In VMware Cloud Foundation, you place vRealize Suite components on a pre-defined configuration of NSX segments, called application virtual networks (AVNs), for dynamic routing and load balancing. You can also use AVNs to deploy a standalone Workspace ONE Access instance that provides central user management to the NSX-T Data Center instances in the environment.
NSX segments provide flexibility for workload placement by removing the dependence on traditional physical data center networks. This approach also improves security and mobility of the management applications, and reduces the integration effort with existing customer network.
Design Component |
Overlay-Based NSX Segments |
VLAN-Backed NSX Segments |
---|---|---|
Benefits |
|
Uses the data center fabric for the network segment and the next-hop gateway. |
Limitations |
Requires routing between the data center fabric and the NSX Edge nodes. |
Not supported in environments with multiple VMware Cloud Foundation instances. |
For the design for specific vRealize Suite components, see VMware Cloud Foundation Design for vRealize Suite Lifecycle and Access Management and VMware Validated Solutions. For identity and access management design for NSX-T Data Center, see Identity and Access Management for VMware Cloud Foundation.
If you plan to use NSX Federation in the management domain, create the AVNs before you enable the federation. Creating AVNs in an environment where NSX Federation is already active is not supported.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
VCF-MGMT-NSX-SDN-AVN-001 |
Create one cross-instance NSX segment for the components of a vRealize Suite application or another solution that requires mobility between VMware Cloud Foundation instances. |
Prepares the environment for the deployment of solutions on top of VMware Cloud Foundation, such as the vRealize Suite, without a complex physical network configuration. The components of the vRealize Suite application must be easily portable between VMware Cloud Foundation instances without requiring reconfiguration. |
Each NSX segment requires a unique IP address space. |
VCF-MGMT-NSX-SDN-AVN-002 |
Create one or more local-instance NSX segments for the components of a vRealize Suite application or or another solution that are assigned to a specific VMware Cloud Foundation instance. |
Prepares the environment for the deployment of solutions on top of VMware Cloud Foundation, such as the vRealize Suite, without a complex physical network configuration. |
Each NSX segment requires a unique IP address space. |
VCF-MGMT-NSX-SDN-AVN-003 | Use overlay-backed NSX segments. |
|
Using overlay-backed NSX segments requires routing, eBGP recommended, between the data center fabric and edge nodes. |
With NSX Federation, an NSX segment can span multiple instances of NSX-T Data Center and VMware Cloud Foundation. A single network segment can be available in different physical locations over the NSX SDN. In an environment with multiple VMware Cloud Foundation instances, the cross-instance NSX network in the management domain is extended between the first two instances. This configuration provides IP mobility for management components which fail over from the first to the second instance.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
VCF-MGMT-NSX-SDN-AVN-004 |
Extend the cross-instance NSX segment to the second VMware Cloud Foundation instance. |
Enables workload mobility without a complex physical network configuration. The components of a vRealize Suite application must be easily portable between VMware Cloud Foundation instances without requiring reconfiguration. |
Each NSX segment requires a unique IP address space. |
VCF-MGMT-NSX-SDN-AVN-005 |
In each VMware Cloud Foundation instance, create additional local-instance NSX segments. |
Enables workload mobility within a VMware Cloud Foundation instance without complex physical network configuration. Each VMware Cloud Foundation instance should have network segments to support workloads which are isolated to that VMware Cloud Foundation instance. |
Each NSX segment requires a unique IP address space. |
VCF-MGMT-NSX-SDN-AVN-006 |
In each VMware Cloud Foundation instance, connect or migrate the local-instance NSX segments to the corresponding local-instance Tier-1 gateway. |
Configures local-instance NSX segments at required sites only. |
Requires an individual Tier-1 gateway for local-instance segments. |