workloads and networking components for them.
Cluster types n Shared edge and compute cluster
n Additional compute clusters
Virtual switch type n vSphere Distributed Switch for traffic from the managementdomain
n NSX-T Virtual Distributed Switch (N-VDS) for managementtraffic in the VI workload domain, tenant workload traffic anddynamic routing
Software-defined networking NSX-T
Shared storage type FC/FCoE, iSCSI, NFS, or vSAN
Time of deployment After initial SDDC implementation
Table 5-6. Management Workloads for a VI Workload Domain with NSX-T
Component Cluster Location Domain-Specific Instance Cross VI Workload Domain
vCenter Server Management cluster X
Platform Services Controllerpair
Management cluster
NSX-T Manager cluster Management cluster X X
Deployed with the first VI workloaddomain with NSX-T
NSX Edge devices for North-South and East-West routing
Shared edge and computecluster
X X
Deployed with the first VI workloaddomain with NSX-T
Introducing VMware Validated Design
VMware, Inc. 17
Virtual Infrastructure Workload Domains with VMwareNSX-T and VMware Enterprise PKSContains containerized workloads that use NSX-T for logical networking. According to the requirements ofyour organization, you can deploy multiple workload domains with NSX-T and VMware™ Enterprise PKS.
A virtual infrastructure workload domain with NSX-T and VMware Enterprise PKS has the followingfeatures:
Table 5-7. Features of a VI Workload Domain with NSX-T and VMware Enterprise PKS
Feature Description
Types of workloads Containerized workloads and networking components for them.
Cluster types n Shared edge and compute cluster
n Three compute clusters
Virtual switch type NSX-T Virtual Distributed Switch (N-VDS) for managementtraffic in the VI workload domain, containerized workload trafficand dynamic routing
Software-defined networking NSX-T
Shared storage type NFS
Time of deployment After initial SDDC implementation
Table 5-8. Management Workloads for a VI Workload Domain with NSX-T and VMwareEnterprise PKS
Component Cluster Location Domain-Specific Instance Cross VI Workload Domain
vCenter Server Management cluster X
Platform Services Controllerpair
Management cluster
NSX-T Manager cluster Management cluster X X
Deployed with the first VI workloaddomain with NSX-T and VMwareEnterprise PKS
NSX-T Edge devices forNorth-South and East-Westrouting
Shared edge and computecluster
X X
Deployed with the first VI workloaddomain with NSX-T and VMwareEnterprise PKS
VMware Enterprise PKS Shared edge and computecluster
X X
Deployed with the first VI workloaddomain with NSX-T and VMwareEnterprise PKS
Introducing VMware Validated Design
VMware, Inc. 18
Operations and Workload ProvisioningWhen you deploy a VI workload domain with NSX for vSphere or NSX-T, all management components foroperations management and cloud management are in the management domain.. You connect thesemanagement components to the vCenter Server instance for the VI workload domain, to the monitoringagents of the virtual machines for the NSX instance for the domain, and to the NSX Manager for thedomain.
When you deploy a VI workload domain with NSX-T and VMware Enterprise PKS, the managementcomponents for operations management are in the management domain. The management componentsfor container provisioning are in the VI workload domain. You connect the operations managementcomponents to the vCenter Server instance for the VI workload domain, to the monitoring agents of thevirtual machines for the NSX instance for the domain, to the NSX Manager for the domain, and to theVMware Enterprise PKS instance.
Introducing VMware Validated Design
VMware, Inc. 19
Documentation Structure andAudience 6The structure of the VMware Validated Design documentation reflects the best practices in designing anddeploying a data center that is capable of automated workload provisioning. The documentationcomponents of the validated design are organized according to the audience and deployment stage. Youuse the documents in a specific order.
VMware, Inc. 20
Figure 6-1. VMware Validated Design Documentation Flow
Architecture Overview
Detailed Design
Architecture and Design
Design
Start
Prepare infrastructure
Planning and Preparation
Deployment for Region A
Deployment for Region B
Configure workload provisioning,operate, maintain, and adjust
Deployment for MultipleAvailability Zones
Scenarios OperationsWorkload Domains
with NSX-TTechnical Notes
Deploy
For details on the latest available documentation, see Documentation Map for VMware Validated Design.
Architecture OverviewThe first part of a VMware Validated Design is Architecture Overview and it introduces the terms andcomponents in the design.
Introducing VMware Validated Design
VMware, Inc. 21
Table 6-1. Architecture Overview Information
Section Attribute Description
Guide Architecture and Design
Purpose n Introduce the fundamentals and components in the SDDCdesign.
n Provide information about the layered structure of theSDDC.
n Describe the building modules and basic behavior of eachmanagement component.
Audience Cloud architects and cloud administrators
SDDC Architecture n Standard SDDC
n Consolidated SDDC
n ROBO SDDC
Detailed DesignAfter you learn about the basic modules in the SDDC design, you proceed with detailed design of themanagement components and the required infrastructure.
Table 6-2. Detailed Design Information
Section Attribute Description
Guide Architecture and Design
Purpose n Provide complete details about the configuration of eachlayer and of the components that are a part of the layer.
n Describe available design alternatives.
n Provide design decisions to reflect the main design issuesand the rationale behind a chosen solution path.
Audience Cloud architects and cloud administrators
SDDC Architecture n Standard SDDC
n Consolidated SDDC
n ROBO SDDC
Planning and PreparationAfter you understand the details of the design, you plan your environment according to the requirementsof the design so that you can deploy the designed SDDC directly without additional testing andtroubleshooting efforts.
Introducing VMware Validated Design
VMware, Inc. 22
Table 6-3. Planning and Preparation Information
Section Attribute Description
Guide Planning and Preparation
Purpose Collect all requirements that your environment must meet so thatyou can follow a VMware Validated Design to create an SDDC.The Planning and Preparation section provides prerequisitesabout the following areas:
n Required software including VMware products, scripts, andthird-party software
n Networking configuration including VLANs, example IPaddresses, and DNS names
n Active Directory user configuration
n Specifications of the virtual machines that you must providein advance
Audience Cloud architects, infrastructure administrators, cloudadministrators, and cloud operators
SDDC Architecture n Standard SDDC
n Consolidated SDDC
n ROBO SDDC
Deployment of Region AAfter you make sure that your environment has the required structure and configuration, follow theDeployment of Region A to start the SDDC implementation in the first region.
Table 6-4. Deployment Guide Information
Section Attribute Description
Guide Deployment of Region A for Standard SDDC
Deployment for ROBO SDDC and Consolidated SDDC
Purpose n Provide step-by-step instructions for each managementcomponent of the SDDC according to the selected designpath in Detailed Design.
n Cover the single-region setup of the SDDC.
n Provide details about setting up the virtual infrastructure forboth management and tenant workloads.
n Provide procedures for integration of the products to formone functional system.
Audience Cloud architects, infrastructure administrators, cloudadministrators, and cloud operators
SDDC Architecture n Standard SDDC
n Consolidated SDDC
n ROBO SDDC
Introducing VMware Validated Design
VMware, Inc. 23
Deployment of Region BAfter you make sure that your environment has the required structure and configuration, follow theDeployment Guide of Region B to start the SDDC implementation in the second region.
Table 6-5. Deployment Guide Information
Section Attribute Description
Guide Deployment of Region B
Purpose n Provide step-by-step instructions for each managementcomponent of the SDDC according to the selected designpath in Detailed Design.
n Cover the dual-region setup of the SDDC.
n Provide details about setting up the virtual infrastructure forboth management and tenant workloads.
n Provide procedures for integration of the products to formone functional system.
Audience Cloud architects, infrastructure administrators, cloudadministrators, and cloud operators
SDDC Architecture n Standard SDDC
Documentation on Workload Provisioning, Maintenanceand Expansion of the SDDCAfter you deploy the SDDC, follow the post-deployment documentation to operate and maintain themanagement workloads, or to modify or extend the SDDC. See Chapter 7 Post-DeploymentDocumentation and Technical Notes.
Introducing VMware Validated Design
VMware, Inc. 24
Post-DeploymentDocumentation and TechnicalNotes 7VMware Validated Design provides several types of documentation for operating, maintaining, extending,and modifying a deployed SDDC. This documentation is delivered as a set of add-on packages that couldbe asynchronously published.
For details on the latest available documentation, see Documentation Map for VMware Validated Design.
Operational GuidanceThe operational guidance in VMware Validated Design provides a prescriptive guidance on the commonoperations that you perform after the SDDC implementation is completed.
Documentation Feature Description
Type of Guidance According to the target operation type, each guide provides aset of step-by-step instructions organized by layer or solution.The guidance is based on the SDDC configuration in the designand deployment documentation.
Audience Cloud architects, infrastructure administrators, cloudadministrators, and cloud operators
Supported SDDC Architecture n Standard SDDC for all operations guides
n Standard SDDC, Consolidated SDDC, and ROBO SDDC forthe certificate replacement documentation.
Covered use cases n SDDC monitoring by setting up dashboards and activatingalerts for monitoring the SDDC, and lists of notifications thatare most symptomatic.
n Upgrade of the SDDC management components.
n Backup and restore of the SDDC management componentsby using a VADP-based solution.
n Disaster recovery of the SDDC management components
n Operational verification of the SDDC managementcomponents after software maintenance such as installation,restore, upgrade, or failover.
n Replacement of the certificates of the SDDC managementcomponents if the certificates are expiring or if you arescaling out a component.
VMware, Inc. 25
ScenariosA scenario represents a sub- or super-set of VMware Validated Design for Software-Defined Data Center.A scenario guide provides an SDDC solution to achieve specific IT outcomes, such as applicationsecurity, IT automation, and so on.
Documentation Feature Description
Type of Guidance According to the target outcome, each VMware Validated Designscenario guide supports a set of validated workflows. Theworkflows are related to the common operations that youperform in the covered case.
Audience Cloud architects, infrastructure administrators, cloudadministrators, and cloud operators.
Supported SDDC Architecture Standard SDDC
Covered use cases n IT Automating IT
n Intelligent Operations
n Micro-Segmentation
Technical NotesA technical note in VMware Validated Design is a short document that describes a modification of or anextension to the prescribed SDDC implementation.
Documentation Feature Description
Type of Guidance According to the target outcome, each technical note discussesa specific configuration and nodes from the VMware ValidatedDesign documentation.
Audience Cloud architects, infrastructure administrators, and cloudadministrators.
Supported SDDC Architecture Standard SDDC
Covered use cases n Dynamic routing configuration options
n Designing an SDDC that consists of several regions
n Integration with and migration to an SDDC that complieswith VMware Validated Design
Workload Domain GuidanceIn addition to the initial domain setup for tenant workloads, you can evaluate and deploy a workloaddomain where tenant workloads can use the features of add-on products such as VMware NSX-T.
Introducing VMware Validated Design
VMware, Inc. 26
Documentation Feature Description
Type of Guidance VMware Validated Design provides design and deploymentguidance to extend the SDDC with another workload domainthat runs a solution in addition to the software for implementingthe SDDC. A solution in this case consists of one or twoproducts that are additional to the software for the main SDDCimplementation.
Audience Cloud architects, infrastructure administrators, and cloudadministrators.
Supported SDDC Architecture Standard SDDC
Covered use cases n Additional workload domain with NSX-T
n Additional workload domain with NSX-T with multipleavailability zones
n Additional workload domain with NSX-T and VMwareEnterprise PKS
VMware Hybrid Cloud GuidanceYou can use a VMware cloud solution on VMware Cloud™ on AWS or VMware Cloud™ services to extendthe capabilities of the on-premises SDDC.
Documentation Feature Description
Type of Guidance VMware Validated Design provides design and deploymentguidance to integrate the on-premises SDDC with a VMwarecloud solution according to two models.
n Add an SDDC on VMware Cloud on AWS as a region
n Use a cloud-based solution for cloud management oroperations management in the place of the analog solutionsin the on-premises SDDC.
Audience Cloud architects, infrastructure administrators, and cloudadministrators.
Supported SDDC Architecture Standard SDDC
Covered use cases n VMware Cloud on AWS SDDC as a Region C
Introducing VMware Validated Design
VMware, Inc. 27
Overview of Standard SDDC 8The SDDC architecture in this VMware Validated Design consists of layers. The layered structure enablesyou to create the SDDC in modules and to handle each set of components separately.
For information about the design and deployment of each layer, see VMware Validated DesignArchitecture and Design, VMware Validated Design Deployment for Region A, VMware Validated DesignDeployment for Region B and Deployment for Multiple Availability Zones.
Figure 8-1. Components of a Software-Defined Data Center
ServiceManagement
Portfolio Management
OperationsManagement
CloudManagement
Layer
Service Catalog
Self-Service Portal
Orchestration
BusinessContinuity
Fault Tolerance and Disaster
Recovery
Backup & Restore
Hypervisor
Pools of Resources
Virtualization Control
VirtualInfrastructure
Layer
Compute
Storage
Network
PhysicalLayer
Security
Replication Compliance
Risk
Governance
n Physical Infrastructure Layer in Standard SDDC
The physical layer in Standard SDDC contains the compute, storage, and network resources in yourdata center.
n Virtual Infrastructure Layer in Standard SDDC
The virtual infrastructure layer of the Standard SDDC contains the components that providecompute, networking, and storage resources to the management and tenant workloads.
n Operations Management Layer in Standard SDDC
The operations layer of the SDDC provides capabilities for performance and capacity monitoring,and for backup and restore of the cloud management components.
VMware, Inc. 28
n Cloud Management Layer in Standard SDDC
The cloud management layer enables you to deliver tenants with automated workload provisioningby using a self-service portal.
n Business Continuity Layer in Standard SDDC
The business continuity layer includes solutions for data protection and disaster recovery of criticalmanagement components of the SDDC.
n Multiple Availability Zones in Standard SDDC
VMware Validated Design for Software-Defined Data Center provides alternative guidance forimplementing an SDDC that contains two availability zones in the protected region. You use a vSANstretched management and shared edge and compute clusters to create a second availability zonein Region A to increase their availability because maintenance or loss of one availability zone doesnot affect the overall operation of the clusters.
Physical Infrastructure Layer in Standard SDDCThe physical layer in Standard SDDC contains the compute, storage, and network resources in your datacenter.
The compute, storage and network resources are organized in workload domains. The physical layer alsoincludes the physical network infrastructure, and storage setup.
Figure 8-2. Physical Configuration of the SDDC
ToR Switch
ToR Switch
ToR Switch
ToR Switch
Compute cluster (19 ESXi hosts each)
Shared edge andcompute cluster(4 ESXi hosts)
Management cluster(4 ESXi hosts)
External connection
ToR Switch
ToR Switch
Introducing VMware Validated Design
VMware, Inc. 29
Workload DomainsAt the physical layer, workload domains can include different combinations of servers, and networkequipment which can be set up with varying levels of hardware redundancy and varying quality ofcomponents. Workload domains are connected to a network core that distributes data between them. Theworkload domain is not defined by any hard physical properties. It is a standard unit of connectedelements within the SDDC.
Workload domain is a logical boundary of functionality, managed by a single vCenter Server. While eachworkload domain usually spans one rack, it is possible to aggregate multiple workload domains into asingle rack in smaller setups. For both small and large setups, homogeneity and easy replication areimportant.
ClustersThis VMware Validated Design uses the following types of clusters:
Management Cluster Resides in the management workload domain and runs the virtualmachines of the components that manage the data center, such as vCenterServer, NSX Manager, NSX Controller, VMware vRealize® LifecycleManager™, VMware vRealize® Operations Manager™, VMware vRealize®
Log Insight™, vRealize Automation, and other management components.
This VMware Validated Design uses one management clusters thatoccupies half a rack.
Shared Edge andCompute Cluster
Resides in the first cluster in the virtual infrastructure workload domain andruns the required NSX services to enable North-South routing between thedata center and the external network, and East-West routing inside the datacenter. This shared cluster also hosts the tenant virtual machines(sometimes referred to as workloads or payloads). As the environmentgrows, additional compute-only clusters can be added to support a mix ofdifferent types of workloads for different types of Service Level Agreements(SLAs).
Compute Cluster Resides in a virtual infrastructure workload domain and runs tenant virtualmachines (sometimes referred to as workloads or payloads). You can mixdifferent types of compute clusters and provide separate compute pools fordifferent types of SLAs.
NetworkThis VMware Validated Design uses a Layer 3 network architecture.
n A Top of Rack (ToR) switch is typically located inside a rack and provides network access to theservers inside that rack.
Introducing VMware Validated Design
VMware, Inc. 30
n An inter-rack switch at the aggregation layer provides connectivity between racks. Links betweeninter-rack switches are typically not required. If a link failure between an inter-rack switch and a ToRswitch occurs, the routing protocol ensures that no traffic is sent to the inter-rack switch that has lostconnectivity.
Regions and Availability Zones
Availability zone Represent the fault domain of the SDDC. Multiple availability zones canprovide continuous availability of an SDDC. This VMware Validated Designsupports one availability zone per region.
Region Each region is a separate SDDC instance. You use multiple regions fordisaster recovery across individual SDDC instances.
In this VMware Validated Design, regions have similar physical and virtualinfrastructure design but different naming.
Table 8-1. Regions in VMware Validated Design
Region Disaster Recovery RoleRegion-Specific DomainName
Region A Protected sfo01.rainpole.local
Region B Recovery lax01.rainpole.local
StorageThis VMware Validated Design provides guidance for the storage of the management components. Thedesign uses two storage technologies:
Primary Storage VMware vSAN™ storage is the default storage type for the SDDCmanagement components. All design, deployment and operationalguidance are performed on vSAN.
The storage devices on vSAN ready servers provide the storageinfrastructure. Because this VMware Validated Design uses vSAN in hybridmode, each rack server must have minimum one SSD and two HDDdevices that form a disk group with capacity.
Secondary Storage NFS storage is the secondary storage for the SDDC managementcomponents. It provides space for archiving log data and applicationtemplates.
Virtual Infrastructure Layer in Standard SDDCThe virtual infrastructure layer of the Standard SDDC contains the components that provide compute,networking, and storage resources to the management and tenant workloads.
Introducing VMware Validated Design
VMware, Inc. 31
vCenter Server DesignTable 8-2. vCenter Server Design Details
Design Area Description
vCenter Server instances You deploy two vCenter Server instances in the following way:
n One vCenter Server instance supporting the SDDCmanagement components.
n One vCenter Server instance supporting the edgecomponents and tenant workloads.
Using this model provides the following benefits:
n Isolation of management and compute vCenter Serveroperations
n Simplified capacity planning
n Separated upgrade
n Separated roles
Clusters You distribute hosts and workloads in the following clusters:
n Management cluster that contains all management hostsand handles resources for the management workloads.
n Shared edge and compute cluster that contains tenantworkloads, NSX Controllers, and associated NSX Edgegateway devices used for the tenant workloads.
Resource pools for tenant workloads and dedicated NSXcomponents
On the shared edge and compute cluster, you use resourcepools to distribute compute and storage resources to the tenantworkloads and the NSX components carrying their traffic.
Deployment model This VMware Validated Design uses two external PlatformServices Controller instances and two vCenter Server instances.
For redundancy, the design joins the two Platform ServicesController instances to the same vCenter Single Sign-Ondomain, and points the vCenter Server instances to a loadbalancer that distributes the requests between the two PlatformServices Controller instances.
Management host provisioning You use host profiles to apply the networking and authenticationconfiguration on the ESXi hosts in the management cluster andin the shared edge and compute cluster.
Introducing VMware Validated Design
VMware, Inc. 32
Figure 8-3. Layout of vCenter Server Clusters
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
MgmtVC
Region AManagement Cluster
ESXi ESXi ESXi ESXi ESXi ESXi ESXi
Region ACompute / Edge Cluster
Region BManagement Cluster
Region BCompute / Edge Cluster
PSC
NSX Edge Load Balancer
NSX Edge Load Balancer
ComputeVC
PSC
MgmtVC
ESXi ESXi ESXi ESXi ESXi ESXi ESXi
PSC
ComputeVC
PSC
Dynamic Routing and Application Virtual NetworksThis VMware Validated Design supports dynamic routing for both management and tenant workloads,and also introduces a model of isolated application networks for the management components.
Dynamic routing support includes the following nodes:
n Pair of NSX Edge service gateways (ESGs) with ECMP enabled for north/south routing across allregions.
n Universal distributed logical router (UDLR) for east/west routing across all regions.
n Distributed logical router (DLR) for the shared edge and compute cluster and compute clusters toprovide east/west routing for workloads that require on-demand network objects from vRealizeAutomation.
Application virtual networks provide support for limited access to the nodes of the applications throughpublished access points. Three application virtual networks exist:
n Cross-region application virtual network that connects the components that are designed to fail overto a recovery region.
n Region-specific application virtual network in Region A for components that are not designed to failover.
n Region-specific application virtual network in Region B for components that are not designed to failover.
Introducing VMware Validated Design
VMware, Inc. 33
Figure 8-4. Virtual Application Network Design
VC
OSPSC
OSSRM
OS
ECMPESGs
ToRSwitches
Internet/EnterpriseNetwork
Mgmt-Management
Compute-Management
Legend:
Shared Compute and Edge Cluster
192.168.11/24
Transit Networks
Management Application
vRAvROps
Universal Distributed Logical Router
ESGLoadBalancer
Mgmt-xRegion01-VXLAN
192.168.31/24
Mgmt-RegionA01-VXLAN
Ext-Management
vRB Server
vRLIvRSLCMvROps CollectorvRA Proxy
UMDSSkyline Collector
vRB Collector
Distributed FirewallThis VMware Validated Design uses the distributed firewall functionality that is available in NSX to protectall management applications attached to application virtual networks.
Software-Defined Storage Design for Management ProductsIn each region, workloads on the management cluster store their data on a vSAN datastore. The vSANdatastore spans all 4 ESXi hosts of the management cluster. Each host adds one disk group to thedatastore.
Introducing VMware Validated Design
VMware, Inc. 34
Applications store their data according to the default storage policy for vSAN.
Figure 8-5. vSAN Conceptual Design
APP
OSAPP
OS
APP
OSAPP
OS
APP
OSAPP
OS
APP
OSAPP
OS
APP
OS
APP
OS
APP
OSAPP
OS
APP
OSAPP
OS
APP
OSAPP
OS
ESXi ESXi
Virtual InfrastructureManagement
NSXController
(Mgmt)
OtherManagementApplications
NSXEdge
(Mgmt)
NSXManager(Mgmt)
NSXManager
(Compute)
NSXEdge
(Compute)
NSXController(Compute)
ESXi ESXi ESXi ESXi ESXi ESXi
SDDCPayload
Virtual Infrastructure Compute Edge
Virtual SAN Datastore (management)
Shared Edge and Compute Cluster
Management Cluster
Managed by: Compute vCenter Server
Managed by: Management vCenter Server
Network: External(Internet/MPLS)
Network: Internal SDDC
Management Cluster and Shared Edge and Compute Cluster
vCenterServer(Mgmt)
vCenterServer
(Compute)
vRealize Log Insight and vRealize Automation Content Library use NFS exports as secondary storage. Ineach region, you create a datastore in the shared edge and compute cluster for vRealize Automation.
Operations Management Layer in Standard SDDCThe operations layer of the SDDC provides capabilities for performance and capacity monitoring, and forbackup and restore of the cloud management components.
vSphere Update ManagerThis VMware Validated Design version uses vSphere Update Manager for upgrade of the ESXi hostsfrom previous VMware Validated Design versions.
Introducing VMware Validated Design
VMware, Inc. 35
vSphere Update Manager server and client components are a part of vCenter Server Appliance invSphere 6.5 or later. This design also deploys an instance of vSphere Update Manager DownloadService (UMDS) in each region. Using a region-specific UMDS instance restricts the direct access to theexternal network from multiple vSphere Update Manager and vCenter Server instances, and reducesstorage requirements across vSphere Update Manager.
Figure 8-6. vSphere Update Manager Design
APPOS
APPOS
UMDSRegion A
Management Cluster
SharedEdge andComputeCluster
ESXi ESXi ESXi ESXiESXi
Management Cluster
SharedEdge andComputeCluster
ESXi ESXi ESXi ESXiESXi
vSphereUpdate
Manager
ManagementvCenter Server
vSphereUpdate
Manager
ComputevCenter Server
192.168.31.0/24
Mgmt-RegionA01-VXLAN
sfo01umds01.sfo01.rainpole.local
UMDSRegion B
192.168.32.0/24
Mgmt-RegionB01-VXLAN
lax01umds01.lax01.rainpole.local
Universal Distributed Logical Router
Region A Region B
vSphereUpdate
Manager
ManagementvCenter Server
vSphereUpdate
Manager
ComputevCenter Server
vRealize Suite Lifecycle ManagervRealize Suite Lifecycle Manager provides lifecycle management capabilities for vRealize componentsincluding automated deployment, configuration, and upgrade. vRealize Suite Lifecycle Managercommunicates with each Management vCenter Server in the SDDC to orchestrate the deployment,upgrade, and configuration drift analysis of vRealize Suite components in the SDDC.
Introducing VMware Validated Design
VMware, Inc. 36
Figure 8-7. Logical Design of vRealize Lifecycle Manager in a Multi-Region Deployment
vRealizeAutomation
vRealizeLog Insight
vRealizeOperationsManager
Lifecycle Management Lifecycle Management
SharedStorage
Appliance
vRealize SuiteLifecycle Manager
vCenterServer
Endpoint
VMware Marketplace
My VMware
External Services
REST API
User Interface
Access
Region A
vCenterServer
vRealizeBusinessCollectors
vRealizeAutomationProxy Agents
vRealizeLog Insight
vRealizeOperationsCollectors
Region B
Endpoint
vRealizeBusiness
Table 8-3. vRealize Suite Lifecycle Manager Design Details
Design Attribute Description
Deployment model One virtual appliance that deploys and upgrades the vRealizecomponents on a virtual infrastructure that is controlled by oneor more vCenter Server instance
Supported components n vRealize Operations Manager
n vRealize Log Insight
n vRealize Automation (with embedded vRealizeOrchestrator)
n vRealize Business for Cloud
Product installation setup n Direct integration with My VMware to access vRealize Suiteentitlements
n Environments configuration that uses the product-baseddeployment path in the installation wizard
Introducing VMware Validated Design
VMware, Inc. 37
Table 8-4. Environment Layout in vRealize Suite Lifecycle Manager
Environment Name Environment Type Scope Product Components
Cross-Region Production Cross-Region n vRealize OperationsManager Analytics Cluster
n vRealize OperationsManager RemoteCollectors
n vRealize AutomationAppliances
n vRealize Automation IaaSManagers
n vRealize Automation IaaSWeb Servers
n vRealize Automation IaaSDEMs
n vRealize AutomationvSphere Proxy Agents
n vRealize Business ServerAppliances
n vRealize Business DataCollectors
Region A Production Region A vRealize Log Insight Cluster
Region B Production Region B vRealize Log Insight Cluster
vRealize Operations ManagerYou use vRealize Operations Manager to monitor the management components of the SDDC includingvSphere, NSX for vSphere and vRealize Automation.
vRealize Operations Manager is also sized to accommodate the number of tenant workloads per thedesign objectives.
Introducing VMware Validated Design
VMware, Inc. 38
Figure 8-8. vRealize Operations Manager Logical Design
Metric AdaptersRegion A
Region B
vRealize Operations Manager
Analytics Cluster
Integration
ExternalLoad Balancer
vCenter Server
Access
User Interface
API
vRealizeLog Insight
vRealizeAutomation
Metric Adapters
vCenter Server
NSX
vRealizeLog Insight
AdditionalSolutions
vRealizeBusiness
vRealizeAutomation
ManagementPacks
Suite API
Shared Storage
vRealize Operations ManagerRemote Collectors
CollectorGroup
ManagementPacks
Suite API
Remote Collector 2
Remote Collector 1
Shared Storage
Metric Adapters
vCenter Server
NSX
vRealizeLog Insight
vRealize Operations ManagerRemote Collectors
CollectorGroup
ManagementPacks
Suite API
Remote Collector 2
Remote Collector 1
Shared Storage
StorageDevices
vSAN
StorageDevices
vSAN
Master Replica
Data 1 Data n
vRealizeBusiness
SiteRecoveryManager
AdditionalSolutions
SiteRecoveryManager
Introducing VMware Validated Design
VMware, Inc. 39
Table 8-5. vRealize Operations Manager Design Details
Design Attribute Description
Deployment model n Analytics cluster of three nodes: master, master replica anddata node
n Remote collector group that consists of two remotecollectors that communicate with the region-specificcomponents in the region
Monitored components n vCenter Server and Platform Services Controller
n ESXi hosts in the management cluster and the shared edgeand compute cluster
n All components of NSX for vSphere for the managementcluster and the shared edge and compute cluster
n vRealize Automation and VMware vRealize® Orchestrator ™
n vRealize Log Insight including Launch in Context
n vRealize Business including integration in the vRealizeOperations Manager operations interface
n vSAN
n vRealize Operations Manager (self-health monitoring)
n VMware Site Recovery Manager™
vRealize Log InsightYou use vRealize Log Insight to access the logs of the SDDC management components from a centralplace and view this information in visual dashboards.
Introducing VMware Validated Design
VMware, Inc. 40
Figure 8-9. vRealize Log Insight Logical Design
Region A
EventForwarding
Integration
IntegratedLoad Balancer
vSphere
Access
User Interface
API
vRealizeOperationsManager
Content Packs
Syslog
Ingestion API
IntegratedLoad Balancer
Content Packs
Syslog
Ingestion API
Shared Storage
LogArchive
NFSExport
Region B
vRealize Log Insight
vRealize Log Insight
Integration
vSphere
Access
User Interface
API
vRealizeOperationsManager
Logging Clients
vCenter Server
ESXi
NSX
vRealizeAutomation
AdditionalSolutions
Shared Storage
LogArchive
NFSExport
Master Worker1
Worker2 WorkerN
Master Worker1
Worker2 WorkerN
SiteRecoveryManager
vRealizeOperationsManager
Logging Clients
vCenter Server
ESXi
NSX
vRealizeAutomation
AdditionalSolutions
SiteRecoveryManager
Introducing VMware Validated Design
VMware, Inc. 41
Table 8-6. vRealize Log Insight Design Details
Design Attribute Description
Deployment model Cluster of master node and two worker nodes.
Monitored components n vCenter Server and Platform Services Controller
n Management, shared edge and compute ESXi hosts
n All components of NSX for vSphere for the managementcluster and the shared edge and compute clusters
n vRealize Automation and vRealize Orchestrator
n vRealize Business
n Analytics cluster nodes of vRealize Operations Manager
n Management virtual appliances
n Site Recovery Manager
Archiving Archiving location on an NFS export
VMware SkylineYou integrate the SDDC with VMware Skyline for proactive product support. The VMware Skyline enginein VMware Cloud Services analyzes the data on the usage of the management components that iscollected by a VMware Skyline Collector instance in each region. You can then access proactive findingsand recommendations in VMware Skyline Advisor.
Introducing VMware Validated Design
VMware, Inc. 42
Figure 8-10. Logical Design of the Skyline Collector Instances in a Multi-Region Deployment
Region A
Endpoints
Skyline Collector
SharedStorage
NSX
vRealizeOperationsManager
Region B
Skyline Collector
Endpoints
Integration
vSAN
IntegrationAccess
User Interface
VAMI
Access
User Interface
VAMI
VMware Cloud Services
Skyline
NSX
vCenterServer
vSAN
vCenterServer
SharedStorage
Table 8-7. VMware Skyline Collector Design Details
Design Attribute Description
Deployment model One virtual appliance that collects product usage data fromvCenter Server, NSX Manager, and vRealize OperationsManager endpoints.
Monitored components n Management vCenter Server and Compute vCenter Server
n ESXi hosts in the management cluster and shared edge andcompute cluster.
n All components of NSX for vSphere for the managementcluster and the shared edge and compute clusters
n Analytics cluster nodes of vRealize Operations Manager
Cloud Management Layer in Standard SDDCThe cloud management layer enables you to deliver tenants with automated workload provisioning byusing a self-service portal.
Introducing VMware Validated Design
VMware, Inc. 43
Table 8-8. Cloud Management Design Details
Design Attribute Description
Software components n vRealize Automation
n Embedded vRealize Orchestrator
n vRealize Business
Deployment model of vRealize Automation Distributed deployment with support for vSphere endpoints byusing vSphere Proxy Agent virtual machines.
You install the vRealize Automation components on multiplemachines.
High availability and load balancing Supported for all nodes except the Microsoft SQL databaseserver and vRealize Business.
Endpoints n vCenter Server for the compute and edge clusters
n NSX Manager for the compute and edge clusters
Blueprint configuration Single-machine blueprints
Tenants A single tenant company called Rainpole
Fabric groups One fabric group in a region with all resources in the computeand edge cluster assigned
Business groups According to the internal structure and workload configuration ofyour organization. Allocate business groups for separatebusiness units, for example, for development and production.
Introducing VMware Validated Design
VMware, Inc. 44
Figure 8-11. Example vRealize Automation Tenant Design
Production Business Group
Business Group Manager
Development Business Group
TenantAdminBusiness Group
Manager
FabricAdmin
IaaSAdmin
ProdReservation
DevReservation
EdgeReservation
Region A Fabric Group
ProdReservation
DevReservation
EdgeReservation
Region B Fabric Group
Region A Data Center Infrastructure Fabric
Region B Data Center Infrastructure Fabric
https://cmp.rainpole.local/vcac
• Tenant Creation• System Branding• System Notification Providers• Event LogsSystem
Admin
Default Tenant
FabricAdmin
Rainpole Tenanthttps://cmp.rainpole.local/vcac/org/rainpole
Business Continuity Layer in Standard SDDCThe business continuity layer includes solutions for data protection and disaster recovery of criticalmanagement components of the SDDC.
Data ProtectionTo back up the virtual machines of the SDDC management components, you deploy a solution that iscompatible with vSphere Storage APIs for Data Protection (VADP). Place an instance of the backupsolution in every region.
Introducing VMware Validated Design
VMware, Inc. 45
Figure 8-12. Data Protection Design
VM VM
Authentication
Platform Services Controller
vCenter Server
vSphere Storage APIs – Data Protection
Region A
vSphere Storage APIs –Data ProtectionVM Snapshot/Backup Agent
Backup Datastore
Authentication
Platform Services Controller
vCenter Server
vSphere Storage APIs –Data Protection
Region B
vSphere Storage APIs –Data ProtectionVM Snapshot/Backup Agent
Backup Datastore
Disaster Recovery DesignThis VMware Validated Design implements a disaster recovery configuration that uses Site RecoveryManager and vSphere® Replication™ to replicate the management applications and to mirror them on thesecond recovery region.
n The following management applications are a subject of disaster recovery protection:
n vRealize Automation together with vRealize Orchestrator and vRealize Business
n Analytics cluster of vRealize Operations Manager
n The virtual infrastructure components that are not in the scope of the disaster recovery protection,such as vRealize Log Insight, are available as separate instances in each region.
Introducing VMware Validated Design
VMware, Inc. 46
Figure 8-13. Disaster Recovery Architecture
Region A Non-Replicated
vRealize Log InsightUpdate Manager Download ServiceSkyline Collector
Region A Virtual Infrastructure - Management
vSphere NSX for vSphere
Site Recovery Manager
Region B Non-Replicated
Region B Replicated
vRealize Suite Lifecycle Manager
vRealize Automation
vRealize Operations Manager
(by using vSphere Replication)
SRM
Region A Replicated
SRM
vRealize Suite Lifecycle Manager
vRealize Automation
vRealize Operations Manager
(by using vSphere Replication)
Region B Virtual Infrastructure - Management
vSphereNSX for vSphere
Site Recovery Manager
vRealize Log InsightUpdate Manager Download ServiceSkyline Collector
Multiple Availability Zones in Standard SDDCVMware Validated Design for Software-Defined Data Center provides alternative guidance forimplementing an SDDC that contains two availability zones in the protected region. You use a vSANstretched management and shared edge and compute clusters to create a second availability zone inRegion A to increase their availability because maintenance or loss of one availability zone does notaffect the overall operation of the clusters.
In a stretched cluster configuration, both availability zone are active. If either availability zone fails, thevirtual machines are restarted in the unaffected availability zone because virtual machine writes occur toboth availability zones synchronously. As a result, no data is lost.
Overview of vSAN Stretched ClusterVirtual machine write operations are performed synchronously across both availability zones. Eachavailability zones has a copy of the data and witness components are placed on the witness host inRegion B. Because the distance between the two availability zones must be minimal, you usually deploya multi-availability zone SDDC in metropolitan or campus environments.
Extending the management cluster to a vSAN stretched cluster provides the following advantages:
n Increased availability with minimal downtime and data loss
n Inter-site load balancing
Using a vSAN stretched cluster for the management components has the following disadvantages:
n Increased footprint
n Symmetrical host configuration in the two availability zones
n Limited distance between the availability zones
n Additional setup and more complex Day-2 operations
n License upgrade
Introducing VMware Validated Design
VMware, Inc. 47
Regions and Availability ZonesIn the multi-availability zone version of the VMware Validated Design, you have two availability zones inRegion A.
RegionAvailability Zone andRegion Identifier
Region-SpecificDomain Name Region Description
Region A SFO01 sfo01.rainpole.local Availability Zone 1 in San Francisco, CA, USAbased data center
Region A SFO02 sfo01.rainpole.local Availability Zone 2 in San Francisco, CA, USAbased data center
Region B LAX01 lax01.rainpole.local Los Angeles, CA, USA based data center
Physical InfrastructureIn Availability Zone 2, you apply the same configuration as in Availability Zone 1. You double the hosts forthe management cluster and shared edge and compute cluster in Region A, and you place them in thesame rack.
Figure 8-14. Infrastructure Architecture for Two Availability Zones
Availability Zone 1
Management cluster(4 ESXi hosts)
Еdge andcompute cluster(4 ESXi hosts)
ToR Switch
ToR Switch
Stretchedmanagement clusterAvailability Zone 1(4 ESXi hosts)
Stretched sharededge andcompute clusterAvailability Zone 1(4 ESXi hosts)
External connection
External connection
External connection
ToR Switch
ToR Switch
Stretchedmanagement clusterAvailability Zone 2(4 ESXi hosts)
Stretched sharededge and compute clusterAvailability Zone 2(4 ESXi hosts)
ToR Switch
ToR Switch
Availability Zone 2
Region A Region B
Component Layout with Two Availability ZonesThe management components of the SDDC run in Availability Zone 1. They can be migrated toAvailability Zone 2 when an outage or overload occurs in Availability Zone 2.
You can start deploying the SDDC in a single availability zone configuration, and then extend theenvironment with the second availability zone.
Introducing VMware Validated Design
VMware, Inc. 48
Figure 8-15. vSphere Logical Cluster Layout with Two Availability Zones
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
APPOS
MgmtVC
Region AAvailability Zone 1
ESXi ESXi ESXi ESXi ESXi ESXi ESXi
Region AAvailability Zone 1
Region BManagement Cluster
Region BCompute / Edge Cluster
PSC
NSX Edge Load Balancer
NSX Edge Load Balancer
ComputeVC
PSC
MgmtVC
ESXi ESXi ESXi ESXi ESXi ESXi ESXi
PSC
ComputeVC
PSC
ESXi ESXi ESXi ESXi ESXi ESXi ESXi
Region AAvailability Zone 2
Region AAvailability Zone 2
Stretched ManagementCluster
Stretched Compute / Edge Cluster
Network ConfigurationWhen using two availability zones, the management VLAN that vCenter Server and other VLAN-backedmanagement virtual machines use must be stretched across both availability zones.
The network between the availability zones must support jumbo frames with latency of less than 5 ms.Use a 10-GbE connection with vSAN for best and predictable performance (IOPS) of the environment.
Introducing VMware Validated Design
VMware, Inc. 49
Figure 8-16. VMware vSAN Conceptual Network with two Availability Zones
Introducing VMware Validated Design
VMware, Inc. 50
Overview of Consolidated SDDC 9The SDDC architecture in this VMware Validated Design consists of layers. The layered structure enablesyou to create the SDDC in modules and to handle each set of components separately.
For information about the design and deployment of each layer, see VMware Validated DesignArchitecture and Design and VMware Validated Design Deployment.
Figure 9-1. Components of a Consolidated Software-Defined Data Center
ServiceManagement
Portfolio Management
OperationsManagement
CloudManagement
Layer
Service Catalog
Self-Service Portal
Orchestration
Hypervisor
Pools of Resources
Virtualization Control
VirtualInfrastructure
Layer
Compute
Storage
Network
PhysicalLayer
Security
Compliance
Risk
Governance
This chapter includes the following topics:
n Physical Infrastructure Layer in Consolidated SDDC
n Virtual Infrastructure Layer in Consolidated SDDC
n Operations Management Layer in Consolidated SDDC
n Cloud Management Layer in Consolidated SDDC
n Business Continuity Layer in Consolidated SDDC
Physical Infrastructure Layer in Consolidated SDDCThe physical layer in Consolidated SDDC contains the compute, storage, and network resources in yourdata center.
VMware, Inc. 51
The compute, storage and network resources are organized in workload domains. The physical layer alsoincludes the physical network infrastructure, and storage setup.
Figure 9-2. Physical Configuration of the Consolidated SDDC
Workload DomainsAt the physical layer, workload domains can include different combinations of servers, and networkequipment which can be set up with varying levels of hardware redundancy and varying quality ofcomponents. Workload domains are connected to a network core that distributes data between them. Theworkload domain is not defined by any hard physical properties. It is a standard unit of connectedelements within the SDDC.
Workload domain is a logical boundary of functionality, managed by a single vCenter Server. While eachworkload domain usually spans one rack, it is possible to aggregate multiple workload domains into asingle rack in smaller setups. For both small and large setups, homogeneity and easy replication areimportant.
Introducing VMware Validated Design
VMware, Inc. 52
ClustersThis VMware Validated Design uses the following types of clusters:
Consolidated Cluster The consolidated cluster resides in the management workload domain andruns the following services:
n Virtual machines to manage the SDDC such as vCenter Server, NSXManager, vRealize Automation, vRealize Log Insight, vRealizeOperations Manager and a backup solution on top of vSphere StorageAPIs - Data Protection.
n Required NSX services to enable north-south routing between theSDDC and the external network, and east-west routing inside theSDDC.
n Virtual machines running business applications that support varyingService Level Agreements (SLAs).
NetworkThis VMware Validated Design uses a Layer 3 network architecture.
n A Top of Rack (ToR) switch is typically located inside a rack and provides network access to theservers inside that rack.
n An inter-rack switch at the aggregation layer provides connectivity between racks. Links betweeninter-rack switches are typically not required. If a link failure between an inter-rack switch and a ToRswitch occurs, the routing protocol ensures that no traffic is sent to the inter-rack switch that has lostconnectivity.
Regions and Availability Zones
Region Each region is a separate SDDC instance with one or more availabilityzones. You use multiple regions for disaster recovery across individualSDDC instances.
This VMware Validated Design uses a single region.
Table 9-1. Regions in Consolidated SDDC
Region Region-Specific Domain Name
Region A sfo01.rainpole.local
Availability Zone Represent the fault domain of the SDDC. Multiple availability zones canprovide continuous availability of an SDDC. This VMware Validated Designsupports one availability zone.
Introducing VMware Validated Design
VMware, Inc. 53
StorageThis VMware Validated Design provides guidance about the storage of the management components.The design uses two storage technologies:
Primary Storage vSAN storage is the default storage type for the SDDC managementcomponents. All design, deployment and operational guidance areperformed on vSAN.
The storage devices on vSAN ready servers provide the storageinfrastructure. Because this VMware Validated Design uses vSAN in hybridmode, each rack server must have minimum one SSD and two HDDdevices that form a disk group with capacity.
Secondary Storage NFS storage is the secondary storage for the SDDC managementcomponents. It provides space for archiving log data and applicationtemplates.
Virtual Infrastructure Layer in Consolidated SDDCThe virtual infrastructure layer of the Consolidated SDDC contains the components that provide compute,networking, and storage resources to the management and tenant workloads.
vCenter Server DesignTable 9-2. vCenter Server Design Details in Consolidated SDDC
Design Area Description
vCenter Server instances You deploy a single vCenter Server instance that supports boththe SDDC management components, and the tenant workloadsand connecting edge components.
Clusters You place hosts and workloads in a consolidated cluster. Thecluster contains the management virtual machines, NSXcontrollers and edges, and tenant workloads.
Resource pools for management components, tenant workloadsand dedicated NSX components
On the consolidated cluster, you use resource pools to distributecompute and storage resources between the managementcomponents, and the tenant workloads and NSX componentscarrying their traffic.
The Consolidated SDDC uses resource pools for the followingcomponents:
n Management virtual machines
n NSX Edge devices for the management components
n NSX Edge devices for the tenant workloads
n Tenant workloads
Deployment model This VMware Validated Design uses a vCenter Server instanceand a connected external Platform Services Controller instance .
Management host provisioning You use a host profile to apply the networking and authenticationconfiguration on the ESXi hosts in the consolidated cluster.
Introducing VMware Validated Design
VMware, Inc. 54
Figure 9-3. Layout of Consolidated Cluster in Consolidated SDDC
vCenter Server
PSC
ESXi ESXi ESXi ESXi
Consolidated Cluster
Dynamic Routing and Application Virtual NetworksThis VMware Validated Design supports dynamic routing for both management and tenant workloads,and also introduces a model of isolated application networks for the management components.
Dynamic routing support includes the following nodes:
n Pair of NSX Edge service gateways (ESGs) with ECMP enabled for north/south routing across allregions.
n Universal distributed logical router (UDLR) for east/west routing between applications and to apotential second region.
Application virtual networks provide support for limited access to the nodes of the applications throughpublished access points. Three application virtual networks exist:
n Cross-region application virtual network that connects the components that are designed to fail overto a recovery region if the SDDC is scaled out to a dual-region configuration.
n Region-specific application virtual network in Region A for components that are not designed to failover.
Introducing VMware Validated Design
VMware, Inc. 55
Figure 9-4. Virtual Application Network Components and Design in Consolidated SDDC
PSC
OSSRM
OSVC
OSVDP
OS
ECMPESGs
ToR Switches
Internet/EnterpriseNetwork
Mgmt-Management
Compute-Management
Legend:
192.168.11/24
Transit Networks
Management Application
vRLIUMDS
vRAvROps
ESGLoadBalancer
Mgmt-xRegion01-VXLAN
192.168.31/24
Mgmt-RegionА01-VXLAN
Universal Distributed Logical Router
Edge-Management
vRB Server vRB CollectorSkyline Collector
vRSLCM
vROps Collector
Distributed FirewallThis VMware Validated Design uses the distributed firewall functionality that is available in NSX to protectall management applications attached to application virtual networks.
Software-Defined Storage Design for Management ProductsWorkloads store their data on a vSAN datastore. The vSAN datastore spans all 4 ESXi hosts of theconsolidated cluster. Each host adds one disk group to the datastore.
Introducing VMware Validated Design
VMware, Inc. 56
Applications store their data according to the default storage policy for vSAN.
Figure 9-5. vSAN Conceptual Design in Consolidated SDDC
APP
OSAPP
OS
APP
OSAPP
OS
APP
OSAPP
OSAPP
OS
APP
OSAPP
OSAPP
OS
APP
OSAPP
OSAPP
OS
APP
OSAPP
OSAPP
OS
Virtual InfrastructureManagement
NSXController
NSXEdge
NSXManager
Workloads
vSAN Datastore
NSX Transport Zone
Consolidated Cluster
Managed by: Consolidated vCenter Server
Network: External(Internet/MPLS)
Network: Internal SDDC
Consolidated Cluster
vCenterServer
vDS
ESXiESXi ESXi ESXi
vRealize Log Insight uses NFS exports as secondary storage.
Operations Management Layer in Consolidated SDDCThe operations layer of the Consolidated SDDC provides capabilities for performance and capacitymonitoring, and for backup and restore of the cloud management components.
vSphere Update ManagerThis VMware Validated Design version uses vSphere Update Manager for upgrade of the ESXi hostsfrom previous VMware Validated Design versions.
Introducing VMware Validated Design
VMware, Inc. 57
vSphere Update Manager server and client components are a part of vCenter Server Appliance invSphere 6.5 or later. This design also deploys an instance of vSphere Update Manager DownloadService (UMDS). Using a region-specific UMDS instance restricts the direct access to the externalnetwork from multiple vSphere Update Manager and vCenter Server instances, and reduces storagerequirements across vSphere Update Manager.
Figure 9-6. vSphere Update Manager Design in Consolidated SDDC
APPOS
ESXi ESXi ESXi
UMDSRegion A
Consolidated Cluster
192.168.31.0/24
Mgmt-RegionA01-VXLAN
sfo01umds01
Universal DistributedLogical Router
vSphereUpdate
Manager
vCenter Server
vRealize Suite Lifecycle ManagervRealize Suite Lifecycle Manager provides lifecycle management capabilities for vRealize componentsincluding automated deployment, configuration, and upgrade. vRealize Suite Lifecycle Managercommunicates with the Consolidated vCenter Server to orchestrate the deployment, upgrade, andconfiguration drift analysis of vRealize Suite components in the SDDC.
Introducing VMware Validated Design
VMware, Inc. 58
Figure 9-7. Logical Design of vRealize Lifecycle Manager in Consolidated SDDC
vRealizeAutomation
vRealizeLog Insight
vRealizeOperationsManager
Lifecycle Management
SharedStorage
Appliance
vRealize SuiteLifecycle Manager
vCenterServer
Endpoint
VMware Marketplace
My VMware
External Services
REST API
User Interface
vRealizeBusiness
Access
Table 9-3. vRealize Suite Lifecycle Manager Design Details
Design Attribute Description
Deployment model One virtual appliance that deploys and upgrades the vRealizecomponents on the virtual infrastructure that is controlled by theConsolidated vCenter Server.
Supported components n vRealize Operations Manager
n vRealize Log Insight
n vRealize Automation (with embedded vRealizeOrchestrator)
n vRealize Business for Cloud
Product installation setup n Direct integration with My VMware to access vRealize Suiteentitlements
n Environments configuration that uses the product-baseddeployment path in the installation wizard
Introducing VMware Validated Design
VMware, Inc. 59
Table 9-4. Environment Layout in vRealize Suite Lifecycle Manager
Environment Name Environment Type Scope Product Components
Cross-Region Production Cross-Region n vRealize OperationsManager Analytics Cluster
n vRealize OperationsManager RemoteCollectors
n vRealize AutomationAppliances
n vRealize Automation IaaSManagers
n vRealize Automation IaaSWeb Servers
n vRealize Automation IaaSDEMs
n vRealize AutomationvSphere Proxy Agents
n vRealize Business ServerAppliances
n vRealize Business DataCollectors
Region A Production Region A vRealize Log Insight Cluster
vRealize Operations ManagerYou use vRealize Operations Manager to monitor the management components of the SDDC includingvSphere, NSX for vSphere and vRealize Automation.
vRealize Operations Manager is also sized to accommodate the number of tenant workloads per thedesign objectives.
Introducing VMware Validated Design
VMware, Inc. 60
Figure 9-8. vRealize Operations Manager Logical Design in Consolidated SDDC
Metric Adapter
vRealize Operations Manager
Analytics Cluster
ExternalLoad Balancer
Access
User Interface
API
Metric Adapter
vCenter Server
NSX
vRealizeLog Insight
Additional Solutions
vRealizeBusiness
vRealizeAutomation
Master
ManagementPacks
Suite API
Shared Storage
vRealize Operations ManagerRemote Collectors
CollectorGroup
ManagementPacks
Suite API
Remote Collector
Shared Storage
StorageDevices
vSAN
Integration
vCenter Server
vRealizeLog Insight
vRealizeAutomation
vRealizeBusiness
Table 9-5. vRealize Operations Manager Design Details in Consolidated SDDC
Design Attribute Description
Deployment model n Analytics cluster of one node: master
n Remote collector group that consists of one remote collectorthat communicates with the management components in thesingle region
Monitored components n vCenter Server and Platform Services Controller
n ESXi hosts in the consolidated cluster
n All components of NSX for vSphere for the consolidatedcluster
n vRealize Automation and vRealize Orchestrator
n vRealize Log Insight including Launch in Context
n vRealize Business including integration in the vRealizeOperations Manager operations interface
n vSAN
n vRealize Operations Manager (self-health monitoring)
Introducing VMware Validated Design
VMware, Inc. 61
vRealize Log InsightYou use vRealize Log Insight to access the logs of the SDDC management components from a centralplace and view this information in visual dashboards.
Figure 9-9. vRealize Log Insight Logical Design in Consolidated SDDC
MasterIntegration
vRealize Log Insight
Log ArchiveNFS
Export
SharedStorage
Content Packs
Ingestion API Syslog
IntegratedLoad Balancer
vSphere
vRealize Operations Manager
vRealize Operations Manager
Access
User Interface
API
Logging Clients
vCenter Server
ESXi
NSX
Additional Solutions
PlatformServices Controller
vRealizeAutomation
Table 9-6. vRealize Log Insight Design Details in Consolidated SDDC
Design Attribute Description
Deployment model Cluster of a master node.
Monitored components n vCenter Server and Platform Services Controller
n ESXi hosts in the consolidated cluster
n All components of NSX for vSphere for the consolidatedcluster
n vRealize Automation and vRealize Orchestrator
n vRealize Business
n Analytics cluster nodes of vRealize Operations Manager
n Management virtual appliances
Archiving Archiving location on an NFS export
Introducing VMware Validated Design
VMware, Inc. 62
VMware SkylineYou integrate the Consolidated SDDC with VMware Skyline for proactive product support. The VMwareSkyline engine in VMware Cloud Services analyzes the data on the usage of the managementcomponents that is collected by a VMware Skyline Collector instance in the region of the ConsolidatedSDDC. You can then access proactive findings and recommendations in VMware Skyline Advisor.
Figure 9-10. Logical Design of the Skyline Collector Instance in a Consolidated SDDC
Endpoints
Skyline Collector
SharedStorage
NSX
vRealizeOperationsManager
Integration
vSAN
Access
User Interface
VAMI
VMware Cloud Services
Skyline
vCenterServer
Table 9-7. VMware Skyline Collector Design Details in Consolidated SDDC
Design Attribute Description
Deployment model One virtual appliance that collects product usage data fromvCenter Server, NSX Manager, and vRealize OperationsManager endpoints.
Monitored components n Consolidated vCenter Server
n ESXi hosts in the consolidated cluster.
n All components of NSX for vSphere for the consolidatedcluster
n vRealize Operations Manager analytics node
Introducing VMware Validated Design
VMware, Inc. 63
Cloud Management Layer in Consolidated SDDCThe cloud management layer in the Consolidated SDDC enables you to deliver tenants with automatedworkload provisioning by using a self-service portal.
Table 9-8. Cloud Management Design Details in Consolidated SDDC
Design Attribute Description
Software components n vRealize Automation
n Embedded vRealize Orchestrator
n vRealize Business
Deployment model of vRealize Automation Distributed deployment with support for vSphere endpoints byusing vSphere Proxy Agent virtual machines.
You install the vRealize Automation components on multiplemachines.
High availability and load balancing Disabled
Endpoints n vCenter Server for the consolidated cluster
n NSX Manager for the consolidated cluster
Blueprint configuration Single-machine blueprints
Tenants A single tenant company called Rainpole
Fabric groups One fabric group with all resources in the consolidated clusterassigned
Business groups According to the internal structure and workload configuration ofyour organization. Allocate business groups for separatebusiness units, for example, for development and production.
Introducing VMware Validated Design
VMware, Inc. 64
Figure 9-11. Example vRealize Automation Tenant Design
Rainpole Tenanthttps://cmp.rainpole.local/vcac/org/rainpole
Business Group Manufacturing
Business Group Manager
Business Group Finance
TenantAdminBusiness Group
Manager
Fabric Admin
IaaSAdmin
ProdReservation
DevReservation
EdgeReservation
Fabric Group
Consolidated SDDCData Center Infrastructure Fabric
https://cmp.rainpole.local/vcac
• Tenant Creation• System Branding• System Notification Providers• Event LogsSystem Admin
Default Tenant
Business Continuity Layer in Consolidated SDDCThe business continuity layer includes solutions for data protection of critical management components ofthe Consolidated SDDC.
Data ProtectionTo back up the virtual machines of the SDDC management components, you deploy a solution that iscompatible with vSphere Storage APIs for Data Protection (VADP).
Introducing VMware Validated Design
VMware, Inc. 65
Figure 9-12. vSphere Data Protection Design in Consolidated SDDC
Authentication
Platform Services Controller
vCenter Server
vSphere Storage APIs - Data Protection
vSphere Storage APIs - Data ProtectionVM Snapshot/Backup Agent
Backup Datastore
Introducing VMware Validated Design
VMware, Inc. 66
Overview of ROBO SDDC 10The SDDC architecture in this VMware Validated Design consists of layers. The layered structure enablesyou to create the SDDC in modules and to handle each set of components separately.
For information about the design and deployment of each layer, see VMware Validated DesignArchitecture and Design and VMware Validated Design Deployment.
Figure 10-1. Components of a ROBO SDDC
ServiceManagement
Portfolio Management
OperationsManagement
CloudManagement
Layer
Service Catalog
Self-Service Portal
Orchestration
BusinessContinuity
Fault Tolerance and Disaster
Recovery
Backup & Restore
Hypervisor
Pools of Resources
Virtualization Control
VirtualInfrastructure
Layer
Compute
Storage
Network
PhysicalLayer
Security
Replication Compliance
Risk
Governance
This chapter includes the following topics:
n Physical Infrastructure Layer in ROBO SDDC
n Virtual Infrastructure Layer in ROBO SDDC
n Operations Management Layer in ROBO SDDC
n Cloud Management Layer in ROBO SDDC
n Business Continuity Layer in ROBO SDDC
Physical Infrastructure Layer in ROBO SDDCThe physical layer in ROBO SDDC contains the compute, storage, and network resources in your datacenter.
VMware, Inc. 67
The compute, storage and network resources are organized in workload domains. The physical layer alsoincludes the physical network infrastructure, and storage setup.
Figure 10-2. Physical Configuration of the ROBO SDDC
SpineSwitch
SpineSwitch
ToR Switch
ToRSwitch
Consolidated cluster(min 4 ESXi hosts)
Secondarystorage
External connection
L3
L2
Workload DomainsAt the physical layer, workload domains can include different combinations of servers, and networkequipment which can be set up with varying levels of hardware redundancy and varying quality ofcomponents. Workload domains are connected to a network core that distributes data between them. Theworkload domain is not defined by any hard physical properties. It is a standard unit of connectedelements within the SDDC.
Workload domain is a logical boundary of functionality, managed by a single vCenter Server. While eachworkload domain usually spans one rack, it is possible to aggregate multiple workload domains into asingle rack in smaller setups. For both small and large setups, homogeneity and easy replication areimportant.
ClustersThis VMware Validated Design uses the following types of clusters:
Consolidated Cluster The consolidated cluster resides in the management workload domain andruns the following services:
n Virtual machines to manage the SDDC such as vCenter Server, NSXManager, vRealize Automation, vRealize Log Insight and vRealizeOperations Manager.
Introducing VMware Validated Design
VMware, Inc. 68
n Required NSX services to enable north-south routing between theSDDC and the external network, and East-West routing inside theSDDC.
n Virtual machines running business applications that support varyingService Level Agreements (SLAs).
NetworkThis VMware Validated Design uses a Layer 3 network architecture.
n A Top of Rack (ToR) switch is typically located inside a rack and provides network access to theservers inside that rack.
n An inter-rack switch at the aggregation layer provides connectivity between racks. Links betweeninter-rack switches are typically not required. If a link failure between an inter-rack switch and a ToRswitch occurs, the routing protocol ensures that no traffic is sent to the inter-rack switch that has lostconnectivity.
Regions, Hubs and ROBO Sites
Hub A hub is the centralized provisioning and monitoring components of theSDDC. A hub can be dedicated to ROBO sites according to the number ofremote office connections required or be a part of the VMware ValidatedDesign for Software-Defined Data Center. In either case, the hub has thecapability for failover between regions in the event of a disaster.
Region Each region is a separate SDDC instance and can contain one or moreavailability zones. This VMware Validated Design uses two exampleregions in the hub: one in San Francisco (SFO) and the other in LosAngeles (LAX).
Table 10-1. Regions in VMware Validated Design for Remote Officeand Branch Office
Region Disaster Recovery RoleRegion-Specific DomainName
Region A Protected sfo01.rainpole.local
Region B Recovery lax01.rainpole.local
Availability Zone Represent the fault domain of the SDDC. Multiple availability zones canprovide continuous availability of an SDDC. By default, this VMwareValidated Design supports one availability zone in each region in the hub.Alternatively, you can implement an SDDC that has two availability zones inRegion A. See Multiple Availability Zones in Standard SDDC.
ROBO site A ROBO site is a location that you use to support specific services such asmanufacturing, hospitals, or call centers. These locations require minimal
Introducing VMware Validated Design
VMware, Inc. 69
workload deployment and have hardware located in space constrainedrooms.
Table 10-2. Sites in VMware Validated Design for Remote Office andBranch Office
Site Identifier Description
NYC01 New York City, NY, USA based Remote Officeand Branch Office
StorageThis VMware Validated Design provides guidance about the storage of the management components.The design uses two storage technologies:
Primary Storage vSAN storage is the default storage type for the SDDC managementcomponents. All design, deployment and operational guidance areperformed on vSAN.
The storage devices on vSAN ready servers provide the storageinfrastructure. Because this VMware Validated Design uses vSAN in hybridmode, each rack server must have minimum one SSD and two HDDdevices that form a disk group with capacity.
Secondary Storage NFS storage is the secondary storage for the SDDC managementcomponents. It provides space for archiving log data and applicationtemplates.
Virtual Infrastructure Layer in ROBO SDDCThe virtual infrastructure layer of the ROBO SDDC contains the components that provide compute,networking, and storage resources to the management and tenant workloads in the remote office.
vCenter Server DesignTable 10-3. vCenter Server Design Details in ROBO SDDC
Design Area Description
vCenter Server instances You deploy a single vCenter Server that supports both theSDDC management components.
Clusters You place hosts and workloads in a consolidated cluster. Thecluster contains the management virtual machines, NSXcontrollers and edges, and tenant workloads.
Introducing VMware Validated Design
VMware, Inc. 70
Table 10-3. vCenter Server Design Details in ROBO SDDC (continued)
Design Area Description
Resource pools for tenant workloads and dedicated NSXcomponents
On the consolidated cluster, you use resource pools to distributecompute and storage resources between the managementcomponents, and the tenant workloads and NSX componentscarrying their traffic.
The Consolidated SDDC uses resource pools for the followingcomponents:
n Management virtual machines
n NSX Edge devices for the management components
n NSX Edge devices for the tenant workloads
n Tenant workloads
Deployment model This VMware Validated Design uses a vCenter Server instancewith an embedded Platform Services Controller instance.
Management host provisioning You use a host profile to apply the networking and authenticationconfiguration on the ESXi hosts in the consolidated cluster.
Figure 10-3. Layout of vCenter Server Consolidated Cluster in ROBO SDDC
ESXi ESXi ESXi ESXi
ROBO vCenterEmbedded PSC
Domain
Consolidated Cluster
Dynamic Routing and Application Virtual NetworksThis VMware Validated Design supports dynamic routing for both management and tenant workloads,and also introduces a model of isolated application networks for the management components.
Dynamic routing support includes the following nodes:
n Pair of NSX Edge service gateways (ESGs) with ECMP enabled for north/south routing across allregions.
n Distributed logical router (DLR) for tenant internal network.
Introducing VMware Validated Design
VMware, Inc. 71
Application virtual networks provide support for limited access to the nodes of the applications throughpublished access points. One application virtual networks exists:
n Application virtual network in each site for components that are not designed to fail over.
Figure 10-4. Virtual Application Network Components and Design in ROBO SDDC
VC
OSNSX
OS
ECMPESGs
ToRSwitches
Internet/EnterpriseNetwork
vSphere Management
Legend:Transit NetworksManagement Application
Distributed Logical Router
172.18.19.0/24
vRLIvROps Remote CollectorsvRA Proxy AgentsvRB Data CollectorUMDS
Mgmt-NYC01-VXLAN
172.18.11.0/24
Edge-uplink (for ESGs)
Distributed FirewallThis VMware Validated Design uses the distributed firewall functionality that is available in NSX to protectall management applications attached to application virtual networks.
Software-Defined Storage Design for Management ProductsWorkloads store their data on a vSAN datastore. The vSAN datastore spans all 4 ESXi hosts of theconsolidated cluster. Each host adds one disk group to the datastore.
Introducing VMware Validated Design
VMware, Inc. 72
Applications store their data according to the default storage policy for vSAN.
Figure 10-5. vSAN Conceptual Design in ROBO SDDC
APP
OSAPP
OS
APP
OSAPP
OS
ESXi
APP
OSAPP
OSAPP
OS
APP
OSAPP
OSAPP
OS
APP
OSAPP
OSAPP
OS
APP
OSAPP
OSAPP
OS
Network: Internal SDDC
Virtual InfrastructureManagement
NSXController
NSXEdge
NSXManager
ESXi ESXi ESXi
Workloads
NSX Transport Zone (ROBO)
vSAN Datastore (ROBO)
vDS (ROBO)
Consolidated Cluster
Managed by: Consolidated vCenter Server
Network: External(Internet/MPLS)
Consolidated Cluster
vCenterServer
vRealize Log Insight use NFS exports as secondary storage.
Operations Management Layer in ROBO SDDCThe operations layer of the ROBO SDDC provides capabilities for performance and capacity monitoring.
vSphere Update ManagerThis VMware Validated Design version uses vSphere Update Manager for upgrade of the ESXi hostsfrom previous VMware Validated Design versions.
Introducing VMware Validated Design
VMware, Inc. 73
vSphere Update Manager server and client components are a part of vCenter Server Appliance invSphere 6.5 or later. This design also deploys an instance of vSphere Update Manager DownloadService (UMDS). Using a region-specific UMDS instance restricts the direct access to the externalnetwork from multiple vSphere Update Manager and vCenter Server instances, and reduces storagerequirements across vSphere Update Manager.
Figure 10-6. vSphere Update Manager Design in ROBO SDDC
APPOS
ESXi ESXi ESXi
UMDS NYC01 ROBO
Consolidated Cluster
172.18.19.0/24
Mgmt-NYC01-VXLAN
nyc01umds01
Distributed Logical Router
vSphereUpdate
Manager
vCenter Server
vRealize Suite Lifecycle ManagervRealize Suite Lifecycle Manager provides lifecycle management capabilities for vRealize componentsincluding automated deployment, configuration, and upgrade. vRealize Suite Lifecycle Managercommunicates with the Consolidated vCenter Server in the ROBO site to orchestrate the deployment,upgrade, and configuration drift analysis of vRealize Suite components in the SDDC.
Introducing VMware Validated Design
VMware, Inc. 74
vRealize Suite Lifecycle Manager controls separately the lifecycle of the hub components and of thecomponents that are specific to the ROBO.
Figure 10-7. Logical Design of vRealize Lifecycle Manager in ROBO SDDC
vRealizeBusinessCollectors
vRealizeAutomationProxy Agents
vRealizeLog Insight
vRealizeOperationsCollectors
Lifecycle Management
Endpoint
vRealizeAutomation
vRealizeLog Insite
vRealizeOperationsManager
Lifecycle Management
SharedStorage
Appliance
vRealize SuiteLifecycle Manager
vCenterServer
Endpoint
VMware Marketplace
My VMware
External Services
REST API
User Interface
Access
Hub ROBO
vRealizeBusiness
vCenterServer
Table 10-4. vRealize Suite Lifecycle Manager Design Details
Design Attribute Description
Deployment model One virtual appliance in the hub that deploys and upgrades thevRealize components on the virtual infrastructure that iscontrolled by the vCenter Server instance in each ROBO
Supported components in the ROBO site n vRealize Operations Manager remote controllers
n vRealize Log Insight cluster
n vSphere Proxy Agents in vRealize Automation
n vRealize Business data collector
Product installation setup n Direct integration with My VMware to access vRealize Suiteentitlements
n Environments configuration that uses the product-baseddeployment path in the installation wizard
Introducing VMware Validated Design
VMware, Inc. 75
Table 10-5. Environment Layout in vRealize Suite Lifecycle Manager
Location Environment NameEnvironmentType Scope Product Components
Hub Cross-Region Production Cross-Region n vRealize Operations Manager AnalyticsCluster
n vRealize Operations Manager RemoteCollectors
n vRealize Automation Appliances
n vRealize Automation IaaS Managers
n vRealize Automation IaaS Web Servers
n vRealize Automation IaaS DEMs
n vRealize Automation vSphere ProxyAgents
n vRealize Business Server Appliances
n vRealize Business Data Collectors
Region A Production Region A vRealize Log Insight Cluster
Region B Production Region B vRealize Log Insight Cluster
ROBO site ROBO A Production ROBO A vRealize Log Insight Cluster
vRealize Operations ManagerYou use vRealize Operations Manager to monitor the management components of the SDDC includingvSphere, NSX for vSphere, and vRealize Automation.
vRealize Operations Manager is also sized to accommodate the number of tenant workloads per thedesign objectives.
Introducing VMware Validated Design
VMware, Inc. 76
Figure 10-8. vRealize Operations Manager Logical Design in ROBO SDDC
CollectorGroup
ManagementPacks
Suite API
vRealizeOperations ManagerRemote Collectors
StorageDevices
Metric Adapters
vCenter Server
NSX
AdditionalSolutions
Region A
Integration vRealizeOperations Manager
Analytics Cluster
Access
vRealize Log Insight
vRealizeOperations ManagerRemote Collectors
MetricAdapters
Shared Storage
Region A
vRealizeOperations ManagerRemote Collectors
MetricAdapters
Shared Storage
RemoteCollector 1
RemoteCollector 2
Shared Storage
vSAN
ROBO X
Table 10-6. vRealize Operations Manager Design Details in ROBO SDDC
Design Attribute Description
Deployment model n Analytics cluster of 3 nodes in the hub: master, masterreplica and data nodes
n Remote collector group that consists of two remotecollectors in each ROBO site
Monitored components from the ROBO site n vCenter Server and Platform Services Controller
n ESXi hosts in the consolidated cluster
n All components of NSX for vSphere for the consolidatedcluster
n vSphere Proxy Agents in vRealize Automation
n vRealize Log Insight including Launch in Context
Introducing VMware Validated Design
VMware, Inc. 77
vRealize Log InsightYou use vRealize Log Insight to access the logs of the SDDC management components from a centralplace and view this information in visual dashboards.
Figure 10-9. vRealize Log Insight Logical Design in ROBO SDDC
Region A
Integration Cluster
Access
vRealize Log Insight
Content PacksLogging Clients
Access
User Interface
API
IntegratedLoad Balancer
Content Packs
Syslog
Ingestion API
vRealizeLog Insight
Shared Storage
LogArchive
NFSExport
Master Worker1
Worker2 WorkerN
Shared Storage
LogArchive
NFSExport
Region B
Integration Cluster
Access
vRealize Log Insight
Content PacksLogging Clients
Shared Storage
LogArchive
NFSExport
ROBO X
Integration
vSphere
vRealizeOperationsManager
vRealizeOperationsManagerRemoteCollectors
Logging Clients
vCenter Server
ESXi
NSX
vRealizeAutomationProxy Agents
AdditionalSolutions
vRealizeBusinessDataCollector
Introducing VMware Validated Design
VMware, Inc. 78
Table 10-7. vRealize Log Insight Design Details in ROBO SDDC
Design Attribute Description
Deployment model Cluster of 3 node: one master and two worker nodes.
Monitored components from the ROBO site n vCenter Server and Platform Services Controller
n ESXi hosts in the consolidated cluster
n All components of NSX for vSphere for the consolidatedcluster
n vSphere Proxy Agents in vRealize Automation
n Remote collectors in vRealize Operations Manager
Archiving Archiving location on an NFS export
Cloud Management Layer in ROBO SDDCThe cloud management layer in the ROBO SDDC enables you to deliver tenants with automatedworkload provisioning by using a self-service portal.
Table 10-8. Cloud Management Design Details in ROBO SDDC
Design Attribute Description
Software components in the hub n vRealize Automation
n vRealize Orchestrator
n vRealize Business
Deployment model of vRealize Automation and vRealizeBusiness in the ROBO site
Distributed deployment with support for vSphere endpoints byusing vSphere Proxy Agent virtual machines in the ROBO sites.
You install the vRealize Automation components on multiplemachines.
The site contains a vRealize Business data collector. The datacollector sends cost data back to the vRealize Business serverin the hub.
High availability and load balancing The vSphere Proxy Agents in each site are highly-available.
Endpoints n vCenter Server for the consolidated cluster in the site
n NSX Manager for the consolidated cluster in the site
Blueprint configuration Single-machine blueprints
Tenants A single tenant company called Rainpole
Fabric groups One fabric group with all resources in the consolidated clusterassigned
Business groups According to the internal structure and workload configuration ofyour organization. Allocate business groups for separatebusiness units, for example, for development and production.
Introducing VMware Validated Design
VMware, Inc. 79
Figure 10-10. Example vRealize Automation Tenant Design in ROBO SDDC
Business Group Manufacturing
Rainpole Tenanthttps://cmp.rainpole.local/vcac/org/rainpole
Business Group Manager
Business Group Finance
TenantAdminBusiness Group
Manager
FabricAdmin
IaaSAdmin
ROBO A Fabric Group ROBO B Fabric Group
ROBO A Data Center Infrastructure Fabric
ROBO B Data Center Infrastructure Fabric
https://cmp.rainpole.local/vcac
• Tenant Creation• System Branding• System Notification Providers• Event LogsSystem
Admin
Default Tenant
FabricAdmin
ROBO BManufacturingReservation
ROBO BFinance
Reservation
ROBO AManufacturingReservation
ROBO AFinance
Reservation
Business Continuity Layer in ROBO SDDCThe business continuity layer includes solutions for data protection critical management components ofthe ROBO SDDC.
Data ProtectionTo back up the virtual machines of the SDDC management components, you deploy a solution that iscompatible with vSphere Storage APIs for Data Protection (VADP).
Introducing VMware Validated Design
VMware, Inc. 80
Figure 10-11. vSphere Data Protection Design in ROBO SDDC
Authentication
Platform Services Controller
vCenter Server
vSphere Storage APIs - Data Protection
vSphere Storage APIs - Data ProtectionVM Snapshot/Backup Agent
Backup Datastore
Introducing VMware Validated Design
VMware, Inc. 81