The design objectives of VMware Validated Design for Micro-Segmentation provide fine-grained details about the scope, performance, hardware, and other critical factors.

Table 1. VMware Validated Design for Micro-Segmentation Objectives

VMware Validated Design for Micro-Segmentation Objective

Description

Main objective

Validated micro-segmentation use case in a single-region design.

Scope of deployment

Clean deployment of the management components.

Cloud type

Private cloud.

Number of regions and disaster recovery support

.

Single-region SDDC that does not support failover.

Maximum number of virtual machines and security constructs

The use case is tested with the following scale parameters.

  • 3,000 running virtual machines

  • 300 security policies

  • 1,200 security groups

  • 300 distributed firewall IP sets

  • 2,000 distributed firewall rules

Number of clusters in a region

Dual-cluster design

The design requires the following clusters for SDDC deployment:

  • Management cluster. Runs the virtual machines of the management products.

  • Shared edge and compute cluster. Runs the tenant workloads (compute) and connects to the NSX for vSphere networks and the external networks (edge).

Data center virtualization

  • Compute virtualization

  • Network virtualization

Scope of guidance

  • Storage, compute and networking for the management cluster

  • Number of hosts, amount of storage and configuration

  • Deployment and initial setup of management components at the infrastructure level

Overall availability

99% availability

Planned downtime is expected for upgrades, patching, and on-going maintenance.

Authentication, authorization, and access control

Use of Microsoft Active Directory as a central user repository.

Users can be allocated NSX roles.

Certificate signing

Certificates are signed by an enterprise-internal or an external certificate authority (CA). No self-signed certificates are used.

Hardening

Tenant workload traffic can be separated from the management traffic.

Interoperability between VVD for SDDC and this use case.

You can grow this use case to the Standard SDDC in Validated Design for the Software-Defined Data Center.