In VMware Cloud Foundation, operational day-to-day efficiencies are delivered through SDDC Manager. These efficiencies include full life cycle management tasks such as deployment, configuration, patching and upgrades.

Logical Design for SDDC Manager

You deploy an SDDC Manager appliance in the management domain for creating VI workload domains, provisioning additional virtual infrastructure, and life cycle management of the SDDC management components.

Figure 1. Logical Design of SDDC Manager

SDDC Manager provides life cycle management for NSX, vCenter Server, ESXi, and VMware Aria Suite Lifecycle. It provisions management workloads by using vCenter Server.

You use SDDC Manager to perform the following operations:

  • Commissioning or decommissioning ESXi hosts

  • Deployment of VI workload domains

  • Deployment of VMware Aria Suite Lifecycle

  • Deployment of NSX Edge clusters in workload domains

  • Adding and extending clusters in workload domains

  • Life cycle management of the virtual infrastructure components in all workload domains and of VMware Aria Suite Lifecycle

  • Storage management for vVOL VASA providers

  • Identity provider management

  • Composable infrastructure management

  • Creation of network pools for host configuration workload domains

  • Product licenses storage

  • Certificate management

  • Password management and rotation

  • Backup configuration

Table 1. SDDC Manager Logical Components

VMware Cloud Foundation Instances with a Single Availability Zone

VMware Cloud Foundation Instances with Multiple Availability Zones

  • A single SDDC Manager appliance is deployed on the management network.

  • vSphere HA protects the SDDC Manager appliance.

  • A single SDDC Manager appliance is deployed on the management network.

  • vSphere HA protects the SDDC Manager appliance.

  • A vSphere DRS rule specifies that the SDDC Manager appliance should run on an ESXi host in the first availability zone.

SDDC Manager Repository Access Design

SDDC Manager uses software bundles to deploy new VI workload domains, and to patch and upgrade existing ones. You can manage VMware Cloud Foundation software bundles in several ways.

Table 2. Bundle Management Methods

Bundle Management Method

Additional Information

Direct connection to the online depot

  • Requires Internet access from SDDC Manager.

Connection to online depot using a proxy server

  • Supports both, authenticated and non-authenticated proxy.

Offline bundle depot

  • A Web server, not managed by VMware, hosting VMware Cloud Foundation bundles.

  • Can be used for dark sites and sites with more than one VMware Cloud Foundation instance.

Offline bundle transfer utility

  • Bundles are downloaded on a system with Internet access and transferred to SDDC Manager.

SDDC Manager Design Requirements and Recommendations for VMware Cloud Foundation

Consider the placement and network design requirements for SDDC Manager, and the best practices for configuring the access to install and upgrade software bundles.

SDDC Manager Design Requirements

You must meet the following design requirements for in your SDDC Manager design.

Table 3. SDDC Manager Design Requirements for VMware Cloud Foundation

Requirement ID

Design Requirement




Deploy an SDDC Manager system in the first availability zone of the management domain.

SDDC Manager is required to perform VMware Cloud Foundation capabilities, such as provisioning VI workload domains, deploying solutions, patching, upgrading, and others.



Deploy SDDC Manager with its default configuration.

The configuration of SDDC Manager is not configurable and should not be changed from its defaults.



Place the SDDC Manager appliance on the VM management network.

  • Simplifies IP addressing for management VMs by using the same VLAN and subnet.

  • Provides simplified secure access to management VMs in the same VLAN network.


SDDC Manager Design Recommendations

In your SDDC Manager design, you can apply certain best practices.

Table 4. SDDC Manager Design Recommendations for VMware Cloud Foundation

Recommendation ID

Design Recommendation




Connect SDDC Manager to the Internet for downloading software bundles.

SDDC Manager must be able to download install and upgrade software bundles for deployment of VI workload domains and solutions, and for upgrade from a repository.

The rules of your organization might not permit direct access to the Internet. In this case, you must either download software bundles for SDDC Manager manually, or configure an offline depot.


Configure an authenticated network proxy to connect SDDC Manager to the Internet.

To protect SDDC Manager against external attacks from the Internet.

You must managed the proxy settings and security manually.


Configure SDDC Manager with a VMware Customer Connect account with VMware Cloud Foundation entitlement to check for and download software bundles.

Software bundles for VMware Cloud Foundation are stored in a repository that is secured with access controls.

Requires the use of a VMware Customer Connect user account with access to VMware Cloud Foundation licensing.

Sites without an internet connection can use local upload or offline depot option instead.


Configure SDDC Manager with an external certificate authority that is responsible for providing signed certificates.

Provides increased security by implementing signed certificate generation and replacement across the management components.

An external certificate authority, such as Microsoft CA, must be locally available.