Тhe deployment of the SDDC is automated. You use VMware Cloud Builder in VMware Cloud Foundation to deploy the SDDC management domain, SDDC Manager in VMware Cloud Foundation to deploy workload domains for tenant workloads, and VMware vRealize® Suite Lifecycle Manager™ in VMware Cloud Foundation mode to deploy the vRealize Suite products in this design. You deploy SDDC management components manually only in a few cases according to the instructions.

In VMware Validated Design 6.2, you can deploy an SDDC in a single-region or in a dual-region configuration. To design your SDDC in the second region (Region B), you apply the design guidance for a single region, modifying configurations for a single region to accommodate a dual-region setup or introducing configurations specific to a dual-region SDDC.

For more details on the deployment steps, see VMware Validated Design documentation page.

Deployment Workflow for a Single-Region SDDC

For each region, the workflow for SDDC deployment consists of the following stages:

Figure 1. SDDC Deployment Workflow in a Region


Figure 2. SDDC Deployment Workflow with a vSphere with Tanzu Workload Domain


Table 1. Deployment Flow for an SDDC with a Single Region

Stage

Steps

Plan and prepare for SDDC deployment

Prepare the data center and fill in the environment specification.

Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS).

1. Deploy the management domain of the SDDC.

See VMware Validated Design Deployment of the Management Domain.

Prerequisites

Prepare the deployment specification of the management domain.

Download the deployment parameter workbook from My VMware and fill in the details for the management domain deployment. You can use the details from the Planning and Preparation Workbook.

1. Prepare the environment for the management domain

Install and configure ESXi on the physical servers.

2. Deploy the management domain by using VMware Cloud Builder

  1. Prepare VMware Cloud Builder.

    Download and deploy the VMware Cloud Builder appliance from My VMware.

  2. Run the automated deployment of the management domain.

    Upload the deployment parameter workbook to VMware Cloud Builder, perform an audit of the target environment, and bring up the SDDC management domain.

    After the automated deployment is complete, in addition to the virtual infrastructure component, your environment contains SDDC Manager.

  3. Complete the initial configuration of the management domain.

    Configure SDDC Manager for managing the SDDC and enable secure access within and to the management domain.

3. Deploy manually the region-specific Workspace ONE Access instance

Deploy the region-specific Workspace ONE Access instance from an OVA file by using the vSphere Client, connect it to the Active Directory domain, and connect the management domain components to the region-specific Workspace ONE Access instance.

2. Deploy a virtual infrastructure workload domain or vSphere with Tanzu workload domain.

See VMware Validated Design Deployment of a Virtual Infrastructure Workload Domain and VMware Validated Design Deployment of a vSphere with Tanzu Workload Domain.

1. Prepare the environment for the workload domain.

Install and configure ESXi on the physical servers. Create a network pool for the workload domain, and upload product license keys.

2. Run the automated deployment of the workload domain.

  1. In SDDC Manager, provide the specification of the workload domain in JSON format and initiate deployment. SDDC Manager validates the virtual infrastructure and provisions the requested virtual infrastructure.

  2. Deploy an NSX-T Edge cluster to the shared edge and workload cluster in the workload domain.

    In SDDC Manager, provide the edge deployment specification in JSON format and initiate deployment. SDDC Manager validates the virtual infrastructure and provisions the requested edge nodes.

  3. Complete the initial configuration of the workload domain.

    Enable secure access within and to the workload domain.

3. Connect manually the region-specific Workspace ONE Access instance to the workload domain

Connect the management components for the workload domain to the region-specific Workspace ONE Access instance.

4. For a vSphere with Tanzu workload domain, enable vSphere with Tanzu.

Validate the domain configuration by using SDDC Manager and enable vSphere with Tanzu by using the vSphere Client. Then, you can deploy applications or provision Tanzu Kubernetes clusters on the initial Supervisor Cluster.

3. Deploy the solutions for cloud operations and automation.

See VMware Validated Design Deployment of Cloud Operations and Automation .

1. Deploy VMware vRealize Suite Lifecycle Manager in VMware Cloud Foundation mode.

By using SDDC Manager, download the vRealize Suite Lifecycle Manager install bundle and deploy vRealize Suite Lifecycle Manager.

SDDC Manager provides inventory information about the management domain in vRealize Suite Lifecycle Manager. SDDC Manager also configures the NSX-T Tier 1 gateway to support the load balancer for the cross-region solutions.

2. Deploy the solutions.

Import the product binaries as software install bundles in SDDC Manager, synchronize them in vRealize Suite Lifecycle Manager, and deploy the solutions.

3. Connect the solutions to the management domain.

As a result from the integration between vRealize Suite Lifecycle Manager and SDDC Manager, vRealize Suite Lifecycle Manager calls SDDC Manager to perform the following operations during the automated deployment of the vRealize Suite products:

  • Configures the NSX-T load balancer that is required for the cross-region Workspace ONE Access instance, vRealize Operations Manager, and vRealize Automation.

  • Connects the vRealize Suite components to each other.

  • Connects VMware vRealize® Operations Manager™ and VMware vRealize® Log Insight™ to the management domain vCenter Server and the principal vSAN datastore.

  • Connects vRealize Log Insight to the NSX-T instance for the management domain.

You connect manually the following components for the management domain:

  • vRealize Suite products to the region-specific Workspace ONE Access

  • vRealize Operations Manager to the NSX-T instance for the management domain

  • VMware vRealize® Automation™ to vRealize Operations Manager

  • NSX-T Edge nodes for the management and vRealize Suite Lifecycle Manager to vRealize Log Insight

4. Connect the solutions to the workload domain.

After you deploy vRealize Operations Manager and vRealize Log Insight, use SDDC Manager to integrate them with the virtual infrastructure of the workload domain.

You connect manually the following components for the workload domain:

  • vRealize Operations Manager to the NSX-T instance for the workload domain

  • vRealize Automation to the workload domain vCenter Server and NSX-T instance

  • NSX-T Edge nodes for the workload domain and vRealize Suite Lifecycle Manager to vRealize Log Insight

Deployment Workflow for a Multi-Region SDDC

When you deploy an SDDC that spans two regions, you apply a staged approach for deploying the workload domains and connecting the management and tenant workloads between the regions.

Figure 3. Deployment Workflow for a Dual-Region SDDC


Table 2. Deployment Flow for an SDDC with Two Regions

Stage

Steps

Plan and prepare for SDDC deployment

Prepare the data center and fill in the environment specification for both regions in the Planning and Preparation Workbook.

1. Deploy the management domain of the SDDC in each region.

See Deployment of the Management Domain in the First Region and Deployment of the Management Domain in the Second Region.

1. Deploy the management domain in the first region by following the workflow for a single-region SDDC.

2. Deploy the management domain in the second region by following the workflow for a single-region SDDC.

3. In each region, deploy an NSX-T Global Manager cluster and enable NSX-T Federation.

  1. Deploy manually an NSX-T Global Manager cluster in Region A.

    Because VMware Cloud Builder provides automated deployment only for NSX-T Local Manager instances, deploy each NSX-T Global Manager appliance from an OVA file. Then, connect the cluster to the management domain vCenter Server in the region and to the region-specific Workspace ONE Access instance.

  2. Enable NSX-T Federation on the NSX-T Global Manager in Region A and set it as active.

    Add the NSX-T Manager instance deployed for the management domain in Region A to the NSX-T Global Manager cluster and import the gateways and virtual networks created in the local NSX-T Manager during the single-region deployment. The scope of the imported network objects becomes global, that is, you can assign them more than one location.

  3. Prepare logical network components for stretched networking for the management components between Region A and Region B.

    In the NSX-T Global Manager for Region A, create a cross-region Tier-1 gateway and associate it with the Tier-0 gateway for the region. Then, migrate the existing cross-region virtual network to the Tier-1 gateway.

  4. Deploy manually an NSX-T Global Manager cluster in Region B following the same high-level steps as for Region A.

  5. Add the NSX-T Manager instance for the management domain that is deployed in Region B to the NSX-T Global Manager in Region A.

  6. Complete the configuration of logical network components for stretched networking.

    In the NSX-T Global Manager for Region A, extend the Tier-0 gateway and the cross-region Tier-1 gateway to Region B. Create a region-specific Tier-1 gateway for Region B that is associated with the cross-region Tier-0 gateway and attach a virtual network to this Tier-1 gateway for regional connectivity.

  7. Set the NSX-T Global Manager in Region B as standby in the federation.

  8. Connect the SDDC Manager instances in the two regions by using multi-instance management.

    Join the SDDC Manager instance in Region B as a member of the federation that is initiated from the SDDC Manager instance in Region A.

2. Deploy the virtual infrastructure workload domain in each region.

See Deployment of a Virtual Infrastructure Workload Domain in the First Region and Deployment of a Virtual Infrastructure Workload Domain in the Second Region.

1. Deploy the workload domain in the first region by following the workflow for a single-region SDDC.

2. Deploy the management domain in the second region by following the workflow for a single-region SDDC.

3. In each region, deploy an NSX-T Global Manager cluster and enable NSX-T Federation.

  1. Deploy manually an NSX-T Global Manager cluster in Region A.

    Because SDDC Manager provides automated deployment only for NSX-T Local Manager instances, deploy each NSX-T Global Manager appliance from an OVA file. Then, connect the cluster to the workload domain vCenter Server in the region and to the region-specific Workspace ONE Access instance.

  2. Enable NSX-T Federation on the NSX-T Global Manager in Region A and set it as active.

    Add the NSX-T Manager instance for the workload domain deployed in Region A to the NSX-T Global Manager cluster and import the gateways and virtual networks created in the local NSX-T Manager during the single-region deployment. The scope of the imported network objects becomes global, that is, you can assign them more than one location.

  3. Prepare logical network components for stretched networking for tenant workloads between Region A and Region B.

    Create a configuration of Tier-1 gateways and virtual network segments according to the requirements of the tenant workloads in the workload domain. You can attach the Tier-1 gateways to the Tier-0 gateway available in the environment and plan for using the Tier-0 gateway across other regions for workload mobility.

  4. Deploy manually an NSX-T Global Manager cluster in Region B following the same high-level steps as for Region A.

  5. Add the NSX-T Manager instance deployed for the workload domain in Region B to the NSX-T Global Manager in Region A.

  6. Complete the configuration of logical network components for stretched networking according to the requirements of the tenant workloads for workload mobility.

    You can extend the scope of the Tier-0 gateway available in Region A to Region B.

  7. Set the NSX-T Global Manager in Region B as standby in the federation.

3. Deploy the solutions for cloud operations and automation

See Deployment of Cloud Operations and Automation.

1. Deploy the management components for cloud operations and automation for first region.
2. Deploy additional management nodes and connect the solutions to the management and workload domains in Region B.
  1. Deploy these additional nodes in Region B by using vRealize Suite Lifecycle Manager.
    • Deploy a vRealize Operations Manager remote collector group.
    • Deploy a vRealize Log Insight cluster.
  2. Manually connect the solutions to the virtual infrastructure in the management and workload domains in Region B, and to the newly-deployed management components in the region.

    Because the environment contains a single vRealize Suite Lifecycle Manager instance that you use to deploy components in both regions, the integration with SDDC Manager is available only in Region A.

    • Connect vRealize Operations Manager to vCenter Server, NSX-T Local Manager instances, and region-specific Workspace ONE Access.
    • For vRealize Log Insight in Region B, perform several types of operations.
      • Integrate vRealize Log Insight with the region-specific Workspace ONE Access and vRealize Operations Manager
      • Connect vRealize Log Insight to vCenter Server, NSX-T Local Manager instances, and region-specific Workspace ONE Access in Region B.
      • Configure event forwarding between the vRealize Log Insight instances in the two regions.
    • Connect vRealize Automation to the SDDC Manager instance in Region B.