Network Design for vCenter Server for a Virtual Infrastructure Workload Domain

You place vCenter Server on a VLAN for traffic segmentation, and decide on the IP addressing scheme and name resolution for optimal support for host and customer workload management in VMware Cloud Foundation.

Network Segments

For secure access to the vSphere Client and vCenter Server APIs, the VI workload domain vCenter Server is connected to the management VLAN network segment.

The VI workload domain vCenter Server is connected to the management network in each VMware Cloud Foundation instance. An upstream router provide external connectivity to the management components in the instance. — Figure 1. vCenter Server Network Design

Table 1. Design Decisions on the Network Segment for a VI Workload Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-WLD-VCS-NET-001	Place the appliance of the VI workload domain vCenter Server on the management VLAN network segment.	Reduces the number of VLANs needed as a single VLAN can be allocated for both vCenter Server and NSX-T for Data Center management components.	None.

IP Addressing

You must assign a static IP address for the VI workload domain vCenter Server. Following industry best practices, VMware Cloud Foundation does not allow using DHCP to assign IP addresses to the management components, including the VI workload domain vCenter Server.

Table 2. Design Decisions on the IP Addressing Scheme for a VI Workload Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-WLD-VCS-NET-002	Allocate a statically assigned IP address and host name to the appliance of the VI workload domain vCenter Server.	Ensures stability across the SDDC, makes it simpler to maintain and track, and to implement a DNS configuration.	Requires precise IP address management.

Name Resolution

Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN), which makes it easier to remember and connect to components across the VMware Cloud Foundation instance. Each IP address must have valid internal DNS registration which includes forward and reverse name resolution. vCenter Server systems must be connected to the following components:

Systems running vCenter Server add-on modules
Each ESXi host
NSX Manager cluster
Internal DNS servers for name resolution of other management components

Table 3. Design Decisions on Name Resolution for a VI Workload Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-WLD-VCS-NET-003	Configure forward and reverse DNS records for the appliance of the VI workload domain vCenter Server.	The vCenter Server appliance is accessible by using a fully qualified domain name instead of by using IP addresses only.	You must provide DNS records for the VI workload domain vCenter Server appliance in each region.

Time Synchronization

Time synchronization provided by the Network Time Protocol (NTP) is important to ensure that all components within the VMware Cloud Foundation instance are synchronized to the same time source.

Table 4. Design Decisions on Time Synchronization for a VI Workload Domain vCenter Server
Decision ID	Design Decision	Design Justification	Design Implication
VCF-WLD-VCS-NET-004	Configure time synchronization using an internal NTP time for the appliance for the VI workload domain vCenter Server.	Prevents from failures in the deployment of the vCenter Server appliance on an ESXi host if the host is not using NTP. Discards the requirement to provide Internet connectivity to an external NTP server.	An operational NTP service must be available to the environment. All firewalls between the vCenter Server appliance and the NTP servers must allow NTP traffic on the required network ports.