Introducing VMware Validated Design - VMware Validated ...

Introducing VMware Validated Design

Modified on 30 MAR 2021VMware Validated Design 6.2VMware Cloud Foundation 4.2

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

Copyright ©

2016-2021 VMware, Inc. All rights reserved. Copyright and trademark information.


VMware, Inc. 2

https://docs.vmware.com/

https://docs.vmware.com/copyright-trademark.html

Contents

About Introducing VMware Validated Design 4

1 Features of VMware Validated Design 6

2 SDDC Architecture 8

3 Design Objectives of VMware Validated Design 10

4 Workload Domains in VMware Validated Design 13

5 SDDC Deployment Flow of VMware Validated Design 18

6 Documentation Structure and Audience 31

7 Post-Deployment Documentation 37

8 SDDC Architecture Overview 38Physical Infrastructure Layer 41

Virtual Infrastructure Layer 45

Security and Compliance Layer 52

Cloud Operations Layer 55

Cloud Automation Layer 63

Multiple Availability Zones 66

VMware, Inc. 3

About Introducing VMware Validated Design

The Introducing VMware Validated Design document provides guidance on using the content of VMware Validated Design™ for Software-Defined Data Center. The guide also contains a high-level overview of the Software-Defined Data Center (SDDC) design that is supported in this VMware Validated Design version.

Introducing VMware Validated Design includes the following information:

n Design objectives

n Deployment flow of the SDDC management components

n Document structure and purpose

n SDDC high-level overview

Intended Audience

Introducing VMware Validated Design is intended for cloud architects, infrastructure administrators, cloud administrators, and cloud operators who want to become familiar with VMware Validated Design to deploy and manage an SDDC that meets the requirements for capacity and scalability.

Supported VMware Cloud Foundation Version

Introducing VMware Validated Design is compatible with VMware Cloud Foundation™4.2.

Required VMware Software on VMware Cloud Foundation

Introducing VMware Validated Design is compliant and validated with product versions that are part of the bill materials of VMware Cloud Foundation, and with certain VMware Workspace ONE Access and vRealize Suite product versions. For more information about supported product versions, see VMware Validated Design Release Notes.

Update History

This Introducing VMware Validated Design is updated with each release of the product or when necessary.

VMware, Inc. 4

https://docs.vmware.com/en/VMware-Validated-Design/6.2/rn/vmware-validated-design-62-release-notes.html

Revision Description

30 MAR 2021 This release of VMware Validated Design now includes guidance on cloud operations and automation solutions for a dual-region SDDC. See Deployment Workflow for a Multi-Region SDDC, Cloud Operations Layer, and Cloud Automation Layer.

09 FEB 2021 Initial releases.


VMware, Inc. 5

Features of VMware Validated Design 1Use VMware Validated Design to build a scalable Software-Defined Data Center that is based on VMware best practices.

VMware Validated Design has the following advantages:

One path to SDDC

After you satisfy the deployment requirements, follow one consistent path to deploy an SDDC.

VMware Validated Design provides a tested solution path with information about product versions, networking architecture, capabilities, and limitations.

SDDC design for use in production

VMware Validated Design supports an SDDC that has the following features:

n High-availability of management components

n Backup and restore of management components

n Monitoring and alerting

Validated design and deployment

The prescriptive documentation of VMware Validated Design is continuously tested by VMware.

Validation provides the following advantages to your organization:

n Validated product interoperability

n Reduced risk of deployment and operational problems

n Reduced test effort

Validated solution capabilities

n Churn rate of tenant workloads

n High availability of management components

n Operational continuity

VMware, Inc. 6

n Design with dual-region support in mind

Fast SDDC standup

You can implement a data center without engaging in design work and product research. After you download all SDDC products, follow the detailed design and step-by-step instructions.

Support for latest product releases

Every version of a VMware Validated Design accommodates new product releases. If you have deployed an SDDC according to an earlier version of a VMware Validated Design, you can directly follow the validated design to upgrade your environment.


VMware, Inc. 7

SDDC Architecture 2VMware Validated Design supports an SDDC architecture according to the requirements of your organization and the resource capabilities of your environment.

High-Level Logical Design of the SDDC

The SDDC according to VMware Validated Design contains the main services that are required to cover provisioning of virtualized and containerized workloads, cloud operations, and cloud automation.

Figure 2-1. Logical Design of the SDDC

load balancing,logical switching,

logical routingworkload deployments

workload metrics,workload costing

central managementof virtual infrastructure

identity and access management

authenticationmanagement

central user management

life cycle management

monitor,collect and analyze logs








solutionlife cycle

managementsolutionlife cycle

management


logical routing


logical routing

network services deployment



monitor,log collection

store product binaries

store product binaries

vRealize Log Insight

launch in context,notification events,

UI integration

vRealize OperationsManager

vRealize Suite LifecycleManager

Workspace ONE Access

NSX-T Data Center

VMware Depot

vRealize Automation

vCenter Server

SDDC Manager

Active Directory

ESXi ESXi ESXi ESXi

vSphere Cluster


solutionlife cycle

management

VMware, Inc. 8

SDDC Architecture

VMware Validated Design supports the Standard SDDC architecture of VMware Cloud Foundation. This architecture implements a production-ready SDDC that is dual-region. Each region includes two workload domains - management and virtual infrastructure.

For information on the workflow for deploying the SDDC, see Chapter 5 SDDC Deployment Flow of VMware Validated Design. For information on the types and components of the workload domains in this validated design, see Chapter 4 Workload Domains in VMware Validated Design.


VMware, Inc. 9

Design Objectives of VMware Validated Design 3According to the SDDC implementation type, a VMware Validated Design has objectives to deliver prescriptive content about an SDDC that is fast to deploy and is suitable for use in production.

VMware Validated Design Objective Description

Main objective SDDC capable of automated provisioning of on-premises workload, hybrid workloads, and containers.

Scope of deployment Greenfield deployment of the management and workload domains of the SDDC, and incremental expansion of these domains as needed.

Cloud type On-premises private cloud.

Number of regions and disaster recovery support

Single-region SDDC with multiple availability zones that you can potentially use as a best practice for a second VMware Cloud Foundation instance.

Availability zones are separate low-latency, high-bandwidth connected sites. Regions have higher latency and lower bandwidth connectivity.

The documentation provides guidance for a deployment that supports two regions for failover in the following way:

n The design documentation provides guidance for an SDDC whose management components are designed to operate in the event of planned migration or disaster recovery.

n The deployment documentation provides guidance for an SDDC that supports two regions for both management and tenant workloads.

VMware, Inc. 10


Maximum number of virtual machines and churn rate

By using the SDDC Manager API in VMware Cloud Foundation, you can deploy a VMware vCenter Server™ appliance of a specified deployment and storage size. As a result, in this VMware Validated Design, you determine the maximum number of virtual machines in the SDDC according to a medium-size vCenter Server deployment specification or larger.

n 4,000 running virtual machines per virtual infrastructure workload domain

n 56,000 running virtual machines overall distributed across 14 virtual infrastructure workload domains

n Churn rate of 750 virtual machines per hour

Churn rate is related to provisioning, power cycle operations, and decommissioning of one tenant virtual machine by using a blueprint in the cloud automation platform. A churn rate of 100 means that 100 tenant workloads are provisioned, pass the power cycle operations, and are deleted.

Maximum number of containers or pods 2,000 pods per Supervisor Cluster

Number of workload domains in a region Minimum two-domain setup, with a minimum of 4 VMware ESXi™ hosts in a domain

The validated design requires the following workload domains for SDDC deployment:

n Management domain. Contains the appliances of the SDDC management components.

n One or more solution-specific workload domains for Infrastructure-as-a-Service (IaaS) and containers. Up to 14 workload domains per region.

n Contains the tenant workloads.

n Contains the required SDDC services to enable the solution that is deployed.

See Chapter 4 Workload Domains in VMware Validated Design.

Shared use of components for management of workload domains

This VMware Validated Design uses a dedicated NSX-T Manager cluster for each workload domain.

Data center virtualization Maximized workload flexibility and limited dependencies on static data center infrastructure by using compute, storage, and network virtualization.


VMware, Inc. 11


Scope of guidance n Clean deployment of the management domain, workload domains, and solutions working on top of the infrastructure in the domains.

n Incremental expansion of the deployed infrastructure

n In a single region

n To additional availability zones

n To additional regions

n Deployment and initial setup of management components at the levels of virtualization infrastructure, identity and access management, cloud automation, and cloud operations.

n Basic tenant operations such as creating a single Rainpole tenant, assigning tenant capacity, and configuring user access.

n Operations on the management components of the SDDC such as monitoring and alerting, backup and restore, post-maintenance validation, disaster recovery, and upgrade.

Overall availability n 99.7% of management plane availability

n Workload availability subject to specific availability requirements

Planned downtime is expected for upgrades, patching, and on-going maintenance.

Authentication, authorization, and access control

n Use of Microsoft Active Directory as the identity provider.

n Use of service accounts with least privilege role-based access control for solution integration.

Certificate signing Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate authority layers.

Hardening Tenant workload traffic can be separated from the management traffic.


VMware, Inc. 12

Workload Domains in VMware Validated Design 4In VMware Validated Design, a workload domain represents a logical unit that groups ESXi hosts managed by a vCenter Server instance with specific characteristics according to VMware SDDC best practices.

A workload domain exists in the boundaries of an SDDC region. A region can contain one or more domains. A workload domain cannot span multiple regions.

Each domain contains the following components:

n One VMware vCenter Server™ instance.

n At least one vSphere cluster with vSphere HA and vSphere DRS enabled. See Cluster Types.

n One vSphere Distributed Switch per cluster for system traffic and segments in VMware NSX-T Data Center™ for workloads.

n One NSX-T Manager cluster for configuring and implementing software-defined networking.

n One NSX-T Edge cluster that connects the workloads in the domain for logical switching, logical dynamic routing, and load balancing.

n In either of the two regions in a multi-region SDDC, one NSX-T Global Manager cluster for configuring software-defined networks that span multiple regions

n One or more shared storage allocations.

Management Domain

Contains the SDDC management components.

The management domain has the following features:

Table 4-1. Features of the Management Domain

Feature Description

Types of workloads Management workloads and networking components for them.

Cluster types Management cluster

VMware, Inc. 13

Table 4-1. Features of the Management Domain (continued)

Feature Description

Virtual switch type n vSphere Distributed Switch for system traffic and NSX-T network segments

n NSX-T Virtual Distributed Switch (N-VDS) on the NSX-T Edge nodes

Software-defined networking NSX -T Data Center

Shared storage type n VMware vSAN™ for principal storage

n NFS for supplemental storage

Time of deployment First domain to deploy during initial SDDC implementation

Deployment method Deployed by VMware Cloud Builder as part of the bring-up process of VMware Cloud Foundation except for the region-specific VMware Workspace ONE® Access™

instance. You deploy the region-specific Workspace ONE Access instance manually and connect it to the NSX-T instance for the management domain.

Table 4-2. Management Workloads for the Management Domain

Component Cluster Location

vCenter Server First cluster in the domain

NSX-T Manager cluster First cluster in the domain

NSX-T Edge cluster for north-south routing, east-west routing, and load balancing

First cluster in the domain

NSX-T Global Manager cluster for global networking across multiple regions


Region-specific Workspace ONE Access for central role-based access control


Virtual Infrastructure Workload Domains

Contains tenant workloads that use NSX-T Data Center for logical networking. According to the requirements of your organization, you can deploy multiple virtual infrastructure (VI) workload domains in your environment.

A virtual infrastructure workload domain has the following features:

Table 4-3. Features of a VI Workload Domain

Feature Description

Types of workloads Tenant workloads and networking components for them.

Cluster types n Shared edge and workload cluster

n Additional workload clusters


VMware, Inc. 14

Table 4-3. Features of a VI Workload Domain (continued)

Feature Description

Virtual switch type n vSphere Distributed Switch for system traffic from the management domain and for NSX-T network segments

n N-VDS on the NSX-T Edge nodes in the workload domain

Software-defined networking NSX-T Data Center

Shared storage type vSAN, vVols, NFS, or VMFS on FC for principal storage

Time of deployment After initial SDDC bring-up of the management domain

Deployment method Deployed by SDDC Manager

For a multi-region SDDC, you deploy the NSX-T Global Manager cluster from an OVA file.

Table 4-4. Management Workloads for a VI Workload Domain

Component Deployment Location Shared Between Workload Domains

vCenter Server First cluster in the management domain

X

NSX-T Manager cluster First cluster in the management domain

n ✓ for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisioning

Deployed with the first VI workload domain

n X for workload domains where workloads must be connected to domain-specific transport zones

NSX-T Edge cluster for north-south and east-west routing

Shared edge and workload cluster in the workload domain

n ✓ for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisioning

Deployed with the first VI workload domain


NSX-T Global Manager cluster for global networking across multiple regions

First cluster in the domain ✓


VMware, Inc. 15

vSphere with Tanzu Workload Domains

Contains containerized workloads that use vSphere with Tanzu for container provisioning and NSX-T Data Center for logical networking. According to the requirements of your organization, you can deploy multiple vSphere with Tanzu workload domains.

A vSphere with Tanzu workload domain has the following features:

Table 4-5. Features of a vSphere with Tanzu Workload Domain

Feature Description

Types of workloads Containerized workloads and networking components for them.

Cluster types n Shared edge and workload cluster

n Additional workload clusters

Virtual switch type n vSphere Distributed Switch for system traffic from the management domain and for NSX-T network segments

n N-VDS on the NSX-T Edge nodes in the workload domain

Software-defined networking NSX-T Data Center

Shared storage type vSAN, vVols, NFS, or VMFS on FC for principal storage

Time of deployment After initial SDDC bring-up of the management domain

Deployment method You use SDDC Manager for environment validation and the vSphere Client for enabling vSphere with Tanzu

Table 4-6. Management Workloads for a vSphere with Tanzu Workload Domain


vCenter Server First cluster in the management domain

X

NSX-T Manager cluster First cluster in the management domain

n ✓for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisioning

Deployed with the first vSphere with Tanzu workload domain



VMware, Inc. 16

Table 4-6. Management Workloads for a vSphere with Tanzu Workload Domain (continued)


NSX-T Edge cluster for north-south and east-west routing

Shared edge and workload cluster

n ✓ for workload domains where workloads share the same overlay transport zone cross-domain, including domains where you use vRealize Automation for workload provisionin

Deployed with the first vSphere with Tanzu workload domain


Supervisor Cluster Shared edge and workload cluster

X


VMware, Inc. 17

SDDC Deployment Flow of VMware Validated Design 5Тhe deployment of the SDDC is automated. You use VMware Cloud Builder in VMware Cloud Foundation to deploy the SDDC management domain, SDDC Manager in VMware Cloud Foundation to deploy workload domains for tenant workloads, and VMware vRealize® Suite Lifecycle Manager™ in VMware Cloud Foundation mode to deploy the vRealize Suite products in this design. You deploy SDDC management components manually only in a few cases according to the instructions.

In VMware Validated Design 6.2, you can deploy an SDDC in a single-region or in a dual-region configuration. To design your SDDC in the second region (Region B), you apply the design guidance for a single region, modifying configurations for a single region to accommodate a dual-region setup or introducing configurations specific to a dual-region SDDC.

For more details on the deployment steps, see VMware Validated Design documentation page.

Deployment Workflow for a Single-Region SDDC

For each region, the workflow for SDDC deployment consists of the following stages:

VMware, Inc. 18

https://docs.vmware.com/en/VMware-Validated-Design/index.html

Figure 5-1. SDDC Deployment Workflow in a Region

vRealize Log InsightvRealize Log Insight

vRealize Automation vRealize Automation

vRealize Operations ManagervRealize Operations Manager

vRealize Lifecycle Manager

Cross-Region Workspace ONE Access

Region-Specific Workspace ONE Access

3.4 SDDC Manager and user connectthe vRealize Suite products to the workload domain

3. Cloud Operations and Cloud Automation Solutions

3.2. vRealize Suite Lifecycle Manager deploys the vRealize Suite products

3.1. SDDC Manager deploys vRealize Suite Lifecycle Manager in VMware Cloud Foundation mode

2.3 User connects Region- Specific Workspace ONE Access to the workload domain


SDDC Manager

NSX-T Data Center

vSAN

vCenter Server

NSX-T Data Center

vSAN, NFS, or VMFS

vCenter Server

ESXi ESXiESXi ESXi ESXi ESXiESXi ESXi

2.2 SDDC Manager deploysvirtual infrastructure

2.1 User installs ESXion the domain hosts

1.1 User installs ESXi on the domain hosts

1. Management Domain 2. Virtual Infrastructure Workload Domain

1.3 User deploys Region-SpecificWorkspace ONE Access

1.2 Cloud Builder deploys virtual infrastructure andSDDC Manager

deployment flow in a workload domain

3.3 SDDC Manager and user connect the vRealize Suite products to the management domain


VMware, Inc. 19

Figure 5-2. SDDC Deployment Workflow with a vSphere with Tanzu Workload Domain

vRealize Log InsightvRealize Log Insight

vRealize Operations ManagervRealize Operations Manager

vRealize Lifecycle Manager



3.4 SDDC Manager and user connectthe vRealize Suite products to the workload domain

3. Cloud Operations and Cloud Automation Solutions

3.2. vRealize Suite Lifecycle Manager deploys the vRealize Suite products

3.1. SDDC Manager deploys vRealize Suite Lifecycle Managerin VMware Cloud Foundation mode

2.3 User connects Region-SpecificWorkspace ONE Access to the workload domain


SDDC Manager

NSX-T Data Center

vSAN

vCenter Server

NSX-T Data Center

vSAN, NFS, or VMFS

vCenter Server

ESXi ESXiESXi ESXi ESXi ESXiESXi ESXi

2.2 SDDC Manager deploysvirtual infrastructure



1. Management Domain 2. vSphere with Tanzu Workload Domain

1.3 User deploys Region-SpecificWorkspace ONE Access

1.2 Cloud Builder deploys virtual infrastructure andSDDC Manager

deployment flow in a workload domain

vSphere with Tanzu2.4 SDDC Manager validatesthe environment and user enables vSphere with Tanzu

3.3 SDDC Manager and user connect the vRealize Suite products to the management domain

Table 5-1. Deployment Flow for an SDDC with a Single Region

Stage Steps

Plan and prepare for SDDC deployment

Prepare the data center and fill in the environment specification.

Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS).

1. Deploy the management domain of the SDDC.

See VMware Validated Design Deployment of the Management Domain.

Prerequisites Prepare the deployment specification of the management domain.

Download the deployment parameter workbook from My VMware and fill in the details for the management domain deployment. You can use the details from the Planning and Preparation Workbook.

1. Prepare the environment for the management domain

Install and configure ESXi on the physical servers.


VMware, Inc. 20

https://docs.vmware.com/en/VMware-Validated-Design/6.2/vmware-validated-design-62-vmware-cloud-foundation-42-sddc-planning-and-preparation-workbook.zip

Table 5-1. Deployment Flow for an SDDC with a Single Region (continued)

Stage Steps

2. Deploy the management domain by using VMware Cloud Builder

1 Prepare VMware Cloud Builder.

Download and deploy the VMware Cloud Builder appliance from My VMware.

2 Run the automated deployment of the management domain.

Upload the deployment parameter workbook to VMware Cloud Builder, perform an audit of the target environment, and bring up the SDDC management domain.

After the automated deployment is complete, in addition to the virtual infrastructure component, your environment contains SDDC Manager.

3 Complete the initial configuration of the management domain.

Configure SDDC Manager for managing the SDDC and enable secure access within and to the management domain.

3. Deploy manually the region-specific Workspace ONE Access instance

Deploy the region-specific Workspace ONE Access instance from an OVA file by using the vSphere Client, connect it to the Active Directory domain, and connect the management domain components to the region-specific Workspace ONE Access instance.

2. Deploy a virtual infrastructure workload domain or vSphere with Tanzu workload domain.

See VMware Validated Design Deployment of a Virtual Infrastructure Workload Domain and VMware Validated Design Deployment of a vSphere with Tanzu Workload Domain.

1. Prepare the environment for the workload domain.

Install and configure ESXi on the physical servers. Create a network pool for the workload domain, and upload product license keys.

2. Run the automated deployment of the workload domain.

1 In SDDC Manager, provide the specification of the workload domain in JSON format and initiate deployment. SDDC Manager validates the virtual infrastructure and provisions the requested virtual infrastructure.

2 Deploy an NSX-T Edge cluster to the shared edge and workload cluster in the workload domain.

In SDDC Manager, provide the edge deployment specification in JSON format and initiate deployment. SDDC Manager validates the virtual infrastructure and provisions the requested edge nodes.

3 Complete the initial configuration of the workload domain.

Enable secure access within and to the workload domain.

3. Connect manually the region-specific Workspace ONE Access instance to the workload domain

Connect the management components for the workload domain to the region-specific Workspace ONE Access instance.


VMware, Inc. 21


Stage Steps

4. For a vSphere with Tanzu workload domain, enable vSphere with Tanzu.

Validate the domain configuration by using SDDC Manager and enable vSphere with Tanzu by using the vSphere Client. Then, you can deploy applications or provision Tanzu Kubernetes clusters on the initial Supervisor Cluster.

3. Deploy the solutions for cloud operations and automation.

See VMware Validated Design Deployment of Cloud Operations and Automation .

1. Deploy VMware vRealize Suite Lifecycle Manager in VMware Cloud Foundation mode.

By using SDDC Manager, download the vRealize Suite Lifecycle Manager install bundle and deploy vRealize Suite Lifecycle Manager.

SDDC Manager provides inventory information about the management domain in vRealize Suite Lifecycle Manager. SDDC Manager also configures the NSX-T Tier 1 gateway to support the load balancer for the cross-region solutions.

2. Deploy the solutions. Import the product binaries as software install bundles in SDDC Manager, synchronize them in vRealize Suite Lifecycle Manager, and deploy the solutions.


VMware, Inc. 22


Stage Steps

3. Connect the solutions to the management domain.

As a result from the integration between vRealize Suite Lifecycle Manager and SDDC Manager, vRealize Suite Lifecycle Manager calls SDDC Manager to perform the following operations during the automated deployment of the vRealize Suite products:

n Configures the NSX-T load balancer that is required for the cross-region Workspace ONE Access instance, vRealize Operations Manager, and vRealize Automation.

n Connects the vRealize Suite components to each other.

n Connects VMware vRealize® Operations Manager™ and VMware vRealize® Log Insight™ to the management domain vCenter Server and the principal vSAN datastore.

n Connects vRealize Log Insight to the NSX-T instance for the management domain.

You connect manually the following components for the management domain:

n vRealize Suite products to the region-specific Workspace ONE Access

n vRealize Operations Manager to the NSX-T instance for the management domain

n VMware vRealize® Automation™ to vRealize Operations Manager

n NSX-T Edge nodes for the management and vRealize Suite Lifecycle Manager to vRealize Log Insight

4. Connect the solutions to the workload domain.

After you deploy vRealize Operations Manager and vRealize Log Insight, use SDDC Manager to integrate them with the virtual infrastructure of the workload domain.

You connect manually the following components for the workload domain:

n vRealize Operations Manager to the NSX-T instance for the workload domain

n vRealize Automation to the workload domain vCenter Server and NSX-T instance

n NSX-T Edge nodes for the workload domain and vRealize Suite Lifecycle Manager to vRealize Log Insight

Deployment Workflow for a Multi-Region SDDC

When you deploy an SDDC that spans two regions, you apply a staged approach for deploying the workload domains and connecting the management and tenant workloads between the regions.


VMware, Inc. 23

Figure 5-3. Deployment Workflow for a Dual-Region SDDC

2.1. Virtual Infrastructure Workload Domain

deployment flow in a region

1.1. Management Domain

3. Cloud Operations and Cloud Automation

Solution

1.2. Management Domain

1.3. User deploys NSX-T Global Manager instances for the management domains

2.2. Virtual Infrastructure Workload Domain

NSX-T Global Manager (Active)

2.3. User deploys NSX-T Global Manager instances for the virtual infrastructure workload domains

NSX-T Global Manager (Standby)

NSX-T Global Manager (Active) NSX-T Global Manager (Standby)

Region A Region B

2. Virtual Infrastructure

Workload Domains

1. Management Domains

3.1 vRealize Suite integration for the first region

3.2 vRealize Suite integration for the second region

Table 5-2. Deployment Flow for an SDDC with Two Regions

Stage Steps

Plan and prepare for SDDC deployment

Prepare the data center and fill in the environment specification for both regions in the Planning and Preparation Workbook.

1. Deploy the management domain of the SDDC in each region.

See Deployment of the Management Domain in the First Region and Deployment of the Management Domain in the Second Region.

1. Deploy the management domain in the first region by following the workflow for a single-region SDDC.

2. Deploy the management domain in the second region by following the workflow for a single-region SDDC.


VMware, Inc. 24


Table 5-2. Deployment Flow for an SDDC with Two Regions (continued)

Stage Steps

3. In each region, deploy an NSX-T Global Manager cluster and enable NSX-T Federation.

1 Deploy manually an NSX-T Global Manager cluster in Region A.

Because VMware Cloud Builder provides automated deployment only for NSX-T Local Manager instances, deploy each NSX-T Global Manager appliance from an OVA file. Then, connect the cluster to the management domain vCenter Server in the region and to the region-specific Workspace ONE Access instance.

2 Enable NSX-T Federation on the NSX-T Global Manager in Region A and set it as active.

Add the NSX-T Manager instance deployed for the management domain in Region A to the NSX-T Global Manager cluster and import the gateways and virtual networks created in the local NSX-T Manager during the single-region deployment. The scope of the imported network objects becomes global, that is, you can assign them more than one location.

3 Prepare logical network components for stretched networking for the management components between Region A and Region B.

In the NSX-T Global Manager for Region A, create a cross-region Tier-1 gateway and associate it with the Tier-0 gateway for the region. Then, migrate the existing cross-region virtual network to the Tier-1 gateway.

4 Deploy manually an NSX-T Global Manager cluster in Region B following the same high-level steps as for Region A.

5 Add the NSX-T Manager instance for the management domain that is deployed in Region B to the NSX-T Global Manager in Region A.


VMware, Inc. 25


Stage Steps

6 Complete the configuration of logical network components for stretched networking.

In the NSX-T Global Manager for Region A, extend the Tier-0 gateway and the cross-region Tier-1 gateway to Region B. Create a region-specific Tier-1 gateway for Region B that is associated with the cross-region Tier-0 gateway and attach a virtual network to this Tier-1 gateway for regional connectivity.

7 Set the NSX-T Global Manager in Region B as standby in the federation.

8 Connect the SDDC Manager instances in the two regions by using multi-instance management.

Join the SDDC Manager instance in Region B as a member of the federation that is initiated from the SDDC Manager instance in Region A.

2. Deploy the virtual infrastructure workload domain in each region.

See Deployment of a Virtual Infrastructure Workload Domain in the First Region and Deployment of a Virtual Infrastructure Workload Domain in the Second Region.

1. Deploy the workload domain in the first region by following the workflow for a single-region SDDC.

2. Deploy the management domain in the second region by following the workflow for a single-region SDDC.


VMware, Inc. 26


Stage Steps

3. In each region, deploy an NSX-T Global Manager cluster and enable NSX-T Federation.

1 Deploy manually an NSX-T Global Manager cluster in Region A.

Because SDDC Manager provides automated deployment only for NSX-T Local Manager instances, deploy each NSX-T Global Manager appliance from an OVA file. Then, connect the cluster to the workload domain vCenter Server in the region and to the region-specific Workspace ONE Access instance.

2 Enable NSX-T Federation on the NSX-T Global Manager in Region A and set it as active.

Add the NSX-T Manager instance for the workload domain deployed in Region A to the NSX-T Global Manager cluster and import the gateways and virtual networks created in the local NSX-T Manager during the single-region deployment. The scope of the imported network objects becomes global, that is, you can assign them more than one location.

3 Prepare logical network components for stretched networking for tenant workloads between Region A and Region B.

Create a configuration of Tier-1 gateways and virtual network segments according to the requirements of the tenant workloads in the workload domain. You can attach the Tier-1 gateways to the Tier-0 gateway available in the environment and plan for using the Tier-0 gateway across other regions for workload mobility.

4 Deploy manually an NSX-T Global Manager cluster in Region B following the same high-level steps as for Region A.


VMware, Inc. 27


Stage Steps

5 Add the NSX-T Manager instance deployed for the workload domain in Region B to the NSX-T Global Manager in Region A.

6 Complete the configuration of logical network components for stretched networking according to the requirements of the tenant workloads for workload mobility.

You can extend the scope of the Tier-0 gateway available in Region A to Region B.

7 Set the NSX-T Global Manager in Region B as standby in the federation.

3. Deploy the solutions for cloud operations and automation

See Deployment of Cloud Operations and Automation.


VMware, Inc. 28


Stage Steps

1. Deploy the management components for cloud operations and automation for first region.

2. Deploy additional management nodes and connect the solutions to the management and workload domains in Region B.

1 Deploy these additional nodes in Region B by using vRealize Suite Lifecycle Manager.

n Deploy a vRealize Operations Manager remote collector group.

n Deploy a vRealize Log Insight cluster.

2 Manually connect the solutions to the virtual infrastructure in the management and workload domains in Region B, and to the newly-deployed management components in the region.

Because the environment contains a single vRealize Suite Lifecycle Manager instance that you use to deploy components in both regions, the integration with SDDC Manager is available only in Region A.

n Connect vRealize Operations Manager to vCenter Server, NSX-T Local Manager instances, and region-specific Workspace ONE Access.

n For vRealize Log Insight in Region B, perform several types of operations.

n Integrate vRealize Log Insight with the region-specific Workspace ONE Access and vRealize Operations Manager

n Connect vRealize Log Insight to vCenter Server, NSX-T Local Manager instances, and region-specific Workspace ONE Access in Region B.

n Configure event forwarding between the vRealize Log Insight instances in the two regions.


VMware, Inc. 29


Stage Steps

n Connect vRealize Automation to the SDDC Manager instance in Region B.


VMware, Inc. 30

Documentation Structure and Audience 6The structure of the VMware Validated Design documentation reflects the best practices in designing and deploying a data center that is capable of automated workload provisioning. The documentation components of the validated design are organized according to the audience and deployment stage.

Figure 6-1. VMware Validated Design Documentation Flow

For information on the order in which you deploy the SDDC, see Chapter 5 SDDC Deployment Flow of VMware Validated Design.

VMware, Inc. 31

For details on the latest available documentation, see VMware Validated Design documentation page.

Architecture Overview

The first part of a VMware Validated Design is Architecture Overview and it introduces the terms and components in the design.

Table 6-1. Architecture Overview Information

Section Attribute Description

Guide n Architecture and Design for the Management Domain

n Architecture and Design for a Virtual Infrastructure Workload Domain

n Architecture and Design for a vSphere with Tanzu Workload Domain

n Architecture and Design for Cloud Operations and Automation

Purpose n Introduce the fundamentals and components in the SDDC design.

n Provide information about the layered structure of the SDDC.

n Describe the building modules and basic behavior of each management component.

Audience Cloud architects and cloud administrators

Documentation modules n Management domain

n Virtual infrastructure workload domain

n vSphere with Tanzu workload domain

n Cloud operations and automation

Detailed Design

After you learn about the basic modules in the SDDC design, you proceed with detailed design of the management components and the required infrastructure.


VMware, Inc. 32



Table 6-2. Detailed Design Information


Guide n Architecture and Design for the Management Domain

n Architecture and Design for a Virtual Infrastructure Workload Domain

n Architecture and Design for a vSphere with Tanzu Workload Domain

n Architecture and Design for Cloud Operations and Automation

Purpose n Provide complete details about the configuration of each layer and of the components that are a part of the layer.

n Describe available design alternatives.

n Provide design decisions to reflect the main design issues and the rationale behind a chosen solution path.

Audience Cloud architects and cloud administrators

Documentation modules n Management domain




Planning and Preparation

After you understand the details of the design, you plan your environment according to the requirements of the design so that you can deploy the designed SDDC directly without additional testing and troubleshooting efforts.


VMware, Inc. 33

Table 6-3. Planning and Preparation Information


Guide Planning and Preparation Workbook

Purpose n Collect all requirements that your environment must meet so that you can follow a VMware Validated Design to create an SDDC.

n Provide dynamic sizing guidance for the management domain according to the scale of your environment

The Planning and Preparation Workbook contains prerequisites about the following areas:

n Required compute and storage resources

n Required software including VMware products, scripts, and third-party software

n Network configuration including VLANs, example IP addresses, and DNS names

n Host names

n Virtual networks

n Active Directory and local user configuration

n Specifications of inventory objects

Audience Cloud architects, infrastructure administrators, cloud administrators, and cloud operators

Documentation module n Management domain




Deployment

After you make sure that your environment has the required structure and configuration, follow the Deployment in the First Region documentation to start the SDDC implementation in the first region.


VMware, Inc. 34

Table 6-4. Deployment Guide Information


Guide n Deployment of the Management Domain in the First Region

n Deployment of a Virtual Infrastructure Workload Domain in the First Region

n Deployment of a vSphere with Tanzu Workload Domain in the First Region

n Deployment of Cloud Operations and Automation

Purpose n Provide step-by-step instructions for each management component of the SDDC according to the selected design path in Detailed Design.

n Cover the single-region setup of the SDDC.

n Provide details about setting up the virtual infrastructure for both management and tenant workloads.

n Provide procedures for integration of the products to form one functional system.


Documentation module n Management domain




Deployment of Region B

After you make sure that your environment has the required structure and configuration, follow the Deployment in the Second Region documents to start the SDDC implementation in the second region.


VMware, Inc. 35

Table 6-5. Deployment Guide Information


Guide n Deployment of the Management Domain in the Second Region

n Deployment of a Virtual Infrastructure Workload Domain in the Second Region

n Deployment of Cloud Operations and Automation

Purpose n Provide step-by-step instructions for each management component of the SDDC according to the selected design path in Detailed Design.

n Cover the dual-region setup of the SDDC.

n Provide details about setting up the virtual infrastructure for both management and tenant workloads.

n Provide procedures for integration of the products to form one functional system.


SDDC Architecture n Standard SDDC

Documentation on Workload Provisioning, Maintenance, and Expansion of the SDDC

After you deploy the SDDC, follow the post-deployment documentation to operate and maintain the management workloads, or to modify or extend the SDDC. See Chapter 7 Post-Deployment Documentation.


VMware, Inc. 36

Post-Deployment Documentation 7VMware Validated Design provides several types of documentation for operating, maintaining, extending, and modifying a deployed SDDC. This documentation is delivered as a set of add-on packages that could be asynchronously published.

For details on the latest available documentation, see VMware Validated Design documentation page.

Operational Guidance

The operational guidance in VMware Validated Design provides a prescriptive guidance on the common operations that you perform after the SDDC implementation is completed.

Documentation Feature Description

Type of Guidance According to the target operation type, each guide provides a set of step-by-step instructions organized by layer or solution. The guidance is based on the SDDC configuration in the design and deployment documentation.


Covered use cases n Shutdown and startup of the SDDC management components.

n Upgrade of the SDDC management components.

n Operational verification of the SDDC management components after software maintenance such as installation, restore, upgrade, or failover.

n Replacement of the certificates of the SDDC management components if the certificates are expiring or if you are scaling out a component.

VMware, Inc. 37



SDDC Architecture Overview 8SDDC layers represent aggregations of logically related functionality and operations in your environment. In a layer, you can interchange components as part of the end solution or outcome. If a particular component design does not fit the business or technical requirements, you can replace it with another similar component.

Figure 8-1. SDDC Layers and Components

CloudAutomation

Service Catalog

Self-Service Portal

Orchestration

Hypervisor

Pools of Resources

Virtualization Control

VirtualInfrastructure

Compute

Storage

Network

PhysicalInfrastructure

Cloud Operations

Monitoring

Logging

Life CycleManagement

BusinessContinuity

Fault Tolerance

Backup & Restore

Security and Compliance

Security Policies

Industry Regulations

Identity and Access Management

VMware, Inc. 38

Table 8-1. Layers in the SDDC

Physical Infrastructure Layer

Consists of the compute, network, and storage components. The compute component contains the x86-based servers that run the management components, NSX-T Edge nodes, and tenant workloads. This validated design provides only some guidance about the physical capabilities that are required to implement this architecture. You select a specific type or brand of hardware according to VMware Compatibility Guide.

The physical infrastructure layer configuration is part of the implementation of the SDDC management domain and workload domains.

Virtual Infrastructure Layer

Controls the access to the underlying physical infrastructure and allocates resources to the management and tenant workloads. The management workloads consist of elements in the virtual infrastructure layer itself, together with elements in the cloud operations, cloud automation, and security and compliance layers.

The virtual infrastructure layer groups physical infrastructure in pools of resources such as workload domains and clusters. See Chapter 4 Workload Domains in VMware Validated Design.

The virtual infrastructure layer configuration is part of the implementation of the SDDC management domain and workload domains.

Cloud Operations Layer

Provides operations management for continuous day-to-day service delivery. Cloud operations management consists of life cycle management, monitoring, logging, and other operation types.

The architecture of the cloud operations layer includes management components that support the main types of operations in an SDDC. You monitor the underlying physical infrastructure, and the management and tenant or containerized workloads in real time. Information is collected in the form of structured data (metrics) and unstructured data (logs). The cloud operations layer also collects data about the SDDC topology, that is physical and virtual compute, networking, and storage resources, which are key in intelligent and dynamic operational management.

The cloud operations layer configuration is part of the implementation of the SDDC management domain and workload domains, and of the solutions for cloud operations and automation.

Cloud Automation Layer

Requests resources and orchestrates the actions of the lower layers from a user interface or over an API.

The cloud automation layer configuration is part of the implementation of the SDDC solutions for cloud operations and automation.

Security and Compliance Layer

n Incorporates security guidance from NIST 800-53 across the VMware Validated Design to establish a baseline of security.

n Identifies and implements security best practices from setup to operations to secure your SDDC, and make it more resilient to internal and external threats.

n Provides role-based access control by implementing an identity and access management solution which integrates with Microsoft Active Directory.


VMware, Inc. 39

https://www.vmware.com/resources/compatibility/search.php

Figure 8-2. SDDC Architecture Overview

Management Domain

ESXi

vCenter Server

NSX-T

SDDC Manager

Region-Specific


Principal Storage(vSAN)

Workload Domain

ESXi

Principal Storage(vSAN, vVols, NFS, or VMFS on FC)

vCenter Server

NSX-T (1:1 or 1:N)

vSphere with Tanzu

vRealize Suite Lifecycle

Manager

vRealize Operations

ManagervRealize

Log InsightvRealize

AutomationCross-Region

WorkspaceONE Access

Cloud Operations and Automation Solution Add-on

Another Solution Add-On

Consolidated SDDC Architecture

Standard SDDC Architecture

Workload Domain

ESXi

Principal Storage(vSAN, vVols, NFS, or VMFS on FC)

vCenter Server

NSX-T (1:1 or 1:N)

vSphere with Tanzu

The SDDC layers are gradually implemented as you follow the implementation of the SDDC.

1 To provide the physical and virtual infrastructure, and local identity and access management for the SDDC management components, implement the management domain.

2 To provide the physical and virtual infrastructure for the virtualized or containerized workloads, implement one or more workload domains.

3 To operate the SDDC and deploy workloads on the workload domains, implement the solutions for cloud operations and automation including identity and access management for these solutions.

For information about the design and deployment of each layer at each deployment stage, see the VMware Validated Design documentation page.

n Physical Infrastructure Layer

The physical layer in an SDDC contains the compute, storage, and network resources in your data center.


VMware, Inc. 40


n Virtual Infrastructure Layer

The virtual infrastructure layer of the SDDC contains ESXi, vCenter Server, vSAN, and NSX-T Data Center that provide compute, networking, and storage resources to the management and tenant workloads.

n Security and Compliance Layer

As part of the security and compliance layer, this design uses Workspace ONE Access to provide identity and access management to the SDDC management components. To satisfy the requirements of the management components for availability and locality, you deploy a region-specific Workspace ONE Access instance and a cross-region Workspace ONE Access instance.

n Cloud Operations Layer

The cloud operations layer of the SDDC provides capabilities for life cycle management by using SDDC Manager in VMware Cloud Foundation and vRealize Suite Lifecycle Manager. The layer also supports performance and capacity monitoring, and log collection for the SDDC management components by using vRealize Operations Manager and vRealize Log Insight.

n Cloud Automation Layer

By using the cloud automation layer, you provide automated workload deployment to tenants by using vRealize Automation.

n Multiple Availability Zones

VMware Validated Design provides alternative guidance for implementing an SDDC that contains two availability zones. You configure vSAN stretched clusters in the management domain and the workload domains to create second availability zones. The SDDC continues operating during host maintenance or if a loss of one availability zone occurs.

Physical Infrastructure Layer

The physical layer in an SDDC contains the compute, storage, and network resources in your data center.


VMware, Inc. 41

Figure 8-3. Physical Configuration of the SDDC

Workload cluster (19 ESXi host each)

Shared edge and workload cluster (4 ESXi hosts)

Management cluster (4 ESXi hosts)

ToR Switch

ToR Switch

External connection

ToR Switch

ToR Switch

ToR Switch

ToR Switch

Workload Domains

The compute, storage, and network resources are organized in workload domains. The physical layer also includes the physical network infrastructure, and storage setup. For information on workload domains and clusters, see Chapter 4 Workload Domains in VMware Validated Design.

Compute

The physical compute resources are delivered through ESXi, a bare-metal hypervisor that installs directly onto your physical server. With direct access and control of underlying resources, ESXi logically partitions hardware to consolidate applications and cut costs. ESXi is the base building block of the Software-Defined Data Center.

Network

VMware Validated Design can use most physical network architectures. When building an SDDC, the following considerations exist:

n Layer 2 or Layer 3 transport types

This VMware Validated Design uses a Layer 3 network architecture.

n A Top of Rack (ToR) switch is typically located inside a rack and provides network access to the servers inside that rack.


VMware, Inc. 42

n An inter-rack switch at the aggregation layer provides connectivity between racks. Links between inter-rack switches are typically not required. If a link failure between an inter-rack switch and a ToR switch occurs, the routing protocol ensures that no traffic is sent to the inter-rack switch that has lost connectivity.

n Using quality of service tags for prioritized traffic handling on the network devices

n NIC configuration on the physical servers

VMware vSphere® Distributed Switch supports several NIC teaming options. Load-based NIC teaming supports an optimal use of available bandwidth and redundancy if a link failure occurs. Use a minimum of two 10-GbE connections, with two 25-GbE connections recommended, for each ESXi host in combination with a pair of top of rack switches.

n VLAN port modes on both physical servers and network equipment

802.1Q network trunks can support as many VLANs as required. For example, management, storage, overlay, and VMware vSphere® vMotion® traffic.

Because of the considerations for the physical network architecture, providing a robust physical network to support the physical-to-virtual network abstraction is an important requirement of network virtualization.

Regions and Availability Zones

Availability Zone

Represent the fault domain of the SDDC. Multiple availability zones can provide continuous availability of an SDDC. This VMware Validated Design supports one availability zone per region. See Multiple Availability Zones.

Region

Each region is a separate SDDC instance. You use multiple regions for disaster recovery across individual SDDC instances.

In this VMware Validated Design, regions have similar physical and virtual infrastructure design but different naming.

Table 8-2. Regions in VMware Validated Design

Region Disaster Recovery Role Region-Specific Domain Name

Region A Protected sfo01.rainpole.io

Region B Recovery lax01.rainpole.io


VMware, Inc. 43

Storage

This VMware Validated Design provides guidance for the storage of the management components. A shared storage system not only hosts the management and tenant or container workloads, but also template repositories and backup locations. Storage within an SDDC can include either or both internal and external storage as either principal or supplemental storage. For the management domain, this validated design includes internal storage by using vSAN for principal storage and external NFS storage for supplemental storage.

Internal Storage

vSAN is a software-based distributed storage platform that combines the internal compute and storage resources of clustered VMware ESXi hosts. By using storage policies on a cluster, you configure multiple copies of the data. As a result, this data is accessible during maintenance and host outages.

External Storage

External storage provides non-vSAN storage by using NFS, iSCSI, or Fiber Channel. Different types of storage can provide different levels of SLA, ranging from just a bunch of disks (JBODs) using SATA drives with minimal to no redundancy, to fully redundant enterprise-class storage arrays.

Principal Storage

VMware vSAN™ storage is the default storage type for the SDDC management components. All design, deployment, and operational guidance are performed on vSAN. Considering block or file storage technology for principal storage is out of scope of the design. These storage technologies are referenced only for specific use cases such as backups to supplemental storage.

The storage devices on vSAN ready servers provide the storage infrastructure. This validated design uses vSAN in an all-flash configuration.

For workloads in workload domains, you can use vSAN, vVols, NFS, and VMFS on FC.

Supplemental Storage

NFS storage is the supplemental storage for the SDDC management components. It provides space for archiving log data and application templates.

Supplemental storage provides additional storage for backup of the SDDC. It can use the NFS, iSCSI, or Fibre Channel technology. Different types of stage can provide different levels of SLA, ranging from JBODs with minimal to no redundancy, to fully redundant enterprise-class storage arrays. For bandwidth-intense IP-based storage, the bandwidth of these pods can scale dynamically.


VMware, Inc. 44

Virtual Infrastructure Layer

The virtual infrastructure layer of the SDDC contains ESXi, vCenter Server, vSAN, and NSX-T Data Center that provide compute, networking, and storage resources to the management and tenant workloads.

Cluster Types

This VMware Validated Design uses the following types of clusters:

Figure 8-4. First Cluster in the Management Domain

APPOS

APPOS

APPOS

APPOS

Management Workloads

Management Cluster

ESXi ESXi ESXi ESXi

Management Domain vCenter Server

vSphere Distributed Switch with NSX-T

vSAN


VMware, Inc. 45

Figure 8-5. Shared Edge and Workload Cluster in a Virtual Infrastructure Workload Domain

vSphere Distributed Switch with NSX-T

APPOS

APPOS

APPOS

APPOS

Tenant Workloads NSX-T Edges

Shared Edge and Workload Cluster

Workload Domain vCenter Server

ESXi ESXi ESXi ESXi

vSAN

Single Availability ZoneSDDC Architecture

First Cluster in the Management Domain

Resides in the management domain and runs the virtual machines of the components that manage the data center, such as vCenter Server, NSX-T Manager, SDDC Manager, Workspace ONE Access, VMware vRealize® Suite Lifecycle Manager™, VMware vRealize®

Operations Manager™, VMware vRealize® Log Insight™, vRealize Automation, and other management components.

The first management cluster occupies half a rack.


Represents the first cluster in the virtual infrastructure workload domain and runs the required NSX-T services for north-south routing between the data center and the external network, and east-west routing inside the data center. This shared cluster also hosts the tenant workloads. As you extend your environment, you must add workload-only clusters.

Workload Cluster


VMware, Inc. 46

Resides in a virtual infrastructure workload domain and runs tenant workloads . Use workload clusters to support a mix of different types of workloads for different types of Service Level Agreements (SLAs). You can mix different types of workload clusters and provide separate compute pools for different types of SLAs.

vCenter Server Design

Figure 8-6. Layout of vCenter Server Clusters

APPOS

APPOS

APPOS

APPOS

APPOS

APPOS



ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi

Region A


Region A

Management Cluster



ESXi ESXi ESXi ESXi ESXi ESXi ESXi

Region B


Region B

Management Cluster

Table 8-3. vCenter Server Design Details

Design Area Description

vCenter Server instances You deploy vCenter Server instances in the following way:

n One vCenter Server instance for the management domain.

n One vCenter Server instance for each workload domain.

Using this model provides the following benefits:

n Isolation of management domain vCenter Server and workload domain vCenter Server

n Simplified capacity planning

n Separated upgrade

n Separated roles

Clusters You distribute hosts and workloads in the following clusters:

n First cluster in the management domain that contains all management hosts and handles resources for the management workloads.

n Shared edge and workload cluster in each workload domain that contains tenant or container workloads, and NSX-T Edge nodes used for the workloads.


VMware, Inc. 47

Table 8-3. vCenter Server Design Details (continued)

Design Area Description

Resource pools for tenant workloads and dedicated NSX components

On the shared edge and workload cluster in a workload domain, you use resource pools to distribute compute and storage resources to the tenant or container workloads, and the NSX-T components carrying their traffic.

Deployment model Each vCenter Server instance is with an embedded Platform Services Controller.

Dynamic Routing and Virtual Network Segments

This VMware Validated Design supports dynamic routing for both management and tenant and container workloads, and also introduces a model of isolated application networks for the management components.

Virtual network segments are created on the vSphere Distributed Switch for the first cluster in the management domain and for the shared edge and workload cluster in a workload domain.

Dynamic routing support includes the following nodes:


VMware, Inc. 48

Figure 8-7. Dynamic Routing in a Single Region

VMVMVM

ToR Switches Region A BGP ASN

Tier-0 Gateway SDDC BGP ASN

Tier-1 Gateway

ESXi Transport Nodes

ESXi Host 1

ESXi Host 2

ESXi Host 3

ESXi Host 4

NSX-T Edge

Node 1

NSX-T Edge

Node 2

DR DR

SR SR

DR DR

SR SR

Region A

Uplink VLAN 1

Uplink VLAN 2

DR DR DR DR

BGPECMP

BFD (Optional) Default Route


VMware, Inc. 49

Figure 8-8. Routing Devices for a Multi-Region SDDC

n NSX-T Edge cluster

n Tier-0 gateway with ECMP enabled for north-south routing across all regions

You apply the no-export BGP community to all routes learned from external neighbors. Because the NSX-T SDN in the first and second regions does not have an independent path between those autonomous systems, re-advertising data center networks would give a false indication of a valid, independent path.

n Tier-1 gateway for east-west routing across all regions


VMware, Inc. 50

n Tier-1 gateway for east-west routing in each region

Virtual network segments provide support for limited access to the nodes of the applications through published access points.

Figure 8-9. Virtual Network Segment Design

VC

OSSDDC Mgr

OS

xreg-m01-seg01

192.168.11.0/24

sfo-m01-seg01

192.168.31.0/24

Workload Domain

Internet/ EnterpriseNetwork

Tier-0 GatewayActive/ Active

NSX-T EdgeCluster

ToR Switches

ECMP

Tier-1 Gateway

vRSCLMCross-Region WSA

vROpsvRA

Region-Specific WSAvROps Remote CollectorsvRLI

n Cross-region virtual network segment that connects the components that are designed to fail over to a recovery region.

n Region-specific virtual network segment in Region A for components that are not designed to fail over.


VMware, Inc. 51

n Region-specific application virtual network in Region B for components that are not designed to fail over.

Software-Defined Storage Design

In each region, workloads on the management cluster store their data on a vSAN datastore. The vSAN datastore spans all four ESXi hosts of the first cluster in the management domain and of the shared edge and workload cluster in a workload domain. Each host adds one disk group to the datastore.

Applications store their data according to the default storage policy for vSAN.

vRealize Log Insight uses NFS exports as supplemental storage for log archiving.

Figure 8-10. Shared Storage Logical Design

Virtual Appliance

Virtual Appliance

Virtual Appliance

Virtual Appliance

Management Cluster

ESXi Host


ESXi Host

APPOS

APPOS

Tenant 1

Tenant n

APPOS

Virtual Appliance

Virtual Appliance

Physical Disks

FLASH FC15K FC10K SATA

NAS

Principal Datastore

MgmtVMs

Supplemental Datastores

Backups Templatesand Logs

Software-Defined Storage

Policy-Based Storage ManagementVirtualized Data Services

Hypervisor Storage Abstraction

vSAN

Physical Disks

FLASH FLASH FLASH FLASH

Principal Datastore

WorkloadsSLA 1

Supplemental Datastores

WorkloadsSLA 2

WorkloadsSLA N

vSAN, vVols, NFS, or VMFS on FC vVols, NFS, VMFS on iSCSI, and VMFS on FC

Security and Compliance Layer

As part of the security and compliance layer, this design uses Workspace ONE Access to provide identity and access management to the SDDC management components. To satisfy the requirements of the management components for availability and locality, you deploy a region-specific Workspace ONE Access instance and a cross-region Workspace ONE Access instance.

Workspace ONE Access provides these services:

n Directory integration to authenticate users against existing directories such as Active Directory or LDAP.

n Addition of two-factor authentication through integration with third-party software such as RSA SecurID, Entrust, and others.


VMware, Inc. 52

For information on the account configuration in Active Directory and local accounts, see Planning and Preparation Workbook.

Figure 8-11. Cross-Region and Region-Specific Workspace ONE Access Deployments in Region A

Access

User Interface

REST API

Virtual Appliance


Supporting Components:Postgres

Supporting Infrastructure:Shared Storage, DNS, NTP, SMTP

Region-Specific Solutions

NSX-TData Center

Secondary SecondaryPrimary



NSX-T Data CenterLoad Balancer

Access

User Interface

REST API

Region A

Identity Provider

Directory Servicese.g. AD, LDAP


Cross-Region Solutions

vRealize Operations Manager

vRealize Automation

vRealize SuiteLifecycle Manager



VMware, Inc. 53




The region-specific Workspace ONE Access instance provides identity and access management services to regional SDDC solutions.

Figure 8-12. Logical Design of the Region-Specific Workspace ONE Access Deployment

Virtual Appliance

Virtual Appliance

Region A

Identity Provider

Region B

Identity Provider

Access Access



User Interface

REST API

User Interface

REST API








NSX-TData Center


NSX-TData Center


VMware, Inc. 54

Table 8-4. Design Details on Region-Specific Workspace ONE Access

Design Attribute Description

Deployment model One appliance that is connected to the Active Directory domain of the SDDC. The appliance is deployed from an OVA file.

Authenticated components n NSX-T Data Center

n vRealize Log Insight

Network segment Region-specific virtual network segment. See Dynamic Routing and Virtual Network Segments.

Identity and access management setup n Integration with the rainpole.io Active Directory domain.

n Directory Service connection is Active Directory with Integrated Windows Authentication


The cross-region Workspace ONE Access provides identity and access management services to cross-region SDDC solutions.

Table 8-5. Design Details on Cross-Region Workspace ONE Access


Deployment model A cluster of three nodes behind a load balancer. The cluster is deployed by using vRealize Suite Lifecycle Manager.

Network segment Cross-region virtual network segment. See Dynamic Routing and Virtual Network Segments.

Authenticated components n vRealize Suite Lifecycle Manager

n vRealize Operations Manager

n vRealize Automation

Identity and access management setup n Integration with the rainpole.io Active Directory domain.

n Directory Service connection is Active Directory with Integrated Windows Authentication

Cloud Operations Layer

The cloud operations layer of the SDDC provides capabilities for life cycle management by using SDDC Manager in VMware Cloud Foundation and vRealize Suite Lifecycle Manager. The layer also supports performance and capacity monitoring, and log collection for the SDDC management components by using vRealize Operations Manager and vRealize Log Insight.


VMware, Inc. 55

SDDC Manager

You use SDDC Manager in VMware Cloud Foundation to perform the following operations:

n Deploy virtual infrastructure workload domains and extend the virtual infrastructure of the management domain.

n Deploy the NSX-T Edge cluster for a workload domain.

n Expand a cluster with hosts and add clusters to workload domains.

n Manage the life cycle of the virtual infrastructure components in all workload domains, and of vRealize Suite Lifecycle Manager.

n Manage certificates and passwords of the SDDC management components.

Figure 8-13. Logical Design of SDDC Manager

Solution andUser Authentication

vCenter SingleSign-On Domain

ESXi

NSX-TData Center

vRealizeSuite Lifecycle Manager

SDDC Manager

Virtual Appliance

Region A

Infrastructure Provisioningand Configuration

vCenterServer

Life Cycle Management

vCenter Server

External Services

My VMware

depot.vmware.com

Supporting Infrastructure:Shared Storage, DNS, NTP,

Certificare Authority

Access

User Interface

API

Identity Source

Active Directory

External Services

My VMware

depot.vmware.com

Access

User Interface

API

Identity Source

Active Directory

SDDC Manager

Virtual Appliance

Supporting Infrastructure:Shared Storage, DNS, NTP,

Certificare Authority

Infrastructure Provisioningand Configuration

vCenterServer


vCenter Server

ESXi

NSX-TData Center

Region B


VMware, Inc. 56

Table 8-6. SDDC Manager Design Details


Deployment model One appliance in each region that deploys virtual infrastructure workload domains, and upgrades the virtual infrastructure components in the management domain and all workload domains, and vRealize Suite Lifecycle Manager. In each region, the appliance is deployed by VMware Cloud Builder, part of VMware Cloud Foundation, during the automated deployment of the management domain.

Supported components n ESXi hosts in the management domain and in all workload domains

n Management domain vCenter Server and workload domain vCenter Server

n NSX-T Data Center

n vRealize Suite Lifecycle Manager in VMware Cloud Foundation mode

n SDDC Manager as self-upgrade

Network segment Management network

Setup for workload domain and product deployment n Direct integration with My VMware to access install and upgrade bundles

n Configuration with an external certificate authority for replacing the certificates of the management components in the SDDC

Support for connecting deployed workload domains to vRealize Operations Manager and vRealize Log Insight

vRealize Suite Lifecycle Manager

vRealize Suite Lifecycle Manager provides life cycle management capabilities for vRealize Suite components including automated deployment, configuration, and upgrade. vRealize Suite Lifecycle Manager communicates with each management domain vCenter Server in the SDDC to orchestrate the deployment, upgrade, and configuration drift analysis of vRealize Suite components in the SDDC.

Starting with VMware Cloud Foundation 4.1, vRealize Suite Lifecycle Manager is deployed in VMware Cloud Foundation mode. In this mode, vRealize Suite Lifecycle Manager and VMware Cloud Foundation are integrated for inventory synchronization, life cycle management of the vRealize Suite products, and workload domain integration.


VMware, Inc. 57

Figure 8-14. Logical Design of vRealize Suite Lifecycle Manager

Region B

vRealizeAutomation

vRealizeLog Insight

vRealizeOperationsManager


SharedStorage

vCenterServer

Endpoint

SDDCManager

Integration

REST API

User Interface

Access

Region A



Identity Management

vRealize SuiteLifecycle Managerin VMware CloudFoundation Mode

vRealizeLog Insight

vRealizeOperationsManager Collectors



VMware, Inc. 58

Table 8-7. vRealize Suite Lifecycle Manager Design Details


Deployment model One appliance that deploys and upgrades the vRealize Suite components on a virtual infrastructure that is controlled by the management domain vCenter Server. The appliance is deployed by using SDDC Manager.

Supported components n Cross-region Workspace ONE Access

n vRealize Operations Manager including remote collectors in Region A and Region B

n vRealize Log Insight in Region A and Region B



Product installation setup n Direct integration with My VMware to access vRealize Suite entitlements

n In Region A, direct integration with SDDC Manager for the following operations:

n Inventory synchronization and software bundle retrieval

n Configuration of the load balancer for the vRealize Suite components, and of the integration between the vRealize Suite products, and between the vRealize Suite products and the management and workload domains

In Region B, the integration with the region-specific SDDC Manager instance is not available. You must connect vRealize Suite Lifecycle Manager with the underlying virtual infrastructure, and the available components with the newly-added product instances manually.

n Environments configuration that uses the product-based deployment path in the installation wizard

Table 8-8. Environment Layout in vRealize Suite Lifecycle Manager

Environment Name Scope Product Components

Globalenvironment Cross-Region Cross-region Workspace ONE Access

Cross-Region Cross-Region n vRealize Operations Manager analytics cluster

n vRealize Operations Manager remote collectors

n vRealize Automation cluster nodes

Region A Region A vRealize Log Insight Cluster

Region B Region B vRealize Log Insight Cluster


VMware, Inc. 59


You use vRealize Operations Manager to monitor the management components of the SDDC including vSphere, vSAN, NSX-T Data Center, Workspace ONE Access, and vRealize Automation.

vRealize Operations Manager is also sized to accommodate the number of tenant workloads according to the design objectives.

Figure 8-15. Logical Design of vRealize Operations Manager

vSAN

Metric Adapters

AdditionalSolutions


NSX-T Data Center

StorageDevices

Region A


Analytics Cluster

Private Cloud Accounts

Identity Management


vCenter Server

Integrations

vRealize Automation



Access

User Interface API

ManagementPacks

Supporting Infrastructure,

shared Storage,AD, DNS, NTP

SMTP



SMTP

vRealize Operations ManagerRemote Collectors

CollectorGroup

ManagementPacks

Remote Collector 2

Remote Collector 1Primary Replica

Data 1 Data n

vSAN

Metric Adapters

AdditionalSolutions


NSX-T Data Center

StorageDevices

Region BPublic Cloud Accounts

Amazon Web Services

Microsoft Azure



SMTP

vRealize Operations ManagerRemote Collectors

CollectorGroup

ManagementPacks

Suite API

Remote Collector 2

Remote Collector 1


VMware, Inc. 60

Table 8-9. vRealize Operations Manager Design Details


Deployment model n Analytics cluster of three nodes with a load balancer: primary, primary replica, and data node

n Remote collector group in each region that consists of two remote collectors that communicate with the region-specific components

The vRealize Operations Manager nodes are deployed by using vRealize Suite Lifecycle Manager.

Monitored components n Management domain vCenter Server and workload domain vCenter Server

n ESXi hosts in the management domain and in the workload domains

n All local components of NSX-T Data Center for the management domain and for the workload domains

n vSAN

n Workspace ONE Access


n vRealize Log Insight including Launch in Context

n vRealize Operations Manager (self-health monitoring)


You use vRealize Log Insight to access the logs of the SDDC management components from a central place and view this information in visual dashboards.


VMware, Inc. 61

Figure 8-16. Logical Design of vRealize Log Insight

Access

User Interface

API

SupportingInfrastructure

Shared Storage, AD,DNS,NTP,

SMTP

LogArchive

NFSExport

Content Packs

Syslog

Ingestion API


Primary Worker1

Worker2 WorkerN

EventForwarding

IntegratedLoad Balancer

Access

User Interface

API

Content Packs

Syslog

Ingestion API

SupportingInfrastructure

Shared Storage, AD,DNS,NTP,

SMTP

LogArchive

NFSExport


Primary Worker1

Worker2 WorkerN

Region A

Integration

Identity Management


vSphere



Logging Clients

vCenter Server

ESXi

NSX-TData Center

vRealizeAutomation

AdditionalSolutions

IntegratedLoad Balancer

Region B

Integration

Identity Management


vSphere


Logging Clients

vCenter Server

ESXi

NSX-TData Center

vRealizeAutomation

AdditionalSolutions


VMware, Inc. 62

Table 8-10. vRealize Log Insight Design Details


Deployment model Cluster of primary node and two worker nodes with an integrated load balancer in each region. The vRealize Log Insight nodes are deployed by using vRealize Suite Lifecycle Manager.

Monitored components n Management domain vCenter Server and workload domain vCenter Server

n ESXi hosts in the management domain and in the workload domains

n All local components of NSX-T Data Center for the management domain and for the workload domains

n vSAN


n Analytics cluster nodes of vRealize Operations Manager

n Management appliances

Archiving Archiving location on an NFS export

Cloud Automation Layer

By using the cloud automation layer, you provide automated workload deployment to tenants by using vRealize Automation.


VMware, Inc. 63

Figure 8-17. Logical Design of vRealize Automation

Public Cloud Accounts

VMware Cloudon AWS

Microsoft Azure

Amazon Web Services

Google Cloud

vCenter Server

NSX-TData Center

Region A

Access

User Interface

API


My VMware

vRealizeOrchestrator

AdditionalSolutionse.g. IPAM, K8s,Terraform,Ansible, Puppet

GitHub, GitLab,and BitBucket

Private Cloud Accounts

vRealizeAutomation Cluster


Supporting Components:Kubernetes, Docker, Postgres,FaaS, Traefik, Flannel, Fluentd

Supporting Infrastructure:Shared Storage,

AD, DNS, NTP, SMTP

Integration Accounts

SDDC Manager

VMware Cloud Foundation

Identity Management


vCenter Server

NSX-TData Center

Region BPrivate Cloud Accounts

VMware Cloud Foundation


VMware, Inc. 64

Figure 8-18. vRealize Automation Usage Model

Service Broker

Cloud Assembly

Cloud Zones

Cloud Templates and ExtensibilityTagging, Images, Cloud Templates, and Extensibility

Rainpole User 1Production Project Member

Rainpole User 2Development Project Member

User Access

Development ProjectProduction Project

AuthoringAdministratorAdministration ofcloud resources

Services Authoring

Project AdminCloud Assembly Admin

Private Cloud Resources

Compute Network Storage

Private Cloud Resources

Compute Network Storage

Table 8-11. Cloud Automation Design Details


Deployment model of vRealize Automation A cluster of three vRealize Automation nodes with a load balancer. The cluster is deployed by using vRealize Suite Lifecycle Manager.

vRealize Automation services n Cloud Assembly

n Service Broker

n Orchestrator (using the embedded vRealize Orchestrator)


Cloud accounts n Workload domain vCenter Server

n Workload domain NSX-T Local Manager

Note Deploying workloads on a workload domain by using vRealize Automation requires that you deploy an NSX-T Data Center instance for each domain.

Cloud zones One cloud zone mapped to one region

Tagging n For the shared and workload cluster, apply tagging on the resource pools

n For workload clusters, apply tagging at the vSphere cluster


VMware, Inc. 65

Table 8-11. Cloud Automation Design Details (continued)


Tenants A single tenant company called Rainpole

Workload placement setup n My VMware integration to download and provision blueprints from VMware Marketplace

n Flavor mappings to define the deployment sizings

n Image mappings to define target deployment operating system and related configuration settings

n Network profiles to define the subnet and routing configuration for the provisioned virtual machines

n Storage profiles to define disk customizations and type of storage for the provisioned workloads

n Projects to define the users that can provision workloads, the priority and cloud zone of deployments, and the maximum allowed deployment instances.

n Content sources and catalogs to provide access to blueprints to users.

Multiple Availability Zones

VMware Validated Design provides alternative guidance for implementing an SDDC that contains two availability zones. You configure vSAN stretched clusters in the management domain and the workload domains to create second availability zones. The SDDC continues operating during host maintenance or if a loss of one availability zone occurs.

In a stretched cluster configuration, both availability zones are active. If a failure in either availability zone occurs, the virtual machines are restarted in the operational availability zone because virtual machine writes occur to both availability zones synchronously.

Overview of vSAN Stretched Cluster

Virtual machine write operations are performed synchronously across both availability zones. Each availability zone has a copy of the data and witness components are placed on the witness host in a third location in the SDDC. As a result of distance and latency requirements, multiple availability zones are typically used in metropolitan or campus environments.

Extending the management cluster to a vSAN stretched cluster provides the following advantages:

n Increased availability with minimal downtime and data loss

n Inter-site load balancing

Using a vSAN stretched cluster for the management components has the following disadvantages:

n Increased footprint


VMware, Inc. 66

n Symmetrical host configuration in the two availability zones

n Distance and latency requirements between the two availability zones

n Additional setup and more complex Day-2 operations

n Licensing requirements

Regions and Availability Zones

In the multi-availability zone version of the VMware Validated Design, you have two availability zones in Region A.

Region Availability ZoneAvailability Zone and Region Identifier

Region-Specific Domain Name

Region A Availability Zone 1 SFO01 sfo.rainpole.io

Region A Availability Zone 2 SFO02 sfo.rainpole.io

Region B LAX01 lax01.rainpole.io

Physical Infrastructure

You must use homogenous physical servers between availability zones. You replicate the hosts for the first cluster in the management domain and shared edge and workload cluster in a workload domain, and you place them in the same rack.

Figure 8-19. Infrastructure Architecture for Multiple Availability Zones

Availability Zone 1

Management cluster(4 ESXi hosts)

Еdge andworkload cluster(4 ESXi hosts)

ToR Switch

ToR Switch

Stretchedmanagement clusterAvailability Zone 1(4 ESXi hosts)

Stretched sharededge andworkload clusterAvailability Zone 1(4 ESXi hosts)

External connection

External connection

External connection

ToR Switch

ToR Switch

Stretchedmanagement clusterAvailability Zone 2(4 ESXi hosts)

Stretched sharededge and workload clusterAvailability Zone 2(4 ESXi hosts)

ToR Switch

ToR Switch

Availability Zone 2

Region A Region B


VMware, Inc. 67

Component Layout with Two Availability Zones

The management components of the SDDC run in Availability Zone 1. They can be migrated to Availability Zone 2 when an outage or overload occurs in Availability Zone 1.

You can start deploying the SDDC in a single availability zone configuration, and then extend the environment with the second availability zone.

Figure 8-20. vSphere Logical Cluster Layout for Multiple Availability Zones for the Management Domain

APPOS

APPOS

APPOS

APPOS

APPOS

APPOS




Region A


Availability Zone 1 Availability Zone 1


Availability Zone 2 Availability Zone 2



ESXi ESXi ESXi ESXi ESXi ESXi ESXi

Region B


Region B

Management Cluster

Region A

Management Cluster

Network Configuration

NSX-T Edge nodes connect to top of rack switches in each data center to support northbound uplinks and route peering for SDN network advertisement. This connection is specific to the top of rack switch that you are connected to.


VMware, Inc. 68

Figure 8-21. Dynamic Routing in Multiple Availability Zones

VMVM VM

ToR Switches

Region A - AZ 1BGP ASN

ESXi Transport Nodes ESXi Transport Nodes

ESXi Host 1

ESXi Host 2

ESXi Host 3

ESXi Host 4

ESXi Host 1

ESXi Host 2

ESXi Host 3

ESXi Host 4

NSX-TEdge

Node 1

NSX-TEdge

Node 2

Tier-0 Gateway

SDDC BGP ASN

Tier-1 Gateway

DR DR

SR SR

DR DR DR DR DR DR

SR SR

Availability Zone1

eBGP ECMP BDF (OPtional)

Default Route Default Route (low loc-pref)

Region A

Uplink VLAN 1

Uplink VLAN 2

eBGP (loc-pref & ASPath_prepend) ECMP BFD (Optional

ToR Switches

Region A - AZ 2BGP ASN

Availability Zone 2

DR DR DR DR

If an outage of an availability zone occurs, vSphere HA fails over the edge appliances to the other availability zone by using vSphere HA. Availability Zone 2 must provide an analog of the network infrastructure which the edge node is connected to in Availability Zone 1.

The management network in the primary availability zone, and the Uplink 01, Uplink 02, and Edge Overlay networks in each availability zone must be stretched to facilitate failover of the NSX-T Edge appliances between availability zones. The Layer 3 gateway for the management and Edge Overlay networks must be highly available across the availability zones.

The network between the availability zones should support jumbo frames and its latency must be less than 5 ms. Use a 25-GbE connection with vSAN for best and predictable performance (IOPS) of the environment.

Table 8-12. Networks That Are Stretched Across Availability Zones

Stretched Network Requires HA Layer 3 Gateway

Management for Availability Zone 1 ✓

Uplink01 x

Uplink02 x

Edge overlay ✓


VMware, Inc. 69

Witness Appliance

When using two availability zones, deploy a vSAN witness appliance in a location that is not local to the ESXi hosts in any of the availability zones.

VMware Validated Design uses vSAN witness traffic separation where you can use a VMkernel adapter for vSAN witness traffic that is different from the adapter for vSAN data traffic. In this design, you configure vSAN witness traffic in the following way:

n On each management ESXi host in both availability zones, the vSAN witness traffic is placed on the management VMkernel adapter.

n On the vSAN witness appliance, you use the same VMkernel adapter for both management and witness traffic.

Figure 8-22. vSAN Witness Network Design in the Management Domain

Availability Zone 1

VLAN: sfo-m01-cl01-vds01-pg-mgmt

PhysicalUpstream

Router

Management Domain

vCenter Server sfo-m01-vc01.sfo.rainpole.io

PhysicalUpstream

RouterESXi

Host 1ESXi

Host 2ESXi

Host 3ESXi

Host 4

Availability Zone 2Physical

UpstreamRouter

ESXiHost 1

ESXiHost 2

ESXiHost 3

ESXiHost 4

VLAN: sfo-m01-cl01-vds01-pg-vsan

VLAN: az2_sfo-m01-cl01-vds01-pg-mgmt

VLAN: az2_sfo-m01-cl01-vds01-pg-vsan

WitnessAppliance

Witness Site

VLAN: lax-m01-cl01-vds01-pg-mgmt


VMware, Inc. 70

Figure 8-23. vSAN Witness Network Design in a Virtual Infrastructure Workload Domain

Availability Zone 1

VLAN: sfo-w01-cl01-vds01-pg-mgmt

Workload DomainvCenter Server

sfo-w01-vc01.sfo.rainpole.io

PhysicalUpstream

RouterESXi

Host 1ESXi

Host 2ESXi

Host 3ESXi

Host 4

Availability Zone 2Physical

UpstreamRouter

ESXiHost 1

ESXiHost 2

ESXiHost 3

ESXiHost 4

VLAN: sfo-w01-cl01-vds01-pg-vsan

VLAN: az2_sfo-w01-cl01-vds01-pg-mgmt

VLAN: az2_sfo-w01-cl01-vds01-pg-vsan

PhysicalUpstream

RouterWitness

Appliance

Witness Site

VLAN: lax-m01-cl01-vds01-pg-mgmt

VLAN: sfo-m01-cl01-vds01-pg-mgmt


VMware, Inc. 71

Introducing VMware Validated Design - VMware Validated ...

Documents

Transcript of Introducing VMware Validated Design - VMware Validated ...