SDDC layers represent aggregations of logically related functionality and operations in your environment. In a layer, you can interchange components as part of the end solution or outcome. If a particular component design does not fit the business or technical requirements, you can replace it with another similar component.

Figure 1. SDDC Layers and Components


Table 1. Layers in the SDDC
Physical Infrastructure Layer

Consists of the compute, network, and storage components. The compute component contains the x86-based servers that run the management components, NSX-T Edge nodes, and tenant workloads. This validated design provides only some guidance about the physical capabilities that are required to implement this architecture. You select a specific type or brand of hardware according to VMware Compatibility Guide.

The physical infrastructure layer configuration is part of the implementation of the SDDC management domain and workload domains.

Virtual Infrastructure Layer

Controls the access to the underlying physical infrastructure and allocates resources to the management and tenant workloads. The management workloads consist of elements in the virtual infrastructure layer itself, together with elements in the cloud operations, cloud automation, and security and compliance layers.

The virtual infrastructure layer groups physical infrastructure in pools of resources such as workload domains and clusters. See Workload Domains in VMware Validated Design.

The virtual infrastructure layer configuration is part of the implementation of the SDDC management domain and workload domains.

Cloud Operations Layer

Provides operations management for continuous day-to-day service delivery. Cloud operations management consists of life cycle management, monitoring, logging, and other operation types.

The architecture of the cloud operations layer includes management components that support the main types of operations in an SDDC. You monitor the underlying physical infrastructure, and the management and tenant or containerized workloads in real time. Information is collected in the form of structured data (metrics) and unstructured data (logs). The cloud operations layer also collects data about the SDDC topology, that is physical and virtual compute, networking, and storage resources, which are key in intelligent and dynamic operational management.

The cloud operations layer configuration is part of the implementation of the SDDC management domain and workload domains, and of the solutions for cloud operations and automation.

Cloud Automation Layer

Requests resources and orchestrates the actions of the lower layers from a user interface or over an API.

The cloud automation layer configuration is part of the implementation of the SDDC solutions for cloud operations and automation.

Security and Compliance Layer
  • Incorporates security guidance from NIST 800-53 across the VMware Validated Design to establish a baseline of security.
  • Identifies and implements security best practices from setup to operations to secure your SDDC, and make it more resilient to internal and external threats.
  • Provides role-based access control by implementing an identity and access management solution which integrates with Microsoft Active Directory.

Figure 2. SDDC Architecture Overview


The SDDC layers are gradually implemented as you follow the implementation of the SDDC.

  1. To provide the physical and virtual infrastructure, and local identity and access management for the SDDC management components, implement the management domain.

  2. To provide the physical and virtual infrastructure for the virtualized or containerized workloads, implement one or more workload domains.

  3. To operate the SDDC and deploy workloads on the workload domains, implement the solutions for cloud operations and automation including identity and access management for these solutions.

For information about the design and deployment of each layer at each deployment stage, see the VMware Validated Design documentation page.