By implementing this design for the SDDC, an IT organization can automate the provisioning of common, repeatable requests for IT services and respond to business needs with agility and predictability. This SDDC design provides an IT solution with features across many areas such as operations management, cloud management, business continuity, and security and compliance.
Figure 1. Architecture Overview of the SDDC Workload Domain


Workload Domain

The workload domain forms an additional building block of the SDDC to the management domain and consists of components from the physical infrastructure, virtual infrastructure, and security and compliance layers. The virtual infrastructure layer controls the access to the underlying physical infrastructure layer, it controls and allocates resources to workloads running in the workload domain. The security and compliance layer provides role-based access controls and integration with the corporate identity provider.
Table 1. Initial Component Configuration of the Workload Domain

Component

Services

ESXi

Virtual infrastructure for running the SDDC management components. See ESXi Detailed Design for a vSphere with Kubernetes Workload Domain.

vCenter Server

Central management and protection of the ESXi hosts and the management appliances running on the hosts. See vCenter Server Design for a vSphere with Kubernetes Workload Domain.

NSX-T

Logical switching, dynamic routing, and load balancing for the SDDC management components. See Software-Defined Networking Design for a vSphere with Kubernetes Workload Domain.

vSAN

Primary software-defined storage for all SDDC management components. See Shared Storage Design for a vSphere with Kubernetes Workload Domain.

vSphere with Kubernetes

Transforms vSphere to a platform for running Kubernetes workloads natively on the hypervisor layer. See vSphere with Kubernetes Detailed Design for a vSphere with Kubernetes Workload Domain

Logical Overview

The SDDC design for vSphere with Kubernetes consists of a single availability zone within a single geographic region. This design has at least one management domain and one or more workload domains. vSphere Clusters must exist within a single availability zone.

Figure 2. vSphere with Kubernetes Logical Overview

Security and Compliance

This design provides role-based access control through the integration of an identity and access management solution which integrates with Microsoft Active Directory.