Deploy and configure the shared edge and compute cluster components. Procedure Deploy the Compute vCenter Server Instance for the Shared Edge and Compute Cluster To manage and configure the ESXi hosts in the additional workload domain and to provision tenant workloads from a centralized node, you must install and configure vCenter Server on the management cluster of Region A. You connect this vCenter Server instance to the Platform Services Controller pair that is available in the region to take advantage of the high availability of and to join the single vCenter Single Sign-on domain configured on the pair. Replace the Certificate of the Compute vCenter Server To establish a trusted connection to the other SDDC management components, you replace the default SSL certificate on the vCenter Server instance in the workload domain with a custom certificate that is signed by the certificate authority (CA) on the parent Active Directory (AD) server. Set the SDDC Deployment Details on the Compute vCenter Server Update the identity of your SDDC deployment on the Compute vCenter Server in the workload domain. You can use this identity as a label in tools for automated SDDC deployment. Add vSphere Licenses and Assign a License to the Compute vCenter ServerAssign a license key to the Compute vCenter Server for the workload domain to use its features in production. If the capacity of the licenses for vCenter Server and ESXi is insufficient to license the new instances, add new licenses to the inventory of the License Service. Add the Compute vCenter Server to the Virtual Machine Group for vCenter Server The Compute vCenter Server for the workload domain must be a member of the virtual machine group so that it is powered on, in a group with the other vCenter Server instances, after the Platform Services Controller pair. In this way, the services of the Platform Services Controller nodes are available to the Compute vCenter Server after a vSphere HA migration occurs. Exclude the Compute vCenter Server from the Distributed FirewallTo allow network access to the Compute vCenter Server for the workload domain, exclude it from all distributed firewall rules. Configure the Shared Edge and Compute Cluster After you deploy the Compute vCenter Server, you must create and configure the shared edge and compute cluster for high availability of and resource usage policy for virtual machines, and for central user management using Active Directory. Create a vSphere Distributed Switch for the Shared Edge and Compute Cluster After you add all ESXi hosts in the workload domain to the cluster, you can create the vSphere Distributed Switch for the system traffic. This switch handles traffic until you migrate the hosts to the N-VDS instance for the cluster. Enable vSphere HA on the Shared Edge and Compute ClustervSphere High Availability protects virtual machines hardware and operating system outages. Configure SSH, NTP, and Advanced Options on the First ESXi Host in the Shared Edge and Compute Cluster Time synchronization issues can result in serious problems with your environment. Configure the Network Time Protocol (NTP) settings on each of your ESXi hosts in the shared edge and compute clusters. To achieve greater levels of security, change the default ESX Admins group and remove a known administrative access point. Configure Syslog on the Shared Edge and Compute ClusterTo maintain centralized logging, enable the syslog service on the ESXi hosts in the shared edge and compute cluster . The syslog service provides a standard mechanism for logging messages from the VMkernel and other system components. Create and Apply the Host Profile for the Shared Edge and Compute Cluster Host Profiles maintain configuration consistency and correctness across your shared edge and compute cluster. Use the UMDS Shared Repository as the Download Source in Update ManagerConfigure Update Manager to use the vSphere Update Manager Download Service (UMDS) shared repository as a centralized source for downloading ESXi patches, extensions, and notifications.
