vRealize Suite Lifecycle Manager Design Elements for VMware Cloud Foundation

Use this list of requirements and recommendations for reference related to vRealize Suite Lifecycle Manager in an environment with a single or multiple VMware Cloud Foundation instances.

For full design details, see vRealize Suite Lifecycle Manager Design for VMware Cloud Foundation.

Table 1. vRealize Suite Lifecycle Manager Design Requirements for VMware Cloud Foundation
Requirement ID	Design Requirement	Justification	Implication
VCF-vRSLCM-REQD-CFG-001	Deploy a vRealize Suite Lifecycle Manager instance in the management domain of each VMware Cloud Foundation instance to provide life cycle management for vRealize Suite and Workspace ONE Access.	Provides life cycle management operations for vRealize Suite applications and Workspace ONE Access.	You must ensure that the required resources are available.
VCF-vRSLCM-REQD-CFG-002	Deploy vRealize Suite Lifecycle Manager by using SDDC Manager.	Deploys vRealize Suite Lifecycle Manager in VMware Cloud Foundation mode, which enables the integration with the SDDC Manager inventory for product deployment and life cycle management of vRealize Suite components. Automatically configures the standalone Tier-1 gateway required for load balancing the clustered Workspace ONE Access and vRealize Suite components.	None.
VCF-vRSLCM-REQD-CFG-003	Allocate extra 100 GB of storage to the vRealize Suite Lifecycle Manager appliance for vRealize Suite product binaries.	Provides support for vRealize Suite product binaries (install, upgrade, and patch) and content management. SDDC Manager automates the creation of storage.	None.
VCF-vRSLCM-REQD-CFG-004	Place the vRealize Suite Lifecycle Manager appliance on an overlay-backed (recommended) or VLAN-backed NSX network segment.	Provides a consistent deployment model for management applications.	You must use an implementation in NSX to support this networking configuration.
VCF-vRSLCM-REQD-CFG-005	Import vRealize Suite product licenses to the Locker repository for product life cycle operations.	You can review the validity, details, and deployment usage for the license across the vRealize Suite products. You can reference and use licenses during product life cycle operations, such as deployment and license replacement.	When using the API, you must specify the Locker ID for the license to be used in the JSON payload.
VCF-vRSLCM-REQD-ENV-001	Configure datacenter objects in vRealize Suite Lifecycle Manager for local and cross-instance vRealize Suite deployments and assigns the management domain vCenter Server instance to each data center.	You can deploy and manage the integrated vRealize Suite components across the SDDC as a group.	You must manage a separate datacenter object for the products that are specific to each instance.
VCF-vRSLCM-REQD-ENV-002	If deploying vRealize Log Insight, create a local-instance environment in vRealize Suite Lifecycle Manager.	Supports the deployment of an instance of vRealize Log Insight.	None.
VCF-vRSLCM-REQD-ENV-003	If deploying vRealize Operations or vRealize Automation, create a cross-instance environment in vRealize Suite Lifecycle Manager	Supports deployment and management of the integrated vRealize Suite products across VMware Cloud Foundation instances as a group. Enables the deployment of instance-specific components, such as vRealize Operations remote collectors. In vRealize Suite Lifecycle Manager, you can deploy and manage vRealize Operations remote collector objects only in an environment that contains the associated cross-instance components.	You can manage instance-specific components, such as remote collectors, only in an environment that is cross-instance.
VCF-vRSLCM-REQD-SEC-001	Use the custom vCenter Server role for vRealize Suite Lifecycle Manager that has the minimum privileges required to support the deployment and upgrade of vRealize Suite products.	vRealize Suite Lifecycle Manager accesses vSphere with the minimum set of permissions that are required to support the deployment and upgrade of vRealize Suite products. SDDC Manager automates the creation of the custom role.	You must maintain the permissions required by the custom role.
VCF-vRSLCM-REQD-SEC-002	Use the service account in vCenter Server for application-to-application communication from vRealize Suite Lifecycle Manager to vSphere. Assign global permissions using the custom role.	Provides the following access control features: vvRealize Suite Lifecycle Manager accesses vSphere with the minimum set of required permissions. You can introduce improved accountability in tracking request-response interactions between the components of the SDDC. SDDC Manager automates the creation of the service account.	You must maintain the life cycle and availability of the service account outside of SDDC manager password rotation.

Table 2. vRealize Suite Lifecycle Manager Design Requirements for Stretched Clusters in VMware Cloud Foundation
Requirement ID	Design Requirement	Justification	Implication
VCF-vRSLCM-REQD-CFG-006	For multiple availability zones, add the vRealize Suite Lifecycle Manager appliance to the VM group for the first availability zone.	Ensures that, by default, the vRealize Suite Lifecycle Manager appliance is powered on a host in the first availability zone.	If vRealize Suite Lifecycle Manager is deployed after the creation of the stretched management cluster, you must add the vRealize Suite Lifecycle Manager appliance to the VM group manually.

Table 3. vRealize Suite Lifecycle Manager Design Requirements for NSX Federation in VMware Cloud Foundation
Requirement ID	Design Requirement	Justification	Implication
VCF-vRSLCM-REQD-CFG-007	Configure the DNS settings for the vRealize Suite Lifecycle Manager appliance to use DNS servers in each instance.	Improves resiliency in the event of an outage of external services for a VMware Cloud Foundation instance.	As you scale from a deployment with a single VMware Cloud Foundation instance to one with multiple VMware Cloud Foundation instances, the DNS settings of the vRealize Suite Lifecycle Manager appliance must be updated.
VCF-vRSLCM-REQD-CFG-008	Configure the NTP settings for the vRealize Suite Lifecycle Manager appliance to use NTP servers in each VMware Cloud Foundation instance.	Improves resiliency if an outage of external services for a VMware Cloud Foundation instance occurs.	As you scale from a deployment with a single VMware Cloud Foundation instance to one with multiple VMware Cloud Foundation instances, the NTP settings on the vRealize Suite Lifecycle Manager appliance must be updated.
VCF-vRSLCM-REQD-ENV-004	Assign the management domain vCenter Server instance in the additional VMware Cloud Foundation instance to the cross-instance data center.	Supports the deployment of vRealize Operations remote collectors in an additional VMware Cloud Foundation instance.	None.

Table 4. vRealize Suite Lifecycle Manager Design Recommendations for VMware Cloud Foundation
Recommendation ID	Design Recommendation	Justification	Implication
VCF-vRSLCM-RCMD-CFG-001	Protect vRealize Suite Lifecycle Manager by using vSphere HA.	Supports the availability objectives for vRealize Suite Lifecycle Manager without requiring manual intervention during a failure event.	None.
VCF-vRSLCM-RCMD-LCM-001	Obtain product binaries for install, patch, and upgrade in vRealize Suite Lifecycle Manager from VMware Customer Connect.	You can upgrade vRealize Suite products based on their general availability and endpoint interoperability rather than being listed as part of VMware Cloud Foundation bill of materials (BOM). You can deploy and manage binaries in an environment that does not allow access to the Internet or are dark sites.	The site must have an Internet connection to use VMware Customer Connect. Sites without an Internet connection should use the local upload option instead.
VCF-vRSLCM-RCMD-LCM-002	Use support packs (PSPAKS) for vRealize Suite Lifecycle Manager to enable upgrading to later versions of vRealize Suite products.	Enables the upgrade of an existing vRealize Suite Lifecycle Manager to permit later versions of vRealize Suite products without an associated VVMware Cloud Foundation upgrade. See VMware Knowledge Base article 88829	None.
VCF-vRSLCM-RCMD-SEC-001	Enable integration between vRealize Suite Lifecycle Manager and your corporate identity source by using the Workspace ONE Access instance.	Enables authentication to vRealize Suite Lifecycle Manager by using your corporate identity source. Enables authorization through the assignment of organization and cloud services roles to enterprise users and groups defined in your corporate identity source.	You must deploy and configure Workspace ONE Access to establish the integration between vRealize Suite Lifecycle Manager and your corporate identity sources.
VCF-vRSLCM-RCMD-SEC-002	Create corresponding security groups in your corporate directory services for vRealize Suite Lifecycle Manager roles: VCF Content Release Manager Content Developer	Streamlines the management of vRealize Suite Lifecycle Manager roles for users.	You must create the security groups outside of the SDDC stack. You must set the desired directory synchronization interval in Workspace ONE Access to ensure that changes are available within a reasonable period.