Certicate Authority (optional)
The components of the SDDC require SSL certicates for secure operation. During deployment, self-signed certicates are used for each
of the deployed components. These certicates can be replaced with certicates that are signed by an internal enterprise CA or by a third-
party commercial CA.
If you plan to replace the self-signed certicates, the CA must be able to sign a Certicate Signing Request (CSR) and return the signed
certicate. All endpoints within the enterprise must also trust the root CA of the CA.
If you plan to deploy vRealize Automation, a Certicate Authority is required, and the certicates are required during installation.
Physical network requirements
Before deploying Cloud Foundation, congure the physical network to enable the following features:
• VLAN Tagging (802.1Q)
• Jumbo frames
– A minimum MTU value of 1600 is required, however it is recommended that you set the MTU to 9000.
Network pools
Cloud Foundation uses a construct that is called a network pool to automatically congure VM kernel ports for vSAN, NFS, and vMotion.
Cloud Foundation uses an Internet Protocol Address Management (IPAM) solution to automate the IP conguration of VM kernel ports for
vMotion, vSAN, and NFS (depending on the storage type being used).
When a server is added to the inventory of Cloud Foundation, it goes through a process called host commissioning. During this process, the
hosts are associated with an existing network pool. When the host is provisioned during the create VI workload domain, add cluster, or add
host workow, it automatically congures the VMkernel ports and allocates IP addresses for vMotion, vSAN, and NFS from the network
pool the host was associated with.
You can expand the included IP address range of a network pool at any time, however you cannot modify the other network information.
Ensure that you have dened each subnet in the network pool to account for current and future growth in your environment.
VLANs and IP subnets
Network trac types within Cloud Foundation are isolated from each other by using VLANs. Before deploying your SDDC, you must
allocate VLAN IDs and IP subnets for each required trac type. Congure the VLAN IDs and IP subnets in your network to pass trac
through your network devices. Before you start the Cloud Foundation deployment, verify that the allocated network information is
congured and does not conict with pre-existing services before starting your Cloud Foundation deployment.
The number and size of the subnets that are required for a deployment depends on:
• The number of workload domains that are created
• The number of clusters dened
• The optional components that are installed
The following table lists the basic allocation of VLANs and IP subnets for a sample deployment. Use this sample to dene the VLANs and IP
subnets in your environment.
34
Cloud Foundation and SDDC design considerations
To Next Page
Loading...