In VMware Cloud Foundation, you place vRealize Suite components on a pre-defined configuration of NSX segments (known as application virtual networks or AVNs) for dynamic routing and load balancing.

Logical Application Virtual Network Design VMware Cloud Foundation

NSX segments provide flexibility for workload placement by removing the dependence on traditional physical data center networks. This approach also improves security and mobility of the management applications, and reduces the integration effort with existing customer network.

Table 1. Comparing Application Virtual Network Types

Design Component

Overlay-Based NSX Segments

VLAN-Backed NSX Segments

Benefits

  • Supports IP mobility with dynamic routing.

  • Limits the number of VLANs needed in the data center fabric.

  • In an environment with multiple availability zones, limits the number of VLANs needed to expand from an architecture with one availability zone to an architecture with two availability zones.

Uses the data center fabric for the network segment and the next-hop gateway.

Requirement

Requires routing between the data center fabric and the NSX Edge nodes.

Figure 1. Application Virtual Networks in VMware Cloud Foundation

Two AVNs are used. One is for traffic within the VCF instance, connected to a local Tier-1 gateway. The other one is for cross-instance traffic and is connected to a cross-instance Tier-1 gateway.

For the design for specific vRealize Suite components, see this design and VMware Validated Solutions. For identity and access management design for NSX, see Identity and Access Management for VMware Cloud Foundation.

Important:

If you plan to use NSX Federation in the management domain, create the AVNs before you enable the federation. Creating AVNs in an environment where NSX Federation is already active is not supported.

With NSX Federation, an NSX segment can span multiple instances of NSX and VMware Cloud Foundation. A single network segment can be available in different physical locations over the NSX SDN. In an environment with multiple VMware Cloud Foundation instances, the cross-instance NSX network in the management domain is extended between the first two instances. This configuration provides IP mobility for management components which fail over from the first to the second instance.

Application Virtual Network Design Requirements and Recommendations forVMware Cloud Foundation

Consider the requirements and best practices for the configuration of the NSX segments for using the Application Virtual Networks in VMware Cloud Foundation for a single VMware Cloud Foundation or multiple VMware Cloud Foundation instances.

Application Virtual Network Design Requirements

You must meet the following design requirements in your Application Virtual Network design for a single VMware Cloud Foundation instance and for multiple VMware Cloud Foundation instances.

Table 2. Application Virtual Network Design Requirements for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-NSX-AVN-REQD-CFG-001

Create one cross-instance NSX segment for the components of a vRealize Suite application or another solution that requires mobility between VMware Cloud Foundation instances.

Prepares the environment for the deployment of solutions on top of VMware Cloud Foundation, such as vRealize Suite, without a complex physical network configuration.

The components of the vRealize Suite application must be easily portable between VMware Cloud Foundation instances without requiring reconfiguration.

Each NSX segment requires a unique IP address space.

VCF-NSX-AVN-REQD-CFG-002

Create one or more local-instance NSX segments for the components of a vRealize Suite application or another solution that are assigned to a specific VMware Cloud Foundation instance.

Prepares the environment for the deployment of solutions on top of VMware Cloud Foundation, such as vRealize Suite, without a complex physical network configuration.

Each NSX segment requires a unique IP address space.

Table 3. Application Virtual Network Design Requirements for NSX Federation in VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-NSX-AVN-REQD-CFG-003

Extend the cross-instance NSX segment to the second VMware Cloud Foundation instance.

Enables workload mobility without a complex physical network configuration.

The components of a vRealize Suite application must be easily portable between VMware Cloud Foundation instances without requiring reconfiguration.

Each NSX segment requires a unique IP address space.

VCF-NSX-AVN-REQD-CFG-004

In each VMware Cloud Foundation instance, create additional local-instance NSX segments.

Enables workload mobility within a VMware Cloud Foundation instance without complex physical network configuration.

Each VMware Cloud Foundation instance should have network segments to support workloads which are isolated to that VMware Cloud Foundation instance.

Each NSX segment requires a unique IP address space.

VCF-NSX-AVN-REQD-CFG-005

In each VMware Cloud Foundation instance, connect or migrate the local-instance NSX segments to the corresponding local-instance Tier-1 gateway.

Configures local-instance NSX segments at required sites only.

Requires an individual Tier-1 gateway for local-instance segments.

Application Virtual Network Design Recommendations

In your Application Virual Network design for VMware Cloud Foundation, you can apply certain best practices.

Table 4. Application Virtual Network Design Recommendations for VMware Cloud Foundation

Recommendation ID

Design Recommendation

Justification

Implication

VCF-NSX-AVN-RCMD-CFG-001

Use overlay-backed NSX segments.

  • Supports expansion to deployment topologies for multiple VMware Cloud Foundation instances.

  • Limits the number of VLANs required for the data center fabric.

Using overlay-backed NSX segments requires routing, eBGP recommended, between the data center fabric and edge nodes.