VCF-VCS-REQD-CFG-001

Deploy a dedicated vCenter Server appliance for the management domain of the VMware Cloud Foundation instance.

• Isolates vCenter Server failures to management or customer workloads.

• Isolates vCenter Server operations between management and customers.

• Supports a scalable cluster design where you can reuse the management components as more customer workloads are added to the SDDC.

• Simplifies capacity planning for customer workloads because you do not consider management workloads for the VI workload domain vCenter Server.

• Improves the ability to upgrade the vSphere environment and related components by enabling for explicit separation of maintenance windows:

  • Management workloads remain available while you are upgrading the tenant workloads

  • Customer workloads remain available while you are upgrading the management nodes

• Supports clear separation of roles and responsibilities to ensure that only administrators with granted authorization can control the management workloads.

• Facilitates quicker troubleshooting and problem resolution.

• Simplifies disaster recovery operations by supporting a clear separation between recovery of the management components and tenant workloads.

• Provides isolation of potential network issues by introducing network separation of the clusters in the SDDC.

Requires a separate license for the vCenter Server instance in the management domain

VCF-VCS-REQD-NET-001

Place all workload domain vCenters Server appliances on the management VLAN network segment of the management domain.

Reduces the number of required VLANs because a single VLAN can be allocated to both, vCenter Server and NSX management components.

None.

VCF-VCS-RCMD-CFG-001

Deploy an appropriately sized vCenter Server appliance for each workload domain.

Ensures resource availability and usage efficiency per workload domain.

The default size for a management domain is Small and for VI workload domains is Medium. To override these values you must use the Cloud Builder API and the SDDC Manager API.

VCF-VCS-RCMD-CFG-002

Deploy a vCenter Server appliance with the approproate storage size.

Ensures resource availability and usage efficiency per workload domain.

The default size for a management domain is Small and for VI Workload Domains is Medium. To override these values you must use the API.

VCF-VCS-RCMD-CFG-003

Protect workload domain vCenter Server appliances by using vSphere HA.

vSphere HA is the only supported method to protect vCenter Server availability in VMware Cloud Foundation.

vCenter Server becomes unavailable during a vSphere HA failover.

VCF-VCS-RCMD-CFG-004

In vSphere HA, set the restart priority policy for the vCenter Server appliance to high.

vCenter Server is the management and control plane for physical and virtual infrastructure. In a vSphere HA event, to ensure the rest of the SDDC management stack comes up faultlessly, the workload domain vCenter Server must be available first, before the other management components come online.

If the restart priority for another virtual machine is set to highest, the connectivity delay for the management components will be longer.

VCF-VCS-RCMD-CFG-005

Add the vCenter Server appliance to the virtual machine group for the first availability zone.

Ensures that, by default, the vCenter Server appliance is powered on a host in the first availability zone.

None.

VCF-VCS-REQD-SSO-ISO-001

Create all vCenter Server instances within a VMware Cloud Foundation instance in their own unique vCenter Single Sign-On domains.

• Enables isolation at the vCenter Single Sign-On domain layer for increased security separation.

• Supports up to 25 workload domains.

• Each vCenter server instance is managed through its own pane of glass using a different set of administrative credentials.

• You must manage password rotation for each vCenter Single Sign-On domain separately.