Use this list of requirements and recommendations for reference related to the vCenter Server configuration in an environment with a single or multiple VMware Cloud Foundation instances. The design elements also consider if an instance contains a single or multiple availability zones. The vCenter Server design also includes the configuration of the default management cluster.

The configuration tasks for most design requirements and recommendations are automated in VMware Cloud Foundation. You must perform the configuration manually only for a limited number of decisions as noted in the design implication.

For full design details, see vCenter Server Design for VMware Cloud Foundation.

vCenter Server Design Elements

Table 1. vCenter Server Design Requirements for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-VCS-REQD-CFG-001

Deploy a dedicated vCenter Server appliance for the management domain of the VMware Cloud Foundation instance.

  • Isolates vCenter Server failures to management or customer workloads.

  • Isolates vCenter Server operations between management and customers.

  • Supports a scalable cluster design where you can reuse the management components as more customer workloads are added to the SDDC.

  • Simplifies capacity planning for customer workloads because you do not consider management workloads for the VI workload domain vCenter Server.

  • Improves the ability to upgrade the vSphere environment and related components by enabling for explicit separation of maintenance windows:

    • Management workloads remain available while you are upgrading the tenant workloads

    • Customer workloads remain available while you are upgrading the management nodes

  • Supports clear separation of roles and responsibilities to ensure that only administrators with granted authorization can control the management workloads.

  • Facilitates quicker troubleshooting and problem resolution.

  • Simplifies disaster recovery operations by supporting a clear separation between recovery of the management components and tenant workloads.

  • Provides isolation of potential network issues by introducing network separation of the clusters in the SDDC.

Requires a separate license for the vCenter Server instance in the management domain

VCF-VCS-REQD-NET-001

Place all workload domain vCenters Server appliances on the management VLAN network segment of the management domain.

Reduces the number of required VLANs because a single VLAN can be allocated to both, vCenter Server and NSX management components.

None.

Table 2. vCenter Server Design Recommendations for VMware Cloud Foundation

Recommendation ID

Design Recommendation

Justification

Implication

VCF-VCS-RCMD-CFG-001

Deploy an appropriately sized vCenter Server appliance for each workload domain.

Ensures resource availability and usage efficiency per workload domain.

The default size for a management domain is Small and for VI workload domains is Medium. To override these values you must use the Cloud Builder API and the SDDC Manager API.

VCF-VCS-RCMD-CFG-002

Deploy a vCenter Server appliance with the approproate storage size.

Ensures resource availability and usage efficiency per workload domain.

The default size for a management domain is Small and for VI Workload Domains is Medium. To override these values you must use the API.

VCF-VCS-RCMD-CFG-003

Protect workload domain vCenter Server appliances by using vSphere HA.

vSphere HA is the only supported method to protect vCenter Server availability in VMware Cloud Foundation.

vCenter Server becomes unavailable during a vSphere HA failover.

VCF-VCS-RCMD-CFG-004

In vSphere HA, set the restart priority policy for the vCenter Server appliance to high.

vCenter Server is the management and control plane for physical and virtual infrastructure. In a vSphere HA event, to ensure the rest of the SDDC management stack comes up faultlessly, the workload domain vCenter Server must be available first, before the other management components come online.

If the restart priority for another virtual machine is set to highest, the connectivity delay for the management components will be longer.

Table 3. vCenter Server Design Recommendations for vSAN Stretched Clusters with VMware Cloud Foundation

Recommendation ID

Design Recommendation

Justification

Implication

VCF-VCS-RCMD-CFG-005

Add the vCenter Server appliance to the virtual machine group for the first availability zone.

Ensures that, by default, the vCenter Server appliance is powered on a host in the first availability zone.

None.

vCenter Single Sign-On Design Elements

Table 4. Design Requirements for the Multiple vCenter Server Instance - Single vCenter Single Sign-on Domain Topology for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-VCS-REQD-SSO-STD-001

Join all vCenter Server instances within aVMware Cloud Foundation instance to a single vCenter Single Sign-On domain.

When all vCenter Server instances are in the same vCenter Single Sign-On domain, they can share authentication and license data across all components.
  • Only one vCenter Single Sign-On domain exists.

  • The number of linked vCenter Server instances in the same vCenter Single Sign-On domain is limited to 15 instances. Because each workload domain uses a dedicated vCenter Server instance, you can deploy up to 15 domains within each VMware Cloud Foundation instance.

VCF-VCS-REQD-SSO-STD-002

Create a ring topology between the vCenter Server instances within the VMware Cloud Foundation instance.

By default, one vCenter Server instance replicates only with another vCenter Server instance. This setup creates a single point of failure for replication. A ring topology ensures that each vCenter Server instance has two replication partners and removes any single point of failure.

None.

Table 5. Design Requirements for Multiple vCenter Server Instance - Multiple vCenter Single Sign-On Domain Topology for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-VCS-REQD-SSO-ISO-001

Create all vCenter Server instances within a VMware Cloud Foundation instance in their own unique vCenter Single Sign-On domains.

  • Enables isolation at the vCenter Single Sign-On domain layer for increased security separation.

  • Supports up to 25 workload domains.

  • Each vCenter server instance is managed through its own pane of glass using a different set of administrative credentials.

  • You must manage password rotation for each vCenter Single Sign-On domain separately.