You provide isolation of the vRealize Operations Manager nodes by placing them in several network segments. This networking design also supports public access to the analytics cluster nodes.

Figure 1. Networking Design of vRealize Operations Manager at the Remote office and Branch Office Site

Application Virtual Network Design for vRealize Operations Manager

The vRealize Operations Manager analytics cluster is installed in the cross-region shared application virtual network and the remote collector nodes are installed in their region-specific shared application virtual networks.

The vRealize Operations Manager remote collector nodes are installed in their ROBO-specific application virtual network.

This networking design has the following features:

  • The analytics nodes of vRealize Operations Manager are on the same network because they can be failed over between regions after scaling out to a multi-region design. vRealize Automation and vRealize Business also share this network.

  • All nodes have routed access to the vSphere management network through the NSX Universal Distributed Logical Router.

  • Routing to the vSphere management network and other external networks is dynamic and is based on the Border Gateway Protocol (BGP).

  • All nodes have routed access to the vSphere management network through the NSX Distributed Logical Router.

For more information about the networking configuration of the application virtual network, see Virtualization Network Design in ROBO and NSX Design in ROBO.

Table 1. Design Decisions on the Application Virtual Network for vRealize Operations Manager

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-MON-005

Use the existing ROBO-specific, management application virtual network for the vRealize Operations Manager Remote Collectors.

Ensures collections of metrics locally per region in the event of a network outage. Additionally, it co-localizes metric collection to the per-ROBO SDDC applications using the virtual networks.

You must use an implementation in NSX to support this network configuration.

IP Subnets for vRealize Operations Manager

You can allocate the following example subnets for each cluster in the vRealize Operations Manager deployment.

Table 2. IP Subnets in the Application Virtual Network of vRealize Operations Manager

vRealize Operations Manager Cluster Type

IP Subnet

Analytics cluster in Region A

192.168.11.0/24

Remote collectors in ROBO NYC01

172.18.19.0/24

Remote collectors in ROBO Next

172.19.19.0/24

Table 3. Design Decision on the IP Subnets for vRealize Operations Manager

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-MON-006

Allocate separate subnets for each application virtual network.

Placing the remote collectors in the management VXLAN in the ROBO enables all management applications to be on the same IP subnet.

None.

FQDNs for vRealize Operations Manager

The FQDNs of the vRealize Operations Manager nodes follow a certain domain name resolution:

  • The IP addresses of the analytics cluster node and a load balancer virtual IP address (VIP) are associated with names whose suffix is set to the root domain rainpole.local.

    From the public network, users access vRealize Operations Manager using the VIP address, the traffic to which is handled by an NSX Edge services gateway providing the load balancer function.

  • Name resolution for the IP addresses of the remote collector group nodes uses a region-specific suffix, for example, sfo01.rainpole.local.

  • The IP addresses of the remote collector group nodes are associated with names whose suffix is set to the region-specific domain, for example, sfo01.rainpole.local .

  • Name resolution for the IP addresses of the remote collector group nodes uses a root domain suffix, for example, rainpole.local

  • The IP addresses of the remote collector group nodes are associated with names whose suffix is set to the root domain, for example, rainpole.local

Table 4. FQDNs for the vRealize Operations Manager Nodes

FQDN

Node Type

Region

nyc01vropsc01a.rainpole.local

First remote collector node

ROBO NYC01

nyc01vropsc01b.rainpole.local

Second remote collector node

ROBO NYC01

Next01vropsc01a.rainpole.local

First remote collector node

ROBO Next

Next01vropsc01b.rainpole.local

Second remote collector node

ROBO Next

Table 5. Design Decision on the DNS Names for vRealize Operations Manager

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-MON-007

Configure forward and reverse DNS records for all vRealize Operations Remote Collectors deployed per ROBO

All nodes are accessible by using fully qualified domain names instead of by using IP addresses only.

You must manually provide DNS records for all vRealize Operations Manager remote collectors accessible within the Hub as well as the ROBO.

Networking for Failover and Load Balancing

By default, vRealize Operations Manager does not provide a solution for load-balanced UI user sessions across nodes in the cluster. You associate vRealize Operations Manager with the shared load balancer in the region.

The lack of load balancing for user sessions results in the following limitations:

  • Users must know the URL of each node to access the UI. As a result, a single node might be overloaded if all users access it at the same time.

  • Each node supports up to four simultaneous user sessions.

  • Taking a node offline for maintenance might cause an outage. Users cannot access the UI of the node when the node is offline.

To avoid such problems, place the analytics cluster behind the NSX load balancer located in the Mgmt-xRegion01-VXLAN application virtual network. This load balancer is configured to allow up to four connections per node. The load balancer must distribute the load evenly to all cluster nodes. In addition, configure the load balancer to redirect service requests from the UI on port 80 to port 443.

Load balancing for the remote collector nodes is not required.

Table 6. Design Decisions on Networking Failover and Load Balancing for vRealize Operations Manager

Decision ID

Design Decision

Design Justification

Design Implication

ROBO-OPS-MON-008

Do not use a load balancer for the remote collector nodes.

  • Remote collector nodes must directly access the systems that they are monitoring.

  • Remote collector nodes do not require access to and from the public network.

None.