The Management domain contains the components that manage the Edge Region runtime environment. This domain includes VMware Integrated OpenStack(VIM), vCenter Server, NSX Manager and its components.

vCenter Server

The Edge Management domain is implemented as a cluster that is managed by the brown vCenter Server instance shown in preceding figure. To form the foundation of a carrier grade virtualized infrastructure, the components of the Management Domain benefit from the cluster features such as resource management, high availability, and resiliency. A second vCenter Server is deployed in the Management Domain to oversee the Edge Compute Domain for the respective region.

Each vCenter Server instance is a virtual appliance that is deployed with an embedded database. The vCenter® Server Appliance™ is preconfigured, hardened, and fast to deploy. The appliance allows for a simplified design, eases management, and reduces administrative efforts. vCenter Server Appliance availability is ensured by using a vCenter High Availability (vCenter HA) cluster, which is realized through three vCenter Server Appliance instances. The vCenter HA cluster consists of one active node that serves client requests, one passive node as a backup in the event of failure, and one quorum node that is called a witness node. Replication between nodes using a dedicated vCenter HA network ensures that vCenter Server Appliance data is always synchronized and up-to-date.

The Platform Services Controller contains common infrastructure security services such as VMware vCenter® Single Sign-On, VMware Certificate Authority, licensing, service registration, and certificate management services. The Platform Services Controller handles identity management for administrators and applications that interact with the vSphere platform. The Platform Services Controller and its related services are embedded within the vCenter Server Appliance. This eliminates the need for separate Platform Services Controller VM instances and their corresponding load balancers, thus simplifying its deployment and administration and reducing the management components footprint.

Data backup and restore of each vCenter Server instance and its embedded Platform Services Controller is provided by using the native backup service that is built in the appliances. This backup is performed to a separate storage system by using network protocols such as SFTP, HTTPS, and SCP.

When vCenter HA is used with an embedded Platform Services Controller, the environment setup is as in the following figure.

Figure 1. vCenter Server High Availability

VMware NSX-T Data Center

The NSX-T Data Center includes the NSX Manager and NSX Controller.

NSX Manager is the management plane for the NSX-T system. It provides the ability to create, configure, and monitor NSX-T Data Center components, such as logical switches, and NSX Edge Nodes. NSX Manager provides an aggregated system view and is the centralized network management component of NSX-T Data Center. It provides a method for monitoring and troubleshooting workloads that are attached to the virtual networks that NSX-T Data Center creates. NSX-T Data Center provides configuration and orchestration of logical networking components such as logical switching and routing, networking services, edge services, security services, and distributed firewall capabilities.

NSX Manager is deployed as a single VM that uses vSphere HA for high availability. NSX Manager communicates with its controller and edge clusters over a common management network. The management components of the vCloud NFV platform communicate over the same management network to request network services from NSX-T Data Center.

Figure 2. NSX Manager and Components

NSX Controller is an advanced distributed state management system that controls virtual networks and overlay transport tunnels. NSX Controller is deployed as a cluster of highly available virtual appliances that are responsible for the programmatic deployment of virtual networks across the entire NSX-T Data Center architecture. NSX Controller is responsible for providing configuration to other NSX Controller components such as the logical switches, logical routers, and edge configuration.

To enhance the high availability and scalability further, the NSX Controller is deployed in a cluster of three instances in the Edge cluster. Anti-affinity rules are configured to ensure that the controller instances reside on separate hosts to protect against host failures.

VMware Integrated OpenStack

The VMware Integrated OpenStack Manager connects to the vCenter Server instance that manages the Management Domain. It uses a VM template to rapidly deploy, administer, and perform day 2 management operations of the VMware Integrated OpenStack management plane components that are deployed in the Management Domain. After deploying, VMware Integrated OpenStack connects to the vCenter Server instance that manages the Edge and Resource Domain. This vCenter Server instance is responsible for storage and compute resources. VMware Integrated OpenStack also connects to the NSX Manager instance that is associated with tenant networking.

Figure 3. VMware Integrated OpenStack Management Components

The VMware Integrated OpenStack management plane is deployed with redundancy for all VMware Integrated OpenStack management components, ensuring that there is no single point of failure. Although this requires greater resource availability in the Management Domain, it offers the best configuration for high availability and is the recommended topology for production environments.

In a VMware Integrated OpenStack high availability deployment, all the components for a scalable and highly available VMware Integrated OpenStack full deployment, including clustered databases, controllers, and VMware Integrated OpenStack load balancers, can also be deployed by the Integrated OpenStack Manager. All management components have connectivity to each other through a dedicated management network.

VMware Integrated OpenStack is closely integrated with NSX-T Data Center, providing tenants with enhanced features and capabilities for managing their VNF networking needs by using the Horizon interface and APIs. Network services include firewalling, network NAT, static and dynamic routing, and load balancing. Tenants can provision Geneve-backed logical switches for East-West VNF component connectivity and deploy NSX Edges for North-South traffic as required when connecting to other tenants or to external networks.

It is a best practice that each cluster is configured to use a shared storage solution. When hosts in a cluster use shared storage, manageability and agility improve.