Network Design for SDDC Manager

You place SDDC Manager on the management VLAN for traffic segmentation, and decide on the IP addressing scheme and name resolution for optimal support for the SDDC management components, and host provisioning and life cycle management.

SDDC Manager is connected to the management network in each VCF instance together with the management vCenter Server. A router provides external connectivity to the management components in the instance. — Figure 1. SDDC Manager Network Design

Network Segments

The SDDC Manager appliance is connected to the management VLAN for secure access to the application user interface and API.

Table 1. Design Decisions on Network Segments for SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-NET-001	Place the SDDC Manager appliance on the management VLAN network segment.	Reduces the number of VLANs. You allocate a single VLAN to vCenter Server, NSX-T Data Center, SDDC Manager, and other SDDC management components.	None.

IP Addressing

You must use statically-assigned IP address for the SDDC Manager appliance. Following industry best practices, VMware Cloud Foundation does not allow using DHCP to assign IP addresses to the management components.

Table 2. Design Decisions on the IP Addressing Scheme for SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-NET-002	Allocate a statically assigned IP address and host name to the SDDC Manager appliance in the management domain.	Ensures stability across the SDDC, makes it simpler to maintain and track, and to implement a DNS configuration.	Requires precise IP address management.

Name Resolution

Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN), which makes it easier to remember and connect to components across the VMware Cloud Foundation instance. Each IP address must have valid internal DNS registration which includes forward and reverse name resolution. The SDDC Manager appliance must maintain network connections to the following components:

vCenter Server
ESXi hosts
NSX Manager cluster
Internal DNS servers for name resolution of other management components

Table 3. Design Decisions on Name Resolution for SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-NET-003	Configure forward and reverse DNS records for the SDDC Manager appliance, assigning the records to the child domain for the region.	SDDC Manager is accessible by using a fully qualified domain name instead of by using IP addresses only.	You must provide DNS records for the SDDC Manager appliance.

Time Synchronization

Time synchronization provided by the Network Time Protocol (NTP) is important to ensure that all components within the VMware Cloud Foundation instance are synchronized to the same time source. Configure the SDDC Manager appliance with time synchronization using an internal NTP time source.

Table 4. Design Decisions on Time Synchronization for SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-NET-004	Configure time synchronization by using an internal NTP time for the SDDC Manager appliance in the management domain.	Prevents from failures in the deployment of the SDDC Manager appliance.	An operational NTP service must be available to the environment. All firewalls located between the SDDC Manager appliance and the NTP servers must allow NTP traffic on the required network ports.