VMware Aria Suite Lifecycle Design Elements for VMware Cloud Foundation

Use this list of requirements and recommendations for reference related to VMware Aria Suite Lifecycle in an environment with a single or multiple VMware Cloud Foundation instances.

For full design details, see VMware Aria Suite Lifecycle Design for VMware Cloud Foundation.

Table 1. VMware Aria Suite Lifecycle Design Requirements for VMware Cloud Foundation
Requirement ID	Design Requirement	Justification	Implication
VCF-VASL-REQD-CFG-001	Deploy a VMware Aria Suite Lifecycle instance in the management domain of each VMware Cloud Foundation instance to provide life cycle management for VMware Aria Suite and Workspace ONE Access.	Provides life cycle management operations for VMware Aria Suite applications and Workspace ONE Access.	You must ensure that the required resources are available.
VCF-VASL-REQD-CFG-002	Deploy VMware Aria Suite Lifecycle by using SDDC Manager.	Deploys VMware Aria Suite Lifecycle in VMware Cloud Foundation mode, which enables the integration with the SDDC Manager inventory for product deployment and life cycle management of VMware Aria Suite components. Automatically configures the standalone Tier-1 gateway required for load balancing the clustered Workspace ONE Access and VMware Aria Suite components.	None.
VCF-VASL-REQD-CFG-003	Allocate extra 100 GB of storage to the VMware Aria Suite Lifecycle appliance for VMware Aria Suite product binaries.	Provides support for VMware Aria Suite product binaries (install, upgrade, and patch) and content management. SDDC Manager automates the creation of storage.	None.
VCF-VASL-REQD-CFG-004	Place the VMware Aria Suite Lifecycle appliance on an overlay-backed (recommended) or VLAN-backed NSX network segment.	Provides a consistent deployment model for management applications.	You must use an implementation in NSX to support this networking configuration.
VCF-VASL-REQD-CFG-005	Import VMware Aria Suite product licenses to the Locker repository for product life cycle operations.	You can review the validity, details, and deployment usage for the license across the VMware Aria Suite products. You can reference and use licenses during product life cycle operations, such as deployment and license replacement.	When using the API, you must specify the Locker ID for the license to be used in the JSON payload.
VCF-VASL-REQD-ENV-001	Configure datacenter objects in VMware Aria Suite Lifecycle for local and cross-instance VMware Aria Suite deployments and assign the management domain vCenter Server instance to each data center.	You can deploy and manage the integrated VMware Aria Suite components across the SDDC as a group.	You must manage a separate datacenter object for the products that are specific to each instance.
VCF-VASL-REQD-ENV-002	If deploying VMware Aria Operations for Logs, create a local-instance environment in VMware Aria Suite Lifecycle.	Supports the deployment of an instance of VMware Aria Operations for Logs.	None.
VCF-VASL-REQD-ENV-003	If deploying VMware Aria Operations or VMware Aria Automation, create a cross-instance environment in VMware Aria Suite Lifecycle	Supports deployment and management of the integrated VMware Aria Suite products across VMware Cloud Foundation instances as a group. Enables the deployment of instance-specific components, such as VMware Aria Operations remote collectors. In VMware Aria Suite Lifecycle, you can deploy and manage VMware Aria Operations remote collector objects only in an environment that contains the associated cross-instance components.	You can manage instance-specific components, such as remote collectors, only in an environment that is cross-instance.
VCF-VASL-REQD-SEC-001	Use the custom vCenter Server role for VMware Aria Suite Lifecycle that has the minimum privileges required to support the deployment and upgrade of VMware Aria Suite products.	VMware Aria Suite Lifecycle accesses vSphere with the minimum set of permissions that are required to support the deployment and upgrade of VMware Aria Suite products. SDDC Manager automates the creation of the custom role.	You must maintain the permissions required by the custom role.
VCF-VASL-REQD-SEC-002	Use the service account in vCenter Server for application-to-application communication from VMware Aria Suite Lifecycle to vSphere. Assign global permissions using the custom role.	Provides the following access control features: VMware Aria Suite Lifecycle accesses vSphere with the minimum set of required permissions. You can introduce improved accountability in tracking request-response interactions between the components of the SDDC. SDDC Manager automates the creation of the service account.	You must maintain the life cycle and availability of the service account outside of SDDC manager password rotation.

Table 2. VMware Aria Suite Lifecycle Design Requirements for Stretched Clusters in VMware Cloud Foundation
Requirement ID	Design Requirement	Justification	Implication
VCF-VASL-REQD-CFG-006	For multiple availability zones, add the VMware Aria Suite Lifecycle appliance to the VM group for the first availability zone.	Ensures that, by default, the VMware Aria Suite Lifecycle appliance is powered on a host in the first availability zone.	If VMware Aria Suite Lifecycle is deployed after the creation of the stretched management cluster, you must add the VMware Aria Suite Lifecycle appliance to the VM group manually.

Table 3. VMware Aria Suite Lifecycle Design Requirements for NSX Federation in VMware Cloud Foundation
Requirement ID	Design Requirement	Justification	Implication
VCF-VASL-REQD-CFG-007	Configure the DNS settings for the VMware Aria Suite Lifecycle appliance to use DNS servers in each instance.	Improves resiliency in the event of an outage of external services for a VMware Cloud Foundation instance.	As you scale from a deployment with a single VMware Cloud Foundation instance to one with multiple VMware Cloud Foundation instances, the DNS settings of the VMware Aria Suite Lifecycle appliance must be updated.
VCF-VASL-REQD-CFG-008	Configure the NTP settings for the VMware Aria Suite Lifecycle appliance to use NTP servers in each VMware Cloud Foundation instance.	Improves resiliency if an outage of external services for a VMware Cloud Foundation instance occurs.	As you scale from a deployment with a single VMware Cloud Foundation instance to one with multiple VMware Cloud Foundation instances, the NTP settings on the VMware Aria Suite Lifecycle appliance must be updated.
VCF-VASL-REQD-ENV-004	Assign the management domain vCenter Server instance in the additional VMware Cloud Foundation instance to the cross-instance data center.	Supports the deployment of VMware Aria Operations remote collectors in an additional VMware Cloud Foundation instance.	None.

Table 4. VMware Aria Suite Lifecycle Design Recommendations for VMware Cloud Foundation
Recommendation ID	Design Recommendation	Justification	Implication
VCF-VASL-RCMD-CFG-001	Protect VMware Aria Suite Lifecycle by using vSphere HA.	Supports the availability objectives for VMware Aria Suite Lifecycle without requiring manual intervention during a failure event.	None.
VCF-VASL-RCMD-LCM-001	Obtain product binaries for install, patch, and upgrade in VMware Aria Suite Lifecycle from VMware Customer Connect.	You can upgrade VMware Aria Suite products based on their general availability and endpoint interoperability rather than being listed as part of VMware Cloud Foundation bill of materials (BOM). You can deploy and manage binaries in an environment that does not allow access to the Internet or are dark sites.	The site must have an Internet connection to use VMware Customer Connect. Sites without an Internet connection should use the local upload option instead.
VCF-VASL-RCMD-LCM-002	Use support packs (PSPAKS) for VMware Aria Suite Lifecycle to enable upgrading to later versions of VMware Aria Suite products.	Enables the upgrade of an existing VMware Aria Suite Lifecycle to permit later versions of VMware Aria Suite products without an associated VMware Cloud Foundation upgrade. See VMware Knowledge Base article 88829	None.
VCF-VASL-RCMD-SEC-001	Enable integration between VMware Aria Suite Lifecycle and your corporate identity source by using the Workspace ONE Access instance.	Enables authentication to VMware Aria Suite Lifecycle by using your corporate identity source. Enables authorization through the assignment of organization and cloud services roles to enterprise users and groups defined in your corporate identity source.	You must deploy and configure Workspace ONE Access to establish the integration between VMware Aria Suite Lifecycle and your corporate identity sources.
VCF-VASL-RCMD-SEC-002	Create corresponding security groups in your corporate directory services for VMware Aria Suite Lifecycle roles: VCF Content Release Manager Content Developer	Streamlines the management of VMware Aria Suite Lifecycle roles for users.	You must create the security groups outside of the SDDC stack. You must set the desired directory synchronization interval in Workspace ONE Access to ensure that changes are available within a reasonable period.