Specific recommendations by infrastructure service are detailed in this section.

• DNS

  • If the AVS private cloud will be isolated from on-premises or other VMware Cloud infrastructure, deploy a new DNS infrastructure with the AVS private cloud.

  • If the AVS private cloud will be connected to on-premises or other VMware Cloud infrastructure, extend the existing DNS infrastructure to AVS.

  • Configure an FQDN zone for the AVS-hosted domain and add it to the default NSX-T DNS service.

• DHCP

  • Use the NSX-T DHCP service or a local DHCP server in the private cloud to avoid routing broadcast DHCP traffic back to the on-premises data center.

• NTP

  • Microsoft maintains time sources for most Azure platform services. For AVS VMs, use a Microsoft default NTP server for time synchronization unless you have a specific requirement.

• Log Aggregation and Monitoring

  • Syslogs for AVS infrastructure components can be archived to a storage account or streamed to an Azure Event Hub.

  • VMware vRealize Operations and VMware Aria Operations for Networks can be used to monitor AVS private clouds. vRealize Log Analytics supports pull logging of events, tasks, and alarms. Syslog pushing of unstructured data from vCenter and ESXi hosts to vRealize Log Insight is not currently supported.

  • Native Azure services including Log Analytics, Microsoft Defender for Cloud, Microsoft Sentinel, and Azure Monitor can be used to monitor AVS components and workloads.

  • Azure Arc can be used to extend native Azure management and monitoring to AVS or on-premises hosted VMs .

• Directory Services

  • Deploy one or more Active Directory Domain Services (AD DS) domain controllers in the AVS private cloud, or in the identity subscription if centralizing functions. If deploying domain controllers as Azure IaaS VMs, follow high availability recommendations.

  • Update Active Directory Sites and Services to direct Azure and Azure VMware Solution AD DS traffic to the appropriate domain controllers.