VMware Validated Design

for Software-Defined Data Center 5.1

Cloud Builder Workload Domains

Cloud Builder is provided with the design release and is deployed by the Cloud Administrator. The Cloud Administrator inputs all required Universal Logical Switch Universal Logical Switch
Cloud Builder configuration parameters into a XLSX configuration file and uploads the file using the Cloud Builder user interface. Host Storage Options Host Connectivity Network Transport L2 L2

Application Virtual Networks

External

Workload Virtual Networks

Cloud Builder automates the deployment and configuration of the SDDC based on this configuration and the design specifications. UDLR UDLR & DLR
L3 Networks L3

for SDDC Solutions

APP APP APP APP APP APP APP APP APP
OS OS OS OS OS OS OS OS OS

Upstream Upstream Upstream Universal Logical Switch Universal Logical Switch

NSX-V Manager
vCenter Server PSC Switch Switch Switch

North/South
L2 L2
Upstream Upstream UDLR L3 L3 UDLR & DLR

Routing
L3 L3
vRealize Log NSX-V Ctrl
Infrastructure VMs
*"+)#'(1
Insight
*"+)#'(1
PSC *"+)#'(1
*"+)#'(1 Switch Switch L3 L3
Routed Uplinks (ECMP) APP APP APP APP APP APP APP APP APP APP
OS OS OS OS OS OS OS OS OS OS
L3 L3
Layer 3 ToR Switch
vRSLCM vCenter vCenter L2 L2

(Management) (Workload) (Management)

Core Platform
vSphere Distributed Switch
L3

Services
vSphere Cluster
ESXi01 ESXi02 ESXi03 ESXi04 + vSAN SRM PSC PSC
(Management) (Workload) (Management)
Edge
L2 NSX Controllers N/S NSX EDGE N/S NSX EDGE NSX Controllers
40 GigE 40 GigE Resource
(Management) (Management) (Workload) (Workload)
vSAN Datastore
ToR ToR ToR ToR ToR ToR VR NSX Manager Pool
ToR ToR NSX Manager
(Management) (Workload) (Management)
UDLR UDLR & DLR
L3 L3
Management Workload Domain VLAN 1611 VLAN 1612 VLAN 1613 VLAN 1614 L3
IGMP IGMP IGMP IGMP IGMP IGMP
L2 L2 IGMP IGMP
L2 Management Management

Distributed
Span of VLANs
vMotion vMotion

Switches
Deploy Cloud 25 GigE 25 GigE

Span of VLANs
Management Domain vSAN vSAN
Workload Domain (4+ Hosts)
Builder Appliance VTEP (VXLAN) VTEP (VXLAN)
VLAN Trunk (802.1Q) NFS NFS
vSAN Datastore
vSphere Replication North/South Uplink(s)
Customer Provided IP-Based ESXi Host Server
User File Upload vSphere Cluster North/South Uplink(s)
ESXi05 ESXi06
+ vSAN storage (iSCSI/NFS) vSAN
ESXi07 ESXi08 ESXi09 ESXi10

Cloud Builder vSphere Distributed Switch Management vMotion VXLAN vSAN

Appliance 172.16.11.0/24 172.16.12.0/24 172.16.13.0/24 172.16.14.0/24 Workload Domain
DGW: DGW: (4+ Hosts)

Edge/Compute Cluster
VTEPs ESXi-MGMT-01 VTEPs ESXi-MGMT-02 VTEPs ESXi-MGMT-03 VTEPs ESX-WKLD-01
172.16.11.253 172.16.12.253

Management Custer
Transport Zones
APP APP APP UDLR UDLR UDLR UDLR & DLR

Universal
Application VMs
APP APP APP
Additional Workload Domains Any Supported Any Supported
When using the recommended L3 network transport, the top-of-rack leaf switches of each rack
Storage Storage
act as the corresponding L3 interface for the associated subnets. The management domain and the
Hyper-converged vSAN Storage
workload domain are provided with externally accessible VLANs to access to the The design supports L3 or L2 network transport services. For a scalable and vendor-neutral data center network, use an L3 transport.
with all Flash or Hybrid Array
Internet and corporate networks. Core and Domain Architecture Core and Domain Architecture
Configurations

Logical Component Architecture vRealize Suite Components

vRealize Suite Lifecycle Manager delivers complete lifecycleand content management capabilities for vRealize
vRealize Suite Lifecycle Manager Suite products. The design uses vRealize Suite Lifecycle Manager to deploy, upgrade, and configure, of the
vRealize Suite components
In a dual-region Software-Defined Data Center, the two Platform Service Controllers and two vCenter Server instances are deployed in each region. In a dual-region Software-Defined Data Center, two primary NSX Data Cener for vSphere NSX Manager instances are deployed in Region A. The NSX-T design uses management, and shared edge and compute clusters. You can add more compute clusters for scale-out, or different
Core vSphere Management This includes a vCenter Server for the management domain and a vCenter Server for the shared edge and each workload domain.
Each vCenter Server instance is connected to a load-balanced pair of Platform Services Controllers using an NSX Edge Services Gateway.
NSX Data Center for vSphere One for the management domain and one for a workload domain, along with associated NSX Universal Controller Clusters.
In Region B, secondary NSX Manager instances automatically import the configurations of the NSX Universal Controller Clusters from Region A.
NSX-T Data Center workload types or SLAs. The NSX-T Edge cluster is a logical grouping of NSX-T Edge virtual machines. These NSX-T Edge virtual machines
run in the vSphere shared edge and compute cluster and provide North-South routing for the workloads in the compute clusters.
To enable enhanced linked mode, the design joins the Platform Services Controller instances into a unified Single Sign-On domain.

Install Configuration Management Patching Upgrade Content Management Marketplace Health Monitoring

Region A Region B vRealize Operations vRealize Log Insight

Common vCenter Single Sign-On Domain
Management Cluster NSX-T Logical Routing
(Ring Topology) In a dual-region Software-Defined Data Center, a vRealize Log Insight cluster is deployed in each region. Each cluster consists of three nodes, enabling
The design integrates solutions for compute, storage, network, cloud operations, and cloud management. A single vRealize Operations analytics cluster
monitors and performs diagnostics across the Software-Defined Data Center by using a series of remote collectors and solution management packs. continued availability and increased log ingestion rates. vRealize Log Insight collects and analyzes log data across the domain using the syslog protocol
and the ingestion API. vRealize Log Insight also integrates with vRealize Operations Manager to facilitate root cause analysis.
Management Domain Management Domain Physical Layer
vCenter Server vCenter Server Workload Domain 3 Devices Region A Region B Region A Region B
Region A Region B Appliance Appliance vCenter Server
Appliance
VMware SDDC VMware SDDC VMware SDDC Components VMware SDDC Components
Components Components

Management Domain Management Domain

NSX Manager Pairing
NSX-v Manager NSX-v Manager NSX-T Edge Cluster Active/Active Segment1 Segment2
(Primary) (Secondary) Remote Collectors Remote Collectors vRealize Log Insight Cluster vRealize Log Insight Cluster
Workload Domain NSX-T Edge APP APP Event
NSX-T Unified Forwarding
Platform Services Platform Services Platform Services PlatformServices
Platform Services NSX-T Manager Appliance Tier - 0 VM VM Clctr Clctr Clctr Clctr Master Worker Worker via Ingestion Master Worker Worker
Node Node Node Node Node Node Node Node Node Node
Controller Controller Controller Controller
Controller NSX-v Edge Management Domain Import of Management Domain NSX-v Edge (Cluster) (N/S Routing)
API

APP
Appliance Appliance Appliance Appliance
Appliance Services Gateways NSX-v Universal NSX-v Controller Configuration Services Gateways
APP
VM
VM
from Primary NSX-v Manager
(N/S Routing) Controller Cluster (N/S Routing)
NSX-T Edge APP APP Analytics Cluster Any Supported NFS Any Supported NFS
Workload Domain Tier - 0 VM VM
NSX-T Unified
NSX-T Manager (N/S Routing)
NSX Edge Services NSX Edge Services NSX-v Edge Services Workload Domain Workload Domain NSX-v Edge Services Appliance Master
Node
Replica
Node
Data
Node
(Cluster) APP APP
Gateway w/ HA Gateway w/ HA vCenter Server vCenter Server Gateway w/ HA
Gateway w/ HA VM VM Primary Storage Log Archives Primary Storage Log Archives
(One-Arm Load Balancer) Appliance Appliance (One-Arm Load Balancer)
(Load Balancer) (Load Balancer)
APP APP Region A Management Domain Region B Management Domain Region A Management Domain Region B Management Domain
VM VM
Workload Domain
Workload Domain NSX Manager Pairing
Compute
WorkloadDomain
Domain NSX-T Manager
NSX-T Unified
NSX-T Edge
NSX-v Manager NSX Manager Appliance APP
NSX-v Manager (Cluster) Tier - 1
APP
VM VM
Management Domain Workload Domain Management Domain Workload Domain (Primary) (Secondary)
(Secondary) Gateway
vCenter Server vCenter Server vCenter Server vCenter Server
Appliance Appliance Appliance Appliance vRealize Automation, vRealize Orchestrator and vRealize Business for Cloud vRealize Automation Business Groups & Reservations
Region A Management Domain Region B Management Domain
The design implements a single vRealize Automation tenant. Business groups can be created to fit your needs. Within each business group the tenant
Management Domain NSX-T backed Workload Domain The design establishes a Cloud Management Platform with vRealize Automation to provide a service catalog and self-service portal to deploy, update, and
manage the workloads. Its embedded instance of vRealize Orchestrator provides a repository of extensible workflows and integrations. vRealize Business for administrators are able to manage users and groups, apply tenant-specific branding, enable notifications, configure business policies, and manage the
Cloud provides visibility into the financial aspects of the cloud infrastructure, allowing cost to be tracked and optimized. service catalog.
vSphere Update vSphere Update NSX-v Edge Workload Domain NSX-v Edge
Import of Workload Domain
Manager Download Manager Download Services Gateways NSX-v Universal NSX-v Controller Configuration Services Gateways NSX-V Transport Zone MGMT NSX-T Transport Zone
Service Service (N/S Routing) Controller Cluster
from Primary NSX-v Manager
(N/S Routing) Tenant Business
Admin Group
vRealize vRealize vRealize vRealize Sign In

Manager
vSphere Distributed Switch N-VDS (Workload) VRA
Automation
SQL
Business Automation Business
https://my.sddc.local/vcac/org/company

Region A Workload Domain Region B Workload Domain

Region A Management Domain Region B Management Domain (Edge Resource Pool) (Edge Resource Pool) ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi
VRA IWS IMS DEM IAS BUS IAS BUC
Edge Business Group
Reservation Reservation
Fabric
VRA IWS IMS DEM IAS BUC IAS
Region A Fabric Group
Admin

IaaS Region A Data Center Infrastructure Fabric

Admin
Workload Domain Additional Workload Domain(s)

Region A Management Domain Region B Management Domain

Distributed Logical Routing and Application Virtual Networks for Management, Operations and Automation Solutions Storage Reference

Distributed Logical Routing vRealize Operations vRealize Automation vSphere 6.7

All design documentation for is provided for an L3 transport with BGP based peering. vRealize Automation 7.6
and vRealize Business for Cloud vCenter, PSC - EP 11
and Application Virtual Networks A TechNote is provided for the alternative mixed-use or end-to-end use of OSPF. and vRealize Log Insight Region A Region B
ESXi - EP 10
NFS Storage Array NFS Storage Array
Region A Region B vRealize Business 7.6
vSAN 6.7
ECMP ECMP
NSX Edge NSX Edge
Region A Region B ECMP ECMP Services Gateways Services Gateways for Cloud
Internet or Internet or NSX Edge Region A Region B NSX Edge BGP Universal Transit Network Universal Transit Network BGP EP 10
Enterprise Enterprise Services Gateways Services Gateways Peering Universal Logical Switch / VXLAN Segment 192.168.10.0/24 192.168.10.0/24 Universal Logical Switch / VXLAN Segment Peering
Universal Transit Network Universal Transit Network
WAN/MPLS WAN/MPLS 192.168.10.0/24
Universal Logical Switch / VXLAN Segment 192.168.10.0/24 Universal Logical Switch / VXLAN Segment

Management Universal Distributed Logical Router

NSX Data Center vRealize Operations
Internet or Enterprise WAN/MPLS

Internet or Enterprise WAN/MPLS

Management Universal Distributed Logical Router

for vSphere 6.4.5 Manager 7.5
Spine
Switches
To Shared Edge and Compute Domain To Shared Edge and Compute Domain Spine
Switches Region Independent Application Virtual Network Region Independent Application Virtual Network Volume 1 Volume 2 Volume 1 Volume 2 and Management Packs
Workload Domains Workload Domains Region Independent Application Virtual Network Region Independent Application Virtual Network Universal Logical Switch / VXLAN Segment Universal Logical Switch / VXLAN Segment
Universal Logical Switch / VXLAN Segment Universal Logical Switch / VXLAN Segment
NSX Edge Services Gateway NSX Edge Services Gateway Export for Export for Export for Export for Export for Export for
vRealize Log Insight 4.8
One-Arm Load Balancer One-Arm Load Balancer
NSX Edge Services Gateway NSX Edge Services Gateway 192.168.11.0/24 192.168.11.0/24 Content Library Log Archives Backups Content Library Log Archives Backups
Site Recovery Manager 8.2
L3 L3 One-Arm Load Balancer One-Arm Load Balancer
Top-of-Rack Top-of-Rack 192.168.11.0/24 and Templates and Templates
Leaf Switches
L2
172.16.11.0/24 172.16.11.0/24
L2
Leaf Switches
192.168.11.0/24 and Content Packs
APP APP APP APP APP APP
VRA VRA VRA VRA
BGP Peering BGP Peering OS OS OS OS OS OS
APP APP APP APP APP APP
NSXM PSC VC VC PSC NSXM OS OS OS OS OS OS
ECMP OS OS OS OS OS OS ECMP
Master Replica Data Master Replica Data
NSX Edge NSX Edge
Node Node Node Node Node Node IWS APP APP
IWS IWS APP APP
IWS The design uses NFS as a secondary storage tier. vRealize Suite
vSphere Replication 8.2
Services Gateways Services Gateways OS OS OS OS
Universal Tranist Network NFS is used for the content library and templates consumed by vRealize Automation blueprints and for vRealize Log Insight log archives.
Lifecycle Manager 2.1 P2
BGP Universal Transit Net work BGP
Peering Universal Logical Switch / VXLAN Segment 192.168.10.0/24 192.168.10.0/24 Universal Logical Switch / VXLAN Segment vRealize Operations Replicated for Disaster Recovery
Peering
NFS is also used by any vSphere APIs for Data Protection compatible solution to store backups.
APP APP APP APP
IMS IMS IMS IMS
Management Universal Distributed Logical Router
OS OS OS OS
NSX-T Data Center 2.4.1
APP APP APP APP
DEM DEM DEM DEM
OS OS OS OS
Region Independent Application Virtual Network Region Independent Application Virtual Network
192.168.31.0/24
192.168.32.0/24
Universal Logical Switch / VXLAN Segment Universal Logical Switch / VXLAN Segment
APP APP APP APP
NSX Edge Services Gateway NSX Edge Services Gateway SQL BUS SQL BUS
One-Arm Load Balancer One-Arm Load Balancer S
OS OS OS OS
192.168.11.0/24 APP APP
192.168.11.0/24 APP APP

Region Protection and Disaster Recovery Resources

OS OS
OS OS
vRealize Automation / vRealize Orchestrator Replicated for Disaster Recovery
Collector Collector Collector Collector vRealize Business for Cloud
APP APP APP APP APP
Reserved for Disaster Recovery Node Node Node Node
OS OS OS OS OS

vRealize Operations vRealize Operations

Region Dependent Application Virtual Network Region Dependent Application Virtual Network
Universal Logical Switch / VXLAN Segment Universal Logical Switch / VXLAN Segment Region A Region A Replicated Region B Replicated Region B
Region Dependent Application Virtual Network
Universal Logical Switch / VXLAN Segment 192.168.31.0/24 192.168.32.0/24
Region Dependent Application Virtual Network
Universal Logical Switch / VXLAN Segment Non-Replicated Non-Replicated
Have questions? Resource URL
192.168.31.0/24 192.168.32.0/24
Ask @SDDCCommander.
APP APP APP APP APP APP APP APP APP APP
APP
OS
APP
OS
APP
OS
APP APP APP Protection Groups SRM Protection Groups
APP APP APP APP APP APP
OS OS OS OS OS OS OS OS OS Cluster Master Worker Worker
OS OS OS
OS OS OS OS OS OS • vRealize Automation
(failover/failback)
• vRealize Automation
Main Site vmware.com/go/vvd
Cluster Master Worker Worker
VIP Node Node Node IAS IAS BUC IAS IAS BUC
VIP Node Node Node vRealize Log Insight • vRealize Business for Cloud • vRealize Business for Cloud vRealize Log Insight
• vRealize Operations • vRealize Operations Documentation vmware.com/go/vvd-docs
Application Virtual Networks for SDDC Management Solutions in Region A Application Virtual Networks for SDDC Management Solutions in Region B vRealize Log Insight
vRealize Log Insight Replication
vSphere Update Manager Download Service, vSphere Update Manager Download Service,
• vRealize Suite Lifecycle Manager vSphere Replication when using vSAN
• vRealize Suite Lifecycle Manager
vRealize Operations Analytics Cluster and Remote Collectors, Regional vRealize Log Insight Cluster, vRealize Operations Remote Collectors, Regional vRealize Log Insight Cluster, 192.168.11.50 > Active Node Poster vmware.com/go/vvd-sddc-poster
Distributed vRealize Automation and Proxy Agents, and vRealize Business for Cloud Server and Collector. vRealize Automation Proxy Agents and vRealize Business for Cloud Collector. 192.168.11.57 > Active Node
VRA VIP: 192.168.11.53 192.168.11.51 > Active Node IMS VIP: 192.168.11.59
192.168.11.58 > Passive Node
Disaster Recovery vRealize Operations Analytics Cluster, 192.168.11.52 > Active Node Community vmware.com/go/vvd-community
Distributed vRealize Automation, and vRealize Business for Cloud Server.

VIP: 192.168.11.56
192.168.11.54 > Active Node Region A Infrastructure Management Region B Infrastructure Management
IWS
192.168.11.55 > Active Node
Videos and Demos vmware.com/go/vvd-videos

vSphere vSphere Certified Partner Architectures vmware.com/go/vvd-cpa

NSX Data Center for vSphere NSX Data Center for vSphere
Site Recovery Manager Site Recovery Manager
vExpert Slack vexpert.slack.com > #vvd

One region is designated as the primary region and the other as the secondary region. SDDC management, automation and operations solutions are … and more! vmwa.re/vvd
deployed in the primary region and configured to migrate to the secondary region in the event of a disaster. All regions actively run business workloads.
Network External Transit Networ(s) Universal Transit Network VXLAN Management Distributed Port Group Management Application Virtual Network VXLAN

Copyright © 2019 VMware, Inc. All rights reserved. Refer to the design release notes for products and versions included in the design. @vmwcf | vmware.com/go/vvd-docs