For traffic segmentation in VMware Cloud Foundation, you place NSX Global Manager for the VI workload domain on the management VLAN in the management domain, and decide on the IP addressing scheme and name resolution for optimal support for the SDDC management components and host management.

Network Segment

For secure access to the ESXi hosts and vCenter Server, in each location of VMware Cloud Foundation, NSX Global Manager for a VI Workload domain is connected to the management VLAN segment.

Table 1. Design Decisions on the Network Segment for NSX Global Manager

Decision ID

Design Decision

Design Justification

Decision Implication

VCF-WLD-NSX-FED-NET-001

Place the appliances of the NSX Global Manager cluster on the management VLAN network in the default management cluster in the management domain.

Reduces the number of required VLANs because a single VLAN can be allocated to both vCenter Server and NSX-T Data Center.

None.

IP Addressing Scheme

You can assign the IP addresses of the NSX Global Manager appliances by using DHCP or statically according to the network configuration in your environment.

Table 2. Design Decisions on the IP Addressing Scheme for NSX Global Manager

Decision ID

Design Decision

Design Justification

Design Implication

VCF-WLD-NSX-FED-NET-002

Allocate a statically assigned IP address and host name to the nodes of the NSX Global Manager cluster.

Ensures stability across the SDDC, makes it simpler to maintain and track, and to implement a DNS configuration.

Requires precise IP address management.

Name Resolution

Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN), which makes it easier to remember and connect to components across the VMware Cloud Foundation instance. Each IP address must have valid internal DNS registration which includes forward and reverse name resolution. NSX Manager must be connected to the following components:

  • VI workload domain vCenter Server

  • Each ESXi host

  • NSX Edge cluster

  • NSX Global Manager cluster if your environment is configured with NSX Federation for customer workloads

  • Internal DNS servers for name resolution of other management components

Table 3. Design Decisions on Name Resolution for NSX Global Manager

Decision ID

Design Decision

Design Justification

Design Implication

VCF-WLD-NSX-FED-NET-003

Configure forward and reverse DNS records for the nodes of the NSX Global Manager cluster for the VI workload domain, assigning the record to the child domain in the region.

The NSX Global Manager nodes and VIP address are accessible by using fully qualified domain names instead of by using IP addresses only.

You must provide DNS records for the NSX Global Manager nodes for the VI workload domain in VMware Cloud Foundation instance.

Time Synchronization

Time synchronization provided by the Network Time Protocol (NTP) is important to ensure that all components within the SDDC are synchronized to the same time source.

Table 4. Design Decisions on Time Synchronization for NSX Global Manager

Decision ID

Design Decision

Design Justification

Design Implication

VCF-WLD-NSX-FED-NET-004

Configure NTP on each NSX Global Manager appliance.

NSX Global Manager depends on time synchronization across all SDDC components.

None.