Deployment Overview of VMware Cloud Foundation

The deployment of VMware Cloud Foundation is automated. You use VMware Cloud Builder to deploy the management domain, SDDC Manager to deploy VI workload domains for customer workloads, and VMware vRealize^® Suite Lifecycle Manager™ in VMware Cloud Foundation mode to deploy vRealize Suite products and Workspace ONE Access. You deploy management components manually only in a few cases according to the instructions.

Deploying the Management Domain

The management domain of a VMware Cloud Foundation instance contains the components for deployment and operation of virtual infrastructure for customer workloads. Following a certain sequence of operations, you bring up VMware Cloud Foundation first. This operation deploys the management domain. Then, you can proceed with deploying VI workload domains and vRealize Suite products.


Steps		Description
0. Plan and prepare for the management domain deployment.		Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft^® Excel^® spreadsheet format (XLS).
1. Deploy the VMware Cloud Builder Appliance		Deploy the VMware Cloud Builder appliance on a laptop running VMware Workstation or VMware Fusion, or on an ESXi host.
2. Prepare the ESXi Hosts for VMware Cloud Foundation		Prepare a minimum of four ESXi hosts for the management domain by manually installing ESXi or by using the VMware Imaging Appliance.
3. Deploy the management domain by using VMware Cloud Builder.		Download the deployment parameter workbook from the VMware Cloud Builder appliance and fill in the details for the management domain deployment. You can use the details from the VMware Cloud Foundation Planning and Preparation Workbook. Then, upload the deployment parameter workbook to VMware Cloud Builder. After VMware Cloud Builder validates the target environment against the specification in the deployment parameter workbook, bring up the management domain. After the automated deployment is complete, the management domain contains vCenter Server, vSAN, and SDDC Manager.
Post-Deployment Configuration	Configure the Repository Settings for SDDC Manager	After the deployment of the management domain, configure SDDC Manager with repository credentials by using a My VMware account. In this way, SDDC Manager can access the inventory of installation and upgrade bundles on depot.vmware.com. You can update the components of VMware Cloud Foundation as soon as an update is available.
	Configure backup of management components.	Optional. Reconfigure SFTP Backups for SDDC Manager and NSX-T Data Center By default, backups of NSX-T Data Center and SDDC Manager are stored on the SDDC Manager appliance. You should change the destination of the backups to an external SFTP server to ensure you can recover these components in the event of a failure. File-Based Backup of SDDC Manager and vCenter Server You should also configure a backup schedule for SDDC Manager and management domain vCenter Server, and export the vSphere Distributed Switch configuration.
	Configure certificate management in SDDC Manager.	Optional. If you want to use SDDC Manager to manage CA-signed certificates for management components, prepare a Microsoft certificate authority server, configure the integration with SDDC Manager, and then update the certificates for components for establishing a secure communication to the components of VMware Cloud Foundation.

Deploying a Virtual Infrastructure Workload Domain

After you deploy the management domain in VMware Cloud Foundation, following a certain sequence of operations, you create a VI workload domain to run customer workloads with specific requirements.

vCenter Server and the NSX Manager cluster for the VI workload domain are deployed on the management domain. You deploy the NSX edge cluster in the VI workload domain. See Workload Domains in VMware Cloud Foundation.


Steps	Description
0. Plan and prepare for the VI workload domain deployment.	Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft^® Excel^® spreadsheet format (XLS).
1. Prepare the ESXi hosts and add them to VMware Cloud Foundation.	Prepare ESXi Hosts for VMware Cloud Foundation Prepare a minimum of three ESXi hosts for the VI workload domain by manually installing ESXi or using the VMware Imaging Appliance. Create a Network Pool A network pool is a collection of subnets within a Layer-2 network domain. Each ESXi host is assigned IP addresses from this network pool for vSphere vMotion and storage. Commission Hosts Adding hosts to the SDDC Manager inventory is called commissioning. Add hosts individually or use a JSON template to add multiple hosts at once. SDDC Manager validates the specification of the hosts against the requirements for operating in VMware Cloud Foundation. Add License Keys Optional. Add license keys with sufficient capacity and required feature scope for vSphere, NSX-T Data Center, vCenter Server, and vSAN if used as principal storage. If the licenses you provided for the management domain at bring-up have enough capacity, you can use them instead.
2. Deploy a VI Workload Domain.	After the hosts are commissioned, deploy the VI workload domain by using the automated workflow in SDDC Manager.
3. Deploy an NSX Edge Cluster.	Deploy an NSX Edge cluster in a vSphere cluster in the VI workload domain to provide networking services and connectivity to the external network for your workloads.
Post-Deployment Configuration	File-Based Backup of SDDC Manager and vCenter Server Optional. Configure a backup schedule and location for the VI workload domain vCenter Server, and export the vSphere Distributed Switch configuration. Configure certificate management in SDDC Manager Optional. If you want to manage signed certificates for management components of the VI workload domain, use the SDDC Manager UI to update them.

Deploying vRealize Suite Lifecycle Manager and Workspace ONE Access

vRealize Suite Lifecycle Manager is the foundation for automated deployment of vRealize Suite products on VMware Cloud Foundation for operations management, logging and workload provisioning. You use Workspace ONE Access that is integrated with vRealize Suite Lifecycle Manager for central role-based access control in vRealize Suite.


Steps	Description
0. Plan and prepare for the deployment of vRealize Suite Lifecycle Manager and Clustered Workspace ONE Access.	Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft^® Excel^® spreadsheet format (XLS).
1. Set up routing and networks in NSX-T Data Center	Deploy an NSX Edge Cluster Deploy an NSX Edge cluster in the management domain and application virtual networks. SDDC Manager deploys the edge cluster and creates Tier-0 and Tier-1 gateways for north-south and east-west routing for management components in VMware Cloud Foundation. Deploy Application Virtual Networks for vRealize Suite Components When SDDC Manager creates the NSX segments for the application virtual networks, it connects them to the NSX gateways. See NSX Segment Design for vRealize Suite Components.
2. Deploy vRealize Suite Lifecycle Manager	You deploy vRealize Suite Lifecycle Manager in the management domain. SDDC Manager provides inventory information about the management domain in vRealize Suite Lifecycle Manager. SDDC Manager also configures the NSX-T Tier 1 gateway to support the load balancer for the cross-region solutions.
Post-Deployment Configuration of vRealize Suite Lifecycle Manager	Replace the Certificate of the vRealize Suite Lifecycle Manager Instance Upload a CA-signed certificate for trusted communication to vRealize Suite Lifecycle Manager Configure Data Center and vCenter Server in vRealize Suite Lifecycle Manager Perform configuration procedures so that you can manage the deployment and life cycle of vRealize Suite.
3. Deploy the Clustered Workspace ONE Access Instance	Optional. If you want to provide centralized identity and access management to vRealize Suite, deploy a clustered Workspace ONE Access instance and integrate it with Active Directory. vRealize Suite Lifecycle Manager calls SDDC Manager to configures the NSX load balancer that is required for the Workspace ONE Access cluster.
Post-Deployment Configuration for vRealize Suite Lifecycle Manager and Workspace ONE Access	Add the Clustered Workspace ONE Access Passwords to vRealize Suite Lifecycle Manager Optional. Create separate passwords for the administrator accounts for the vRealize Lifecycle Manager global environment and Workspace ONE Access. Image-Based Backup and Restore of VMware Cloud Foundation Optional. Create full virtual machine image-level backup jobs by using a backup solution that is compatible with VMware vSphere Storage APIs - Data Protection (VADP).
4. Deploy a vRealize Suite solution that is required by your SDDC design.	Deploy a vRealize Suite solution in VMware Cloud Foundation and connect it with the platform and with other vRealize Suite components to form a fully-integrated cloud management system. After you deploy the vRealize Suite components, use SDDC Manager to integrate them with the workload domains in your environment. For information on deploying vRealize Suite components and integrating them with the VMware Cloud Foundation platform, see VMware Cloud Foundation Validated Solutions.
5. Connect the vRealize Suite solution to the workload domains.