The Hosts and Networks worksheet specifies the details for all networks and hosts. This information is configured on the appropriate VMware Cloud Foundation components.
Management Domain Networks
This section covers the VLANs, gateways, MTU, and expected IP ranges and subnet mask for each network you have configured on the Top of Rack switches in your environment.
- If you enter information for the VM Management Network, VMware Cloud Foundation creates a distibuted port group for the VM Management Network using the information you provide.
- If you do not enter information for the VM Management Network, VMware Cloud Foundation still creates a distibuted port group for VM Management Network, but uses the Management Network information (gateway, VLAN, MTU).
Network Type |
VLAN |
Portgroup Name |
CIDR Notation |
Gateway |
MTU |
---|---|---|---|---|---|
VM Management Network | Enter the VLAN ID. The VLAN ID can be between 0 and 4094.
Note:
The VLAN ID for Uplink 1 and Uplink 2 Networks must be unique and not used by any other network type. |
Enter a portgroup name. |
Enter the CIDR notation for the network. |
Enter the gateway IP for network. |
Enter MTU for the network. The MTU can be between 1500 and 9000. |
Management Network |
|||||
vMotion Network |
|||||
vSAN Network |
Virtual Networking
vSphere Distributed Switch Profile | Description |
---|---|
Profile 1 |
|
Profile 2 |
|
Profile 3 |
|
vSphere Standard Switch Name | Enter a name for the vSphere Standard Switch. |
Primary vSphere Distributed Switch - Name | Enter a name for the primary vSphere Distributed Switch (vDS). You can modify the portgroup names of the management domain networks to make it clear which vDS each network uses. |
Primary vSphere Distributed Switch - pNICs | Select the physical NICs to assign to the primary vDS. |
Primary vSphere Distributed Switch - MTU Size | Enter the MTU size for the primary vDS. Default value is 9000. |
Primary vSphere Distributed Switch - Transport Zone Type | Select Overlay or VLAN. |
Secondary vSphere Distributed Switch - Name | Enter a name for the secondary vSphere Distributed Switch (vDS). You can modify the portgroup names of the management domain networks to make it clear which vDS each network uses.
Note: If you are not creating a secondary vDS, enter
n/a.
|
Secondary vSphere Distributed Switch - Transport Zone Type | Select Overlay or VLAN. |
Secondary vSphere Distributed Switch - pNICs | Select the physical NICs to assign to the secondary vDS. |
Secondary vSphere Distributed Switch - MTU Size | Enter the MTU size for the secondary vDS. Default value is 9000. |
Management Domain ESXi Hosts
Specify the IP addresses of the ESXi hosts for the management domain. In a standard deployment, only four hosts are required in the management domain. VMware Cloud Foundation can also be deployed with a consolidated architecture. In a consolidated deployment, all workloads are deployed in the management domain instead of to separate workload domains. As such, additional hosts may be required to provide the capacity needed. In this section, only enter values for the number of hosts desired in the management domain.
Host Name |
IP Address |
---|---|
Enter host names for each of the four ESXi hosts. |
Enter IP Address for each of the four ESXi hosts. |
Inclusion Ranges
Specify IP inclusion ranges for the vSAN and vMotion networks of the management domain. IP addresses from the specified range are automatically assigned to hosts. Ensure that the IP ranges include sufficient IP addresses for the initial deployment. The number of IP addresses must be at least equal to the number of hosts deployed as part of VMware Cloud Foundation.
As an example, if you specify the range start value as 192.168.1.1 and end as 192.168.1.20, a total of 20 IP addresses would be used.
Do not use special IP addresses, such as the network or broadcast address.
IPs for the vMotion range must be part of the VLAN configured with the vMotion portgroup. IPs for the vSAN range must be part of the VLAN configured for the vSAN portgroup. All IPs within the range must be available for use or IP conflicts will occur. It is a good practice to validate this prior to starting a deployment.
Network | Start IP | End IP |
---|---|---|
vMotion | Enter start of IP address range for vMotion network. | Enter end of IP address range. |
VSAN | Enter start of IP address range for vMotion network. | Enter end of IP address range. |
ESXi Host Security Thumbprints
If you want bring-up to validate the SSH fingerprint and SSL thumbprints of the ESXi hosts before connecting to them to reduce the chance of Man In The Middle (MiTM) attack, select Yes in the Validate Thumbprints field.
- In a web browser, log in to the ESXi host using the VMware Host Client.
- In the navigation pane, click Manage and click the Services tab.
- Select the TSM-SSH service and click Start if not started.
- Connect to the VMware Cloud Builder appliance using an SSH client such as Putty.
- Enter the admin credentials you provided when you deployed the VMware Cloud Builder appliance.
- Retrieve the SSH fingerprint by entering the following command replacing hostname with the FQDN of your host:
ssh-keygen -lf <(ssh-keyscan hostname 2>/dev/null)
- Retrieve the SSL thumbprint by entering the following command replacing hostname with the FQDN of your host:
openssl s_client -connect hostname:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin
- In the VMware Host Client, select the TSM-SSH service for the ESXi host and click Stop.
- Repeat for each ESXi host and then enter the information in the deployment parameter workbook.
NSX Host Overlay Network
By default, VMware Cloud Foundation uses DHCP for the management domain Host Overlay Network TEPs. For this option, a DHCP server must be configured on the NSX host overlay (Host TEP) VLAN of the management domain. When NSX creates TEPs for the VI workload domain, they are assigned IP addresses from the DHCP server.
For the management domain and VI workload domains with uniform L2 clusters, you can choose to use static IP addresses instead. Make sure the IP range includes enough IP addresses for the number of hosts that will use the static IP Pool. The number of IP addresses required depends on the number of pNICs on the ESXi hosts that are used for the vSphere Distributed Switch that handles host overlay networking. For example, a host with four pNICs that uses two pNICs for host overlay traffic requires two IP addresses in the static IP pool..
Parameter | Value |
---|---|
VLAN ID | Enter a VLAN ID for the NSX host overlay network. The VLAN ID can be between 0 and 4094. |
Configure NSX Host Overlay Using a Static IP Pool | Select No to use DHCP. |
Parameter | Value |
---|---|
VLAN ID | Enter a VLAN ID for the NSX host overlay network. The VLAN ID can be between 0 and 4094. |
Configure NSX Host Overlay Using a Static IP Pool | Select Yes to use a static IP pool. |
Pool Description | Enter a description for the static IP pool. |
Pool Name | Enter a name for the static IP pool. |
CIDR Notation | Enter CIDR notation for the NSX Host Overlay network. |
Gateway | Enter the gateway IP address for the NSX Host Overlay network. |
NSX Host Overlay Start IP | Enter the first IP address to include in the static IP pool. |
NSX Host Overlay End IP | Enter the last IP address to include in the static IP pool. |