check-circle-line exclamation-circle-line close-line

VMware Validated Design 6.0 | 14 APR 2020

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

About VMware Validated Design 6.0

VMware Validated Design provides a set of prescriptive documents that explain how to plan, deploy, and configure a Software-Defined Data Center (SDDC). The architecture, the detailed design, and the deployment guides provide instructions about configuring a dual-region SDDC.

VMware Validated Design is tested by VMware to ensure that all components and their individual versions work together, scale, and perform as expected. Unlike Reference Architectures which focus on an individual product or purpose, a VMware Validated Design is a holistic approach to design, encompassing many products in a full stack for a broad set of use case scenarios in an SDDC.

This VMware Validated Design supports a number of use cases, and is optimized for integration, expansion, Day-2 operations, as well as future upgrades and updates. As new products are introduced, and new versions of existing products are released, VMware continues to qualify the cross-compatibility and upgrade paths of VMware Validated Design. Designing with a VMware Validated Design ensures that future upgrade and expansion options are available and supported.

VMware Software Components in the Validated Design

VMware Validated Design 6.0 is based on a set of individual VMware products with different versions that are available in a common downloadable package.

The products included in VMware Validated Designs participate in the VMware's Customer Experience Improvement Program ("CEIP"). Join the CEIP because this program provides us with information used to improve VMware products and services, fix problems, and advise you on how best to deploy and use our products.

Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. To join or leave the CEIP for the products that are part of VMware Validated Design, see the documentation for each product.

Before you deploy or upgrade the SDDC, review the release notes of the software components that are used in this validated design.

VMware Software Components in VMware Validated Design 6.0
Product Group and Edition Product Name Product Version Release Notes
New VMware Cloud Foundation Enterprise VMware Cloud Foundation 4.0 VMware Cloud Foundation 4.0 Release Notes
VMware vSphere Enterprise Plus ESXi * 7.0 VMware vSphere 7.0 Release Notes
vCenter Server  * 7.0
VMware vSAN Standard or higher vSAN * 7.0 VMware vSAN 7.0 Release Notes
vSAN Witness Appliance * 7.0

Download the appliance OVA file from its location on My VMware.

New VMware NSX Data Center Advanced or higher NSX-T Data Center 3.0 VMware NSX-T Data Center 3.0 Release Notes
New VMware Workspace ONE Access VMware Workspace ONE Access 3.3.2 VMware Identity Manager 3.3.2 Release Notes
VMware vRealize Suite Lifecycle Manager vRealize Suite Lifecycle Manager * 8.1 VMware vRealize Suite Lifecycle Manager 8.1 Release Notes
VMware vRealize Operations Manager Advanced or higher vRealize Operations Manager * 8.1 vRealize Operations Manager 8.1 Release Notes
New vRealize Operations Management Pack for VMware Identity Manager 1.1 VMware vRealize Operations Management Pack for VMware Identity Manager 1.1 Release Notes
vRealize Operations Management Pack for Storage Devices * 8.0 VMware vRealize Operations Management Pack for Storage Devices 8.0 Release Notes
VMware vRealize Log Insight vRealize Log Insight * 8.1 vRealize Log Insight 8.1 Release Notes
New vRealize Log Insight Content Pack for NSX-T 3.8.2  
Realize Log Insight Content Pack for Linux 2.1
New vRealize Log Insight Content Pack for Linux  - Systemd 1.0
VMware vRealize Automation Advanced or higher vRealize Automation * 8.1 vRealize Automation 8.1 Release Notes

 

* Updated from the earlier release of VMware Validated Design

VMware makes available patches and releases to address critical security and functional issues for several products. Verify that you are using the latest security and express patches or hotfixes for a given component after deploying VMware Validated Design. Scalability and functionally tests for individual patches, express patches, or hotfixes are not typically performed against VMware Validated Design. If a patch must be applied to your environment, follow the VMware published practices and VMware Knowledge Base articles for the specific patch. If an issue occurs during or after the process of applying a patch, contact VMware Technical Support. If after applying a patch, the new product version no longer adheres to the bill of materials, or interrupts the upgrade to the next published version of the design, you must continue to follow the upgrade path to a version of the design that includes this product version.

VMware Solution Exchange and in-product marketplace store only the latest versions of the management packs for vRealize Operations Manager and the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available at the time this VMware Validated Design was validated. When you deploy the VMware Validated Design components, it is possible that the version of a management or content pack on VMware Solution Exchange and in-product marketplace is newer than the one used for this release.

For information on the lifecycle of the VMware software components in this VMware Validated Design, see Lifecycle of the VMware Software Components.

What's New

VMware Validated Design 6.0 provides a list of new features:

  • Updated Bill of Materials that incorporates new product versions
  • VMware Validated Design alignment with VMware Cloud Foundation

    Starting with this release, VMware Validated Design includes VMware Cloud Foundation as a key component of the Bill of Materials, delivering a single aligned architecture. VMware Validated Design uses the VMware Cloud Builder workflow for VMware Cloud Foundation and SDDC Manager throughout the deployment and operational guidance, extending VMware Cloud Foundation deployments with additional capabilities.

  • Planning and Preparation Workbook as a dynamic preparation checklist and environment map

    Use the Planning and Preparation Workbook to collate the information that is required to complete the prerequisites for implementing a Software-Defined Data Center (SDDC). The workbook is also useful during the deployment phase to bring inputs required for a particular deployment into one worksheet.

    The static Planning and Preparation guidance in earlier releases has been replaced by a workbook where you can map your own values to those included in documented examples. Persona-driven input worksheets are presented based on user chosen deployment options, with supplied values presented in subsequent workflow worksheets to facilitate easier deployment walkthroughs.

  • vRealize Suite 8.1 design and manual deployment guidance

    VMware Validated Design now includes design and manual deployment guidance on using vRealize Suite Lifecycle Manager to deploy Workspace ONE Access, vRealize Automation , vRealize Operations Manager , and vRealize Log Insight. Use this guidance to extend the SDDC capabilities after you deploy the SDDC foundation by using VMware Cloud Foundation.

  • Native support for NSX-T Data Center for the management and workload domains

    The management domain and VI workload domains now use NSX-T Data Center exclusively. This integration improves the overall operational efficiency.

  • vSphere 7.0 with an embedded Platform Services Controller and ring topology across the management and workload domains

    In alignment with the deprecation of vCenter Server with an external Platform Services Controller in vSphere 7.0, VMware Validated Design deploys vCenter Server with an embedded Platform Services Controller. Because upgrade of the Platform Services Controller instances is no longer required, the upgrade process is more efficient, with fewer SDDC nodes requiring management.

  • Role-based access control (RBAC) for NSX-T Data Center and vRealize Suite with Workspace ONE Access

    You can use the RBAC features of Workspace ONE Access to implement identity and access management using an Active Directory domain for NSX-T Data Center and vRealize Suite.

  • New organization of the VMware Validated Design documentation

    The new organization of the VMware Validated Design documentation introduces a modular SDDC deployment flow where you can iteratively extend your SDDC with virtual infrastructure and vRealize Suite solutions.

  • New Operational Verification guidance that also covers VMware Cloud Foundation and Workspace ONE Access.

For more information, see the VMware Validated Design Documentation page.

Internationalization

This VMware Validated Design release is available only in English.

Compatibility

This VMware Validated Design guarantees that product versions in the VMware Validated Design 6.0, and the design chosen, are fully compatible. Any minor known issues that exist are described in this release notes document.

Installation

To install and configure an SDDC according to this validated design, follow the guidance in the VMware Validated Design 6.0 documentation. For product download information, and guides access, see the VMware Validated Design Documentation page.

Life Cycle of the VMware Software Components

This VMware Validated Design version is based on one or more VMware products whose versions eventually reach the End of Support Life (EOSL) stage as described by the VMware Lifecycle Policies.Тhose versions are no longer generally supported by VMware. In such a case, upgrade to a later version by using the upgrade procedures in the VMware Validated Design Upgrade documentation.

If you are using an earlier version in your environment, upgrade your environment according to the following scenarios:

Scenarios for Upgrade from a Version that Has Reached EOSL
Scenario Upgrade Approach
The version of VMware Validated Design that you are using has already entered the EOSL stage but the next VMware Validated Design version is still supported. Apply the VMware Validated Design Upgrade documentation to bring the VMware environment to a fully supported state
The version of VMware Validated Design that you are using and the next version have both already entered the EOSL stage Because the VMware Validated Design Upgrade documentation supports upgrade only from one release to the next one, the transition across multiple releases might be complex. Contact a VMware sales representative to plan and perform a custom upgrade procedure with the assistance of VMware Professional Services.

For more information about current and expired product releases, refer to the VMware Lifecycle Product Matrix

Caveats and Limitations

  • The SDDC configuration in this release includes a single region with two availability zones.
    VMware Validated Design 6.0 has been developed with design objectives that included multi-region and disaster recovery use cases.  At the time of this release, because of architecture limitations in some of the products within the SDDC stack, providing prescriptive guidance that would meet the full set of design objectives for extending a VMware Validated Design deployment to a second region is not possible.
  • Upgrade guidance from VMware Validated Design 5.1.1 to VMware Validated Design 6.0 is not available.
    • The migration coordinator of NSX-T Data Center covers partially the SDDC topology in this design.
    • At the time of publishing this design, a direct migration path from vRealize Automation 7.6 to vRealize Automation 8.1 does not exist.
  • Use of a shared NSX-T Manager cluster for multiple workload domains is not implemented.

    vRealize Automation does not support adding more than one workload domain that shares an NSX-T Data Center instance, for example, many:1:many. You can associate one NSX-T cloud account to only one vCenter Server cloud account.

  • Consolidated SDDC architecture is not available for this release.

  • For best support of vSphere with Kubernetes workload domains, SDDC Manager is configured to apply ESXi patches and updates by using vSphere Lifecycle Manager baselines.

  • To provide a user-friendly object naming across the SDDC, to deploy workload domains, you call the SDDC Manager API with a JSON specification instead of using the SDDC Manager user interface.

  • The rainpole.io top-level domain replaces rainpole.local.

    vSphere with Kubernetes supports limited use of .local as a top-level domain.

  • Мulti-tenancy for vRealize Automation is not enabled.
  • Using the vRealize Log Insight Content Packs for vRealize Automation and vRealize Orchestrator is not part of the design.

    Earlier versions of VMware Validated Design include vRealize Log Insight Content Packs for earlier versions of vRealize Automation and vRealize Orchestrator. At the time of publishing this design, content packs for vRealize Automation 8.1 and vRealize Orchestrator 8.1 are not available.

  • You configure the initial integration of vRealize Automation with virtual infrastructure workloads domain manually instead of using the vCenter Server Quickstart option in vRealize Automation.

    • When adding an NSX-T cloud account, the Quickstart uses the default admin user for NSX-T Manager from the SDDC Manager inventory. You are unable to pass a service account that is managed by Workspace ONE Access because of a design limitation.

    • The QuickStart assumes the use of native virtual machines templates but this design uses the integration with the vSphere Content Library because vSphere Content Library provides native replication and versioning of common virtual machine templates across workload domains.

  • New You enable the vSAN stretched cluster in the management domain and a virtual infrastructure workload domain by using the SDDC Manager API. The names of the distributed port groups for Availability Zone 2 that are created by SDDC Manager derive from the names of the distributed port groups for Availability Zone 1, introducing deviation from the naming convention in this VMware Validated Design.
  • VMware Skyline is not supported. At the time of publishing this design, VMware Skyline is not interoperable with NSX-T Data Center.
  • VMware Site Protection and Recovery and VMware vSphere Replication are not in scope of this release because of the limitations in multi-region support.

New Deployment of the Management Domain with VLAN-Backed Networks

In VMware Validated Design 6.0, you connect Workspace ONE Access and the vRealize Suite products to virtual network segments in NSX-T Data Center. This approach provides support for BGP-based dynamic routing for improved mobility and security of the management applications. As an alternative, you can use VLAN-backed network segments with static routes in NSX-T Data Center. See VMware Knowledge Base article 78608.

Documentation Delivery Log

The VMware Validated Design documentation is published in several iterations. On the release date, the core documents that introduce VMware Validated Design and provide guidance on the SDDC design, planning, and deployment are published live. The remaining documents are released in groups until the entire set is compliant with the Bill of Materials of the VMware Validated Design release.

Log of Delivered VMware Validated Design Documentation
Delivery Date Documentation
25 JUN 2020

The following standalone documentation is added to this validated design:

  • Operations
    • Operational Verification
28 APR 2020

The following deployment guides are extended to support multiple availability zones:

  • Management Domain
    • Deployment of the Management Domain in the First Region
  • Workload Domain
    • Virtual Infrastructure Workload Domain
      • Deployment of a Virtual Infrastructure Workload Domain in the First Region
  • Solutions
    • Cloud Operations and Automation
      • Deployment of Cloud Operations and Automation in the First Region
14 APR 2020
  • Introducing VMware Validated Design
  • Management Domain
    • Architecture and Design for the Management Domain
    • Deployment of the Management Domain in the First Region
  • Workload Domain
    • Virtual Infrastructure Workload Domain
      • Architecture and Design for the Virtual Infrastructure Workload Domain
      • Deployment of the Virtual Infrastructure Workload Domain in the First Region
    • vSphere with Kubernetes Workload Domain
      • Architecture and Design for vSphere with Kubernetes Workload Domain
      • Deployment of the vSphere with Kubernetes Workload Domain in the First Region
  • Solutions
    • Cloud Operations and Automation
      • Architecture and Design for Cloud Operations and Automation
      • Deployment of Cloud Operations and Automation in the First Region

All documentation is available on the VMware Validated Design Documentation page.

Known Issues

The known issues are grouped as follows.

VMware Cloud Foundation
  • After you deploy a workload domain in the SDDC, the first cluster in the management domain still contains resource pools

    This design uses the Standard SDDC architecture to separate management from workload resources. Resources pools are used in a Consolidated SDDC architecture to provide sufficient resources to  specific management components, such as NSX-T Edge nodes, during workload contention.

    VMware Cloud Foundation keeps these resource pools in the management domain after you create workload domains.

    Workaround: For each resource pool in the first cluster in the management domain, enable scalable shares, set the CPU and memory share value to Normal and remove the CPU and memory reservations from the resource pool.

NSX-T Data Center
  • For environments that require a higher concurrent number of API sessions from vRealize Automation, workload deployment requests might fail because the maximum number of requests to NSX-T Manager is reached.

    Each member of an NSX-T Manager cluster supports up to 199 concurrent API sessions. An NSX-T Manager cluster assigns the cluster VIP to a single NSX-T Manager node at a given time. Then, all API requests from vRealize Automation are directed to this cluster member from the NSX-T cloud account.

    Workaround:

    1. Provide an external load balancer to distribute API requests across all NSX-T Manager cluster nodes for the workload domain.
    2. For SSL pass-through, update the certificates on the NSX-T Manager cluster with the FQDN of the external load balancer
    3. Connect the NSX-T cloud account to the external load-balancer FQDN for the workload domain NSX-T Manager cluster.
  • New An outage of a top of rack switch in the data center might cause lack of availability of segments and services that are provided by NSX-T Data Center.

    During the failover of a top of rack switch, the TEP communication between the NSX-T components is disrupted causing some segments and services to become unavailable.

    Workaround: To ensure that NSX-T Edge TEP communication fails over to the second top of rack switch in the management or workload domain, modify the teaming policy of the port groups for the uplink traffic of the NSX-T Edge nodes.

    Workload Domain vSphere Distributed Switch Port Group
    Management domain sfo-m01-cl01-vds01 sfo-m01-cl01-vds01-pg-uplink01
    sfo-m01-cl01-vds01-pg-uplink02
    Virtual infrastructure workload domain or vSphere with Kubernetes workload domain sfo-w01-cl01-vds01 sfo-w01-cl01-vds01-pg-uplink01
    sfo-w01-cl01-vds01-pg-uplink02
    1. In a Web browser, log in to vCenter Server by using the vSphere Client.
      Setting Value
      URL https://sfo-m01-vc01.sfo.rainpole.io/ui
      User name administrator@vsphere.local
      Password vsphere_admin_password
    2. In the Networking inventory, expand the sfo-m01-vc01.sfo.rainpole.io > sfo-m01-dc01 > Management Networks > sfo-m01-cl01-vds01 tree.
    3. In the navigation pane, right-click the sfo-m01-cl01-vds01-pg-uplink01 port group and select Edit Settings.
    4. In the sfo-m01-cl01-vds01-pg-uplink01 - Edit Settings dialog box, select Teaming and failover.
    5. Move the uplink from Unused uplinks to Standby uplinks and click OK
    6. Repeat Step 5 and Step 6 for the other port group for edge uplink traffic in the management domain. 
    7. Repeat the procedure for the port groups for edge uplink traffic in the workload domain.