In both regions, the vRealize Log Insight instances are connected to the region-specific management VXLANs Mgmt-RegionA01-VXLAN and Mgmt-RegionB01-VXLAN. Each vRealize Log Insight instance is deployed within the shared management application isolated network.

Figure 1. Networking Design for the vRealize Log Insight Deployment


In the SDDC, vRealize Log Insight nodes reside in the virtual network that is dedicated to the local region.

Application Network Design

This networking design has the following features:

  • All nodes have routed access to the vSphere management network through the Management NSX universal distributed logical router (UDLR) for the home region.

  • Routing to the vSphere management network and the external network is dynamic, and is based on the Border Gateway Protocol (BGP).

For more information about the networking configuration of the application virtual networks for vRealize Log Insight, see Application Virtual Network and Virtual Network Design Example.

Table 1. Networking for vRealize Log Insight Design Decision

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-004

Deploy vRealize Log Insight on the region-specific application virtual networks.

  • Ensures centralized access to log data per region if a cross-region network outage occurs.

  • Co-locates log collection to the region-local SDDC applications using the region-specific application virtual networks.

  • Provides a consistent deployment model for management applications.

  • Interruption in the cross-region network can impact event forwarding between the vRealize Log Insight clusters and cause gaps in log data.

  • You must use NSX to support this network configuration.

IP Subnets for vRealize Log Insight

You can allocate the following example subnets to the vRealize Log Insight deployment.

Table 2. IP Subnets in the Application Isolated Networks of vRealize Log Insight

vRealize Log Insight Cluster

IP Subnet

Region A

192.168.31.0/24

Region B

192.168.32.0/24

DNS Names for vRealize Log Insight

vRealize Log Insight node name resolution, including the load balancer virtual IP addresses (VIPs), uses a region-specific suffix, such as sfo01.rainpole.local or lax01.rainpole.local. The Log Insight components in both regions have the following node names.

Table 3. DNS Names of the vRealize Log Insight Nodes

DNS Name

Role

Region

sfo01vrli01.sfo01.rainpole.local

Log Insight ILB VIP

Region A

sfo01vrli01a.sfo01.rainpole.local

Master node

Region A

sfo01vrli01b.sfo01.rainpole.local

Worker node

Region A

sfo01vrli01c.sfo01.rainpole.local

Worker node

Region A

sfo01vrli01x.sfo01.rainpole.local

Additional worker nodes (not deployed)

Region A

lax01vrli01.lax01.rainpole.local

Log Insight ILB VIP

Region B

lax01vrli01a.lax01.rainpole.local

Master node

Region B

lax01vrli01b.lax01.rainpole.local

Worker node

Region B

lax01vrli01c.lax01.rainpole.local

Worker node

Region B

lax01vrli01x.lax01.rainpole.local

Additional worker nodes (not deployed)

Region B

Table 4. Design Decisions about DNS Names for vRealize Log Insight

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-LOG-005

Configure forward and reverse DNS records for all vRealize Log Insight nodes and VIPs.

All nodes are accessible by using fully-qualified domain names instead of by using IP addresses only.

You must manually provide a DNS record for each node and VIP.

SDDC-OPS-LOG-006

For all applications that fail over between regions (such as vRealize Automation and vRealize Operations Manager), use the FQDN of the vRealize Log Insight Region A VIP when you configure logging.

Support logging when not all management applications are failed over to Region B. For example, only one application is moved to Region B.

If vRealize Automation and vRealize Operations Manager are failed over to Region B and the vRealize Log Insight cluster is no longer available in Region A, update the A record on the child DNS server to point to the vRealize Log Insight cluster in Region B.