VMware Cloud Foundation Class Notes PDF

Summary

These notes provide an overview of VMware Cloud Foundation, a fully integrated cloud platform for compute, storage, networking, security, and cloud management. Topics covered include functionalities, components, and architectures.

Full Transcript

Title

Location

VMware Cloud Foundation FAQs

VMware Cloud Foundation Resource Center

VMware Cloud Foundation (VCF) Blog

VMware vSAN Documentation

VMware vSphere Documentation

Resource Center

VMware Cloud Foundation provides a fully integrated cloud platform that
is built on software-defined services for compute, storage, networking,
security, and cloud management.

VMware Cloud Foundation also provides the following capabilities:

- Automated deployment and configuration of the VMware Cloud
Foundation software components

- Life cycle management

- Support for traditional and new workloads

- Pathway to hybrid cloud environments

VMware Cloud Foundation can be consumed in private or public
environments.

VMware Cloud Foundation makes operating the data center simpler by
deploying a standardized and validated architecture with built-in life
cycle automation for the entire cloud stack.

VMware Cloud Foundation includes intrinsic security built into every
level of the infrastructure, from micro-segmentation at the networking
layer to encryption at the storage layer.

VMware Cloud Foundation provides a standardized and configured
infrastructure for vSphere with Tanzu.

VMware Cloud Foundation Software Bill of Materials

VMware Cloud Foundation contains several VMware Software-Defined Data
Center (SDDC) products.

SDDC Manager automates the life cycle management of all components
deployed through VMware Cloud Foundation. Each release of VMware Cloud
Foundation includes an updated BOM. SDDC Manager is responsible for
updating software components to match the updated BOM. All software
updates must be performed in SDDC Manager to ensure full compatibility
and consistency with SDDC Manager inventory information.

You can use VMware Aria Suite Lifecycle to deploy VMware Aria
Automation, VMware Aria Operations, VMware Aria Operations for Logs, and
Workspace ONE Access. VMware Aria Suite Lifecycle determines which
versions of these products are compatible and only allows you to install
or upgrade to supported versions.

A screenshot of a computer Description automatically generated

**Components**

Framework -- Support Cloud Op Model

On Prem acts like a cloud

Cloud Mgmt -- Compute-Storage-Networking (wrapped in security)

Automation and Configuration

Workflow and then Validation

Traditional hw on prem and cloud (hybrid cloud approach ok)

Cloud Builder 5.2 -- used once to build mgmt. domain

SDDC Mgr 5.2 -- Star of the show, brains of Ops, perform initial
configuration -- like vSphere client login -- everything coordinated
from here. Automation of build out of environment

vCenter 8.0 Appliance, esxi 8 -- base of resources and ops

VSAN witness appliance 8.0 -- manage storage without 3^rd^ party

NSX 4.2 -- networking / routing and switching east/west and handles n/s
routing to peer to top of rack or physical routers

Aria Suite Lifecycle 8.18 -- day 2 ops capabilities. Large suite of
products

Architecture and Components

VMware Cloud Foundation includes the following components:

- VMware Cloud Builder is a virtual appliance used to perform the
initial deployment of the management domain. VMware Cloud Builder
validates information provided by the user, such as credentials,
DNS, and network settings, and it configures all the VMware Cloud
Foundation components accordingly.

- The management domain is purpose-built to house the management
components of VMware Cloud Foundation, and it is deployed as part of
the initial bring-up process using the VMware Cloud Builder virtual
appliance. The bring-up process refers to the initial configuration
and deployment of a new VMware Cloud Foundation instance. During the
bring-up process, the management domain is created and the VMware
Cloud Foundation software stack is deployed.

After the bring-up process is complete, the management domain contains
[a four-node vSphere cluster], configured with [vSAN
storage] and prepared for [NSX]. It also
includes a vCenter appliance, an NSX Management cluster, and the SDDC
Manager appliance.

- SSDC Manager serves as a central point to configure and operate the
VMware Cloud Foundation instance.

- vSphere provides the core virtualization platform for VMware Cloud
Foundation and includes ESXi hosts and vCenter.

- vSAN aggregates local storage devices on ESXi hosts and creates a
single shared storage pool for usage in the VMware Cloud Foundation
instance.

- NSX provides consistent networking and security across the VMware
Cloud Foundation instance.

- vSphere with Tanzu transforms vSphere into a platform for running
Kubernetes workloads natively.

- VMware Cloud Foundation supports the automated deployment of VMware
Aria Suite Lifecycle. You can then use VMware Aria Suite Lifecycle
to deploy and manage the life cycle of Workspace ONE Access and the
VMware Aria Suite of products (VMware Aria Automation, VMware Aria
Operations, VMware Aria Operations for Logs, and VMware Aria
Operations for Networks).

- Actual virtualized workloads, such as applications and services, run
in VI workload domains. VI workload domains are deployed from SDDC
Manager. When the first VI workload domain is created, a new vSphere
cluster with a dedicated vCenter instance is deployed along with a
dedicated (separate) NSX instance. The vCenter and NSX management
components of a VI workload domain are physically located in the
management domain, allowing for management and workload separation.

Cloud Builder -- Used once, deploy mgmt. domain (all mgmt. components
live -- vcenters, nsx mgrs., aria, id mgr -- initial bring up -- sddc
mgr -- initiate other workflows going forward)

- Deploys and configures vCenter

- Creates vSAN cluster using 4 esxi hosts

- Host networking and cluster features

- NSX mgr cluster

- Host networking to support NSX

- NSX transport zones and configures tunnel end points (TEPs)

- Can remove vm once build out but can keep it to build other
instances, etc

- As part of the initial bring-up process, VMware Cloud Foundation
requires that you deploy a VMware Cloud Builder virtual appliance.
VMware Cloud Builder automates the deployment process of all the
components of the management domain.

- VMware Cloud Builder uses configuration settings taken from a
user-defined parameter sheet to configure settings for each
component that it deploys.

- VMware Cloud Builder first creates a management cluster using four
ESXi hosts, which must be on hardware supported by vSAN and
pre-imaged with the ESXi build specified in the software BOM.

- VMware Cloud Builder configures host networking and cluster features
such as the distributed virtual switch and its associated port
groups.

- VMware Cloud Builder creates NSX transport zones and configures
TEPs. An NSX transport zone defines a collection of transport nodes
that can communicate with each other across a physical
infrastructure over one or more interfaces called TEPs.

- Although the ESXi hosts must be pre-imaged and configured with basic
infrastructure settings, such as NTP, DNS, and certificates, further
vSphere specific configurations must not be performed, otherwise the
bring-up process might fail.

Maintains and inventory of managed objects

Provides HTLM5 UI and API gateway

Deploys & configures software solutions

Orchestrates the following tasks:

Software updates on managed objects

Configuration tasks on managed objects

Maintains network pools for consumption by managed objects

Creates and manages vi workload domains

Integration with esxi

Mgmt. using vsphere client

Policy-based storage consumption

Consistent and best performance

Stretched cluster capability

All-flash and hybrid configurations

Support for OSA and ESA

Dedup and compression (all-flash only)

Native health service

Ops

Networking, log, op control, automation

ESXi/vCenter/vSAN -- pillar basis of compute, memory, std resources

- vSphere provides the core virtualization platform for VMware Cloud
Foundation.

- vSphere comprises the following key products:

- ESXi: Compute platform in which you create and run VMs and other
workloads

- vCenter: Service used to manage multiple ESXi hosts and provide
vSphere vMotion and vSphere High Availability functionalities

- Platform Services Controller: Instance embedded in vCenter that
provides common services, such as vCenter Single Sign-On, vSphere
License Service, and VMware Certificate Authority

- - vSphere is the most commonly used and widely known component of
a VMware Cloud Foundation instance. As an administrator, you might
already be familiar with vSphere and how to configure and administer
its components. However, you must understand the implications of
making changes to settings in vSphere that SDDC Manager sets
automatically. Changing generated settings, such as NTP, DNS, or VM
names, might result in unpredictable results.

vSAN -- build out mgmt. domain (bring up from scratch -- also supports
external storage)

- vSAN aggregates local storage devices on ESXi hosts and creates a
single shared storage pool for all hosts in the vSAN cluster.

- vSAN provides the following capabilities:

- Integration with the ESXi hypervisor

- Management using the vSphere Client

- Policy-based storage consumption

- Stretched cluster capabilities

- All-flash and hybrid configurations

- Support for both OSA and ESA architectures

- Deduplication and compression (all-flash only)

- Data-at-rest encryption

- Native health service

Tanzu (modern apps)-- kuernetes workloads directly on esxi hosts and
create upstream Kubernetes clusters in dedicated resource pools

Called workload management in vCenter

Workload Domain example

Tanzu

Mgmt (NSX vc), mgmt. wd-01, wd-02

- vSAN aggregates local storage devices on ESXi hosts and creates a
single shared storage pool for all hosts in the vSAN cluster.

- vSAN provides the following capabilities:

- Integration with the ESXi hypervisor

- Management using the vSphere Client

- Policy-based storage consumption

- Stretched cluster capabilities

- All-flash and hybrid configurations

- Support for both OSA and ESA architectures

- Deduplication and compression (all-flash only)

- Data-at-rest encryption

- Native health service

![A screenshot of a computer Description automatically
generated](media/image2.png)

vSphere and VCF Licensing

VMware Aria Suite

- vSAN aggregates local storage devices on ESXi hosts and creates a
single shared storage pool for all hosts in the vSAN cluster.

- vSAN provides the following capabilities:

- Integration with the ESXi hypervisor

- Management using the vSphere Client

- Policy-based storage consumption

- Stretched cluster capabilities

- All-flash and hybrid configurations

- Support for both OSA and ESA architectures

- Deduplication and compression (all-flash only)

- Data-at-rest encryption

- Native health service

vSphere 8.0u2b and VCF 5.1.1 and \>

**[VVF]** - vSphere Foundation (vSphere previously and
limited)

vCenter, vSphere with Tanzu, ESX iand vSAN (100GB per core)

and access to standard features in aria suite

lifecycle, ops, logs

not as streamlined as VCF

potential add-ons

Edge, load balancer, intelligence services

**[VCF]** (access to all)

SDDC Manager, vSphere, NSX (not security piece), Aria Suite, VSAN, AON
(aria ops for networking), HCX, Data Service Manager (DSM)

Add-ons

- Live Site Recovery, live cyber recovery, security part of NSX,
firewall and atp, load balancer, and tanzu, also Private AI
Foundation (PIAF) -- new processor capabilities -- cloud operation
model

Applying Licenses --

Solution License Key

Add directly to vCenter

ESXi, vCenter, Tanzu

After applying solution license key, adding vCenter to aria, nsx, hcx,
these features auto entitle themselves with VCF Until then they are in
eval mode

Look for more automation on licensing in the future

Brownfield Deployment --

Standing up mgmt. domain, import and convert features brand new
(resources need to be there)

VCF 5.1.1 and vSphere 8.0 u2b working

Individual keys appear in licensing portal

If running vcf \< 5.1.1 must downgrade solution key

Manually apply individual components

License required for VMware Load Balancer Add-On

VCF

Which VMware Cloud Foundation component aggregates local storage devices
on ESXi hosts and creates a single shared storage pool across all hosts

VSAN

Planning and Preparing VCF Design

Workload Domain Types --

(generic term)

1. Management Workload Domain -- 1 per VCF instance (all mgmt.
components, sddc mgr, vcener, aria, nsx manager, etc)

2. Workload Domains -- VI (vsphere based -- std to types of clusters in
vsphere -- also enabled for tanzu, other specialized like virtual
desktops)

Purpose based -- follow same kind of policy

Control role-based access

3. Single Sign On (isolated VI workload domain) -

a. 14 workload domains limited to SSO + 1 mgmt domains = 15 total
(vcenter limit)

Architecture Types

1. Consolidated -- (small environments)

a. Compute workload co-reside in the mgmt. workload domain

b. vSphere cluster shares resource pools

c. vSphere with tanzu and Kubernetes are supported

d. Can scale out to Standard Architecture

2. Standard

e. mgmt. domain is DEDICATED to mgmt. components

f. VI workload domains run customer workloads

MGMT Domain Features

- includes all the components required to enable centralized
administration, automation, and monitoring of the entire
software-defined data center (SDDC) stack

- Hosts (min of 4) - SDDC Manager, which deploys the VI workload
domains

- Can optionally include VMware Aria Suite components

- Consists of a minimum of four hosts

- Built using vSAN storage

MGMT Domain Decisions

Consolidated or Standard

How many nodes? (min 4 hosts -- for vSAN)

Sizing of ESXi host

Disk groups, physical disk infrastructure, all-flash (best performance)

OEMs help with this

Business Continuity

Availability Zones

Stretched design (10GB throughput, less than 5 ms latency)

150 ms latency between instances

Run mgmt. components in AZ1 for example

AZ2 will be the backup for this

Advantage of multiple zones

Single

All flash vSAN

Optional nfs supplemental storage

Multiple Availability zones

Min of 8 hosts in stretched cluster

vSAN witness appliance in a 3^rd^ location

vSAN stretched cluster required as first cluster

min 4 hosts in EACH availability zone

All-flash

Optional nfs supplemental storage

VMware Validated Solutions

Framework

Design

Detailed Design

Planning and prep

Implementing procedures (UI)

Operational guidance

Solution interoperability

For more information, see \"VMware Validated Solutions\"
at .

See the introductory video on VMware Validated Solutions
at .

**[Isolated workload domain means SSO (single sign on)]**

Design Decisions

Requirement, justification, implication

Planning and Preparation Workbook (Excel Spreadsheet)

Which tab in the VMware Cloud Foundation Planning and Preparation
Workbook provides a summary of the infrastructure configuration
requirements that must be met before you deploy VMware Cloud Foundation?

- **SDDC Inputs** tab

- **Infrastructure** tab

- **Management Domain Sizing Inputs** tab

- [Prerequisite Checklist tab]

Configuration of Final Environment Statistics

Management TAB

What characteristics of Management Domain?

VSAN Storage

Hosts SDDC Manager

Not 3 or 5 hosts and not NSX storage

Deployment

Management Domain -- automated based on workbook, cloudbuilder

Replacing Certs

1. Install ESXi host

2. Validate TSM-SSH service running

3. Use DCUI or SSH to login

4. Rename existing Certs in /etc/vmware/ssl

5. Copy new signed Certs to /etc/vmware/ssl

6. Rename new certs to replace old certs

7. Stop SSH

Convert Deployment Param excel to JSON file and add cert details

1. Use SSH to VMware Cloud Builder Appliance

2. Copy deply params workbook to /hom/adm

3. Run./sos -- jsongenerator --
jsongenerator-input./name.xlsx---jsongenerator-design output
location (routing info, host name, ip of dns, ntp servers, etc)

4. Copy file to deployment system and provide json

5. Edit json file to include cert

6. Upload deploy params

7. Convert worksheet

8. Update json file

9. Cloud builder implements json cert for each host

Esxi hosts (4)

Deploying VCF

VSAN

Image (OEM) -- LCM

SSH/NTP -- turn on

VMK portal configure for (MGMT) on standard switch

VSAN Capacity (do not configure! Automated by cloud builder appliance)

Cloud builder needs to run on another ESXi host - used to bring up the
first cluster of the management domain

Parameter workbook deployed / imported into cloud builder to build out
mgmt. domain

Extensive set of validations (descriptive) -- go back and change and
then deploy

SDDC Manager gets deployed

vCENTER -- Mgmt VMs

NSX Mgmt cluster -- networking /mgmt. domains -- 3 appliances and VIP

Bring up -- build up distributed switch, auto deletes standard

DO NOT PRE-BUILD

AUTOMATED!

Bring Up Process -- Cloud builder bringing up mgmt. domain. Cloud
builder is no longer needed after this. SDDC manager works thereafter to
bring up all workload domains

[https://core-vmware.bravais.com/api/dynamic/documentVersions/30263/files/595722/media/\_VCF/CloudFoundation/VCFDCM52/Lecture/M03/M
3 slide
21.svg](https://core-vmware.bravais.com/api/dynamic/documentVersions/30263/files/595722/media/_VCF/CloudFoundation/VCFDCM52/Lecture/M03/M%203%20slide%2021.svg)

A screenshot of a computer Description automatically generated

Not included in Cloud Builder --

VSAN Witness appliance (for vSAN stretched)

VMware Aria Suite Lifecycle (must be downloaded in SDDC manager AFTER
deployment)

Deployment Workbook is Uploaded to Cloud Builder

![A screenshot of a computer Description automatically
generated](media/image4.png)

vSphere Lifecycle manager cluster image -- includes

ESXi software

Drivers

Firmware

Configuration Settings for ESXI hosts (network, security, adv)

Vendor add-ons

Security Patches

A screenshot of a computer Description automatically generated

In the example, vSphere Lifecycle Manager cluster imaging was enabled in
the Deployment Parameters Workbook, resulting in ESXi cluster
homogeneity checks during validation.

Cloud Builder can be deployed on ESXi, Workstation Pro, Fusion Pro

Lab on Deployment


Preliminary SDDC Setup Tasks

Wizard

Configure NSX mgr and SDDC mgr backups (backup server)

Register server

Configure setup

Hourly, weekly, what time

Whenever SDDC mgr completes a task

Connect to ID provider

Types --

Embedded, AD\_FS, Okta, Mocrosoft Centra ID, Ping Federate

A screenshot of a computer Description automatically generated

Single sign-on

Multiple vcenter single sign-on capable

![A diagram of a cloud foundation Description automatically
generated](media/image8.png)

Embedded

AD over LDAP or Open LDAP

ID Source Name

Base Distinguished Name for Users

Base Distinguished Name for Groups

Domain

Alias

User Name/Pwd

Certificates (for LDAPS)

A screenshot of a computer Description automatically generated

Connect to Online Depot

Download bundles of software

There is an offline bundle utility also

![A screenshot of a computer Description automatically
generated](media/image10.png)

**USER MANAGEMENT**

SDDC Manager

Admin, Operator, Viewer roles are in SDDC Manager

Admin -- access to all functionality of the UI and API

Operator -- cannot access user mgmt., pwd mgmt. or backup configuration
settings

Viewer role can only view. User mgmt. and pwd mgmt. are hidden

**INSIDE SDDC MANAGER**

Change host and other component passwords

Deploy/configure NSX Edge

Adding hosts to existing cluster

Creating new cluster

**OUTSIDE SDDC MANAGER**

Changing roles and permissions for AD user & group

Adding new resource pools

Creating port groups

Applying updated license keys to vSphere that are added to SDDC Mgr

**Safeguarding VCF Components**

Restrict access so vSphere admins can only access their assets and
educate about potential damage

Restrict access to actions that can affect VCF assets and create
procedures for rquesting changing through SDDC mgr

Customers must assess their current admin methodologies

Most restrictive approach

NSX mgr and SDDC mgr -- E/W conflict potential

Restrict access for each nsx admin

Restrict access that can affect VCF

**User-created service accounts**

API accounts

Benefit --

Aria Automation

Aria Orchestrator

Custom Apps that make API calls to VCF

**System-Created service accounts**

Auto created and removed by system as needed

Appear in SDDC mgr UI, you can rotate pwds as desired

SDDC mgr and each ESXi host

Aria suite lifecycle and vCenter

NSX mgr and vCenter

Naming convention -- svc on prefix

Ex; svc-vcf-esxi-1

A screenshot of a computer Description automatically generated

VMware123!

Administration Drop Down

Access Control

Global Permissions

Vclass.local\\vcfadmin

SDDC manager

VMware 123!

Administration/Single Sign On

Add user to group

![A screenshot of a computer Description automatically
generated](media/image12.png)

Add operator role to account called VCFPriv


**Api Commands to do specific tasks**

Developer Center

API Explorer

Users

Get V1roles

Execute -- run command for us

Actual output is below -- simple

Copy id given

Post section

Expand it

Try it out section

User expand link

A screenshot of a computer Description automatically generated

Copy API Key

![A screenshot of a computer Description automatically
generated](media/image16.png)

Issue a post command with this service account

Executing a command

Tokens section

Post /v1/tokens

Token creation specs, enter API key from above

A screenshot of a computer Description automatically generated

Password Management

ESXi host

vCenter Server Appliance

NSX Mgr

NSX Edge

Aria Suite Lifecycle

Other Aria products when deployed in aware mode

SDDC Manager backup user

Other VMware solutions integrate in VCF -- use pwd mgmt. practices

**Best Practices**

NSX -- 12 character minimum

VCF 5.2 -- 15 character password requirement

1 uppercase

1 special character

1 numerical

Change immediately after deployment

Rotate at least 90 days

Schedule pwd rotation in SDDC mgr

NOT available on ESXI hosts

Monitor fo expiration

Secure up-to-date copies according to company

Rotating Passwords

Rotate All -- change for all selected accounts

Rotate Now -- immediately change pwd for 1 or more selected

(subset of all)

Schedule Rotation -- automation

30,60,90 days schedule from enabled date (or disable schedule)

Enables auto-rotate auto for vcenter service accounts

NOT available for ESXi hosts

Runs at midnight, per NTP Source time zone

Rotate Password

Default policy --

20 characters in length

1 upper case letter

1 number

1 special character (@,\#,\$,\^,\*)

No more than 2 same characters consecutive

Auto rotate auto enabled for vcenter

May take up to 24 hours

 .

Update Password (update sync entity with SDDC mgr)

Remediate Password (SDDC mgr to entity)

Lookup\_passwords command -- ssh to SDDC manager

(taking over existing environment)

Exceptions --

Passwd command on Linux command line to change passwords for root and
vcf accounts

Use api change to change pwd for api calls

SDDC manager uses admin account for internal API calls -- change this
one!

(key to everything)

Password expire notice -- scheduled job that runs in SDDC manager

Access sddc manager with ssh as vcf account

Su

Passwd

Passwd root

Passwd vcf

API admin password

Use ssh to access sddc manager as vcf, su to root, run -

To change the API admin password:

- Access SDDC Manager with SSH as the vcf account.

- Run the su command to change to the root account.

- Run the -
**[/opt/vmware/vcf/commonsvcs/scripts/auth/set-basicauth-password.sh
admin \]**

![A screenshot of a computer Description automatically
generated](media/image18.png)

API Commands

Access Token -- refreshed every hour

Refresh Token -- refreshed every 24 hours

Pair sent together from SDDC manager to External Application

Uses

Manage VCF assets

User Cred mgmt.

Manage networking, including Application Virtual Network (AVN) and
network pools

Perform Lifecycle mgmt.

Create & mg vcenter clusters and workload domains

Manage multiple instances

List local OS user accts

For information about how to use the complete list of available APIs,
see the VMware Cloud Foundation API Reference Guide
at 

API Explorer Tab in Developer Center

List of components, search option. Expand to show code

PowerCLI

Command line tool

Example

Most power is in API call and not Powercli

![A screenshot of a web page Description automatically
generated](media/image20.png)

A close-up of a computer code Description automatically generated

Lookup password command line

![A screenshot of a computer Description automatically
generated](media/image22.png)

A screenshot of a computer Description automatically generated

API

Developer

Api explorer tab

Credentials (expand)

Get /v1/credentials

Try It Out Section

ResourceType -- ESXi

Account Type -- USER

Execute

![A screenshot of a computer Description automatically
generated](media/image24.png)

Can also download response body (json file) -- to downloads folder

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image26.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image28.png)

A screenshot of a computer Description automatically generated

![A screenshot of a computer Description automatically
generated](media/image30.png)

vSphere Foundation Licensing

- Sphere Foundation gives you access to VMware Aria, vSphere, and vSAN
products.

- - When you purchase vSphere Foundation, you receive the following
licensing keys in your licensing portal:

- The solution key, which is used to unlock all vSphere Foundation
features including vSphere, vSAN (100 GB entitlement per core
configured for vSAN), VMware Aria Suite Standard, vCenter Standard,
and Tanzu Kubernetes Grid.

- vSphere 8 Enterprise Plus for vSphere Foundation is the solution key
for VMware vSphere Foundation.

- This solution key supports vCenter 8.0 Update 2b or later.

- The license keys for all other products included in VMware vSphere
Foundation:

- VMware Aria Suite Standard 8 for vSphere Foundation

- VMware Tanzu Kubernetes Grid for vSphere Foundation

- VMware vCenter 8 Standard for vSphere Foundation

- With VMware vSphere Foundation, you can optionally purchase
licensing add-ons to gain access to additional solutions.

- - VMware Cloud Foundation Licensing

- With VMware Cloud Foundation, you have access to the complete VMware
product catalog.

- - When you purchase VMware Cloud Foundation, you receive the
following licensing keys in your licensing portal:

- The solution key, which is used to unlock all VMware Cloud
Foundation features including vSphere, NSX Networking, VMware Aria
Suite Enterprise, VMware Aria Operations for Networks, HCX, SDDC
Manager, vCenter, Tanzu Kubernetes Grid, and Data Services Manager:

- vSphere 8 Enterprise Plus for VMware Cloud Foundation is the
solution key for VMware Cloud Foundation.

- This solution key supports vCenter 8.0 Update 2b or later, and it
requires VMware Cloud Foundation 5.1.1 or later.

- vSAN features continue to require a separate vSAN license key.

- The licenses keys for all other products included in VMware Cloud
Foundation:

- VMware NSX Networking for Cloud Foundation

- VMware Aria Term Suite Ent 8 for Cloud Foundation

- VMware Aria Operations for Networks Ent 6 for Cloud Foundation

- VMware HCX Enterprise for Cloud Foundation

- VMware HCX Advanced for Cloud Foundation

- VMware SDDC Manager for Cloud Foundation

- VMware vCenter Server 8 Standard for vSphere Foundation

- VMware Tanzu Kubernetes Grid for Cloud Foundation

- VMware Data Services Manager for Cloud Foundation

- VMware vSAN 8 for Cloud Foundation (supports vCenter 8.0.0a and
above)

- For additional information, see \"VMware Cloud Foundation and
vSphere Foundation Solution License Key\" at
https://knowledge.broadcom.com/external/article?legacyId=97303.

- VMware Cloud Foundation Add-Ons

- With VMware Cloud Foundation, you can optionally purchase licensing
add-ons to gain access to additional solutions.

- - Applying a Solution License Key in a Greenfield Deployment

- You follow these steps to apply a new VMware Cloud Foundation
solution license when running VMware Cloud Foundation 5.1.1 or later
and vSphere 8.0 Update 2b or later:

- Retrieve the solution license key from the licensing portal.

- Add the key directly to vCenter.

- Manually assign the solution keys:

- vCenter

- ESXi hosts

- Tanzu Kubernetes Grid Supervisor clusters

- After applying the solution license key to vCenter and adding
vCenter to VMware Aria, NSX, and HCX, these features automatically
entitle themselves with VMware Cloud Foundation. Until then, they
run in Evaluation mode.

- The step to manually assign the solution key to vCenter, ESXi hosts,
and Tanzu Kubernetes Grid Supervisor clusters will be automated in a
future release. For larger environments, use the Bulk Licensing
Option in the vSphere UI.

- Applying a Solution License Key in a Brownfield Deployment

- When you purchase a VMware Cloud Foundation license in a brownfield
deployment:

- You receive the vSphere 8 Enterprise Plus for VCF solution license
key, which is only supported in environments running VMware Cloud
Foundation 5.1.1 and vSphere 8.0 Update 2b or later.

- All individual component license keys also appear in your licensing
portal so that you are not forced to upgrade your brownfield
environment.

- If you are running a VMware Cloud Foundation version earlier than
5.1.1 or a vSphere version earlier than 8.0 Update 2b, you must
downgrade the solution key.

- You use the provided solution license key as a vSphere component
license key, and you manually apply the individual component license
keys to the solutions in your brownfield environment.

- The license key downgrade is a step-by-step process. Using the
VMware Cloud Foundation solution key, you can downgrade to a vSphere
8 component license key. You can then use to vSphere 8 component
license key to downgrade to version 7 and then to version 6, if
necessary. When you are ready to upgrade to VMware Cloud Foundation
5.1.1 or vSphere 8.0 U2b, you can upgrade the vSphere component
license key back to the solution license key using the inverse path.

- For more information about downgrading the solution key, see
\"VMware Cloud Foundation and vSphere Foundation Solution License
Key\" at

A screenshot of a computer Description automatically generated