The Hosts and Networks worksheet specifies the details for all networks and hosts. This information is configured on the appropriate VMware Cloud Foundation components.

Management Domain Networks

This section covers the VLANs, gateways, MTU, and expected IP ranges and subnet mask for each network you have configured on the Top of Rack switches in your environment.

With VMware Cloud Foundation 5.1 and later, you have the ability to create separate distibuted port groups for management VM (for example, vCenter Server and NSX Manager) traffic and ESXi host management traffic. You can configure this during the VxRail first run.

Network Type

VLAN

Portgroup Name

CIDR Notation

Gateway

MTU

Management Network

Enter the VLAN ID.

The VLAN ID can be between 0 and 4094.

Note:

The VLAN ID for Uplink 1 and Uplink 2 Networks must be unique and not used by any other network type.

You cannot change the portgroup name prefix.
Enter the CIDR notation for the management network only.
Note: VxRail Manager configures the vMotion and vSAN networks.
Enter the gateway IP for the managment network only.
Note: VxRail Manager configures the vMotion and vSAN networks.
Enter MTU for the management network only.
Note: VxRail Manager configures the vMotion and vSAN networks.

The MTU can be between 1500 and 9000.

vMotion Network

vSAN Network

System vSphere Distributed Switch Used for NSX Overlay and VLAN Traffic

In VxRail Manager, you can choose to create one or two vSphere Distributed Switches (vDS) for system traffic and to map physical NICs (pNICs) to those vSphere Distributed Switches. The following fields are used to specify which system vDS and vmnics to use for NSX traffic (NSX Overlay, NSX VLAN, Edge Overlay, and Uplink networks). You can also choose to create two additional vDSes to use for NSX traffic. The Transport Zone Type indicates the type of NSX traffic the vDS will be associated with (Overlay, VLAN, or Overlay/VLAN).
Note: At least one vDS needs to be marked for Overlay.
System vSphere Distributed Switch - Name Enter the name of the vDS to use for overlay traffic.
System vSphere Distributed Switch - vmnics to be used for overlay traffic Enter the vmnics to use for overlay traffic.
System vSphere Distributed Switch - Transport Zone Type Select Overlay, VLAN, or Overlay/VLAN.

Secondary System vSphere Distributed Switch for NSX Overlay and VLAN Traffic

Choose Yes to use a secondary system vDS for overlay/VLAN traffic.

Secondary System vSphere Distributed Switch - Name Enter the name of the secondary system vSphere Distributed Switch (vDS).
Secondary System vSphere Distributed Switch - vmnics Enter the vmnics to assign to the secondary system vDS. For example: vmnic4, vmnic5
Secondary System vSphere Distributed Switch - Transport Zone Type Select Overlay, VLAN, or Overlay/VLAN.

Create Separate vSphere Distributed Switch for NSX Overlay/VLAN Traffic

If you want to use one of the system vSphere Distributed Switches that you created in VxRail Manager for overlay traffic (Host Overlay, Edge Overlay, and Uplink networks), choose No. Choose Yes to create a new vDS for overlay/VLAN traffic.

New vSphere Distributed Switch - Name Enter a name for the new vSphere Distributed Switch (vDS).
New vSphere Distributed Switch - vmnics Enter the vmnics to assign to the new vDS. For example: vmnic4, vmnic5
New vSphere Distributed Switch - MTU Size Enter the MTU size for the new vDS. Default value is 9000.
New vSphere Distributed Switch - Transport Zone Type Select Overlay, VLAN, or Overlay/VLAN.

Management Domain ESXi Hosts

Specify the IP addresses of the ESXi hosts for the management domain. In a standard deployment, only four hosts are required in the management domain. VMware Cloud Foundation can also be deployed with a consolidated architecture. In a consolidated deployment, all workloads are deployed in the management domain instead of to separate workload domains. As such, additional hosts may be required to provide the capacity needed. In this section, only enter values for the number of hosts desired in the management domain.

Host Name

IP Address

Enter host names for each of the four ESXi hosts.

Enter IP Address for each of the four ESXi hosts.

ESXi Host Security Thumbprints

If you want bring-up to validate the SSH fingerprints of the ESXi hosts and the SSH fingerprint and SSL thumbprint of the vCenter Server and VxRail Manager to reduce the chance of Man In The Middle (MiTM) attack, select Yes in the Validate Thumbprints field.

If you set Validate Thumbprints to Yes, follow the steps below.
  1. In a web browser, log in to the ESXi host using the VMware Host Client.
  2. In the navigation pane, click Manage and click the Services tab.
  3. Select the TSM-SSH service and click Start if not started.
  4. Connect to the VMware Cloud Builder appliance using an SSH client such as Putty.
  5. Enter the admin credentials you provided when you deployed the VMware Cloud Builder appliance.
  6. Retrieve the ESXi SSH fingerprints by entering the following command replacing hostname with the FQDN of the first ESXi host:
    ssh-keygen -lf <(ssh-keyscan hostname 2>/dev/null)
  7. In the VMware Host Client, select the TSM-SSH service for the ESXi host and click Stop.
  8. Repeat for the remaining ESXi hosts.
  9. Retrieve the vCenter Server SSH fingerprint by entering the following command replacing hostname with the FQDN of your vCenter Server:
    ssh-keygen -lf <(ssh-keyscan hostname 2>/dev/null)
  10. Retrieve the vCenter Server SSL thumbprint by entering the following command replacing hostname with the FQDN of your vCenter Server: 
    openssl s_client -connect hostname:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin
  11. Retrieve the VxRail Manager SSH fingerprint by entering the following command replacing hostname with the FQDN of your VxRail Manager:
    ssh-keygen -lf <(ssh-keyscan hostname 2>/dev/null)
  12. Retrieve the VxRail Manager SSL thumbprint by entering the following command replacing hostname with the FQDN of your VxRail Manager: 
    openssl s_client -connect hostname:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin
  13. Enter the information in the deployment parameter workbook.

NSX Host Overlay Network

By default, VMware Cloud Foundation uses DHCP for the management domain Host Overlay Network TEPs. For this option, a DHCP server must be configured on the NSX host overlay (Host TEP) VLAN of the management domain. When NSX creates TEPs for the VI workload domain, they are assigned IP addresses from the DHCP server.

For the management domain and VI workload domains with uniform L2 clusters, you can choose to use static IP addresses instead. Make sure the IP range includes enough IP addresses for the number of hosts that will use the static IP Pool. The number of IP addresses required depends on the number of pNICs on the ESXi hosts that are used for the vSphere Distributed Switch that handles host overlay networking. For example, a host with four pNICs that uses two pNICs for host overlay traffic requires two IP addresses in the static IP pool..

Table 1. DHCP Settings
Parameter Value
VLAN ID Enter a VLAN ID for the NSX host overlay network. The VLAN ID can be between 0 and 4094.
Configure NSX Host Overlay Using a Static IP Pool Select No to use DHCP.
Table 2. Static IP Pool Settings
Parameter Value
VLAN ID Enter a VLAN ID for the NSX host overlay network. The VLAN ID can be between 0 and 4094.
Configure NSX Host Overlay Using a Static IP Pool Select Yes to use a static IP pool.
Pool Description Enter a description for the static IP pool.
Pool Name Enter a name for the static IP pool.
CIDR Notation Enter CIDR notation for the NSX Host Overlay network.
Gateway Enter the gateway IP address for the NSX Host Overlay network.
NSX Host Overlay Start IP Enter the first IP address to include in the static IP pool.
NSX Host Overlay End IP Enter the last IP address to include in the static IP pool.