Network Design for vCenter Server for the Management Domain

You place vCenter Server on a VLAN for traffic segmentation, and decide on the IP addressing scheme and name resolution for optimal support for the SDDC management components and host management in VMware Cloud Foundation.

Network Segments

For secure access to the vSphere Client and vCenter Server APIs, the management domain vCenter Server is connected to the management VLAN. For information on the network segments in VMware Cloud Foundation, see Distributed Port Group and VMkernel Adapter Design for the Management Domain.

The management vCenter Server is connected to the management network in each VCF instance. A router provides external connectivity to the management components in the instance. — Figure 1. vCenter Server Network Design

Table 1. Design Decisions on the Network Segment for the Management Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-VCS-NET-001	Place the appliance of the management domain vCenter Server on the management VLAN network segment.	Reduces the number of required VLANs because a single VLAN can be allocated to both, vCenter Server and NSX-T for Data Center management components.	None.

IP Addressing

You must assign a static IP address for the management domain vCenter Server. Following industry best practices, VMware Cloud Foundation does not allow using DHCP to assign IP addresses to the management components, including the management domain vCenter Server.

Table 2. Design Decisions on the IP Addressing Scheme for the Management Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-VCS-NET-002	Allocate a statically assigned IP address and host name to the appliance of the management domain vCenter Server.	Ensures stability across the SDDC, makes it simpler to maintain and track, and to implement a DNS configuration.	Requires precise IP address management.

Name Resolution

Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN), which makes it easier to remember and connect to components across the VMware Cloud Foundation instance. Each IP address must have valid internal DNS registration which includes forward and reverse name resolution. vCenter Server systems must be connected to the following components:

Systems running vCenter Server add-on modules
Each ESXi host
NSX Manager cluster
Internal DNS servers for name resolution of other management components

Table 3. Design Decisions on Name Resolution for the Management Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-VCS-NET-003	Configure forward and reverse DNS records for the appliance of the management domain vCenter Server.	The vCenter Server appliance is accessible by using a fully qualified domain name instead of by using an IP address only.	You must provide DNS records for the vCenter Server appliance.

Time Synchronization

Time synchronization provided by the Network Time Protocol (NTP) is important to ensure that all components within the VMware Cloud Foundation instance are synchronized to the same time source.

Table 4. Design Decisions on Time Synchronization for the Management Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-VCS-NET-004	Configure time synchronization by using an internal NTP time for the appliance of the management domain vCenter Server.	Prevents issues in the management domain caused by time mismatch between different management components. Discards the requirement to provide Internet connectivity to an external NTP server.	An operational NTP service must be available in the environment. All firewalls between the vCenter Server appliance and the NTP servers must allow NTP traffic on the required network ports.