Network Design for Cloud-Based Intelligent Operations for VMware Cloud Foundation

The network design of the Cloud-Based Intelligent Operations for VMware Cloud Foundation validated solution outlines the logical network design which the Cloud Proxy appliances use for gaining connectivity to both on-premises and cloud-based services.

Network Segment

The network segment design consists of characteristics and decisions for the placement of the Cloud Proxies in the management domain.

This validated solution places the Cloud Proxy appliances within the management VLAN of the VMware Cloud Foundation instance. This placement ensures connectivity and close proximity to vCenter Servers and NSX Managers.

Figure 1. Network Design for Cloud-Based Intelligent Operations on Management VLAN

Table 1. Design Decisions on Network Segments for the Cloud Proxy Appliances
Decision ID	Design Decision	Design Justification	Design Implication
CBO-CDP-NET-001	Place the Cloud Proxy appliances on the management VLAN.	Places the Cloud Proxy appliances on the same network as the VMware Cloud Foundation management components. Cross-region failover is not a requirement for the Cloud Proxy appliances.	Ensures connectivity between the Cloud Proxy appliances and the management domain components in the event of a routing issue.

IP Addressing Scheme

Allocate statically assigned IP addresses and host names to the Cloud Proxy appliances from their corresponding network.

Table 2. Design Decisions on IP Addressing for the Cloud Proxy Appliances
Decision ID	Design Decision	Design Justification	Design Implication
CBO-CDP-NET-002	Allocate statically assigned IP addresses from the management VLAN to the Cloud Proxy appliances.	Using statically assigned IP addresses ensures stability of the deployment and simplifies maintenance and tracking.	Requires precise IP address management.

Name Resolution

Name resolution provides the translation between an IP address and a fully qualified domain name (FQDN), which makes it easier to remember and connect to components across the SDDC.

Each Cloud Proxy appliance must have valid internal DNS forward (A) and reverse (PTR) records in a highly-available DNS server configuration.

Table 3. Design Decisions on Name Resolution for the Cloud Proxy Appliances
Decision ID	Design Decision	Design Justification	Design Implication
CBO-CDP-NET-003	Configure forward and reverse DNS records for the Cloud Proxy appliances IP addresses.	Ensures that the appliances are accessible by using easy-to-remember fully qualified domain names (FQDN) rather than IP addresses.	You must create A and PTR records in DNS for the virtual appliances.
CBO-CDP-NET-004	Configure DNS servers on the Cloud Proxy appliances.	Ensures that the virtual appliances have accurate name resolution.	DNS infrastructure services should be highly-available in the environment. Firewalls between the appliance and the DNS servers must allow DNS traffic. You must provide two or more DNS servers unless a DNS geographic load balancing is active.

Time Synchronization

Time synchronization provided by the Network Time Protocol (NTP) ensures that all components within the SDDC are synchronized to the same time source. This section of the design consists of characteristics and decisions that support the time configuration for the Cloud Proxy appliances.

Table 4. Design Decisions on Time Synchronization for the Cloud Proxy Appliances
Decision ID	Design Decision	Design Justification	Design Implication
CBO-CDP-NET-005	Configure NTP servers for the Cloud Proxy appliances.	Ensures that the virtual appliances have accurate time synchronization. Assists in the prevention of time mismatch between the appliance and its dependencies.	NTP infrastructure services should be highly-available in the environment. Firewalls between the appliance and the NTP servers must allow NTP traffic. You must provide two or more NTP servers unless an NTP geographic load balancing is active.