VMware Validated Design for SDDC 6.2

-

 VMware Validated Design is a family of solutions for data center designs that span compute, storage, networking, and management, serving as a blueprint for your Software-Defined Data Center (SDDC) implementation. The documentation of VMware Validated Design consists of succeeding deliverables for all stages of the SDDC life cycle.

Introducing VMware Validated Design includes the following information:

  • Design objectives

  • Deployment flow of the SDDC management components

  • Document structure and purpose

  • SDDC high-level overview


Use VMware Validated Design to build a scalable Software-Defined Data Center that is based on VMware best practices.

VMware Validated Design has the following advantages:

One path to SDDC

After you satisfy the deployment requirements, follow one consistent path to deploy an SDDC.

VMware Validated Design provides a tested solution path with information about product versions, networking architecture, capabilities, and limitations.

SDDC design for use in production

VMware Validated Design supports an SDDC that has the following features:

  • High-availability of management components

  • Backup and restore of management components

  • Monitoring and alerting

Validated design and deployment

The prescriptive documentation of VMware Validated Design is continuously tested by VMware.

Validation provides the following advantages to your organization:

  • Validated product interoperability

  • Reduced risk of deployment and operational problems

  • Reduced test effort

Validated solution capabilities

  • Churn rate of tenant workloads

  • High availability of management components

  • Operational continuity

  • Design with dual-region support in mind

Fast SDDC standup

You can implement a data center without engaging in design work and product research. After you download all SDDC products, follow the detailed design and step-by-step instructions.

Support for latest product releases

Every version of a VMware Validated Design accommodates new product releases. If you have deployed an SDDC according to an earlier version of a VMware Validated Design, you can directly follow the validated design to upgrade your environment.


VMware Validated Design supports an SDDC architecture according to the requirements of your organization and the resource capabilities of your environment.

High-Level Logical Design of the SDDC

The SDDC according to VMware Validated Design contains the main services that are required to cover provisioning of virtualized and containerized workloads, cloud operations, and cloud automation.

Logical Design of the SDDC








According to the SDDC implementation type, a VMware Validated Design has objectives to deliver prescriptive content about an SDDC that is fast to deploy and is suitable for use in production.

VMware Validated Design Objective

Description

Main objective

SDDC capable of automated provisioning of on-premises workload, hybrid workloads, and containers.

Scope of deployment

Greenfield deployment of the management and workload domains of the SDDC, and incremental expansion of these domains as needed.

Cloud type

On-premises private cloud.

Number of regions and disaster recovery support

Single-region SDDC with multiple availability zones that you can potentially use as a best practice for a second VMware Cloud Foundation instance.

Availability zones are separate low-latency, high-bandwidth connected sites. Regions have higher latency and lower bandwidth connectivity.

The documentation provides guidance for a deployment that supports two regions for failover in the following way:

  • The design documentation provides guidance for an SDDC whose management components are designed to operate in the event of planned migration or disaster recovery.

  • The deployment documentation provides guidance for an SDDC that supports two regions for both management and tenant workloads.

Maximum number of virtual machines and churn rate

By using the SDDC Manager API in VMware Cloud Foundation, you can deploy a VMware vCenter Server™ appliance of a specified deployment and storage size. As a result, in this VMware Validated Design, you determine the maximum number of virtual machines in the SDDC according to a medium-size vCenter Server deployment specification or larger.

  • 4,000 running virtual machines per virtual infrastructure workload domain

  • 56,000 running virtual machines overall distributed across 14 virtual infrastructure workload domains

  • Churn rate of 750 virtual machines per hour

    Churn rate is related to provisioning, power cycle operations, and decommissioning of one tenant virtual machine by using a blueprint in the cloud automation platform. A churn rate of 100 means that 100 tenant workloads are provisioned, pass the power cycle operations, and are deleted.

Maximum number of containers or pods

2,000 pods per Supervisor Cluster

Number of workload domains in a region

Minimum two-domain setup, with a minimum of 4 VMware ESXi™ hosts in a domain

The validated design requires the following workload domains for SDDC deployment:

  • Management domain. Contains the appliances of the SDDC management components.

  • One or more solution-specific workload domains for Infrastructure-as-a-Service (IaaS) and containers. Up to 14 workload domains per region.

    • Contains the tenant workloads.

    • Contains the required SDDC services to enable the solution that is deployed.

See Workload Domains in VMware Validated Design.

Shared use of components for management of workload domains

This VMware Validated Design uses a dedicated NSX-T Manager cluster for each workload domain.

Data center virtualization

Maximized workload flexibility and limited dependencies on static data center infrastructure by using compute, storage, and network virtualization.

Scope of guidance

  • Clean deployment of the management domain, workload domains, and solutions working on top of the infrastructure in the domains.

  • Incremental expansion of the deployed infrastructure

    • In a single region

    • To additional availability zones

    • To additional regions

  • Deployment and initial setup of management components at the levels of virtualization infrastructure, identity and access management, cloud automation, and cloud operations.

  • Basic tenant operations such as creating a single Rainpole tenant, assigning tenant capacity, and configuring user access.

  • Operations on the management components of the SDDC such as monitoring and alerting, backup and restore, post-maintenance validation, disaster recovery, and upgrade.

Overall availability

  • 99.7% of management plane availability

  • Workload availability subject to specific availability requirements

Planned downtime is expected for upgrades, patching, and on-going maintenance.

Authentication, authorization, and access control

  • Use of Microsoft Active Directory as the identity provider.

  • Use of service accounts with least privilege role-based access control for solution integration.

Certificate signing

Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate authority layers.

Hardening

Tenant workload traffic can be separated from the management traffic.


In VMware Validated Design, a workload domain represents a logical unit that groups ESXi hosts managed by a vCenter Server instance with specific characteristics according to VMware SDDC best practices.

A workload domain exists in the boundaries of an SDDC region. A region can contain one or more domains. A workload domain cannot span multiple regions.

Each domain contains the following components:

  • One VMware vCenter Server™ instance.

  • At least one vSphere cluster with vSphere HA and vSphere DRS enabled. See Cluster Types.

  • One vSphere Distributed Switch per cluster for system traffic and segments in VMware NSX-T Data Center™ for workloads.

  • One NSX-T Manager cluster for configuring and implementing software-defined networking.

  • One NSX-T Edge cluster that connects the workloads in the domain for logical switching, logical dynamic routing, and load balancing.

  • In either of the two regions in a multi-region SDDC, one NSX-T Global Manager cluster for configuring software-defined networks that span multiple regions

  • One or more shared storage allocations.

Management Domain

Contains the SDDC management components.

The management domain has the following features:

Features of the Management Domain

Feature

Description

Types of workloads

Management workloads and networking components for them.

Cluster types

Management cluster

Virtual switch type

  • vSphere Distributed Switch for system traffic and NSX-T network segments

  • NSX-T Virtual Distributed Switch (N-VDS) on the NSX-T Edge nodes

Software-defined networking

NSX -T Data Center

Shared storage type

  • VMware vSAN™ for principal storage

  • NFS for supplemental storage

Time of deployment

First domain to deploy during initial SDDC implementation

Deployment method

Deployed by VMware Cloud Builder as part of the bring-up process of VMware Cloud Foundation except for the region-specific VMware Workspace ONE® Access™ instance. You deploy the region-specific Workspace ONE Access instance manually and connect it to the NSX-T instance for the management domain.

Management Workloads for the Management Domain

Component

Cluster Location

vCenter Server

First cluster in the domain

NSX-T Manager cluster

First cluster in the domain

NSX-T Edge cluster for north-south routing, east-west routing, and load balancing

First cluster in the domain

NSX-T Global Manager cluster for global networking across multiple regions

First cluster in the domain

Region-specific Workspace ONE Access for central role-based access control

First cluster in the domain

Virtual Infrastructure Workload Domains

Contains tenant workloads that use NSX-T Data Center for logical networking. According to the requirements of your organization, you can deploy multiple virtual infrastructure (VI) workload domains in your environment.

A virtual infrastructure workload domain has the following features:

Features of a VI Workload Domain

Feature

Description

Types of workloads

Tenant workloads and networking components for them.

Cluster types

  • Shared edge and workload cluster

  • Additional workload clusters

Virtual switch type

  • vSphere Distributed Switch for system traffic from the management domain and for NSX-T network segments

  • N-VDS on the NSX-T Edge nodes in the workload domain

Software-defined networking

NSX-T Data Center

Shared storage type

vSAN, vVols, NFS, or VMFS on FC for principal storage

Time of deployment

After initial SDDC bring-up of the management domain

Deployment method

Deployed by SDDC Manager

For a multi-region SDDC, you deploy the NSX-T Global Manager cluster from an OVA file.

Management Workloads for a VI Workload Domain

Component

Deployment Location

Shared Between Workload Domains

vCenter Server

First cluster in the management domain

X

NSX-T Manager cluster

First cluster in the management domain

  • ✓ for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisioning

    Deployed with the first VI workload domain

  • X for workload domains where workloads must be connected to domain-specific transport zones

NSX-T Edge cluster for north-south and east-west routing

Shared edge and workload cluster in the workload domain

  • ✓ for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisioning

    Deployed with the first VI workload domain

  • X for workload domains where workloads must be connected to domain-specific transport zones

NSX-T Global Manager cluster for global networking across multiple regions

First cluster in the domain

vSphere with Tanzu Workload Domains

Contains containerized workloads that use vSphere with Tanzu for container provisioning and NSX-T Data Center for logical networking. According to the requirements of your organization, you can deploy multiple vSphere with Tanzu workload domains.

A vSphere with Tanzu workload domain has the following features:

Features of a vSphere with Tanzu Workload Domain

Feature

Description

Types of workloads

Containerized workloads and networking components for them.

Cluster types

  • Shared edge and workload cluster

  • Additional workload clusters

Virtual switch type

  • vSphere Distributed Switch for system traffic from the management domain and for NSX-T network segments

  • N-VDS on the NSX-T Edge nodes in the workload domain

Software-defined networking

NSX-T Data Center

Shared storage type

vSAN, vVols, NFS, or VMFS on FC for principal storage

Time of deployment

After initial SDDC bring-up of the management domain

Deployment method

You use SDDC Manager for environment validation and the vSphere Client for enabling vSphere with Tanzu

Management Workloads for a vSphere with Tanzu Workload Domain

Component

Deployment Location

Shared Between Workload Domains

vCenter Server

First cluster in the management domain

X

NSX-T Manager cluster

First cluster in the management domain

  • ✓for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisioning

    Deployed with the first vSphere with Tanzu workload domain

  • X for workload domains where workloads must be connected to domain-specific transport zones

NSX-T Edge cluster for north-south and east-west routing

Shared edge and workload cluster

  • ✓ for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisionin

    Deployed with the first vSphere with Tanzu workload domain

  • X for workload domains where workloads must be connected to domain-specific transport zones

Supervisor Cluster

Shared edge and workload cluster

X


For more details on VMware Validated Design for SDDC, refer to VMware documentation:
https://docs.vmware.com/en/VMware-Validated-Design/6.2/introducing-vmware-validated-design/GUID-5B8D0FFC-141E-43A6-BCD4-BB3966581401.html


Comments

Post a Comment

Popular posts from this blog

How to migrate the N-VDS as the host switch to VDS 7.0 in NSX-T 3.x

-
Image
  Hello There, In this article, i am covering how to migrate the ESXi host switch from N-VDS to VDS 7.0 switch in NSX-T 3.2.x version. When using N-VDS as the host switch,  NSX-T  is represented as an opaque network in  vCenter Server . N-VDS owns one or more of the physical interfaces (pNICs) on the transport node, and port configuration is performed from  NSX-T Data Center . You can migrate your host switch to  vSphere  Distributed Switch (VDS) 7.0 for optimal pNIC usage and manage the networking for  NSX-T  hosts from  vCenter Server . When running  NSX-T  on a VDS switch, a segment is represented as an  NSX-T  Distributed Virtual Port Groups. Any changes to the segments on the  NSX-T  network are synchronized in  vCenter Server. We have an NSX-T environment running with NSX-T 3.2.2.1 version. this environment was designed and implemented with NSX-T 2.x version and that time we used the N-VDS as host switch configuration on the transport nodes bcuz VDS was not supported that time. 
Read more

vROPS appliances password remediation tasks failed from SDDC manager

-
Image
Issue details:-   Password remediation tasks on SDDC manager getting failed with below error. However, we are able to connect SSH with root password on the vROPS appliances, no issues with credentials. I checked Operations logs on SDDC manager and found below logs, indicating the SSH connectivity issues from SDDC to vROPS appliances. Tried to do SSH vROPS appliance from SDDC manager, getting below error... Seems some issue with ECDSA key.. Resolution:- SSH to vROPS appliance and retrieve the ECDSA ssh keys as below. Now, we have 2 options to update the correct SSH keys for vROPS appliance on SDDC manager known_Hosts files located at below location.   /root/.ssh/known_hosts   /etc/vmware/vcf/commonsvcs/known_hosts   /home/vcf/.ssh/known_hosts   /opt/vmware/vcf/commonsvcs/defaults/hosts/known_hosts First option is manually copy and paste the SSH key on all the known_hosts files and restart the SDDC manager services and then try to remediate the password again. it will be successful this
Read more

How to Import/Register a VM into vRA portal

-
Image
You can import an unmanaged virtual machine to a vRealize Automation environment. An unmanaged virtual machine exists in a vCenter but is not managed in a vRealize Automation environment and cannot be viewed in the vRA portal . Once you import an unmanaged virtual machine, the virtual machine is managed by using the vRealize Automation management interface. you can see the virtual machine on the Managed Machines tab or the Items tab. Please follow below steps to Import/Register VM into a vRA portal. Log in to vRealize Automation as a fabric administrator and as a business group manager. If you are importing virtual machines that use static IP addresses, prepare a properly configured address pool.  If you use bulk import to import a virtual machine with a static IP address that is allocated to another virtual machine, the import fails. Create a Blueprint and should not have even network attached as well. See below snapin. Create Network profile that shoul
Read more