In both regions, the vRealize Log Insight instances are connected to the region-specific management VXLANs Mgmt-RegionA01-VXLAN and Mgmt-RegionB01-VXLAN. Each vRealize Log Insight instance is deployed within the shared management application isolated network.

Figure 1. Networking Design for the vRealize Log Insight Deployment




Application Network Design

This networking design has the following features:

  • All nodes have routed access to the vSphere management network through the Management NSX UDLR for the home region.

  • Routing to the vSphere management network and the external network is dynamic, and is based on the Border Gateway Protocol (BGP).

For more information about the networking configuration of the application isolated networks for vRealize Log Insight, see Application Virtual Network and Virtual Network Design Example.

Table 1. vRealize Log Insight Network Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-004

Deploy vRealize Log Insight on the region-specific application virtual networks.

  • Ensures centralized access to log data per region if a cross-region network outage occurs.

  • Co-located log collection to the region local SDDC applications using the region-specific application virtual networks.

  • Provides a consistent deployment model for management applications.

  • Interruption in the cross-region network can impact event forwarding between the vRealize Log Insight clusters and cause gaps in log data.

  • You must use NSX to support this network configuration.

IP Subnets

You can allocate the following example subnets to the vRealize Log Insight deployment.

Table 2. IP Subnets in the Application Isolated Networks

vRealize Log Insight Cluster

IP Subnet

Region A

192.168.31.0/24

Region B

192.168.32.0/24

vRealize Log Insight DNS Names

vRealize Log Insight node name resolution uses a region-specific suffix, such as sfo01.rainpole.local or lax01.rainpole.local, including the load balancer virtual IP addresses (VIPs). The Log Insight components in both regions have the following node names.

Table 3. DNS Names of the vRealize Log Insight Nodes

DNS Name

Role

Region

vrli-cluster-01.sfo01.rainpole.local

Log Insight ILB VIP

A

vrli-mstr-01.sfo01.rainpole.local

Master node

A

vrli-wrkr-01.sfo01.rainpole.local

Worker node

A

vrli-wrkr-02.sfo01.rainpole.local

Worker node

A

vrli-cluster-51.lax01.rainpole.local

Log Insight ILB VIP

B

vrli-mstr-51.lax01.rainpole.local

Master node

B

vrli-wrkr-51.lax01.rainpole.local

Worker node

B

vrli-wrkr-52.lax01.rainpole.local

Worker node

B

Table 4. DNS Names Design Decisions

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-005

Configure forward and reverse DNS records for all vRealize Log Insight nodes and VIPs.

All nodes are accessible by using fully-qualified domain names instead of by using IP addresses only.

You must manually provide a DNS record for each node and VIP.

SDDC-OPS-LOG-006

For all applications that fail over between regions (such as vRealize Automation and vRealize Operations Manager), use the FQDN of the vRealize Log Insight Region A VIP when you configure logging.

Support logging when not all management applications are failed over to Region B. For example, only one application is moved to Region B.

If vRealize Automation and vRealize Operations Manager are failed over to Region B and the vRealize Log Insight cluster is no longer available in Region A, update the A record on the child DNS server to point to the vRealize Log Insight cluster in Region B.