Data Management for VMware Tanzu requires access to a vCenter Server system and one or more clusters or ESXi hosts. Each host running Data Management for VMware Tanzu must meet certain hardware and software requirements.

Supported Platforms

Refer to the Release Notes for information about the server platforms, browsers, and data services supported by this release of Data Management for VMware Tanzu.

Supported Versions of vSphere Components

Data Management for VMware Tanzu is supported on VMware vSphere 6.7 and later. The following table lists information about the components of vSphere required and the versions supported.

Component Supported Versions
vCenter 6.7 and later
ESXi 6.7 and later
VMFS 5 and 6
PostgreSQL 10.15.0, 10.17.0 (supported in 1.0.1 and later), 11.10.0, 11.12.0 (supported in 1.0.1 and later), and 12.7.0
MySQL 8.0.23
MinIO/AWS S3 Not Applicable

Disk Space, Memory, and CPU Requirements

The type of environment in which it will run, and the volume of services that it will manage, will determine the amount of resources that are configured for a Provider VM or an Agent VM. The default configuration for the VMs follows:

VM Environment Memory CPU Storage
Provider VM Default configuration 16 GB 8 vCPU 736 GB (thin provisioning)
Agent VM Default configuration 16 GB 8 vCPU 668 GB (thin provisioning)

The provisioning user specifies the amount of memory and CPU resources for any Service Instance VM that they deploy. These amounts may be bounded by the Instance Configuration Mode in place for the organization to which the user belongs.

vSphere Storage Requirements

Data Management for VMware Tanzu has no specific storage requirement for its deployments. The infrastructure admininstrator can choose to configure the number and types of datastores. A DMS deployment uses the datastores available.

Object Storage Requirements

Data Management for VMware Tanzu requires an S3-compatible local and a cloud object storage solution (for example, AWS or MinIO).

If all of the five repositories - Provider Repo, Provider Log Repo, Provider Backup Repo, and Agent Local Storage and Cloud Storage - are on the same server, a minimum of 100GB capacity of S3-compatible local and a cloud object storage is required. The recommended size of the S3-compatible local and a cloud object storage depends on the size of data backups and retention policy.

Before you deploy Data Management for VMware Tanzu, configure and deploy S3-compatible local and a cloud object storage and create the following buckets:

  • A bucket for Provider Repo
  • A bucket for Provider logs
  • A bucket for Provider backups
  • A bucket for Agent local storage
  • A bucket for Agent cloud storage

These endpoints must be resolvable by the DNS server specified at the time of Provider VM deployment.

Network Configuration Requirements

A Provider with a single Agent VM can be managed by a single vCenter domain. However, a Provider with multiple Agent VMs can be managed by a single or multiple vCenter domains.

Secure, reliable operation of Data Management for VMware Tanzu depends on a secure, reliable network that supports DHCP, a network time service, and other services. Data Management for VMware Tanzu requires a minimum of two dedicated subnets that have access to DHCP, DNS, and NTP services. Ensure that you have installed a DHCP server on a VM in the vSphere cluster. Configure the two subnets so that IP addresses are assigned by DHCP for both the Provider and Agent VMs and each provisioned database Service instance.

Note: If your network already has a DHCP server, do not set up a new DHCP server. Due to multiple DHCP server responses to DHCP requests, machines can obtain incorrect or conflicting IP addresses, or can fail to receive the proper boot information. Therefore, always consult a network administrator before setting up a DHCP server. You can contact your DHCP server vendor for support on configuring a DHCP server.

If you are deploying in an environment with internet connectivity, ensure that your network is able to access VMware Tanzu Network and cloudfront.net. Your environment must meet the following network requirements before you begin installing Data Management for VMware Tanzu.

VDS and N-VDS port groups that should be available to host components of Data Management for VMware Tanzu are:

  • Management network connected to:
    • MinIO VM (optional)
    • Provider VM (through NIC 1 and eth0) for management and data access purposes
  • Control Plane network connected to:
    • Provider VM (through NIC 2 and eth1) for internal communication
    • Agent VM (through NIC 1 and eth0) for management and data access purposes
    • Service instances (through NIC 1 and eth0) for data access purposes
  • Application network connected to Service instances (through NIC 2 and eth1) for database access purposes

Though the Control Plane network and the Application network for Service instances get their IP addresses from the DHCP server, the IP addresses for Management network and the Control Plane network for Provider and Agent VMs are static and configured manually.

Note: Do not configure the Provider VM (management network and control plane network), Agent VM (control plane network), and Database VM (control plane network and application network) networks on 172.17.0.0/16.

Network Time Service

You must use the NTP network time service to synchronize the clocks of all Data Management for VMware Tanzu deployed VMs.

Provider

The Provider VM requires two networks, one for UI traffic and one for management traffic:

  • NIC 1 (eth0): Data Management for VMware Tanzu refers to the network that this NIC connects to as the Management Network. This network is used for Data Management for VMware Tanzu user interface and API calls. The network must have access to the internet so that it can access the S3-compatible object store. The Data Management for VMware Tanzu console runs on this network, and it requires a static IP address.
  • NIC 2 (eth1) Data Management for VMware Tanzu refers to the network that this NIC connects to as the Control Plane Network. This network is used for the internal communication between the Provider and Agents, and it should be a routed network to support DNS queries to the Agents.

The Management Network and the Control Plane Network are configured when you deploy the Provider VM, and cannot be changed after deployment.

Agent

An Agent VM requires:

  • A single NIC (eth0) and network for management traffic. Data Management for VMware Tanzu refers to this network as the Control Plane Network. The Control Plane Network must have connectivity to both the Management Network (eth0) and the Control Plane Network (eth1) of the Provider VM. The Control Plane Network requires a static IP address for Agent recovery to work.
  • Access to vCenter.
  • Access to an external network for cloud object storage.

The Control Plane Network is configured when you deploy an Agent VM, and cannot be changed after deployment.

Note: The Agent VM must be able to directly communicate with the Provider VM through both IP addresses of the Provider VMs.

Service Instance

A Service Instance VM requires:

  • Two networks, one for management traffic, and one for access by client applications:

    • NIC 1 (eth0): This NIC is used for communication between the Agent and the Service Instance. Data Management for VMware Tanzu refers to the network that this NIC connects to as the Control Plane Network.
    • NIC 2 (eth1): This NIC is used for client application access to the Service Instance. Data Management for VMware Tanzu refers to the network that this NIC connects to as the Application Network.

  • Access to an external network for cloud object storage.

Each NIC in a Service Instance VM must be configured to obtain its IP address from DHCP.

The Control Plane Network and the Application Network for a specific Onboarded Cluster are configured when you onboard the Agent with Data Management for VMware Tanzu. When a user provisions a Service Instance that specifies the associated cluster Environment, the deployed instance utilizes those networks.

Service Instance Network Addressing

Data Management for VMware Tanzu expects that Service Instances that it deploys reside in their own subdomain under a corporate domain. For example: dms.myco.com.

DMS hosts a DNS server on every Agent VM. The Agent VM acts as a DNS for all Service Instance VMs provisioned in the associated Onboarded Cluster.

Note: Each Agent VM must have a unique DNS domain name.

You can use your existing corporate DNS server to resolve Service Instance addresses by configuring the server to forward all DNS requests in the subdomain to the Agent VM DNS server.

If there is another DNS configured in your vCenter, this DNS must have Forward Lookup Zone and Conditional forwarding set for the DB FQN Suffix so that an Agent VM handles all DNS resolution for its Service Instance VMs.

The IP address of a provisioned Service Instance VM is assigned using DHCP. Agent VM generates and creates a DNS entry for a Service Instance FQDN based on the DB FQDN Suffix specified when the Agent (cluster) was onboarded:

primary.<instance-name>.<db-fqdn-suffix>

The following diagram provides a representation of a sample network topology where:

  • A represents N-VDS and VDS Port Groups for Management Network
  • B represents N-VDS and VDS Port Groups for Control Plane Network
  • C represents N-VDS and VDS Port Groups for Application Network

Network Security Requirements

The following ports are opened for incoming/outgoing traffic during Provider VM deployment:

Protocol Port Number NIC
ICMP
TCP (SSH) 22 eth0
TCP (https) 443 eth0
TCP (RabbitMQ) 443 eth1
TCP (Postgres) 5432 eth1
TCP (RabbitMQ Cluster) 4369 eth1
TCP (RabbitMQ Cluster) 25672 eth1

The following ports are opened for incoming and outgoing traffic during Agent VM deployment:

Protocol Port Number NIC
ICMP
TCP (SSH) 22 eth0
UDP (DNS) 53 eth0
TCP (DNS) 53 eth0
TCP (https) 443 eth0

The following ports are opened for incoming and outgoing traffic during Service Instance VM deployment:

Protocol Port Number NIC
ICMP
TCP (SSH) 22 eth1
TCP (https) 443 eth1
TCP (MySQL) 3368 eth1
TCP (PostgreSQL) 5432 eth1

Network Requirements Summary

External Network Requirements:

Connection From Connection To Type Protocol Port Number NIC
Provider VM S3-compatible Provider storage http/https TCP eth0
Provider VM VMware Tanzu Network https TCP 443 eth0
Provider VM cloudfront.net https TCP 443 eth0
Corporate DNS Agent VM DNS TCP/UDP 53 eth0
Agent VM S3-compatible Agent storage (local) http/https TCP eth0
Agent VM S3-compatible Agent storage (cloud) (external) http/https TCP eth0
Agent VM vCenter https TCP 443 eth0
Service Instance VM S3-compatible Agent storage http/https TCP eth0 or eth1
Agent Onboarding UI Client Agent VM https TCP 443 eth0
Data Management for VMware Tanzu Console Client Provider VM https TCP 443 eth0
End User (Terminal) Provider VM SSH TCP 22 eth0
End User (Terminal) Agent VM SSH TCP 22 eth0
End User (Terminal) Service Instance VM SSH TCP 22 eth1
End User Service Instance VM https TCP 443 eth1
Database Client Service Instance VM PostgreSQL TCP 5432 eth1
Database Client Service Instance VM MySQL TCP 3368 eth1

Internal Network Requirements:

Connection From Connection To Type Protocol Port Number (From/To) NIC
Provider VM Provider VM RabbitMQ TCP 443 eth1
Provider VM Provider VM PostgreSQL TCP 5432 eth1
Provider VM Provider VM RabbitMQ Cluster TCP 4369 eth1
Provider VM Agent VM RabbitMQ Cluster TCP 25672 eth1/eth0
Agent VM Service Instance VM https TCP 443 eth0/eth0
check-circle-line exclamation-circle-line close-line
Scroll to top icon