Before you can deploy vRealize Suite components or implement the Identity and Access Management for VMware Cloud Foundation validated solution, you must deploy Application Virtual Networks in the management domain.

An Application Virtual Network (AVN) is a software-defined networking concept based on NSX that allows the hosting of management applications on NSX segments. In NSX, segments are virtual layer-2 domains.

You can create overlay-backed NSX segments or VLAN-backed NSX segments. Both options create two NSX segments (Region-A and X-Region) on the NSX Edge cluster deployed in the default management vSphere cluster. Those NSX segments are used when you deploy the vRealize Suite products. Region-A segments are local instance NSX segments and X-Region segments are cross-instance NSX segments.

Important: You cannot create AVNs if the NSX for the management domain is part of an NSX Federation. See Working with NSX Federation in VMware Cloud Foundation.

Overlay-Backed NSX Segments

Overlay-backed segments provide flexibility for workload placement by removing the dependence on traditional data center networks. Using overlay-backed segments improves the security and mobility of management applications and reduces the integration effort with existing networks. Overlay-backed segments are created in an overlay transport zone.

In an overlay-backed segment, traffic between two VMs on different hosts but attached to the same overlay segment have their layer-2 traffic carried by a tunnel between the hosts. NSX instantiates and maintains this IP tunnel without the need for any segment-specific configuration in the physical infrastructure. As a result, the virtual network infrastructure is decoupled from the physical network infrastructure. That is, you can create segments dynamically without any configuration of the physical network infrastructure.

VLAN-Backed NSX Segments

VLAN-backed segments leverage the physical data center networks to isolate management applications, while still taking advantage of NSX to manage these networks. VLAN-backed network segments ensure the security of management applications without requiring support for overlay networking. VLAN-backed segments are created in a VLAN transport zone.

A VLAN-backed segment is a layer-2 broadcast domain that is implemented as a traditional VLAN in the physical infrastructure. This means that traffic between two VMs on two different hosts but attached to the same VLAN-backed segment is carried over a VLAN between the two hosts. The resulting constraint is that you must provision an appropriate VLAN in the physical infrastructure for those two VMs to communicate at layer-2 over a VLAN-backed segment.

vRealize Suite Components and NSX Segments

When you deploy the vRealize Suite components, they use the NSX segments that you created.

vRealize Suite Component NSX Segment
vRealize Log Insight Region-A
vRealize Operations Manager X-Region
Workspace ONE Access X-Region
vRealize Automation X-Region
vRealize Suite Lifecycle Manager X-Region

Identity and Access Management for VMware Cloud Foundation

See Identity and Access Management for VMware Cloud Foundation for more information about how that validated solution uses Application Virtual Networks.