By implementing the design for the SDDC, an IT organization can automate the provisioning of common repeatable requests and respond to business needs with agility and predictability. This SDDC design provides an IT solution with features across many areas such as operations management, cloud management, business continuity, and security and compliance.

Figure 1. Architecture Overview of the SDDC Management Domain in a Region

The management domain contains ESXi, vSAN, vCenter Server, NSX-T Data Center, SDDC Manager, and region-specific Workspace ONE Access. The domain is deployed first, followed by similar groups of products for workload domains. On top of the domains, you deploy solutions. The solution group in this release contains the vRealize Suite products.

SDDC Architectures

You start SDDC deployment from the management domain and extend it with more virtual infrastructure and solutions. You select a deployment architecture according to the number of tenant workloads you plan to support and the available virtual infrastructure.

Standard SDDC Architecture

In a standard deployment, the management domain consists of workloads supporting the virtual infrastructure, cloud operations, cloud automation, business continuity, and security and compliance components for the SDDC. You allocate separate workload domains to tenant or containerized workloads. Each workload domain is managed by a separate vCenter Server instance and a dedicated or shared NSX-T Manager cluster for scalability. The workload domain construct also has autonomous licensing and life cycle management. The vCenter Server and NSX-T Manager components for these workload domains are running in the management domain too.

The scope of this validated design is the standard architecture.

Consolidated SDDC Architecture

In a consolidated deployment, the management domain runs both the SDDC management workloads and tenant workloads.

Management Domain Architecture

The management domain runs all management components of the SDDC for both the management domain and workload domains, except for workload NSX-T Edge nodes and vSphere with Kubernetes components. You start with an initial management domain configuration which is extended with each workload domain deployment. For extending the capabilities of the SDDC, you can also deploy additional solutions in the management domain, for example, solutions for cloud operations and cloud automation.
Table 1. Initial Component Configuration of the Management Domain in Each Region

Management Component



Virtual infrastructure for running the SDDC management components. See ESXi Design for the Management Domain.

vCenter Server

Central management and protection of the ESXi hosts and the management appliances running on the hosts. See vCenter Server Design for the Management Domain.


Logical switching, dynamic routing, and load balancing for the SDDC management components. In the initial component configuration of the management domain, the management NSX-T instance provides a virtual network segments to the region-Specific Workspace ONE Access instance. See Software-Defined Networking Design for the Management Domain.


Primary software-defined storage for all SDDC management components. See Shared Storage Design for the Management Domain.

SDDC Manager

  • Virtual infrastructure provisioning and life cycle management of workload domains.

  • Life cycle management and provisioning of additional virtual infrastructure to the management domain for ESXi, vCenter Server, NSX-T, and vRealize Suite Lifecycle Manager. In the initial component configuration of the management domain, SDDC Manager performs life cycle management for ESXi, vCenter Server, and NSX-T.

See SDDC Manager Detailed Design.

Region-specific Workspace ONE Access instance

Centralized identity and access management. In the initial component configuration of the management domain, the region-specific Workspace ONE Access instance is connected to the management NSX-T Manager cluster. See Region-Specific Workspace ONE Access Design.

Availability Zones and Regions

The SDDC design consists one region that includes at least one management domain but can also include one or more workload domains. Clusters within a region can use two availability zones.

This design uses a single region, with the option to use one or two availability zones in Region A.

Figure 2. Component Location in a Single Availability Zone

When you use a single availability zone, the management domain contains a default cluster and a vCenter Server instance for its management. A vSphere Distributed Switch with NSX-T provide virtual networking to the vCenter Server and to the management workloads on the cluster.
Figure 3. Component Location in Multiple Availability Zones

When you use two availability zones, the management domain contains a stretched cluster of eight ESXi hosts, four hosts in each availability zone. A vCenter Server instance manages the cluster. A vSphere Distributed Switch with NSX-T provide virtual networking to the vCenter Server and to the management workloads on the cluster.