Deployment architecture in the Cloud Director site

The cloud deployment architecture of VMware Cloud Director Availability relies on symmetrical replication operations between the two sites. Deploying multiple VMware Cloud Director Availability instances under one VMware Cloud Director™ site allows for granular access to multiple provider virtual data centers (VDCs), each representing a separate site.

Test and Development Deployment

In a test or in a development VMware Cloud Director site, perform minimal deployment. In the test cloud site, one Cloud Director Combined Appliance runs all the four main services of VMware Cloud Director Availability:

The Tunnel Service,
The Manager Service,
The Cloud Service,
And the Replicator Service.

Combined cloud replication appliances in both cloud sites.

In the diagram:

The colored components inside the two Cloud Director Combined Appliance instances represent the VMware Cloud Director Availability services, deployed during the installation and the initial configuration of the two appliances.
Each component has the color of the replication direction it manages. For example, the protected Organization VDC B vApps and VM 2 from Cloud Site 1 to Cloud Site 2 use the Replicator Service from Cloud Site 2.
Each replication resides in its destination site. For example, the protections from Cloud Site 1 to Cloud Site 2 reside in Cloud Site 2.
The components with no color represent existing components in the two VMware Cloud Director sites.

Production Deployment

In a production VMware Cloud Director site, deploy and configure one or more VMware Cloud Director Availability instances. A single VMware Cloud Director Availability instance consists of the following services, running on three or more dedicated appliances.

One, or optionally for active-active high availability - two Tunnel Appliance instances, each running the Tunnel Service. For information about Tunnel Appliance high availability (HA), see Deploying Two Active-Active Tunnel Appliance Instances. For information about configuring it, see Add a second Tunnel Appliance for HA in the Cloud Director site.
One Cloud Director Replication Management Appliance, running the Cloud Service and the Manager Service. For information about the initial VMware Cloud Director Availability configuration, see Configure the Cloud Service in the Cloud Director site.
One, or optionally for performance scalability and capacity - multiple Replicator Appliance instances, each running a Replicator Service instance. For information about configuring multiple Replicator Service instances, see Add an additional Replicator Service instance in the Cloud Director site.

Dedicated cloud replication appliances in both cloud sites.

For information about the network connectivity between the services and between the sites, see Network requirements and prerequisites in the Cloud Director site. For information about each service of VMware Cloud Director Availability, see Services.

Deploying Multiple VMware Cloud Director Availability Instances in VMware Cloud Director

In a production cloud site, you can deploy one or multiple VMware Cloud Director Availability instances, distributed in provider VDCs under one VMware Cloud Director instance.

In VMware Cloud Director Availability, each provider VDC represents a cloud site. In each VMware Cloud Director Availability instance, the service provider controls the accessible provider VDCs for that instance.
Note: A single VMware Cloud Director Availability instance must manage each provider VDC.
There must be no overlapping provider VDCs managed by multiple VMware Cloud Director Availability instances.
One VMware Cloud Director instance manages all VMware Cloud Director Availability instances, for both a replication source or a replication destination. Each VMware Cloud Director Availability instance registers as a plug-in with its local site name in VMware Cloud Director.
Each VMware Cloud Director Availability instance connects to one vCenter Server Lookup service for one single sign-on (SSO) domain and can access all the organization VDCs of the organizations, part of the provider VDC.

Multiple Availability instances, each responsible for different SSO domain with multiple provider VDCs under different Lookup services.

In SSO domain 1, VMware Cloud Director Availability instance 1 connects to vCenter Server Lookup service 1 and can access the organization VDCs of Organizations X and Y, part of Provider VDC A and B, respectively.
In SSO domain 2, VMware Cloud Director Availability instance 2 connects to vCenter Server Lookup service 2 and can access the organization VDCs of Organizations X and Y, part of Provider VDC C and the organization VDCs of Organization X, part of Provider VDC D.
In SSO domain N, VMware Cloud Director Availability instance N connects to vCenter Server Lookup service N and can access the organization VDCs of Organization Z, part of Provider VDC N.

Deploying Two Active-Active Tunnel Appliance Instances

TCP load balancer sends traffic to either Tunnel Appliance 1 or 2 which send it to the other appliances.

In the above diagram, the three example network traffic flows, depending on their direction are marked as:

Incoming direction (green):

1, 1', 1''; 2, 2', 2''; 3, 3', 3''.

Outgoing direction (blue):

a, a', a''; b, b', b''; c, c', c''.

For high availability, the Tunnel Service supports active-active mode behind a provider-configured load balancer with no TLS termination nor TLS inspection, meaning two independent Tunnel Service instances running on two separate Tunnel Appliance instances, where both handle the network traffic to and from VMware Cloud Director Availability. The load balancer distributes the traffic among them, ensuring one Tunnel Service is always accessible and responsive, even if the other one fails or becomes unavailable.

With the round robin algorithm, the load balancer without terminating the SSL traffic and without inspecting it distributes it among both active-active Tunnel Appliance instances, improving the Tunnel Service availability and performance by avoiding the impacts of one failing or its overload. Each Tunnel Service acts as both an ingress and an egress point of the VMware Cloud Director Availability network traffic. When configured behind a load balancer, both Tunnel Service instances run simultaneously and receive incoming requests from the load balancer then forward them to the remaining services of VMware Cloud Director Availability, and send outgoing responses from the remaining services back to the load balancer. For information about the connectivity between the services and TLS termination, see VMware Cloud Director Availability Services Connectivity.

With this configuration, if one Tunnel Appliance fails, the other can continue serving the network requests. By using two Tunnel Appliance instances also increases the network scalability and capacity of the disaster recovery environment by using two independent points for all the network traffic that comes to and leaves VMware Cloud Director Availability.

After configuring VMware Cloud Director Availability in the Cloud Director site, you can configure the second Tunnel Service. For both existing installations and for upgraded ones, you can also follow the same procedure. For information about configuring the active-active mode for the Tunnel Appliance, see Add a second Tunnel Appliance for HA in the Cloud Director site.