ESXi Design Elements for VMware Cloud Foundation

Use this list of requirements and recommendations for reference related to the ESXi host configuration in an environment with a single or multiple VMware Cloud Foundation instances. The design elements determine the ESXi hardware configuration, networking, life cycle management and remote access.

The configuration tasks for most design requirements and recommendations are automated in VMware Cloud Foundation. You must perform the configuration manually only for a limited number of decisions as noted in the design implications.

For full design details, see ESXi Design for VMware Cloud Foundation.

Table 1. Design Requirements for ESXi Server
Requirement ID	Design Requirement	Requirement Justification	Requirement Implication
VCF-ESX-REQD-CFG-001	Install no less than the minimum number of ESXi hosts required for the cluster type being deployed.	Ensures availability requirements are met. If one of the hosts is not available because of a failure or maintenance event, the CPU overcommitment ratio becomes 2:1.	None.
VCF-ESX-REQD-CFG-002	Ensure each ESXi host matches the required CPU, memory and storage specification.	Ensures workloads will run without contention, even during failure and maintenance conditions.	Assemble the server specification and number according to the sizing in VMware Cloud Foundation Planning and Preparation Workbook which is based on the projected deployment size.
VCF-ESX-REQD-SEC-001	Regenerate the certificate of each ESXi host after assigning the host an FQDN.	Establishes a secure connection with VMware Cloud Builder during the deployment of a workload domain and prevents man-in-the-middle (MiTM) attacks.	You must manually regenerate the certificates of the ESXi hosts before the deployment of a workload domain.

Table 2. Design Recommendations for ESXi Server
Recommendation ID	Recommendation	Justification	Implication
VCF-ESX-RCMD-CFG-001	Use vSAN ReadyNodes with vSAN storage for each ESXi host in the management domain.	Your management domain is fully compatible with vSAN at deployment. For information about the models of physical servers that are vSAN-ready, see vSAN Compatibility Guide for vSAN ReadyNodes.	Hardware choices might be limited. If you plan to use a server configuration that is not a vSAN ReadyNode, your CPU, disks and I/O modules must be listed on the VMware Compatibility Guide under CPU Series and vSAN Compatibility List aligned to the ESXi version specified in VMware Cloud Foundation 5.2 Release Notes.
VCF-ESX-RCMD-CFG-002	Allocate hosts with uniform configuration across the default management vSphere cluster.	A balanced cluster has these advantages: Predictable performance even during hardware failures Minimal impact of resynchronization or rebuild operations on performance	You must apply vendor sourcing, budgeting, and procurement considerations for uniform server nodes on a per cluster basis.
VCF-ESX-RCMD-CFG-003	When sizing CPU, do not consider multithreading technology and associated performance gains.	Although multithreading technologies increase CPU performance, the performance gain depends on running workloads and differs from one case to another.	Because you must provide more physical CPU cores, costs increase and hardware choices become limited.
VCF-ESX-RCMD-CFG-004	Install and configure all ESXi hosts in the default management cluster to boot using a 128-GB device or larger.	Provides hosts that have large memory, that is, greater than 512 GB, with enough space for the scratch partition when using vSAN.	None.
VCF-ESX-RCMD-CFG-005	Use the default configuration for the scratch partition on all ESXi hosts in the default management cluster.	If a failure in the vSAN cluster occurs, the ESXi hosts remain responsive and log information is still accessible. It is not possible to use vSAN datastore for the scratch partition.	None.
VCF-ESX-RCMD-CFG-006	For workloads running in the default management cluster, save the virtual machine swap file at the default location.	Simplifies the configuration process.	Increases the amount of replication traffic for management workloads that are recovered as part of the disaster recovery process.
VCF-ESX-RCMD-NET-001	Place the ESXi hosts in each management domain cluster on a host management network that is separate from the VM management network.	Enables the separation of the physical VLAN between ESXi hosts and the other management components for security reasons. The VM management network is not required for a multi-rack compute-only cluster in a VI workload domain.	Increases the number of VLANs required.
VCF-ESX-RCMD-NET-002	Place the ESXi hosts in each VI workload domain on a separate host management VLAN-backed network.	Enables the separation of the physical VLAN between the ESXi hosts in different VI workload domains for security reasons.	Increases the number of VLANs required. For each VI workload domain, you must allocate a separate management subnet.
VCF-ESX-RCMD-SEC-001	Deactivate SSH access on all ESXi hosts in the management domain by having the SSH service stopped and using the default SSH service policy `Start and stop manually` .	Ensures compliance with the vSphere Security Configuration Guide and with security best practices. Disabling SSH access reduces the risk of security attacks on the ESXi hosts through the SSH interface.	You must activate SSH access manually for troubleshooting or support activities as VMware Cloud Foundation deactivates SSH on ESXi hosts after workload domain deployment.
VCF-ESX-RCMD-SEC-002	Set the advanced setting `UserVars.SuppressShellWarning` to `0` across all ESXi hosts in the management domain.	Ensures compliance with the vSphere Security Configuration Guide and with security best practices Enables the warning message that appears in the vSphere Client every time SSH access is activated on an ESXi host.	You must turn off SSH enablement warning messages manually when performing troubleshooting or support activities.