Use this list of requirements and recommendations for reference related to the ESXi host configuration in an environment with a single or multiple VMware Cloud Foundation instances. The design elements determine the ESXi hardware configuration, networking, life cycle management and remote access.
The configuration tasks for most design requirements and recommendations are automated in VMware Cloud Foundation. You must perform the configuration manually only for a limited number of decisions as noted in the design implications.
For full design details, see ESXi Design for VMware Cloud Foundation.
Requirement ID |
Design Requirement |
Requirement Justification |
Requirement Implication |
---|---|---|---|
VCF-ESX-REQD-CFG-001 |
Install no less than the minimum number of ESXi hosts required for the cluster type being deployed. |
|
None. |
VCF-ESX-REQD-CFG-002 |
Ensure each ESXi host matches the required CPU, memory and storage specification. |
|
Assemble the server specification and number according to the sizing in VMware Cloud Foundation Planning and Preparation Workbook which is based on the projected deployment size. |
VCF-ESX-REQD-SEC-001 |
Regenerate the certificate of each ESXi host after assigning the host an FQDN. |
Establishes a secure connection with VMware Cloud Builder during the deployment of a workload domain and prevents man-in-the-middle (MiTM) attacks. |
You must manually regenerate the certificates of the ESXi hosts before the deployment of a workload domain. |
Recommendation ID |
Recommendation |
Justification |
Implication |
---|---|---|---|
VCF-ESX-RCMD-CFG-001 |
Use vSAN ReadyNodes with vSAN storage for each ESXi host in the management domain. |
Your management domain is fully compatible with vSAN at deployment. For information about the models of physical servers that are vSAN-ready, see vSAN Compatibility Guide for vSAN ReadyNodes. |
Hardware choices might be limited. If you plan to use a server configuration that is not a vSAN ReadyNode, your CPU, disks and I/O modules must be listed on the VMware Compatibility Guide under CPU Series and vSAN Compatibility List aligned to the ESXi version specified in VMware Cloud Foundation 5.2 Release Notes. |
VCF-ESX-RCMD-CFG-002 |
Allocate hosts with uniform configuration across the default management vSphere cluster. |
A balanced cluster has these advantages:
|
You must apply vendor sourcing, budgeting, and procurement considerations for uniform server nodes on a per cluster basis. |
VCF-ESX-RCMD-CFG-003 |
When sizing CPU, do not consider multithreading technology and associated performance gains. |
Although multithreading technologies increase CPU performance, the performance gain depends on running workloads and differs from one case to another. |
Because you must provide more physical CPU cores, costs increase and hardware choices become limited. |
VCF-ESX-RCMD-CFG-004 |
Install and configure all ESXi hosts in the default management cluster to boot using a 128-GB device or larger. |
Provides hosts that have large memory, that is, greater than 512 GB, with enough space for the scratch partition when using vSAN. |
None. |
VCF-ESX-RCMD-CFG-005 |
Use the default configuration for the scratch partition on all ESXi hosts in the default management cluster. |
|
None. |
VCF-ESX-RCMD-CFG-006 |
For workloads running in the default management cluster, save the virtual machine swap file at the default location. |
Simplifies the configuration process. |
Increases the amount of replication traffic for management workloads that are recovered as part of the disaster recovery process. |
VCF-ESX-RCMD-NET-001 |
Place the ESXi hosts in each management domain cluster on a host management network that is separate from the VM management network. |
Enables the separation of the physical VLAN between ESXi hosts and the other management components for security reasons. The VM management network is not required for a multi-rack compute-only cluster in a VI workload domain. |
Increases the number of VLANs required. |
VCF-ESX-RCMD-NET-002 |
Place the ESXi hosts in each VI workload domain on a separate host management VLAN-backed network. |
Enables the separation of the physical VLAN between the ESXi hosts in different VI workload domains for security reasons. |
Increases the number of VLANs required. For each VI workload domain, you must allocate a separate management subnet. |
VCF-ESX-RCMD-SEC-001 |
Deactivate SSH access on all ESXi hosts in the management domain by having the SSH service stopped and using the default SSH service policy |
Ensures compliance with the vSphere Security Configuration Guide and with security best practices. Disabling SSH access reduces the risk of security attacks on the ESXi hosts through the SSH interface. |
You must activate SSH access manually for troubleshooting or support activities as VMware Cloud Foundation deactivates SSH on ESXi hosts after workload domain deployment. |
VCF-ESX-RCMD-SEC-002 |
Set the advanced setting |
|
You must turn off SSH enablement warning messages manually when performing troubleshooting or support activities. |