The vCenter Server design for RAN includes the design for all the vCenter Server instances. For this design, determine the number of instances, their sizes, networking configuration, vSphere cluster layout, redundancy, and security configuration.

vCenter Server is deployed at Regional Data Center and it manages all the Cell Site hosts. So, it is critical to design vCenter appropriately before onboarding the Cell Site hosts and RAN applications.

A vCenter Server deployment can consist of two or more vCenter Server instances according to the scale, number of VMs, and continuity requirements for your environment.

You must protect the vCenter Server system as it is the central point of management and monitoring. You can protect vCenter Server according to the maximum downtime tolerated. Use the following methods to protect the vCenter Server instances:

  • Automated protection using vSphere HA

  • Automated protection using vCenter Server HA

vCenter Server Sizing

You can size the resources and storage for the Management vCenter Server Appliance and the Compute vCenter Server Appliance according to the expected number of Hosts and VMs in the environment.

Table 1. Recommended Sizing for the Management vCenter Server



Appliance Size

Small (up to 100 hosts or 1000 VMs)

Number of vCPUs



19 GB

Disk Space

528 GB

The following table lists different deployment sizes for Compute vCenter Server. Choose the appropriate size based on your scaling requirements such as the number of Cell Site hosts or workloads.
Table 2. Deployment Sizes for Compute vCenter Servers

Deployment Size



Deploys an appliance with 2 vCPUs and 12 GB of memory.

Suitable for environments with up to 10 hosts or 100 VMs


Deploys an appliance with 4 CPUs and 19 GB of memory.

Suitable for environments with up to 100 hosts or 1,000 VMs


Deploys an appliance with 8 CPUs and 24 GB of memory.

Suitable for environments with up to 400 hosts or 4,000 VMs


Deploys an appliance with 16 CPUs and 37 GB of memory.

Suitable for environments with up to 1,000 hosts or 10,000 VMs


Deploys an appliance with 24 CPUs and 56 GB of memory.

Suitable for environments with up to 2,500 hosts or 45,000 VMs

For more information, see the VMware vSphere documentation.

Ensure that the Compute vCenter Server is dedicated to your Cell Site hosts and RAN applications.

TLS Certificates in vCenter Server

By default, vSphere uses TLS/SSL certificates that are signed by VMware Certificate Authority (VMCA). These certificates are not trusted by end-user devices or browsers.

As a security best practice, replace at least all user-facing certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).

Recommended vCenter Server Design

Design Decision

Design Justification

Design Implication

Deploy two vCenter Server systems

  • One vCenter Server supports the management workloads.

  • Another vCenter Server supports the compute workloads.

  • Isolates vCenter Server failures to management or compute workloads.

  • Isolates vCenter Server operations between management and compute workloads.

  • Supports a scalable vSphere cluster design where you might reuse the management components as more compute workload domains are added.

  • Simplifies capacity planning for compute workloads because you do not consider management workloads for the Compute vCenter Server.

  • Improves the ability to upgrade the vSphere environment and related components by the separation of maintenance windows.

  • Supports separation of roles and responsibilities to ensure that only administrators with proper authorization can attend to the management workloads.

  • Facilitates quicker troubleshooting and problem resolution.

Requires licenses for each vCenter Server instance.

Protect all vCenter Servers by using vSphere HA.

Supports the availability objectives for vCenter Server without the required manual intervention during a failure event.

vCenter Server becomes unavailable during the vSphere HA failover.

Replace the vCenter Server machine certificate with a certificate signed by a third-party Public Key Infrastructure.

  • Infrastructure administrators connect to the vCenter Server instances using a Web browser to perform configuration, management, and troubleshooting.

  • The default certificate results in certificate warning messages.

Replacing and managing certificates is an operational overhead.

Use an SHA-2 or higher algorithm when signing certificates.

The SHA-1 algorithm is considered less secure and is deprecated.

Not all certificate authorities support SHA-2.


In the Telco Cloud Platform RAN solution design, both the management vCenter and Compute vCenter are deployed at Regional Data Center. Compute vCenter manages all the Cell Site hosts.