vCenter Server design considers the location, size, high availability, and identity domain isolation of the vCenter Server instances for the workload domains in a VMware Cloud Foundation environment.

Logical Design for vCenter Server for VMware Cloud Foundation

Each workload domain has a dedicated vCenter Server that manages the ESXi hosts running NSX Edge nodes and customer workloads. All vCenter Server instances run in the management domain.

Figure 1. Design of vCenter Server for VMware Cloud Foundation

Each VMware Cloud Foundation instance contains a vCenter Server instance for the management ESXi hosts. For each new workload domain, a vCenter Server instance is added in the management domain.
Table 1. vCenter Server Layout

VMware Cloud Foundation Instances with a Single Availability Zone

VMware Cloud Foundation Instances with Multiple Availability Zones

  • One vCenter Server instance for the management domain that manages the management components of the SDDC, such as the vCenter Server instances for the VI workload domains, NSX Manager cluster nodes, SDDC Manager, and other solutions.

  • Optionally, additional vCenter Server instances for the VI workload domains to support customer workloads.

  • vSphere HA protecting all vCenter Server appliances.

  • One vCenter Server instance for the management domain that manages the management components of the SDDC, such as vCenter Server instances for the VI workload domains, NSX Manager cluster nodes, SDDC Manager, and other solutions.

  • Optionally, additional vCenter Server instances for the VI workload domains to support customer workloads.

  • vSphere HA protecting all vCenter Server appliances.

  • A should-run-on-host-in-group VM-Host affinity rule in vSphere DRS specifying that the vCenter Server appliances should run in the primary availability zone unless an outage in this zone occurs.

Sizing Considerations for vCenter Server for VMware Cloud Foundation

You select an appropriate vCenter Server appliance size according to the scale of your environment.

When you deploy a workload domain, you select a vCenter Server appliance size that is suitable for the scale of your environment. The option that you select determines the number of CPUs and the amount of memory of the appliance. For detailed sizing according to a collective profile of the VMware Cloud Foundation instance you plan to deploy, refer to the VMware Cloud Foundation Planning and Preparation Workbook .

Table 2. Sizing Considerations for vCenter Server

vCenter Server Appliance Size

Management Capacity

Tiny

Up to 10 hosts or 100 virtual machines

Small *

Up to 100 hosts or 1,000 virtual machines

Medium **

Up to 400 hosts or 4,000 virtual machines

Large

Up to 800 hosts or 10,000 virtual machines

X-Large

Up to 800 hosts or 45,000 virtual machines

* Default for the management domain vCenter Server

** Default for VI workload domain vCenter Server instances

High Availability Design for vCenter Server for VMware Cloud Foundation

Protecting vCenter Server is important because it is the central point of management and monitoring for each workload domain.

VMware Cloud Foundation supports only vSphere HA as a high availability method for vCenter Server.

Table 3. Methods for Protecting the vCenter Server Appliance

High Availability Method

Supported in VMware Cloud Foundation

Considerations

vSphere High Availability

Yes

-

vCenter High Availability (vCenter HA)

No

  • vCenter Server services must fail over to the passive node so there is no continuous availability.

  • Recovery time can be up to 15 mins.

  • You must meet additional networking requirements for the private network.

  • vCenter HA requires additional resources for the Passive and Witness nodes.

  • Life cycle management is complicated because you must manually delete and recreate the standby virtual machines during a life cycle management operation.

vSphere Fault Tolerance (vSphere FT)

No

  • The vCPU limit of vSphere FT vCPU would limit vCenter Server appliance size to medium.

  • You must provide a dedicated network.

vCenter Server Design Requirements and Recommendations for VMware Cloud Foundation

Each workload domain in VMware Cloud Foundation is managed by a single vCenter Server instance. You determine the size of this vCenter Server instance and its storage requirements according to the number of ESXi hosts per cluster and the number of virtual machines you plan to run on these clusters.

vCenter Server Design Requirements for VMware Cloud Foundation

You allocate vCenter Server appliances according to the requirements for workload isolation, scalability, and resilience to failures.
Table 4. vCenter Server Design Requirements for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-VCS-REQD-CFG-001

Deploy a dedicated vCenter Server appliance for the management domain of the VMware Cloud Foundation instance.

  • Isolates vCenter Server failures to management or customer workloads.

  • Isolates vCenter Server operations between management and customers.

  • Supports a scalable cluster design where you can reuse the management components as more customer workloads are added to the SDDC.

  • Simplifies capacity planning for customer workloads because you do not consider management workloads for the VI workload domain vCenter Server.

  • Improves the ability to upgrade the vSphere environment and related components by enabling for explicit separation of maintenance windows:

    • Management workloads remain available while you are upgrading the tenant workloads

    • Customer workloads remain available while you are upgrading the management nodes

  • Supports clear separation of roles and responsibilities to ensure that only administrators with granted authorization can control the management workloads.

  • Facilitates quicker troubleshooting and problem resolution.

  • Simplifies disaster recovery operations by supporting a clear separation between recovery of the management components and tenant workloads.

  • Provides isolation of potential network issues by introducing network separation of the clusters in the SDDC.

Requires a separate license for the vCenter Server instance in the management domain

VCF-VCS-REQD-NET-001

Place all workload domain vCenters Server appliances on the VM management network in the management domain.

  • Simplifies IP addressing for management VMs by using the same VLAN and subnet.

  • Provides simplified secure access to management VMs in the same VLAN network.

None.

vCenter Server Design Recommendations

In your vCenter Server design for VMware Cloud Foundation, you can apply certain best practices for sizing and high availability.

Table 5. vCenter Server Design Recommendations for VMware Cloud Foundation

Recommendation ID

Design Recommendation

Justification

Implication

VCF-VCS-RCMD-CFG-001

Deploy an appropriately sized vCenter Server appliance for each workload domain.

Ensures resource availability and usage efficiency per workload domain.

The default size for a management domain is Small and for VI workload domains is Medium. To override these values, you must use the Cloud Builder API and the SDDC Manager API.

VCF-VCS-RCMD-CFG-002

Deploy a vCenter Server appliance with the appropriate storage size.

Ensures resource availability and usage efficiency per workload domain.

The default size for a management domain is Small and for VI Workload Domains is Medium. To override these values, you must use the API.

VCF-VCS-RCMD-CFG-003

Protect workload domain vCenter Server appliances by using vSphere HA.

vSphere HA is the only supported method to protect vCenter Server availability in VMware Cloud Foundation.

vCenter Server becomes unavailable during a vSphere HA failover.

VCF-VCS-RCMD-CFG-004

In vSphere HA, set the restart priority policy for the vCenter Server appliance to high.

vCenter Server is the management and control plane for physical and virtual infrastructure. In a vSphere HA event, to ensure the rest of the SDDC management stack comes up faultlessly, the workload domain vCenter Server must be available first, before the other management components come online.

If the restart priority for another virtual machine is set to highest, the connectivity delay for the management components will be longer.

vCenter Server Design Recommendations for Stretched Clusters with VMware Cloud Foundation

The following additional design recommendations apply when using stretched clusters.

Table 6. vCenter Server Design Recommendations for vSAN Stretched Clusters with VMware Cloud Foundation

Recommendation ID

Design Recommendation

Justification

Implication

VCF-VCS-RCMD-CFG-005

Add the vCenter Server appliance to the virtual machine group for the first availability zone.

Ensures that, by default, the vCenter Server appliance is powered on a host in the first availability zone.

None.

vCenter Single Sign-On Design Requirements for VMware Cloud Foundation

vCenter Server instances for the VI workload domains in a VMware Cloud Foundation instance can be either joined to the vCenter Single Sign-On domain of the vCenter Server instance for the management domain or deployed in isolated vCenter Single Sign-On domains.

You select the vCenter Single Sign-On topology according to the needs and design objectives of your deployment.

Table 7. vCenter Single Sign-On Topologies for VMware Cloud Foundation

VMware Cloud Foundation Topology

vCenter Single Sign-On Domain Topology

Benefits

Drawbacks

Single vCenter Server Instance - Single vCenter Single Sign-On Domain

One vCenter Single Sign-On domain with the management domain vCenter Server instance only.

Enables a small environment where customer workloads run in the same cluster as the management domain components.

-

Multiple vCenter Server Instances - Single vCenter Single Sign-On Domain

One vCenter Single Sign-On domain with the management domain and all VI workload domain vCenter Server instances in enhanced linked mode (ELM) using a ring topology.

Enables sharing of vCenter Server roles, tags and licenses between all workload domain instances.

Limited to 15 workload domains per VMware Cloud Foundation instance including the management domain.

Multiple vCenter Server Instances - Multiple vCenter Single Sign-On Domains

  • One vCenter Single Sign-On domain with at least the management domain vCenter Server instance

  • Additional VI workload domains, each with their own isolated vCenter Single Sign-On domain.

  • Enables isolation at the vCenter Single Sign-On domain layer for increased security separation.

  • Supports up to 25 workload domains per VMware Cloud Foundation instance.

Additional password management overhead per vCenter Single Sign-On domain.

Figure 2. Single vCenter Server Instance - Single vCenter Single Sign-On Domain


Because the Single vCenter Server Instance - Single vCenter Single Sign-On Domain topology contains a single vCenter Server instance by definition, no relevant design requirements or recommendations for vCenter Single Sign-On are needed.

Figure 3. Multiple vCenter Server Instances - Single vCenter Single Sign-On Domain


Table 8. Design Requirements for the Multiple vCenter Server Instance - Single vCenter Single Sign-on Domain Topology for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-VCS-REQD-SSO-STD-001

Join all vCenter Server instances within aVMware Cloud Foundation instance to a single vCenter Single Sign-On domain.

When all vCenter Server instances are in the same vCenter Single Sign-On domain, they can share authentication and license data across all components.
  • Only one vCenter Single Sign-On domain exists.

  • The number of linked vCenter Server instances in the same vCenter Single Sign-On domain is limited to 15 instances. Because each workload domain uses a dedicated vCenter Server instance, you can deploy up to 15 domains within each VMware Cloud Foundation instance.

VCF-VCS-REQD-SSO-STD-002

Create a ring topology between the vCenter Server instances within the VMware Cloud Foundation instance.

By default, one vCenter Server instance replicates only with another vCenter Server instance. This setup creates a single point of failure for replication. A ring topology ensures that each vCenter Server instance has two replication partners and removes any single point of failure.

None.

Figure 4. Multiple vCenter Server Instances - Multiple vCenter Single Sign-On Domain


Table 9. Design Requirements for Multiple vCenter Server Instance - Multiple vCenter Single Sign-On Domain Topology for VMware Cloud Foundation

Requirement ID

Design Requirement

Justification

Implication

VCF-VCS-REQD-SSO-ISO-001

Create all vCenter Server instances within a VMware Cloud Foundation instance in their own unique vCenter Single Sign-On domains.

  • Enables isolation at the vCenter Single Sign-On domain layer for increased security separation.

  • Supports up to 25 workload domains.

  • Each vCenter server instance is managed through its own pane of glass using a different set of administrative credentials.

  • You must manage password rotation for each vCenter Single Sign-On domain separately.