By implementing this design for the SDDC, an IT organization can automate the provisioning of common, repeatable requests for IT services and respond to business needs with agility and predictability. This SDDC design provides an IT solution with features across many areas such as operations management, cloud management, business continuity, and security and compliance.
Figure 1. Architecture Overview of the SDDC Workload Domain

Workload Domain Architecture

The workload domain forms an additional building block of the SDDC to the management domain and consists of components from the physical infrastructure, virtual infrastructure, and security and compliance layers. The virtual infrastructure layer controls the access to the underlying physical infrastructure layer, it controls and allocates resources to workloads running in the workload domain. The security and compliance layer provides role-based access controls and integration with the corporate identity provider.
Table 1. Initial Component Configuration of the Workload Domain




Virtual infrastructure for running the SDDC management components and tenant workloads. See ESXi Detailed Design for a vSphere with Tanzu Workload Domain.

vCenter Server

Centralized and extensible management of workload ESXi hosts and management appliances. See vCenter Server Design for a vSphere with Tanzu Workload Domain.


Logical switching, dynamic routing, and load balancing for the SDDC components. See Software-Defined Networking Design for a vSphere with Tanzu Workload Domain.


Principal software-defined storage for all SDDC components. See Shared Storage Design for a vSphere with Tanzu Workload Domain.

vSphere with Tanzu

Transforms vSphere to a platform for running Kubernetes workloads natively on the hypervisor layer. See vSphere with Kubernetes Detailed Design for a vSphere with Kubernetes Workload Domain.

Logical Overview

The SDDC design for vSphere with Tanzu consists of a single availability zone within a single geographic region. This design has at least one management domain and one or more workload domains. vSphere Clusters must exist within a single availability zone.

Figure 2. vSphere with Tanzu Logical Overview

Security and Compliance

This design provides role-based access control through the integration of an identity and access management solution which integrates with Microsoft Active Directory.