The virtual infrastructure layer of the SDDC contains ESXi, vCenter Server, vSAN, and NSX-T Data Center that provide compute, networking, and storage resources to the management and tenant workloads.

Cluster Types

This VMware Validated Design uses the following types of clusters:

Figure 1. First Cluster in the Management Domain


Figure 2. Shared Edge and Workload Cluster in a Virtual Infrastructure Workload Domain


First Cluster in the Management Domain

Resides in the management domain and runs the virtual machines of the components that manage the data center, such as vCenter Server, NSX-T Manager, SDDC Manager, Workspace ONE Access, VMware vRealize® Suite Lifecycle Manager™, VMware vRealize® Operations Manager™, VMware vRealize® Log Insight™, vRealize Automation, and other management components.

The first management cluster occupies half a rack.

Shared Edge and Workload Cluster

Represents the first cluster in the virtual infrastructure workload domain and runs the required NSX-T services for north-south routing between the data center and the external network, and east-west routing inside the data center. This shared cluster also hosts the tenant workloads. As you extend your environment, you must add workload-only clusters.

Workload Cluster

Resides in a virtual infrastructure workload domain and runs tenant workloads . Use workload clusters to support a mix of different types of workloads for different types of Service Level Agreements (SLAs). You can mix different types of workload clusters and provide separate compute pools for different types of SLAs.

vCenter Server Design

Figure 3. Layout of vCenter Server Clusters


Table 1. vCenter Server Design Details

Design Area

Description

vCenter Server instances

You deploy vCenter Server instances in the following way:

  • One vCenter Server instance for the management domain.

  • One vCenter Server instance for each workload domain.

Using this model provides the following benefits:

  • Isolation of management domain vCenter Server and workload domain vCenter Server

  • Simplified capacity planning

  • Separated upgrade

  • Separated roles

Clusters

You distribute hosts and workloads in the following clusters:

  • First cluster in the management domain that contains all management hosts and handles resources for the management workloads.

  • Shared edge and workload cluster in each workload domain that contains tenant or container workloads, and NSX-T Edge nodes used for the workloads.

Resource pools for tenant workloads and dedicated NSX components

On the shared edge and workload cluster in a workload domain, you use resource pools to distribute compute and storage resources to the tenant or container workloads, and the NSX-T components carrying their traffic.

Deployment model

Each vCenter Server instance is with an embedded Platform Services Controller.

Dynamic Routing and Virtual Network Segments

This VMware Validated Design supports dynamic routing for both management and tenant and container workloads, and also introduces a model of isolated application networks for the management components.

Virtual network segments are created on the vSphere Distributed Switch for the first cluster in the management domain and for the shared edge and workload cluster in a workload domain.

Dynamic routing support includes the following nodes:

Figure 4. Dynamic Routing in a Single Region


Figure 5. Routing Devices for a Multi-Region SDDC


  • NSX-T Edge cluster

  • Tier-0 gateway with ECMP enabled for north-south routing across all regions

    You apply the no-export BGP community to all routes learned from external neighbors. Because the NSX-T SDN in the first and second regions does not have an independent path between those autonomous systems, re-advertising data center networks would give a false indication of a valid, independent path.

  • Tier-1 gateway for east-west routing across all regions

  • Tier-1 gateway for east-west routing in each region

Virtual network segments provide support for limited access to the nodes of the applications through published access points.

Figure 6. Virtual Network Segment Design


  • Cross-region virtual network segment that connects the components that are designed to fail over to a recovery region.

  • Region-specific virtual network segment in Region A for components that are not designed to fail over.

  • Region-specific application virtual network in Region B for components that are not designed to fail over.

Software-Defined Storage Design

In each region, workloads on the management cluster store their data on a vSAN datastore. The vSAN datastore spans all four ESXi hosts of the first cluster in the management domain and of the shared edge and workload cluster in a workload domain. Each host adds one disk group to the datastore.

Applications store their data according to the default storage policy for vSAN.

vRealize Log Insight uses NFS exports as supplemental storage for log archiving.

Figure 7. Shared Storage Logical Design