Deploy and configure the components for both the management cluster and the shared edge and compute cluster. Procedure Prerequisites for Implementation of Platform Services Controllers and vCenter Server Components in Region ABefore you deploy the Platform Services Controllers and vCenter Server components, verify that your environment satisfies the requirements. Deploy the External Platform Services Controllers for the vCenter Server Instances in Region ATwo external Platform Services Controller instances must be deployed in Region A. The first instance is associated with the management cluster and the second with the shared edge and compute cluster. Both instances belong to the same SSO domain for Identity Management. Work through this procedure twice, using the vCenter Server appliance ISO file and the customized data for each instance. Join the Platform Services Controller Instances to Active Directory in Region AAfter you have successfully installed the Platform Services Controller instance, you must add the appliance to your Active Directory domain. After that, add the Active Directory domain as an identity source to vCenter Single Sign-On. Users in the Active Directory domain are then visible to vCenter Single Sign-On and can be assigned permissions to view or manage SDDC components. Replace the Platform Services Controller Certificates in Region ATo establish trusted connection with the other SDDC management components, you replace the default or expiring machine SSL certificate on each Platform Services Controller instance in the region with a custom certificate. The certificate, generated by the CertGenVVD utility, is signed by the certificate authority (CA) available on the parent Active Directory (AD) server . Update the Platform Services Controller SSO Configuration and Endpoints in Region ABefore installing vCenter Server, the Platform Services Controller endpoints must be updated to reflect the name of the load balancer's virtual IP. Deploy the Management vCenter Server Instance in Region AYou can now install the vCenter Server appliance for the management applications and configure licensing and security. Replace the Certificate of the Management vCenter Server in Region ATo establish trusted connection with the other SDDC management components, you replace the machine SSL certificate on each vCenter Server instance in the region with a custom certificate. The certificate, generated by the CertGenVVD utility, is signed by the certificate authority (CA) available on the parent Active Directory (AD) server. Set SDDC Deployment Details on the Management vCenter Server in Region ASet an identity of your SDDC deployment on vCenter Server. You can also use this identity as a label in tools for automated SDDC deployment. Configure the Management Cluster in Region ACreate and configure the vSphere cluster. Create a vSphere Distributed Switch for the Management Cluster in Region AAfter adding all ESXi hosts to the cluster, create a vSphere Distributed Switch to handle the SDDC traffic. You also create port groups to prepare your environment to migrate the Platform Services Controller and vCenter Server instances to the distributed switch. Create vSAN Disk Groups for the Management Cluster in Region AvSAN disk groups must be created on each host that is contributing storage to the vSAN datastore. Enable vSphere HA on the Management Cluster in Region AAfter the vSphere distributed switch has been created and connected with all hosts, enable vSphere High Availability on the cluster. Change Advanced Options on the ESXi Hosts in the Management Cluster in Region AChange the default ESX Admins group to achieve greater levels of security and enable vSAN to provision the Virtual Machine Swap files as thin to conserve space in the vSAN datastore. Mount NFS Storage for the Management Cluster in Region AMount an NFS datastore as a storage location for future backups. Create and Apply the Host Profile for the Management Cluster in Region AHost Profiles ensure that all hosts in the cluster have the same configuration. Set Virtual SAN Policy on Management Virtual Machines in Region AAfter you apply the host profile to all hosts, set the storage policy of the virtual machines to the vSAN Default Storage Policy. Set the Platform Services Controller and vCenter Server appliances to the default vSAN storage policy. Create the VM and Template Folders in Region ACreate folders to group objects of the same type for easier management. Create Anti-Affinity Rules for the Platform Services Controllers in Region AAnti-Affinity rules prevent virtual machines from running on the same host. This helps to maintain redundancy in the event of host failures. Create VM Groups to Define Startup Order in the Management Cluster in Region AYou can define the startup order of virtual machines with VM Groups. Startup orders are used during vSphere HA events such that vSphere HA powers on virtual machines in the correct order. Parent topic: Region A Virtual Infrastructure Implementation Previous topic: Install and Configure ESXi Hosts in Region A Next topic: Deploy and Configure the NSX Instance for the Management Cluster in Region A
