Deployment Specification of SDDC Manager

SDDC Manager is deployed as a single virtual appliance with pre-set compute and storage configuration. You plan access to the VMware Cloud Foundation online repository for downloading install and upgrade software bundles.

Deployment Model

You cannot customize the SDDC Manager appliance during deployment. You use a default configuration.

Table 1. Resource Specification of the SDDC Manager Appliance
Setting	Value
Virtual CPUs	4 vCPUs
Memory	16 GB
Disk Capacity	816 GB
Network	1 x VMXNET3

Table 2. Design Decisions on the Deployment Model of SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-CFG-001	Deploy an SDDC Manager system in the first availability zone of the management domain.	SDDC Manager is required to perform VMware Cloud Foundation capabilities, such as provisioning of VI workload domains, deployment of solutions, patching and upgrade, and others.	None.

Table 3. Design Decisions on Sizing Resources for SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-CFG-002	Deploy SDDC Manager with its default configuration.	The configuration of SDDC Manager is not configurable and should not be changed from its defaults.	None.

Repository Access Design

SDDC Manager uses software bundles for deployment of new VI workload domains and for patching and upgrading existing management and VI workload domains. These bundles are available in a VMware online depot at depot.vmware.com. SDDC Manager can download these bundles from the Internet or you can upload them to SDDC Manager in an environment that has no Internet connectivity.

To download these software bundles automatically, SDDC Manager must be connected to the Internet either directly or over a proxy server. For better security, use a proxy server. SDDC Manager supports only proxy servers that do not require authentication.

Table 4. Design Decisions on Repository Access of SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-CFG-003	Connect SDDC Manager to the Internet for downloading software bundles.	SDDC Manager must be able to download install and upgrade software bundles for deployment of VI workload domains and solutions, and for upgrade from a repository.	The rules of your organization might not permit direct access to the Internet. In this case, you must download software bundles for SDDC Manager manually.
VCF-MGMT-SDDC-CFG-004	Configure a network proxy to connect SDDC Manager to the Internet.	To protect SDDC Manager against external attacks from the Internet.	The proxy must not use authentication because SDDC Manager does not support using a proxy with authentication.
VCF-MGMT-SDDC-CFG-005	To check for and download software bundles, configure SDDC Manager with a VMware Customer Connect account with VMware Cloud Foundation entitlement.	Software bundles for VMware Cloud Foundation are stored in a repository that is secured with access controls.	Requires the use of a VMware Customer Connect user account with access to VMware Cloud Foundation licensing.

Certificate Authority Integration Design

For an automated generation and replacement of signed certificates for the VMware Cloud Foundation management components, you integrate a certificate authority with SDDC Manager. SDDC Manager supports Microsoft Certificate Authority or OpenSSL Certificate Authority for automated generation and replacement of signed certificates.

Alternatively, you can also use external or third-party certificate authority to sign certificates for the VMware Cloud Foundation management components. You need to manually generate the certificate signing requests (CSRs) for the selected management components. After the CA sends you the signed certificates, you upload them to SDDC Manager and initiate certificate replacement on the target components. The previous procedures can also be used in restricted environments where direct connection to the certificate authority is prohibited.

Connect SDDC Manager directly to the certificate authority, if possible, for better manageability of the certificate operations.

Table 5. Design Decisions on Certificate Authority Integration for SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-CFG-006	Configure SDDC Manager with an external certificate authority that is responsible for providing signed certificates.	Provides increased security by implementing signed certificate generation and replacement across the management components.	An external certificate authority, such as Microsoft CA, must be locally available.

Life Cycle Management Design

The life cycle management module of SDDC Manager is responsible for applying patches, updates, and upgrades to the SDDC Manager appliance.

Table 6. Design Decisions on Life Cycle Management of SDDC Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-MGMT-SDDC-LCM-001	Use SDDC Manager to manage its own life cycle.	SDDC Manager supports own life cycle management.	None.