According to the SDDC implementation type, a VMware Validated Design has a number of objectives to deliver prescriptive content about an SDDC that is fast to deploy and is suitable for use in production.
| VMware Validated Design Objective | Description |
|---|---|
| Main objective | SDDC capable of automated provisioning of workloads |
| Scope of deployment | Greenfield and brownfield deployment of the SDDC management components |
| Cloud type | Private cloud |
| Number of regions and disaster recovery support | Dual-region SDDC that supports disaster recovery The documentation provides guidance for a deployment that supports two regions for failover in the following way:
|
| Maximum number of virtual machines |
Churn rate is related to provisioning, power cycle operations, and decommissioning of one tenant virtual machine by using a blueprint in the cloud management platform. A churn rate of 100 means that 100 tenant workloads are provisioned, pass the power cycle operations, and are deleted. |
| Number of workload domains in a region | Two-domain setup, with minimum 4 VMware ESXi™ hosts in a domain The validated design requires the following workload domains for SDDC deployment:
|
| Data center virtualization |
|
| Scope of guidance |
|
| Overall availability | 99% availability Planned downtime is expected for upgrades, patching, and on-going maintenance. |
| Authentication, authorization, and access control |
|
| Certificate signing | Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate authority layers. |
| Hardening | Tenant workload traffic can be separated from the management traffic. The design uses a distributed firewall to protect all management applications. To secure the SDDC, only other management solutions and approved administration IP addresses can directly communicate with individual components. |
| VMware Validated Design Objective | Description |
|---|---|
| Main objective | SDDC capable of automated provisioning of workloads |
| Scope of deployment | Greenfield deployment of the SDDC management components |
| Cloud type | Private cloud |
| Number of regions and disaster recovery support | Single-region SDDC that you can scale out to dual-region. |
| Maximum number of virtual machines |
|
| Number of clusters in a region | 1-cluster setup, with minimum 4 ESXi hosts in the cluster The 1-cluster validated design includes a consolidated virtual infrastructure layer for management, edge and compute components. |
| Data center virtualization |
|
| Scope of guidance |
|
| Overall availability | 95% availability Planned downtime is expected for upgrades, patching, and on-going maintenance. |
| Authentication, authorization, and access control |
|
| Certificate signing | Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate authority layers. |
| Hardening | Tenant workload traffic can be separated from the management traffic. The design uses a distributed firewall to protect all management applications. To secure the SDDC, only other management solutions and approved administration IP addresses can directly communicate with individual components. |
| VMware Validated Design Objective | Description |
|---|---|
| Main objective | SDDC capable of automated provisioning of workloads |
| Scope of deployment | Greenfield deployment of the SDDC management components |
| Cloud type | Private cloud |
| Maximum number of remote regions | 10 |
| Maximum number of virtual machines |
|
| Number of workload domains in a remote region | Single-domain, with minimum 4 hosts in the cluster The single-domain region includes a consolidated virtual infrastructure layer for management, edge and compute components. |
| WAN capacity | 10 Mbps, latency up to 100 ms |
| Data center virtualization |
|
| Scope of guidance |
|
| Overall availability | 95% availability Planned downtime is expected for upgrades, patching, and on-going maintenance. |
| Authentication, authorization, and access control |
|
| Certificate signing | Certificates are signed by an external certificate authority (CA) that consists of a root and intermediate authority layers. |
| Hardening | The design uses a distributed firewall to protect all management applications. To secure the SDDC, only other management solutions and approved administration IP addresses can directly communicate with individual components. |