VMware Cloud Foundation 5.1 Getting Started PDF

Summary

This document provides a high-level overview of the VMware Cloud Foundation product, focusing on concepts for data center cloud architects and administrators. It details the intended audience, related publications, and an overview of VMware Cloud Foundation.

Full Transcript

Getting Started with
VMware Cloud Foundation
07 NOV 2023
VMware Cloud Foundation 5.1
Getting Started with VMware Cloud Foundation

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

©
Copyright 2021-2023 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc. 2
 Contents

1 About Getting Started with VMware Cloud Foundation 4

2 VMware Cloud Foundation Overview 6

3 VMware Cloud Foundation Architecture 11
Workload Domains in VMware Cloud Foundation 13
VMware Cloud Foundation Architecture Models 15

4 Deployment Overview of VMware Cloud Foundation 16

5 VMware Cloud Foundation Glossary 26

VMware, Inc. 3
About Getting Started with
VMware Cloud Foundation 1
The Getting Started with VMware Cloud Foundation document provides a high-level overview of
the VMware Cloud Foundation™ product.

Intended Audience
The information in Getting Started with VMware Cloud Foundation is intended for data center
cloud architects and cloud administrators who are familiar with:

n Concepts of virtualization and software-defined data centers (SDDCs)

n Networking and concepts such as uplinks, NICs, and IP networks

n Hardware components such as top-of-rack (ToR) switches, inter-rack switches, servers with
direct attached storage, cables, and power supplies

n Methods for setting up physical racks in a data center
®
n Using VMware vSphere to work with virtual machines

Related VMware Cloud Foundation Publications
The VMware Cloud Foundation 5.1 Release Notes lists the software components, new features,
compatibility, and known issues in this VMware Cloud Foundation release.

The VMware Cloud Foundation Planning and Preparation Workbook provides detailed
information about the inputs that are required to complete a VMware Cloud Foundation
deployment. It also provides dynamic sizing guidance.

The VMware Cloud Foundation Deployment Guide is intended for data center cloud
administrators who deploy a VMware Cloud Foundation system in their organization's data
center.

The VMware Cloud Foundation Administration Guide contains detailed information about how to
administer a VMware Cloud Foundation system in your data center.

The VMware Cloud Foundation Operations Guide provides best practices and step-by-step
instructions about certain operations in VMware Cloud Foundation, such as, full-stack shutdown
and startup.

VMware, Inc. 4
Getting Started with VMware Cloud Foundation

The VMware Cloud Foundation Lifecycle Management document describes how to manage the
life cycle of a VMware Cloud Foundation environment.

You can open these documents from the VMware Cloud Foundation Documentation main page.

Your VMware Cloud Foundation system includes a stack of VMware software products and
components. You can find the documentation for those software products at VMware Docs.

VMware Cloud Foundation Glossary
The Chapter 5 VMware Cloud Foundation Glossary defines terms specific to VMware Cloud
Foundation.

VMware, Inc. 5
VMware Cloud Foundation
Overview 2
VMware Cloud Foundation™ provides a ubiquitous hybrid cloud platform for both traditional
enterprise and modern applications. Based on a proven and comprehensive software-defined
® ® ® ®
stack including VMware vSphere , VMware VMware vSAN , VMware NSX , VMware vSphere
with VMware Tanzu™, and VMware Aria Suite™, VMware Cloud Foundation provides a
complete set of software-defined services for compute, storage, network, container and cloud
management. The result is agile, reliable, efficient cloud infrastructure that offers consistent
operations across private and public clouds.

VMware, Inc. 6
Getting Started with VMware Cloud Foundation

vSphere Pod

vSphere Pod
Tanzu Kubernetes
Grid Clusters
vSphere Pod

SDDC NSX vSphere with VMware Aria
Manager Tanzu Suite

ESXi vCenter vSAN
Server

Data Center Edge Hyperscaler

By using VMware Cloud Foundation, data center cloud administrators to provision an application
environment in a rapid, repeatable, automated way versus the traditional manual process.

VMware Cloud Foundation Components
To manage the logical infrastructure in the private cloud, VMware Cloud Foundation augments
the VMware virtualization and management components with VMware Cloud Builder™ and
VMware Cloud Foundation™ SDDC Manager™.

VMware, Inc. 7
Getting Started with VMware Cloud Foundation

VMware Cloud Foundation Component Description

VMware Cloud Builder VMware Cloud Builder automates the deployment of the software-
defined stack, creating the first software-defined unit known as the
management domain.

SDDC Manager SDDC Manager automates the entire system life cycle, that is, from
configuration and provisioning to upgrades and patching including
host firmware, and simplifies day-to-day management and operations.
From this interface, the virtual infrastructure administrator or cloud
administrator can provision new private cloud resources, monitor changes
to the logical infrastructure, and manage life cycle and other operational
activities.

vSphere vSphere uses virtualization to transform individual data centers into
aggregated computing infrastructures that include CPU, storage, and
networking resources. VMware vSphere manages these infrastructures
as a unified operating environment and provides you with the tools to
administer the data centers that participate in that environment.
The two core components of vSphere are ESXi and vCenter Server. ESXi
is the virtualization platform where you create and run virtual machines
and virtual appliances. vCenter Server is the service through which you
manage multiple hosts connected in a network and pool host resources.

vSAN vSAN aggregates local or direct-attached data storage devices to create
a single storage pool that is shared across all hosts in the vSAN cluster.
Using vSAN removes the need for external shared storage, and simplifies
storage configuration and virtual machine provisioning. Built-in policies
allow for flexibility in data availability.

NSX NSX is focused on providing networking, security, automation,
and operational simplicity for emerging application frameworks and
architectures that have heterogeneous endpoint environments and
technology stacks. NSX supports cloud-native applications, bare-metal
workloads, multi-hypervisor environments, public clouds, and multiple
clouds.

vSphere with Tanzu By using the integration between VMware Tanzu and VMware Cloud
Foundation, you can deploy and operate the compute, networking, and
storage infrastructure for vSphere with Tanzu, also called Workload
Management. vSphere with Tanzu transforms vSphere to a platform for
running Kubernetes workloads natively on the hypervisor layer. When
enabled on a vSphere cluster, vSphere with Tanzu provides the capability
to run Kubernetes workloads directly on ESXi hosts and to create
upstream Kubernetes clusters within dedicated resource pools.

VMware Aria Suite VMware Cloud Foundation supports automated deployment of VMware
Aria Suite Lifecycle. You can then deploy and manage the life cycle of
Workspace ONE Access and the VMware Aria Suite products (VMware
Aria Operations for Logs, VMware Aria Automation, and VMware Aria
Operations) by using VMware Aria Suite Lifecycle.
VMware Aria Suite is a purpose-built management solution for the
heterogeneous data center and the hybrid cloud. It is designed to
deliver and manage infrastructure and applications to increase business
agility while maintaining IT control. It provides the most comprehensive
management stack for private and public clouds, multiple hypervisors,
and physical infrastructure.

VMware, Inc. 8
Getting Started with VMware Cloud Foundation

For a high-level deployment process, see Chapter 4 Deployment Overview of VMware Cloud
Foundation.

VMware Cloud Foundation Features
The VMware Cloud Foundation features provide automated deployment and life cycle
management of your SDDC, and enable provisioning of customer virtualized workloads and
containers.

VMware Cloud Foundation Feature Description

Automated Software Bring-Up You prepare your environment for VMware Cloud Foundation by
installing a baseline ESXi image on vSAN ReadyNodes. After the
hosts are physically racked and cabled, VMware Cloud Foundation
uses the physical network details you provide (such as DNS, IP
address pool, and so on) to automate the bring-up and configuration
of the software stack. During bring-up, the management domain is
created on the four hosts you specified. When the bring-up process
completes, you have a functional management domain and can start
provisioning virtual infrastructure (VI) workload domains.

Simplified Resource Provisioning with In VMware Cloud Foundation, a workload domains is a policy-
Workload Domains based resource construct with specific availability and performance
attributes. See Workload Domains in VMware Cloud Foundation.

Virtual Machines and Containers Onto the By using the VMware Tanzu integration with VMware Cloud
Same Platform Foundation, you can deploy and operate the compute, networking,
and storage infrastructure for vSphere with Tanzu, also called
Workload Management. vSphere with Tanzu transforms vSphere to a
platform for running Kubernetes workloads natively on the hypervisor
layer. When enabled on a vSphere cluster, vSphere with Tanzu
provides the capability to run Kubernetes workloads directly on
VMware ESXi™ hosts and to create upstream Kubernetes clusters
within dedicated resource pools.
The Kubernetes concept of namespace is integrated into vSphere and
becomes the unit of management. By grouping VMs and containers
into logical applications via namespaces, Virtual Infrastructure (VI)
admins who used to manage thousands of VMs can now manage just
dozens of applications which is a massive reduction in cognitive load.
For more information about integrating VMware Cloud Foundation
with vSphere with Tanzu, see Developer Ready Infrastructure for
VMware Cloud Foundation.

VMware, Inc. 9
Getting Started with VMware Cloud Foundation

VMware Cloud Foundation Feature Description

Automated Life Cycle Management VMware Cloud Foundation offers automated life cycle management
on a per-workload basis. Available updates for all components are
tested for interoperability and bundled with the necessary logic for
proper installation order. The update bundles are then scheduled for
automatic installation on a per-workload domain basis. This allows
administrators to target specific workloads or environments, for
example development vs. production, for updates independent from
the rest of the environment.
vSphere Lifecycle Manager, a vCenter Server service, is integrated
with VMware Cloud Foundation. By using vSphere Lifecycle Manager,
you can create cluster images for centralized and simplified life cycle
management of ESXi hosts including firmware. When you select the
image-based life cycle management mode at VI workload domain
creation, you can update and upgrade the ESXi version on all hosts
in the cluster collectively. You can also install and update vendor
add-ons and components on all ESXi hosts in a cluster. See vSphere
Lifecycle Manager Image Management.

Stretched Deployment You can set up two availability zones in your environment and
introduce high availability of management and customer workloads by
configuring vSAN stretched clusters by using the SDDC Manager API.
Availability zones protect against failures of groups of hosts. These
group can consist of hosts in the same data center, for example,
installed in different racks, chassis or rooms, or in different data
centers with low-latency high-speed links connecting them. Using two
availability zones can improve availability of management components
running the SDDC, minimize downtime of services, and improve SLAs.
See Stretched Cluster Management.

NSX Federation You can use NSX Federation to propagate configurations that span
multiple NSX instances in a single VMware Cloud Foundation instance
or across multiple VMware Cloud Foundation instances. You can set
up global networking, enabling failover of segment ingress and egress
traffic between VMware Cloud Foundation instances, and implement a
unified firewall configuration.
In the management domain in a deployment with multiple VMware
Cloud Foundation instances, you use NSX to provide cross-instance
services to SDDC management components which do not have
native support for availability at several locations, such as VMware
Aria Automation and VMware Aria Operations. In a management
domain, you can use NSX Federation only to connect to the
management domains of other VMware Cloud Foundation instances.
Avoid connecting a management domain with VI workload domains in
a single NSX Federation instance.
You configure NSX Federation in VMware Cloud Foundation manually.
For more information on using NSX Federation with VMware Cloud
Foundation, see NSX Design for VMware Cloud Foundation and
Working with NSX Federation in VMware Cloud Foundation.

VMware, Inc. 10
VMware Cloud Foundation
Architecture 3
VMware Cloud Foundation consists of workload domains which represent application-ready
infrastructure units including ESXi hosts, vCenter Server, storage (vSAN, NFS, VMFS on FC,
or vVols), and NSX. According to the business requirements and resource availability, you
can run the management components and customer workloads in separate workload domains
following the standard architecture or in a shared workload domain following the consolidated
architecture.

VMware, Inc. 11
Getting Started with VMware Cloud Foundation

Figure 3-1. Example Standard Architecture

Data Center
Fabric

ToR ToR ToR ToR ToR ToR
Switch Switch Switch Switch Switch Switch

Management VI Workload VI Workload
Domain Domain Domain

VI Workload
VI Workload Domain
Domain

ESXi Hosts ESXi Hosts ESXi Hosts

Rack 1 Rack 2 Rack 8

VMware, Inc. 12
Getting Started with VMware Cloud Foundation

Figure 3-2. Example Consolidated Architecture

ToR ToR
Switch Switch

Management
Domain
Management
Resource Pool

Workload
Resource Pool

NSX Edge
Resource Pool

ESXi Hosts

Rack 1

For information on designing a VMware Cloud Foundation environment including VMware Cloud
Foundation requirements and industry recommendations, see the VMware Cloud Foundation
Design documentation.

Read the following topics next:

n Workload Domains in VMware Cloud Foundation

n VMware Cloud Foundation Architecture Models

Workload Domains in VMware Cloud Foundation
VMware Cloud Foundation consists of workload domains which represent an application-ready
infrastructure. A workload domain represents a logical unit that groups ESXi hosts managed by a
vCenter Server instance with specific characteristics according to VMware best practices.

A workload domain can consist of one or more vSphere clusters, provisioned automatically by
SDDC Manager. Each workload domain contains the following components:

n ESXi hosts

VMware, Inc. 13
Getting Started with VMware Cloud Foundation

n One VMware vCenter Server™ instance

n At least one vSphere cluster with vSphere HA and vSphere DRS enabled.

n One vSphere Distributed Switch per cluster for system traffic and NSX segments for
workloads.

n One NSX Manager cluster for configuring and implementing software-defined networking.

n One NSX Edge cluster, added after you create the workload domain, that connects the
workloads in the workload domain for logical switching, logical dynamic routing, and load
balancing.

n One or more shared storage allocations.

VMware Cloud Foundation supports two types of workload domains - the management domain
and virtual infrastructure (VI) workload domains.

Management Domain
The management domain is created during the bring-up process by VMware Cloud Builder and
contains the VMware Cloud Foundation management components as follows:

n Minimum four ESXi hosts

n An instance of vCenter Server

n A three-node NSX Manager cluster

n SDDC Manager

n vSAN datastore

n One or more vSphere clusters each of which can scale up to the vSphere maximum of 64

VI Workload Domains
You create VI workload domains to run customer workloads. For each VI workload domain, you
can choose the storage option - vSAN, NFS, vVols, or VMFS on FC.

A VI workload domain consists of one or more vSphere clusters. Each cluster starts with a
minimum of three hosts and can scale up to the vSphere maximum of 64 hosts. SDDC Manager
automates the creation of the VI workload domain and the underlying vSphere clusters.

For the first VI workload domain in your environment, SDDC Manager deploys a vCenter
Server instance and a three-node NSX Manager cluster in the management domain. For each
subsequent VI workload domain, SDDC Manager deploys an additional vCenter Server instance.
New VI workload domains can share the same NSX Manager cluster with an existing VI workload
domain or you can deploy a new NSX Manager cluster. VI workload domains cannot use the NSX
Manager cluster for the management domain.

VMware, Inc. 14
Getting Started with VMware Cloud Foundation

VMware Cloud Foundation Architecture Models
VMware Cloud Foundation supports two architecture models - standard and consolidated,
according to the requirements of your organization and the resource capabilities of your
environment. Implement a standard architecture for workload provisioning and mobility across
VMware Cloud Foundation instances according to production best practices. If you plan to
deploy a small-scale environment and extend it according to customer adoption, or if you are
working on an SDDC proof-of-concept, implement a consolidated architecture.

Standard Architecture Model
With the standard architecture model, management workloads run on a dedicated management
domain and customer workloads are deployed in separate virtual infrastructure (VI) workload
domains. Each workload domain is managed by a separate vCenter Server instance which
provides for scalability and allows for autonomous licensing and life cycle management.

Standard architecture is the recommended model because it aligns with the VMware best
practice of separating management workloads from customer workloads. It provides better long
term flexibility and expansion options. Workload domains can be on the same rack or can span
across racks.

Consolidated Architecture Model
In this model, the management and customer workloads run together on a shared management
domain. The environment is managed from a single vCenter Server and vSphere resource
pools provide isolation between management and customer workloads. Resource pools must
be properly configured as the domain is shared by the management and compute workloads.

As you add additional hosts to a VMware Cloud Foundation system deployed on a consolidated
architecture, you can migrate to the standard architecture by creating a VI workload domain and
moving the customer workload VMs from the compute resource pool to the newly-created VI
workload domain. After moving these VMs, you might need to update shares and reservations on
the compute resource pool in the management domain.

VMware, Inc. 15
Deployment Overview of VMware
Cloud Foundation 4
The deployment of VMware Cloud Foundation is automated. You use VMware Cloud Builder to
deploy the management domain, SDDC Manager to deploy VI workload domains for customer
workloads, and VMware Aria Suite Lifecycle™ in VMware Cloud Foundation mode to deploy
VMware Aria Suite products and Workspace ONE Access.

You deploy management components manually only in a few cases according to the instructions.

An example deployment flow can start with deploying all management components in VMware
Cloud Foundation. You deploy the management domain and extend its capabilities with cloud
management and cloud monitoring by using VMware Aria Suite or with other solutions. Next, you
deploy VI workload domains for customer workloads and integrate each newly deployed domain
with the solutions in place. Finally, you can introduce multiple availability zones for workload high-
availability and mobility inside a data center, and additional VMware Cloud Foundation instances
for workload mobility across physical locations.

VMware, Inc. 16
Getting Started with VMware Cloud Foundation

Figure 4-1. Example Deployment Flow for a Single VMware Cloud Foundation Instance

SDDC Manager configures the vSAN Stretched Cluster vSAN Stretched Cluster SDDC Manager configures the
vSAN stretched cluster vSAN stretched cluster

4. More Deployment Options

2.4 VMware Aria Suite Lifecycle
VMware Aria Suite Component VMware Aria Suite Component
deploys the VMware Aria Suite product

2.3 VMware Aria Suite Lifecycle 3.4 SDDC Manager and user
Workspace ONE Access connect the VMware Aria Suite
deploys Workspace ONE Access
product to the VI workload domain
2.2 SDDC Manager deploys
VMware Aria
VMware Aria Suite Lifecycle in
VMware Cloud Foundation mode Suite Lifecycle

2.1 SDDC Manager creates NSX Edge Cluster, Tier-0
the NSX Edge cluster and segments and Tier-1 Gateways,
for VMware Aria Suite components and Segments

2. VMware Aria Suite

NSX Edge Cluster, 3.3 SDDC Manager
Tier-0 and Tier-1 Gateways, creates the
and Segments NSX Edge cluster
SDDC Manager

NSX Manager
1.3 Cloud Builder deploys NSX Manager
virtual infrastructure and 3.2 SDDC Manager
SDDC Manager vCenter Server deploys virtual
vCenter Server
infrastructure
vSAN, NFS, VMFS on
vSAN FC, or vVols

3.1 User or VMware
1.2 User or VMware Imaging
Imaging Appliance
Appliance installs ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi
installs ESXi on
on the domain hosts
the domain hosts
1.1. User deploys
VMware Cloud Builder
Cloud Builder

1. Management Domain 3. Virtual Infrastructure Workload Domain

VMware, Inc. 17
Getting Started with VMware Cloud Foundation

Figure 4-2. Example Deployment Flow with NSX Federation

User deploys NSX Global User deploys NSX Global
NSX Global Manager, NSX Global Manager,
Manager for NSX Federation, Manager for NSX Federation,
Cross-Instance Tier-0 Cross-Instance Tier-0
configures federation, configures federation,
and Tier-1 Gateway, and Tier-1 Gateway,
and stretches the SDN and stretches the SDN
Cross-Instance Segment Cross-Instance Segment

SDDC Manager configures the vSAN Stretched Cluster vSAN Stretched Cluster SDDC Manager configures the
vSAN stretched cluster vSAN stretched cluster

4. More Deployment Options

2.4 VMware Aria Suite Lifecycle
VMware Aria Suite Component VMware Aria Suite Component
deploys the VMware Aria Suite product

2.3 VMware Aria Suite Lifecycle 3.4 SDDC Manager and user
Workspace ONE Access connect the VMware Aria Suite
deploys Workspace ONE Access
product to the VI workload domain
2.2 SDDC Manager deploys
VMware Aria
VMware Aria Suite Lifecycle in
VMware Cloud Foundation mode Suite Lifecycle

2.1 SDDC Manager creates NSX Edge Cluster, Tier-0
the NSX Edge cluster and segments and Tier-1 Gateways,
for VMware Aria Suite components and Segments

2. VMware Aria Suite

NSX Edge Cluster, 3.3 SDDC Manager
Tier-0 and Tier-1 Gateways, creates the
and Segments NSX Edge cluster
SDDC Manager

NSX Manager
1.3 Cloud Builder deploys NSX Manager
virtual infrastructure and 3.2 SDDC Manager
SDDC Manager vCenter Server deploys virtual
vCenter Server
infrastructure
vSAN, NFS, VMFS on
vSAN FC, or vVols

3.1 User or VMware
1.2 User or VMware Imaging
Imaging Appliance
Appliance installs ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi ESXi
installs ESXi on
on the domain hosts
the domain hosts
1.1. User deploys
VMware Cloud Builder
Cloud Builder

1. Management Domain 3. Virtual Infrastructure Workload Domain

Read the following topics next:

n Deploying the Management Domain

n Deploying VMware Aria Suite Lifecycle and Workspace ONE Access

n Deploying a Virtual Infrastructure Workload Domain

n Deploying Additional Availability Zones and VMware Cloud Foundation Instances

Deploying the Management Domain
The management domain of a VMware Cloud Foundation instance contains the components for
deployment and operation of virtual infrastructure for customer workloads. Following a certain
sequence of operations, you bring up VMware Cloud Foundation first. This operation deploys the
management domain. Then, you can proceed with deploying VMware Aria Suite products and VI
workload domains.

VMware, Inc. 18
Getting Started with VMware Cloud Foundation

Steps Description

0. Plan and prepare for the management domain deployment. Work with the technology team of your
organization on configuring the physical
servers, network, and storage in the data
center. Collect the environment details
and write them down in the VMware
Cloud Foundation Planning and Preparation
Workbook in Microsoft® Excel® spreadsheet
format (XLS).

1. Deploy the VMware Cloud Builder Appliance Deploy the VMware Cloud Builder appliance
on a laptop running VMware Workstation or
VMware Fusion, or on an ESXi host.

2. Prepare the ESXi Hosts for VMware Cloud Foundation Prepare a minimum of four ESXi hosts for
the management domain by manually installing
ESXi or by using the VMware Imaging
Appliance.

3. Deploy the management domain by using VMware Cloud Builder. Download the deployment parameter
workbook for VMware Cloud Builder for
VMware Cloud Foundation or for VMware
Cloud Foundation on Dell EMC VxRail
from VMware Customer Connect and fill
in the details for the management domain
deployment.
In the workbook, select key-based licensing
mode for VMware Cloud Foundation. You
can use the details from the VMware
Cloud Foundation Planning and Preparation
Workbook.
Then, upload the deployment parameter
workbook to VMware Cloud Builder.
After VMware Cloud Builder validates the
target environment against the specification in
the deployment parameter workbook, perform
bring-up of the management domain.
After bring-up is complete, the management
domain contains vCenter Server, vSAN, and
SDDC Manager.

Post-Deployment Configuration Configure the Repository After the deployment of the management
Settings for SDDC Manager domain, configure SDDC Manager with
repository credentials by using a VMware
Customer Connect account. In this way,
SDDC Manager can access the inventory
of installation and upgrade bundles on
depot.vmware.com. You can update the
components of VMware Cloud Foundation as
soon as an update is available.

VMware, Inc. 19
Getting Started with VMware Cloud Foundation

Steps Description

Configure backup of Optional.
management components. 1 Reconfigure SFTP Backups for SDDC
Manager and NSX-T Data Center

By default, backups of NSX-T Data Center
and SDDC Manager are stored on the SDDC
Manager appliance. You should change the
destination of the backups to an external
SFTP server to ensure you can recover
these components in the event of a failure.
2 File-Based Backup of SDDC Manager and
vCenter Server

You should also configure a backup
schedule for SDDC Manager and
management domain vCenter Server, and
export the vSphere Distributed Switch
configuration.

Configure certificate Optional. If you want to use SDDC Manager to
management in SDDC Manager. manage CA-signed certificates for management
components, prepare a Microsoft certificate
authority server, configure the integration
with SDDC Manager, and then update the
certificates for components for establishing a
secure communication to the components of
VMware Cloud Foundation.

Configure password To provide best security and proactively
management. prevent any passwords from expiring, rotate
passwords over a regular period according to
the security policy of your organization, for
example, every 90 days. You can use one of
these password rotation options:
n Auto-rotate passwords according to a
schedule in SDDC Manager.
n Manually rotate passwords.

Create an automation account. If you plan to use VMware Cloud Foundation
APIs in automation scripts, create a special
service account and generate tokens for
protected access to the automation platform.

Deploying VMware Aria Suite Lifecycle and Workspace ONE
Access
VMware Aria Suite Lifecycle is the foundation for automated deployment of VMware Aria Suite
products on VMware Cloud Foundation for operations management, logging and workload
provisioning. You use Workspace ONE Access that is integrated with VMware Aria Suite Lifecycle
for central role-based access control in VMware Aria Suite.

VMware, Inc. 20
Getting Started with VMware Cloud Foundation

Steps Description

0. Plan and prepare for the deployment of VMware Aria Work with the technology team of your organization on
Suite Lifecycle and Workspace ONE Access. configuring the physical servers, network, and storage in
the data center. Collect the environment details and write
them down in the VMware Cloud Foundation Planning and
Preparation Workbook in Microsoft® Excel® spreadsheet
format (XLS).

1. Set up routing and networks in NSX. 1 Deploy an NSX Edge Cluster

Deploy an NSX Edge cluster in the management
domain and application virtual networks.

SDDC Manager deploys the edge cluster and creates
Tier-0 and Tier-1 gateways for north-south and east-
west routing for management components in VMware
Cloud Foundation.
2 Deploy Application Virtual Networks

When SDDC Manager creates the NSX segments for
the application virtual networks, it connects them to
the NSX gateways. See Application Virtual Network
Design for VMware Cloud Foundation.

2. Deploy VMware Aria Suite Lifecycle. You deploy VMware Aria Suite Lifecycle in the
management domain. SDDC Manager provides inventory
information about the management domain in VMware
Aria Suite Lifecycle. SDDC Manager also configures the
NSX Tier 1 gateway to support the load balancer for the
cross-region solutions.

Post-Deployment Configuration of VMware Aria Suite n Replace the Certificate of the VMware Aria Suite
Lifecycle Lifecycle Instance

Upload a CA-signed certificate for trusted
communication to VMware Aria Suite Lifecycle
n Configure Data Center and vCenter Server in VMware
Aria Suite Lifecycle

Perform configuration procedures so that you can
manage the deployment and life cycle of VMware Aria
Suite.

3. Deploy Workspace ONE Access. Optional. If you want to provide centralized identity and
access management to VMware Aria Suite, deploy a
Workspace ONE Access instance and integrate it with
Active Directory.
For a clustered Workspace ONE Access instance,
VMware Aria Suite Lifecycle calls SDDC Manager to
configures the required NSX load balancer.

VMware, Inc. 21
Getting Started with VMware Cloud Foundation

Steps Description

Post-Deployment Configuration for VMware Aria Suite n Add the Workspace ONE Access Passwords to
Lifecycle and Workspace ONE Access VMware Aria Suite Lifecycle

Optional. Create separate passwords for the
administrator accounts for the VMware Aria Suite
Lifecycle global environment and Workspace ONE
Access.
n Image-Based Backup and Restore of VMware Cloud
Foundation

Optional. Create full virtual machine image-level
backup jobs by using a backup solution that is
compatible with VMware vSphere Storage APIs - Data
Protection (VADP).

4. Deploy a VMware Aria Suite solution that is required by Deploy a VMware Aria Suite solution in VMware Cloud
your SDDC design. Foundation and connect it with the platform and with
other VMware Aria Suite components to form a fully-
integrated cloud management system.
For information on deploying VMware Aria Suite
components and integrating them with the VMware Cloud
Foundation platform, see VMware Cloud Foundation
Validated Solutions.

Deploying a Virtual Infrastructure Workload Domain
After you deploy the management domain and VMware Aria Suite solutions in VMware Cloud
Foundation, following a certain sequence of operations, you create a VI workload domain to run
customer workloads with specific requirements.

vCenter Server and the NSX Manager cluster for the VI workload domain are deployed on
the management domain. You deploy the NSX edge cluster in the VI workload domain. See
Workload Domains in VMware Cloud Foundation.

VMware, Inc. 22
Getting Started with VMware Cloud Foundation

Steps Description

0. Plan and prepare for the VI workload domain Work with the technology team of your organization on
deployment. configuring the physical servers, network, and storage in
the data center. Collect the environment details and write
them down in the VMware Cloud Foundation Planning and
Preparation Workbook in Microsoft® Excel® spreadsheet
format (XLS).

1. Prepare the ESXi hosts and add them to VMware Cloud 1 Prepare ESXi Hosts for VMware Cloud Foundation
Foundation.
Prepare a minimum of three ESXi hosts for the VI
workload domain by manually installing ESXi.
2 Create a Network Pool

A network pool is a collection of subnets within a
Layer-2 network domain. Each ESXi host is assigned IP
addresses from this network pool for vSphere vMotion
and storage.
3 Commission Hosts

Adding hosts to the SDDC Manager inventory is
called commissioning. Add hosts individually or use
a JSON template to add multiple hosts at once.
SDDC Manager validates the specification of the hosts
against the requirements for operating in VMware
Cloud Foundation.
4 Add License Keys

Optional. Add license keys with sufficient capacity
and required feature scope for vSphere, NSX, vCenter
Server, and vSAN if used as principal storage. If the
licenses you provided for the management domain
at bring-up have enough capacity, you can use them
instead.

2. Deploy a VI Workload Domain. After the hosts are commissioned, deploy the VI workload
domain by using the automated workflow in SDDC
Manager.

3. Deploy an NSX Edge Cluster. Deploy an NSX Edge cluster in a vSphere cluster in the
VI workload domain to provide networking services and
connectivity to the external network for your workloads.

VMware, Inc. 23
Getting Started with VMware Cloud Foundation

Steps Description

4. Connect the VMware Aria Suite solution to the After you deploy the VI workload domain, use SDDC
workload domains. Manager to integrate it with the VMware Aria Suite
components in your environment.
For information on connecting VMware Aria Suite
components with the VMware Cloud Foundation platform,
see VMware Cloud Foundation Validated Solutions.

Post-Deployment Configuration n File-Based Backup of SDDC Manager and vCenter
Server

Optional. Configure a backup schedule and location for
the VI workload domain vCenter Server, and export the
vSphere Distributed Switch configuration.
n Configure certificate management in SDDC Manager

Optional. If you want to manage signed certificates for
management components of the VI workload domain,
use the SDDC Manager UI to update them.
n Configure password management

To provide best security and proactively prevent any
passwords from expiring, rotate passwords over a
regular period according to the security policy of your
organization, for example, every 90 days. You can use
one of these password rotation options:
n Auto-rotate passwords according to a schedule in
SDDC Manager.
n Manually rotate passwords.

Deploying Additional Availability Zones and VMware Cloud
Foundation Instances
After you initially deploy VMware Cloud Foundation in a single availability zone, following a
certain sequence of operations, you can expand the environment to multiple availability zones by
using vSAN stretched clusters or add another VMware Cloud Foundation instance connecting it
to the environment by using NSX Federation.

VMware, Inc. 24
Getting Started with VMware Cloud Foundation

Steps Description

Deploy multiple availability zones in the management 1 Plan and prepare for configuring the vSAN stretched
domain and in the VI workload domain. clusters.

Work with the technology team of your organization
on configuring the physical servers, network, and
storage in the data centers. Collect the environment
details and write them down in the VMware Cloud
Foundation Planning and Preparation Workbook in
Microsoft® Excel® spreadsheet format (XLS).
2 Deploy the vSAN witness appliance for the
management domain on a third site and configure the
vSAN stretched cluster for the management domain.
3 Deploy the vSAN witness appliance for the VI
workload domain cluster on a third site and configure
the vSAN stretched cluster for a vSAN cluster in the VI
workload domain.

Configure NSX Federation to add moreVMware Cloud 1 Plan and prepare for configuring NSX Federation.
Foundation instances.
Work with the technology team of your organization
on configuring the physical servers, network, and
storage in the data centers. Collect the environment
details and write them down in the VMware Cloud
Foundation Planning and Preparation Workbook in
Microsoft® Excel® spreadsheet format (XLS).
2 In the first VMware Cloud Foundation instance, deploy
an NSX Global Manager cluster for the management
domain. If you plan to implement customer workload
mobility across physical locations, deploy an NSX
Global Manager cluster for the VI workload domain
too.

Activate NSX Federation by setting each NSX Global
Manager in the first instance as active. Connect
the NSX Global Manager to the local NSX Manager
and prepare Tier-0 and Tier-1 gateways and NSX
segments for stretched networking.
3 Deploy a second VMware Cloud Foundation instance.
4 Deploy manually one or more NSX Global Manager
clusters in the second VMware Cloud Foundation
instance.

Set each NSX Global Manager in the second
VMware Cloud Foundation instance as standby in
the federation. Connect it to the local NSX Manager
and complete the configuration of Tier-0 and Tier-1
gateway and NSX segments for stretched networking
according to the requirements for workload mobility.
5 Add more VMware Cloud Foundationinstances
connecting their local NSX Managers to the dedicated
NSX Global Manager in the first instance.

VMware, Inc. 25
VMware Cloud Foundation
Glossary 5
In VMware Cloud Foundation, you perform specific operations and use unique constructs for
automated SDDC deployment and maintenance.

Term Description

availability zone A collection of infrastructure components. Each availability zone is isolated from the
other availability zones to prevent the propagation of failure or outage across the data
center. In VMware Cloud Foundation, you implement availability of workloads across
availability zones by using vSAN stretched clusters.

Application virtual networks Virtual networks backed by overlay or VLAN NSX segments using the encapsulation
(AVNs) protocol of VMware NSX. An AVN uses a single IP address space to span across data
centers.

bring-up Deployment and initial configuration of a VMware Cloud Foundation system. During
the bring-up process, the management domain is created and the VMware Cloud
Foundation software stack is deployed on the management domain.

commission a host Adding a host to VMware Cloud Foundation inventory. The host becomes unassigned.

composability The ability to dynamically configure servers to meet the needs of your workloads
without physically moving any hardware components. You bind disaggregated
hardware components (compute, network, storage, and offload components) together
to create a logical system based on the needs of your applications.

dirty host A host that has been removed from a cluster in a workload domain. A dirty host cannot
be assigned to another workload domain until it is decommissioned, re-imaged, and
commissioned again.

decommission a host Removing an unassigned host from the VMware Cloud Foundation inventory. SDDC
Manager does not manage decommissioned hosts.

NSX Edge cluster A logical grouping of NSX Edge nodes. These nodes run on a vSphere cluster, and
provide north-south and east-west routing and network services for the management
or VI workload domain.

free pool Hosts in the VMware Cloud Foundation inventory that are not assigned to a workload
domain.

host A server that is imaged with the ESXi software.

install bundle Contains software for VI workload domains and VMware Aria Suite Lifecycle. You
can use an install bundle to deploy later versions of the software components in a
new VI workload domain than the versions in the Bill of Materials for VMware Cloud
Foundation.

inventory Logical and physical entities managed by VMware Cloud Foundation.

VMware, Inc. 26
Getting Started with VMware Cloud Foundation

Term Description

key-based licensing mode A workload domain is in key-based licensing mode when you use the domain's
management components under perpetual or term licenses.

keyless licensing mode A workload domain is in keyless licensing mode when you use the domain's
management components under a cloud-connected subscription. After a workload
domain is deployed in or converted to keyless licensing mode, switching back to key-
based mode is not possible.

Kubernetes - Workload With Kubernetes - Workload Management, you can deploy and operate the compute,
Management networking, and storage infrastructure for vSphere with Tanzu workloads. A vSphere
with Tanzu workload is an application with containers running inside vSphere pods,
regular VMs, or Tanzu Kubernetes clusters.

Lifecycle Manager (LCM) Automates patching and upgrading of the software stack.

management domain One or more vSphere clusters of physical hosts that contain the management
component VMs, such as vCenter Server, NSX Manager cluster, management NSX
Edge cluster, SDDC Manager, and so on. The management domain supports only vSAN
storage.

network pool Automatically assigns static IP addresses to vSAN and vMotion VMkernel ports so that
you don't need to enter IP addresses manually when creating a VI workload domain or
adding a host or cluster to a workload domain.

update bundle Contains software to update the VMware Cloud Foundation components in your
management or VI workload domain.

principal storage Required for each vSphere cluster, containing the data of the virtual machines in the
cluster. For the management domain, only vSAN principal storage is supported. For a
VI workload domain, you set the principal storage when creating the domain or when
adding a cluster to the domain. You cannot change the principal storage later. See also
supplemental storage.

SDDC Manager A software component that provisions, manages, and monitors the logical and physical
resources of a VMware Cloud Foundation system. SDDC Manager provides the user
interface for managing VMware Cloud Foundation, CLI-based administrator tools, and
an API for further automation.

server A bare-metal server in a physical rack. After imaging, it is referred to as a host.

supplemental storage Extends the capacity of the workload domain for hosting more virtual machines or
storing supporting data, such as backups. You can add or remove supplemental
storage to clusters in the management or VI workload domain at any time.

unassigned host A host in the free pool that does not belong to a workload domain.

vSphere Lifecycle Manager A vCenter Server service, which is integrated with VMware Cloud Foundation, that
(vLCM) enables centralized and simplified life cycle management of ESXi hosts.

virtual infrastructure (VI) One or more vSphere clusters that contain customer workloads. VMware Cloud
workload domain Foundation scales and manages the life cycle of each VI workload domain
independently. The vCenter Server instance and NSX Manager cluster for a VI workload
domain are physically located in the management domain, while the NSX edge nodes -
on the VI workload domain.

VMware, Inc. 27
Getting Started with VMware Cloud Foundation

Term Description

vSphere Lifecycle Manager A grouping of multiple bulletins. You can attach a baseline to an ESXi host and check
baseline the compliance of the host against the associated baseline. According to the type
of content, baselines are patch baselines, extension baselines, and upgrade baselines.
SDDC Manager creates the required baseline and baseline group for updating a cluster
in a workload domain.

vSphere Lifecycle Manager A precise description of the software, components, vendor add-ons, and firmware to
image run on an ESXi host. You set up a single image and apply it to all hosts in a cluster, thus
ensuring cluster-wide host image homogeneity.

workload domain A policy-based resource container with specific availability and performance attributes
that combines vSphere, storage (vSAN, NFS, VMFS on FC, or vVols) and networking
(VMware NSX) into a single consumable entity. A workload domain can be created,
expanded, and deleted as part of the SDDC life cycle operations. It can contain clusters
of physical hosts with a corresponding vCenter Server instance to manage them.
VMware Cloud Foundation supports two types of workload domains - the management
domain and one or more VI workload domains.

VMware, Inc. 28