For secure access to the UI and API, you place the vRealize Suite Lifecycle Manager appliance on an overlay-backed or VLAN-backed NSX segment.

Network Segments

For secure access to the application UI and API, the vRealize Suite Lifecycle Manager appliance is connected to an NSX segment that is overlay-backed (recommended) or VLAN-backed.

This network design has the following features:

  • vRealize Suite Lifecycle Manager has routed access to the management VLAN through the Tier-0 gateway in the NSX-T Data Center instance for the management domain.

  • Routing to the management VLAN, NSX segments, and external networks is dynamic and is based on the Border Gateway Protocol (BGP).

Figure 1. Network Design for vRealize Suite Lifecycle Manager
The vRealize Suite Lifecycle Manager appliance is connected to the cross-instance NSX segment. The segment is connected to the management networks in each VCF instance through the Tier-0 and Tier-1 gateways.
Table 1. Design Decisions on the NSX Segments for vRealize Suite Lifecycle Manager

Decision ID

Design Decision

Design

Justification

Design

Implication

VCF-VRS-vRSLCM-NET-001

Place the vRealize Suite Lifecycle Manager appliance on an overlay-backed (recommended) or VLAN-backed NSX network segment.

Provides a consistent deployment model for management applications.

You must use an implementation in NSX-T Data Center to support this networking configuration.

IP Addressing Scheme

Allocate a static IP address from the NSX segment to the vRealize Suite Lifecycle Manager appliance.

Table 2. Design Decisions on the IP Addressing Scheme for vRealize Suite Lifecycle Manager

Decision ID

Design Decision

Design Justification

Design Implication

VCF-VRS-vRSLCM-NET-002

Allocate a statically assigned IP address and host name to the vRealize Suite Lifecycle Manager virtual appliance.

Using statically assigned IP addresses ensures stability across the SDDC and makes it simpler to maintain and easier to track.

Requires precise IP address management.

Name Resolution

The IP address of the vRealize Suite Lifecycle Manager appliance is associated with a fully qualified domain name whose suffix aligns with your domain name, and must have valid DNS forward (A) and reverse (PTR) records.

Table 3. Design Decisions on Name Resolution for vRealize Suite Lifecycle Manager

Decision ID

Design Decision

Design

Justification

Design

Implication

VCF-VRS-vRSLCM-NET-003

Configure forward and reverse DNS records for the vRealize Suite Lifecycle Manager appliance.

vRealize Suite Lifecycle Manager is accessible by using a fully qualified domain name instead of by using the IP address only.

You must provide DNS records for the vRealize Suite Lifecycle Manager appliance.

VCF-VRS-vRSLCM-NET-004

Configure the DNS settings for the vRealize Suite Lifecycle Manager appliance to use DNS servers from its corresponding VMware Cloud Foundation instance.

vRealize Suite Lifecycle Manager requires DNS resolution to connect to SDDC Components.

None.

Name Resolution for Multiple VMware Cloud Foundation Instances

Multiple DNS servers are available across the instances, providing higher DNS availability and resilience.

Table 4. Design Decisions on Name Resolution for vRealize Suite Lifecycle Manager for Multiple VMware Cloud Foundation Instances

Decision ID

Design Decision

Design

Justification

Design

Implication

VCF-VRS-vRSLCM-NET-005

Configure the DNS settings for the vRealize Suite Lifecycle Manager appliance to use DNS servers in each instance.

vRealize Suite Lifecycle Manager can resolve DNS from local DNS servers during a planned migration or disaster recovery between VMware Cloud Foundation instances.

As you scale from a deployment with a single VMware Cloud Foundation instance to one with multiple VMware Cloud Foundation instances, the DNS settings the vRealize Suite Lifecycle Manager appliance must be updated.

Time Synchronization

vRealize Suite Lifecycle Manager depends on time synchronization.

Table 5. Design Decisions on Time Synchronization for vRealize Suite Lifecycle Manager

Decision ID

Design Decision

Design

Justification

Design

Implication

VCF-VRS-vRSLCM-NET-006

Configure the NTP settings for the vRealize Suite Lifecycle Manager appliance to use NTP servers in the first VMware Cloud Foundation instance.

vRealize Suite Lifecycle Manager depends on time synchronization.

None.

Time Synchronization for Multiple VMware Cloud Foundation Instances

Multiple NTP servers are available across the instances, providing higher NTP availability and resilience.

Table 6. Design Decisions on Time Synchronization for vRealize Suite Lifecycle Manager for Multiple VMware Cloud Foundation Instances

Decision ID

Design Decision

Design

Justification

Design

Implication

VCF-VRS-vRSLCM-NET-007

Configure the NTP settings for the vRealize Suite Lifecycle Manager appliance to use NTP servers in each VMware Cloud Foundation instance.

vRealize Suite Lifecycle Manager can query NTP from local NTP servers to synchronize time during a planned migration or disaster recovery between the VMware Cloud Foundation instances.

As you scale from a deployment with a single VMware Cloud Foundation instance to one with multiple VMware Cloud Foundation instances, the NTP settings on the vRealize Suite Lifecycle Manager appliance must be updated.