The design decisions determine the deployment configuration, resource sizing, and monitoring support of vRealize Log Insight in the SDDC.
Deployment Design
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-001 |
Deploy a three node vRealize Log Insight cluster - one primary and two worker nodes with an integrated load balancer, in the default management vSphere cluster. |
|
|
ILA-VRLI-CFG-002 |
To deploy vRealize Log Insight, use the vRealize Suite Lifecycle Manager instance in the corresponding VMware Cloud Foundation instance. |
|
You must deploy vRealize Suite Lifecycle Manager in each VMware Cloud Foundation instance. |
ILA-VRLI-CFG-003 |
Protect all vRealize Log Insight cluster nodes by using vSphere High Availability. |
Supports the availability objectives for vRealize Log Insight without requiring manual intervention during a failure event. |
None. |
ILA-VRLI-CFG-004 |
Apply a vSphere Distributed Resource Scheduler (DRS) anti-affinity rule to the vRealize Log Insight cluster virtual machines. |
Using vSphere DRS prevents the vRealize Log Insight cluster virtual machines from running on the same ESXi host and risking the high availability of the cluster. |
|
ILA-VRLI-CFG-005 |
Place the vRealize Log Insight cluster virtual machines in a dedicated virtual machine folder. |
Provides an organization of the vRealize Log Insight nodes in the management domain inventory. |
You must create the virtual machine folder during or after the deployment. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-006 |
When using two availability zones, add the vRealize Log Insight cluster virtual machines to the first availability zone VM group. |
Ensures that, by default, the vRealize Log Insight cluster virtual machines are powered on within the first availability zone hosts group. |
If vRealize Log Insight is deployed after the creation of the stretched cluster for management domain availability zones, the VM group for the first availability zone virtual machines must be updated to include the vRealize Log Insight cluster nodes. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-007 |
In an environment with multiple VMware Cloud Foundation instances, deploy a three node vRealize Log Insight cluster - one primary and two worker nodes with an integrated load balancer, on the default management vSphere cluster in each VMware Cloud Foundation instance. |
Provides a local vRealize Log Insight infrastructure to each VMware Cloud Foundation instance for both availability, scale and performance reasons. |
You must deploy vRealize Suite Lifecycle Manager in each VMware Cloud Foundation instance. |
ILA-VRLI-CFG-008 |
In an environment with multiple VMware Cloud Foundation instances, place the vRealize Log Insight cluster virtual machines in each instance in a dedicated virtual machine folder. |
Provides an organization of the vRealize Log Insight cluster nodes in the management domain inventory. |
You must create the virtual machine folder during or after the deployment. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-009 |
Deploy each node in the vRealize Log Insight cluster as a medium-size appliance. |
|
You must increase the size of the nodes if you configure vRealize Log Insight to monitor additional syslog sources. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-010 |
Configure a retention period of seven days for the medium-size vRealize Log Insight appliance. |
Accommodates logs from the expected number of logging sources in this SDDC design. |
None. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-011 |
Apply an archive policy of 90 days for the medium-size vRealize Log Insight appliance. |
Accommodates 90 days of historical logs. |
You must provide a minimum of 400GB of shared storage in each VMware Cloud Foundation instance. |
ILA-VRLI-CFG-012 |
Provide a minimum of 400 GB of NFS version 3 shared storage to the vRealize Log Insight cluster in each VMware Cloud Foundation instance. |
Accommodates log archiving from 200 logging sources for 90 days. |
|
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-013 |
Configure alert notifications. |
Activates alerts by email from vRealize Log Insight sent to administrators and operators. |
Requires access to an external SMTP server. |
Network Design
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-NET-001 |
Place the vRealize Log Insight cluster nodes on the local-instance NSX network segment. |
Provides a consistent deployment model for management applications. |
You must use an implementation in NSX-T Data Center to support this networking configuration. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-NET-002 |
Allocate statically assigned IP addresses and host names from the local-instance NSX segment to the vRealize Log Insight cluster nodes and the integrated load balancer (ILB). |
Ensures stability across the SDDC and makes it simpler to maintain and easier to track. |
Requires precise IP address management. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-NET-003 |
In an environment with multiple VMware Cloud Foundation instances, allocate statically assigned IP addresses and host names from each local-instance NSX segment to the vRealize Log Insight cluster nodes in the instance. |
Ensures stability across the SDDC and makes it simpler to maintain and easier to track. |
Requires precise IP address management. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-NET-004 |
Configure forward and reverse DNS records for all vRealize Log Insight cluster nodes and the integrated load balancer (ILB) VIP address. |
All nodes are accessible by using fully qualified domain names instead of by using IP addresses only. |
You must provide DNS records for the vRealize Log Insight nodes. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-NET-005 |
Activate the vRealize Log Insight integrated load balancer (ILB) for balancing incoming traffic. |
Supports balancing ingestion traffic among the vRealize Log Insight nodes and high availability. |
You must provide an extra IP address and FQDN for the integrated load balancer (ILB). |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-NET-006 |
Configure NTP on each vRealize Log Insight cluster node. |
vRealize Log Insight depends on time synchronization. |
None. |
Life Cycle Management Design
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-LCM-001 |
|
|
|
vRealize Log Insight Design
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-014 |
Install the following content packs:
|
Provides additional granular monitoring on the virtual infrastructure. The following content packs are installed by default in vRealize Log Insight:
The following content packs are installed automatically by SDDC Manager.
|
None. |
ILA-VRLI-CFG-015 |
Configure the following agent groups that are related to content packs:
|
|
Adds minimal load to vRealize Log Insight. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-016 |
Connect VMware Cloud Foundation VI workload domains to vRealize Log Insight by using SDDC Manager. |
SDDC Manager automatically adds the VI workload domain vCenter Server and ESXi hosts to vRealize Log Insight. |
None. |
ILA-VRLI-CFG-017 |
Install and configure the vRealize Log Insight agent on the clustered Workspace ONE Access nodes to send logs to the vRealize Log Insight cluster in their corresponding VMware Cloud Foundation instance. |
Provides a standardized configuration that is pushed to the vRealize Log Insight agents for each Workspace ONE Access node. Supports collection according to the context of the Workspace ONE Access using the vRealize Log Insight Ingestion API and parses of the logs by the vRealize Log Insight agent, such as specific log directories, log files, and logging formats. |
None. |
ILA-VRLI-CFG-018 |
Configure the SDDC - Workspace ONE Access and SDDC - Photon OS agent groups in the vRealize Log Insight cluster to include the clustered Workspace ONE Access nodes. |
Provides a standardized configuration that is pushed to the vRealize Log Insight agents for each Workspace ONE Access appliance. Supports collection according to the context of the Workspace ONE Access using the vRealize Log Insight ingestion API and parses of the logs by the vRealize Log Insight agent, such as specific log directories, log files, and logging formats. |
Adds minimal load to the vRealize Log Insight cluster. |
ILA-VRLI-CFG-019 |
Configure syslog sources and vRealize Log Insight agents to send log data directly to the virtual IP (VIP) address of the vRealize Log Insight integrated load balancer (ILB). |
|
|
ILA-VRLI-CFG-020 |
Configure all vCenter Server instances as direct syslog sources to send log data directly to vRealize Log Insight in their corresponding VMware Cloud Foundation instance. |
Simplifies configuration for log sources that are syslog-capable. The configuration is performed by SDDC Manager |
|
ILA-VRLI-CFG-021 |
Configure the vRealize Log Insight agent on the SDDC Manager appliance in each VMware Cloud Foundation instance to forward logs to the local vRealize Log Insight instance. |
Ensures relevant logs are sent to vRealize Log Insight from SDDC Manager. The integration is performed automatically by SDDC Manager. |
None. |
ILA-VRLI-CFG-022 |
Configure the vRealize Log Insight agent on the vRealize Suite Lifecycle Manager appliance to forward logs to vRealize Log Insight in its corresponding VMware Cloud Foundation instance. |
Simplifies configuration of log sources in the SDDC that are pre-packaged with the vRealize Log Insight agent. The integration is performed automatically by SDDC Manager. |
None. |
ILA-VRLI-CFG-023 |
Configure the NSX-T Data Center components as direct syslog sources for vRealize Log Insight in their corresponding VMware Cloud Foundation instance, including:
|
Simplifies configuration of log sources in the SDDC that are syslog-capable. NSX Manager instances are configured by SDDC Manager. |
|
ILA-VRLI-CFG-024 |
Communicate with the syslog clients, such as ESXi, vCenter Server, NSX-T Data Center, using the TCP protocol. |
Using the TCP syslog protocol ensures reliability and supports retry mechanisms. TCP syslog traffic is secure and more consistent with RFC 5424. |
|
ILA-VRLI-CFG-025 |
Do not configure vRealize Log Insight to automatically update all deployed agents. |
Manually install updated versions of the vRealize Log Insight agents for each of the specified components in the SDDC for precise maintenance. |
You must maintain manually the vRealize Log Insight agents on each of the SDDC components. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-CFG-026 |
In an environment with multiple VMware Cloud Foundation instances, forward log events to the other instance by using the Ingestion API. |
Supports the following operations:
In the event of a cross-instance outage, the administrator has access to all logs from the two VMware Cloud Foundation instances although one of the instances is offline. |
|
ILA-VRLI-CFG-027 |
In an environment with multiple VMware Cloud Foundation instances, configure log forwarding to use SSL on port 9543. |
Ensures that the log forward operations between instances are secure. |
|
Information Security and Access Design
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-SEC-001 |
Activate vRealize Log Insight integration with your corporate identity source by using the the standalone Workspace ONE Access instance. |
Allows authentication, including multi-factor, to vRealize Log Insight using your corporate identity source. Allows authorization through the assignment of roles to enterprise users and groups defined in your corporate identity source. |
You must deploy and configure the instance of Workspace ONE Access to establish the integration between vRealize Log Insight and your corporate identity sources. |
ILA-VRLI-SEC-002 |
Create a security group in your corporate directory services for vRealize Log Insight administrators, synchronize the group in Workspace ONE Access, and assign the Super Admin role to the group. |
Streamlines the management of vRealize Log Insight roles for users. Provides the following access control features:
|
You must create the security group outside of the SDDC stack. You must maintain the life cycle and availability of the security group outside of the SDDC stack. |
ILA-VRLI-SEC-003 |
Create a security group in your corporate directory services for vRealize Log Insight users, synchronize the group in Workspace ONE Access, and assign the User role to the group. |
Streamlines the management of vRealize Log Insight roles for users. Provides the following access control features:
|
You must create the security group outside of the SDDC stack. You must maintain the life cycle and availability of the security group outside of the SDDC stack. |
ILA-VRLI-SEC-004 |
Create a security group in your corporate directory services for vRealize Log Insight viewers, synchronize the group in Workspace ONE Access, and assign the View Only Admin role to the group. |
Streamlines the management of vRealize Log Insight roles for users. Provides the following access control features:
|
|
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-SEC-005 |
Configure the password expiration policy for the vRealize Log Insight appliance. |
|
You can manage the password expiration policy on the vRealize Log Insight appliance by using the virtual appliance console or ssh client. |
ILA-VRLI-SEC-006 |
Configure the password complexity policy for the vRealize Log Insight appliance. |
|
You can manage the password complexity policy on the vRealize Log Insight appliance by using the virtual appliance console or a Secure Shell (SSH) client. |
ILA-VRLI-SEC-007 |
Configure the account lockout policy for the vRealize Log Insight appliance. |
|
You can manage the account lockout policy on the vRealize Log Insight appliance by using the virtual appliance console or a Secure Shell (SSH) client. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-SEC-008 |
Change the vRealize Log Insight root password on a recurring or event-initiated schedule by using the SDDC Manager user interface or API. |
|
By using SDDC Manager, you manage the password change or automated password rotation schedule for the vRealize Log Insight root account in accordance with your organizational policies and regulatory standards. |
ILA-VRLI-SEC-009 |
Change the vRealize Log Insight admin account password on a recurring or event-initiated schedule by using the SDDC Manager UI or API. |
When vRealize Log Insight is deployed into a VMware Cloud Foundation environment in vRealize Suite Lifecycle Manager, the admin password is managed from the SDDC Manager user interface or API, not vRealize Suite Lifecycle Manager. |
You must routinely perform the password change for the admin account by using the SDDC Manager UI or API. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-SEC-010 |
Use a CA-signed certificate containing the vRealize Log Insight cluster node FQDNs, and the ILB FQDN in the SAN attributes, when deploying vRealize Log Insight in each VMware Cloud Foundation instance. |
Configuring a CA-signed certificate ensures that the communication to the externally facing UI and API for vRealize Log Insight, and cross-product, is encrypted. |
Using CA-signed certificates from a certificate authority might increase the deployment preparation time as certificate requests are generated and delivered. |
ILA-VRLI-SEC-011 |
Use a SHA-2 or higher algorithm when signing certificates. |
The SHA-1 algorithm is considered less secure and has been deprecated. |
Not all certificate authorities support SHA-2. |
Solution Interoperability Design
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-MON-001 |
Forward alerts to vRealize Operations Manager. |
Provides monitoring and alerting information that is pushed from vRealize Log Insight to vRealize Operations Manager for centralized administration. |
None. |
ILA-VRLI-MON-002 |
Support launch in context with vRealize Operations Manager. |
Provides access to vRealize Log Insight for context-based monitoring of an object in vRealize Operations Manager. |
You can register only one vRealize Log Insight cluster with vRealize Operations Manager for launch in context at a time. |
ILA-VRLI-MON-003 |
Configure the vRealize Log Insight integration in vRealize Operations Manager. |
|
You can register only one vRealize Log Insight cluster with vRealize Operations Manager at a time. You must manage the password life cycle of this endpoint. |
ILA-VRLI-MON-004 |
Configure the vRealize Log Insight adapter to use the remote collector group. |
|
None. |
ILA-VRLI-MON-005 |
Add a Ping adapter for the vRealize Log Insight cluster. |
Provides metrics on the availability of the vRealize Log Insight cluster. |
You must add the adapter instances manually. |
ILA-VRLI-MON-006 |
Configure the Ping adapter to use the remote collector group. |
|
None. |
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
ILA-VRLI-MON-007 |
In vRealize Operations Manager, add an application-to-application service account, for vRealize Log Insight Integration. Assign this user the default Administrator role. |
Establishes integration between vRealize Log Insight and vRealize Operations Manager. |
You must maintain the life cycle and availability of the service account outside of the SDDC stack. |
ILA-VRLI-MON-008 |
Activate vRealize Operations Manager integration in vRealize Log Insight using the vRealize Operations Manager service account. |
Integrating vRealize Log Insight alerts with vRealize Operations Manager allows you to view all information about your environment in a single user interface. |
|