А Remote Office and Branch Office (ROBO) SDDC supports two deployment models. In the centralized model, you manage the ROBO sites from a central hub. In the decentralized model, you manage each ROBO site locally. To comply with the VMware Validated Design objectives, implement the decentralized model.

A ROBO location can be a storefront (point of sale), manufacturing facility, medical office, or other IT infrastructure located in a remote, distributed site. Although these locations are important to your organization, they usually run up to 100 tenant virtual machines. Because of the critical nature of the workloads, dependencies on a Wide Area Network (WAN) connection must be limited. You reduce the impact on the workloads if a WAN outage occurs.

Before You Implement a ROBO SDDC

You must first deploy the components of the Standard SDDC according to VMware Validated Design for Software-Defined Data Center in a one or two regions. A ROBO SDDC uses the provisioning and monitoring components from the Standard SDDC. In this VMware Validated Design, the decentralized management approach is used.

See Architecture and Design, Planning and Preparation, Deployment for Region A, and Deployment in Region B in the VMware Validated Design documentation.

  • Single or dual-region environment

    • ESXi

    • Platform Services Controller pair and Management vCenter Server

    • NSX for vSphere

    • vRealize Lifecycle Manager

    • vSphere Update Manager

    • vRealize Operations Manager

    • vRealize Log Insight

    • vRealize Automation with embedded vRealize Orchestrator

    • vRealize Business

  • Dual-region environment

    • vSphere Replication

    • Site Recovery Manager

Centralized Model

In the centralized model, all management, provisioning, and monitoring components are located in a region deployed as part of the Standard SDDC. You locate only the ESXi hosts in the ROBO.

Figure 1. Centralized Management for Remote Office and Branch Office

Centralized Management for ROBO

The centralized model has the following considerations:

Table 1. Advantages and Disadvantages of Centralized Management for ROBO




  • Single pane of glass management

  • Centralized lifecycle management operations, such as patching and upgrading

  • Smaller footprint of management virtual machines

  • Rapid site deployment with reduced complexity


  • Large fault domain.

  • Patching and upgrading involves coordinating downtime windows for management components in all locations.

  • Patching and upgrading is a higher risk operation because of the large fault domain.

  • WAN outage can leave the ROBO ESXi hosts disconnected. Virtual machine workloads continue to run but you can manage them only locally by using the vSphere Host Client or API/CLI. The outage prevents from provisioning workloads by using vCenter Server or CMP.

    Although NSX management changes are impossible too, the network data plane continues working.

  • You are unable to add support for local disaster recovery.

Decentralized Model

In the decentralized model, you deploy locally the core management components, such as vCenter Server and NSX Manager. Each ROBO site also runs a local vRealize Log Insight instance for site-specific logging. In this way, you can manage each ROBO site separately. In the same time, you can use the centralized provisioning and monitoring capabilities of the Standard SDDC.

Figure 2. Decentralized Management for Remote Office and Branch Office

Decentralized Management for ROBO

The decentralized model has the following considerations:

Table 2. Advantages and Disadvantages of Decentralized Management




  • A WAN outage does not impact local management or backup operations.

  • Patching and upgrades is safer because of the smaller fault domains.

  • Log data is available locally for troubleshooting even if the WAN connection is lost.

  • You can use the central provisioning of workloads.

  • Because you forward log data to the centralized vRealize Log Insight infrastructure, you have a single pane of glass for logs across all ROBO sites.

  • You use the central vRealize Operations Manager instance for event, alert, and performance monitoring.

  • Because the remote collectors for vRealize Operations Manager are running in the ROBO site, data collection continues even during a WAN outage.

  • You can add local disaster recovery.


  • No single pane of glass for vSphere and NSX management.

  • Larger footprint of management virtual machines.

  • Increased product licensing cost because of product deployment on each ROBO.

  • More management components to patch and upgrade.

  • More complex design to deploy and operate.