0% found this document useful (0 votes)

101 views144 pages

SS DesignWorkshop

The design decisions specify using one availability zone and region, placing management and compute clusters in the same rack, allocating racks for external storage with dual power feeds, and mounting minimum 4 ESXi hosts together for management clusters.

Uploaded by

oliver.berliner

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

101 views144 pages

SS DesignWorkshop

Uploaded by

oliver.berliner

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 144

VMware Solution

Design Workshop

©2019 VMware, Inc.

Agenda VMware Solution
Introductions and Workshop Objectives
Overview
Conceptual Design
Logical Design

Scope
Technology
People & Process

Introduction to Architecture Models

vSphere Design Session

2
Agenda Operations for Hybrid Cloud
<Process Type Name>
<Process Type Name>
<Process Type Name>

3
Introductions and Workshop Objectives
Introductions
• Your Role
• Engagement responsibilities
• Expectations of the workshop

Solution Set Goals and Objectives

• Solution Set Goals
• Solution Set Objectives

4
Solution Scope
The table below lists the scope of the engagement in the context of the VMware journey model. These are
the IT Capabilities that have been determined as the focus for this engagement

IT Capabilities in Scope
Automatically recover from hardware failures
Abstract and pool compute and storage resources

5
Solution Scope
The table below lists the scope of the engagement in the context of the VMware journey model. These are
the IT Problems that have been determined as the focus for this engagement

IT Problems in Scope
High CAPEX for dedicated infrastructure
Single point of failure
Long wait time for hardware purchases
Unexpected infrastructure outages
Performance bottlenecks
Not enough data center resources or space

6
VMware Solution
PSO Consultant: Insert
appropriate diagrams based on the
current solution.

7
VMware Solution Conceptual Design
Management Automation Consumption Interface Consumption Interface
End User Access Security

Applications
Client Data
Financial Scaling GUI API CLI SaaS 3rd Platform
Server Availability

Compliance Analytics
Resource Catalogs Active Workloads Active Workloads
Data On Premesis Cloud
Governance Data Services Isolation
Applications Virtual Virtual
Containers Containers
Machines Machines
Infrastructure
Service Level Reclamation
Abstraction, Pooling and Tenancy
Development Threat
Event
lifecycle Compute Network Storage Compute Network Storage Compute Network Storage Containment

Application
Capacity
provisioning
Physical Resources
Infrastructure Compute Storage Network Data
Performance
Provisioning Encryption

8
IT Value Model

9
1
0
Digital Workspace Journey Model

10
VMware Solution
Logical Diagram

PSO Consultant: Insert

appropriate logical diagrams
based on the current solution.

11
Technology Scope
This specific engagement by VMware Professional Services included the following components of the VMware
Solution. This Solution Design content will only refer to these components.

Technology/Product Components Version

vSphere 7.0.x

12
VMware vSphere 7.0.x

14
Logical Architecture
vSphere 7.0

15
vSphere
Logical Architecture Overview

Product Component Name Purpose of Component Key External Component

Dependencies
ESXi Host Foundational hypervisor for the environment, • Physical network
which runs virtual machines in the • Physical storage
environment. • IP addressing
• NTP time source
vCenter Server vCenter Server is a centralized platform for • ESXi host
managing your VMware vSphere environment. • IP addressing
This includes all platform services controller • NTP time source
services which are embedded in the vCenter
installation.
vSphere Lifecycle Manager vSphere Lifecycle Manager enables • vCenter Server
centralized, patch and version management for • Internet access for patches
VMware vSphere

16
VMware vSphere
Logical Architecture Overview

vSphere is designed in a two-cluster design, one cluster

for management, one cluster for payloads.
Management cluster hosts all of the management VMs,
including:
• vCenter Server nodes
• Other core infrastructure services, such as DNS, AD, or
DHCP

Payload cluster hosts all of the other workloads, that

are a part of the environment, such as workloads
provisioned by VMware vRealize or VMware Horizon
products.

17
Design Decisions
vSphere 7.0.x

18
vSphere Design Decisions
The VMware vSphere design here follows the recommendations in the VMware Validated Design for
SDDC version 5.1.2.

Only the VVD design decisions that are used and specific to vSphere are listed here. Note that some may
be modified to fit this design, for example the removal of vSAN from the default design.

For a complete list of design decisions for vSphere refer to the vSphere Design Service, or review the
VMware Validated Design for SDDC.

Note that some of these design decisions will be changed if you are using the vSAN Design Service, as it
will add or modify decisions to incorporate vSAN.

19
Consultant:
Design Decisions Please refer to speaker notes for instruction
Physical Design Summary

Design Decision ID Design Decision Description Applicable to

Architecture Model
In Region A, deploy one availability zone to support all SDDC management PS-Custom
SDDC-PHY-001 components and their SLAs.
SDDC-PHY-002 Use one region. PS-Custom
In each availability zone, place the management cluster and the compute PS-Custom
SDDC-PHY-003 cluster in the same rack.
SDDC-PHY-004 Allocate one or more racks to external storage. PS-Custom
PS-Custom
SDDC-PHY-005 Use two separate power feeds for each rack.
For each availability zone, mount the compute resources (minimum of 4 PS-Custom
SDDC-PHY-006 ESXi hosts) for the management cluster together in a rack
For each availability zone, mount the compute resources for the compute PS-Custom
SDDC-PHY-007 cluster (minimum of 4 ESXi hosts) together in a rack.
SDDC-PHY-008 Use vSAN ReadyNode. PS-Custom

SDDC-PHY-009 Verify that all nodes have uniform configuration across a cluster. PS-Custom

20
Design Decisions
Physical Design Summary (2)

Design Decision ID Design Decision Description Applicable to Architecture

Model
Set up each ESXi host in the management pod to have a minimum PS-Custom
SDDC-PHY-010 256 GB RAM.

21
Design Decisions
Physical Network Design Summary
Design Decision ID Design Decision Description Applicable to
Architecture Model
Implement the following physical network architecture: PS-Custom
- A minimum of one 10-GbE port (one 25 GbE port recommended) on each
ToR switch for ESXi host uplinks
- No EtherChannel (LAG/vPC) configuration for ESXi host uplinks
SDDC-PHY-NET-001 - Layer 3 device with BGP and IGMP support
SDDC-PHY-NET-002 Use a physical network that is configured for BGP routing adjacency. PS-Custom

SDDC-PHY-NET-003 Use two ToR switches for each rack. PS-Custom

SDDC-PHY-NET-004 Use VLANs to segment physical network functions. PS-Custom

Assign static IP addresses to all management components in the SDDC PS-Custom
infrastructure except for NSX VTEPs. NSX VTEPs are assigned by using a
DHCP server. Set the lease duration for the VTEP DHCP scope to at least 7
SDDC-PHY-NET-005 days.
Create DNS records for all management nodes to enable forward, reverse, PS-Custom
SDDC-PHY-NET-006 short and FQDN resolution.

22
Design Decisions
Physical Network Design Summary (2)
Design Decision ID Design Decision Description Applicable to
Architecture Model
SDDC-PHY-NET-007 Use an NTP time source for all management nodes. PS-Custom
Configure the MTU size to 9000 bytes (Jumbo Frames) on the port groups PS-Custom
SDDC-PHY-NET-008 that support vSAN, vMotion, VXLAN, vSphere Replication, and NFS.

23
Design Decision
Physical Storage Design Summary
Design Decision ID Design Decision Description Applicable to Architecture
Model
SDDC-PHY-STO-006 When using a single availability zone, provide NFS storage. PS-Custom

SDDC-PHY-STO-007 Store templates and ISO files on the primary datastore. PS-Custom
Provide storage for virtual machine backups for the availability PS-Custom
SDDC-PHY-STO-008 zone.
SDDC-PHY-STO-009 Use 10K SAS drives for NFS volumes. PS-Custom

SDDC-PHY-STO-010 Use a dedicated NFS volume to support backup requirements. PS-Custom

Use a shared volume for other management component PS-Custom
SDDC-PHY-STO-011 datastores.

24
Design Decision
Virtual Infrastructure – ESXi Host Design Summary
Design Decision Design Decision Description Applicable to Architecture
ID Model
Install and configure all ESXi hosts to boot using a SD device of 16 PS-Custom
SDDC-VI-ESXi-001 GB or greater.
Add each host to the Active Directory domain for the region in PS-Custom
SDDC-VI-ESXi-002 which it will reside.
Change the default ESX Admins group to the SDDC-Admins PS-Custom
Active Directory group. Add ESXi administrators to the SDDC-
SDDC-VI-ESXi-003 Admins group following standard access procedures.
Configure all ESXi hosts to synchronize time with the central NTP PS-Custom
SDDC-VI-ESXi-004 servers.
SDDC-VI-ESXi-005 Enable Lockdown mode on all ESXi hosts. PS-Custom

25
Design Decision
Virtual Infrastructure – vCenter Server Design Summary (1)
Design Decision Design Decision Description Applicable to
ID Architecture Model
Deploy two vCenter Server systems. One vCenter Server supporting the SDDC management PS-Custom
components. One vCenter Server supporting the compute components and tenant workloads.
Note: Platform Services Controller services are embedded in to the vCenter appliance in
SDDC-VI-VC-001 vSphere 7.0. The external deployment model is no longer supported.
PS-Custom
SDDC-VI-VC-002 Deploy all vCenter Server instances as Linux-based vCenter Server Appliances.
PS-Custom
SDDC-VI-VC-003 Join all vCenter Server instances to a single vCenter Single Sign-On domain.
PS-Custom
SDDC-VI-VC-004 Create a ring topology for the Platform Service Controllers.
PS-Custom
SDDC-VI-VC-005 Protect all vCenter Server appliances by using vSphere HA.
PS-Custom
SDDC-VI-VC-006 Deploy Management vCenter Server Appliances of a small deployment size or larger.
PS-Custom
SDDC-VI-VC-007 Deploy Compute vCenter Server Appliances of a large deployment size or larger.
PS-Custom
SDDC-VI-VC-008 Use vSphere HA to protect all clusters virtual machines against failures.

26
Design Decision
Virtual Infrastructure – vCenter Server Design Summary (2)
Design Decision ID Design Decision Description Architecture Model
PS-Custom
SDDC-VI-VC-009 Set vSphere HA Host Isolation Response to Power Off.
Create a single management cluster per region. This cluster contains all management ESXi PS-Custom
SDDC-VI-VC-010 hosts.
PS-Custom
SDDC-VI-VC-011 Create a compute cluster per region. This cluster contains tenant workloads.
In Region A, create a management cluster with a minimum of 4 ESXi hosts for a single PS-Custom
SDDC-VI-VC-012 availability zone (there is a minimum of 4 ESXi hosts in each availability zone).
When using a single availability zone, configure Admission Control for 1 ESXi host failure PS-Custom
SDDC-VI-VC-013 and percentage-based failover capacity.
PS-Custom
SDDC-VI-VC-014 When using a single availability zone, create a host profile for the Management Cluster.
For a single availability zone, configure vSphere HA to use percentage-based failover PS-Custom
SDDC-VI-VC-015 capacity to ensure n+1 availability.
PS-Custom
SDDC-VI-VC-016 Enable Virtual Machine Monitoring for each cluster.
Create Virtual Machine Groups for use in startup rules in the management and compute PS-Custom
SDDC-VI-VC-017 clusters.
Create Virtual Machine rules to specify the startup order of the SDDC management PS-Custom
SDDC-VI-VC-018 components.

27
Design Decision
Virtual Infrastructure – vCenter Server Design Summary (3)
Design Decision Design Decision Description Applicable to Architecture Model
ID
Enable vSphere DRS on all clusters and set it to Fully Automated, with the default PS-Custom
SDDC-VI-VC-019 setting (medium).
PS-Custom
SDDC-VI-VC-020 Enable Enhanced vMotion Compatibility (EVC) on all clusters.
Set the cluster EVC mode to the highest available baseline that is supported for the PS-Custom
SDDC-VI-VC-021 lowest CPU architecture on the hosts in the cluster.
Replace the vCenter Server machine certificate and Platform Services Controller PS-Custom
machine certificate with a certificate signed by a 3rd party Public Key
SDDC-VI-VC-022 Infrastructure.
PS-Custom
SDDC-VI-VC-023 Use a SHA-2 or higher algorithm when signing certificates.

28
Design Decision
Virtual Infrastructure – Network Design Summary

Design Decision ID Design Decision Description Applicable to Architecture

Model
PS-Custom
SDDC-VI-NET-001 Use vSphere Distributed Switches (VDSs).
PS-Custom
SDDC-VI-NET-002 Use a single VDS per cluster.
PS-Custom
SDDC-VI-NET-003 Use ephemeral port binding for the management port group.
PS-Custom
SDDC-VI-NET-004 Use static port binding for all non-management port groups.
Enable vSphere Distributed Switch Health Check on all virtual distributed PS-Custom
SDDC-VI-NET-005 switches.
Use the Route based on physical NIC load teaming algorithm for all port PS-Custom
groups except for ECMP uplinks and ones that carry VXLAN traffic. ECMP
uplink port groups use Route based on originating virtual port. VTEP kernel
SDDC-VI-NET-006 ports and VXLAN traffic use Route based on SRC-ID.
PS-Custom
SDDC-VI-NET-007 Enable network I/O control on all distributed switches.
PS-Custom
SDDC-VI-NET-008 Set the share value for vSphere vMotion traffic to Low.
PS-Custom
SDDC-VI-NET-009 Set the share value for vSphere Replication traffic to Low.

29
Design Decision
Virtual Infrastructure – Network Design Summary (2)

Design Decision ID Design Decision Description Applicable to Architecture Model

PS-Custom
SDDC-VI-NET-010 Set the share value for vSAN to High.
PS-Custom
SDDC-VI-NET-011 Set the share value for Management to Normal.
PS-Custom
SDDC-VI-NET-012 Set the share value for NFS Traffic to Low.
PS-Custom
SDDC-VI-NET-013 Set the share value for backup traffic to Low.
PS-Custom
SDDC-VI-NET-014 Set the share value for virtual machines to High.
PS-Custom
SDDC-VI-NET-015 Set the share value for Fault Tolerance to Low.
PS-Custom
SDDC-VI-NET-016 Set the share value for iSCSI traffic to Low.
SDDC-VI-NET-017 Use the vMotion TCP/IP stack for vMotion traffic. PS-Custom

30
Design Decision
Virtual Infrastructure – Storage Design Summary

Design Decision ID Design Decision Description Applicable to

Architecture Model
When using a single availability zone in the management cluster, use vSAN PS-Custom
as the primary shared storage platform and use NFS as the shared storage
SDDC-VI-Storage-001 platform for the management cluster.
In all clusters, ensure that at least 20% of free space is always available on PS-Custom
SDDC-VI-Storage-002 all datastores.
Select an array that supports vStorage APIs for Array Integration (VAAI) PS-Custom
SDDC-VI-Storage-003 over NAS (NFS).
Enable Storage I/O Control with the default values on all non-vSAN PS-Custom
SDDC-VI-Storage-004 datastores.

31
Design Decision
Virtual Infrastructure – NFS Storage Design Summary

Design Decision ID Design Decision Description Applicable to

Architecture Model
PS-Custom
SDDC-VI-Storage-NFS-001 Use NFS v3 for all NFS datastores.
Create volumes for the clusters as appropriate for the workloads PS-Custom
SDDC-VI-Storage-NFS-002 running.
Place the VADP based backup export on its own separate volume as PS-Custom
SDDC-VI-Storage-NFS-003 per SDDC-PHY-STO-010.
For each export, limit access to only the application VMs or hosts PS-Custom
SDDC-VI-Storage-NFS-004 requiring the ability to mount the storage.

32
Design Decision
Virtual Infrastructure – vSphere Lifecycle Manager Design Summary
Design Decision ID Design Decision Description Applicable to
Architecture Model
Use the vSphere Lifecycle Manager service on each vCenter Server PS-Custom
Appliance to provide a total of two vSphere Lifecycle Manager instances
SDDC-OPS-VLM-001 that you configure and use for patch management.
Use the network settings of the vCenter Server Appliance for vSphere PS-Custom
SDDC-OPS-VLM-002 Lifecycle Manager.
PS-Custom
SDDC-OPS-VLM-003 Use the default patch repositories by VMware.
PS-Custom
SDDC-OPS-VLM-004 Set the VM power state to Do Not Power Off.
Enable parallel remediation of hosts assuming that there are enough PS-Custom
SDDC-OPS-VLM-005 resources available to support update of multiple hosts at the same time.
PS-Custom
SDDC-OPS-VLM-006 Enable migration of powered off virtual machines and templates.
Use the default critical and non-critical patch baselines for the management PS-Custom
SDDC-OPS-VLM-007 cluster and for the compute cluster.

33
Design Decision
Virtual Infrastructure – vSphere Lifecycle Manager Design Summary (2)
Design Decision ID Design Decision Description Applicable to Architecture
Model
PS-Custom
SDDC-OPS-VLM-008 Use the default schedule of a once-per-day check and patch download.
Remediate hosts, virtual machines, and virtual appliances once a month or PS-Custom
SDDC-OPS-VLM-009 per business guidelines.

34
Design Decision
Virtual Infrastructure – Data Protection and Backup Design Summary
Design Decision ID Design Decision Description Architecture Model
Use a backup solution that is compatible with vSphere Storage APIs - Data PS-Custom
Protection (VADP) and can perform image level backups of the management
SDDC-OPS-BKP-001 components.
Use a VADP-compatible backup solution that can perform application-level PS-Custom
SDDC-OPS-BKP-002 backups of the management components.
Allocate a dedicated datastore for the VADP-compatible backup solution and the PS-Custom
SDDC-OPS-BKP-003 backup data according to NFS Physical Storage Design.
PS-Custom
SDDC-OPS-BKP-004 Provide storage with a capacity of at least 12 TB on-disk.
PS-Custom
SDDC-OPS-BKP-005 Use HotAdd to back up virtual machines.
PS-Custom
SDDC-OPS-BKP-006 Use the VADP solution agent for backups of the Microsoft SQL Server.
PS-Custom
SDDC-OPS-BKP-007 Schedule daily backups.
PS-Custom
SDDC-OPS-BKP-008 Schedule backups outside the production peak times.
PS-Custom
SDDC-OPS-BKP-009 Retain backups for at least 3 days.

35
Design Decision
Virtual Infrastructure – Data Protection and Backup Design Summary (2)
Design Decision ID Design Decision Description Applicable to Architecture
Model
Configure a service account in vCenter Server for application-to- PS-Custom
application communication from VADP-compatible backup solution with
SDDC-OPS-BKP-010 vSphere.
Use global permissions when you create the service account in vCenter PS-Custom
SDDC-OPS-BKP-011 Server.

36
Design Decision Detail
vSphere 7.0.x

37
Design Decision Detail
Physical Design

38
Design Decision # SDDC-PHY-001

In Region A, deploy one availability zone to support all SDDC management components and their SLAs.

Decision Option Benefit Consequence

Single Availability Zone A single availability zone can support all SDDC management Results in limited redundancy of the overall
and compute components in each region. You can later add solution. The single availability zone can
another availability zone to extend and scale the management become a single point of failure and
and compute capabilities of the SDDC. prevent high-availability design solutions.
Multiple Availability zones Adding a second availability zone adds more protection, limiting Additional cost for hardware, additional
single point of failures. time for implementation, and additional
complexity compared to a single
availability zone design.

Note: The Recommended option is in shown in italic and bold. 39

Design Decision # SDDC-PHY-002

Use one region.

Decision Option Benefit Consequence

Multiple Regions Failover capability between regions supporting the technical Having multiple regions will require an increased
requirement of multi-region failover capability as outlined in solution footprint and associated costs.
the design objectives.
Single Region Reduced footprint for the environment, while still using a No site failure protection against failures.
validated design approach.

Note: The Recommended option is in shown in italic and bold. 40

Design Decision # SDDC-PHY-003

In each availability zone, place the management cluster and the compute cluster in the same rack.

Decision Option Benefit Consequence

Same Rack The number of required compute resources for the management cluster The design must include sufficient power
(4 ESXi servers) and compute cluster (4 ESXi servers) are low and do and cooling to operate the server
not justify a dedicated rack for each cluster. equipment. This depends on the selected
vendor and products.

If the equipment in this entire rack fails, a

second region is needed to mitigate
downtime associated with such an event.
Different Racks Increases protection from single points of failure. A second region may Increased cost due to data center costs
not be required to survive a failure. for multiple racks, power, and the like.

Note: The Recommended option is in shown in italic and bold. 41

Design Decision # SDDC-PHY-004

Allocate one or more racks to external storage.

Decision Option Benefit Consequence

Use Appropriate Storage To simplify the scale out of the SDDC infrastructure, the storage The design must include sufficient power
Design to rack(s) relationship has been standardized. and cooling to operate the storage
equipment. This depends on the selected
It is possible that the storage system arrives from the vendor and products.
manufacturer in dedicated rack or set of racks and a storage
system of this type is accommodated for in the design.

Note: The Recommended option is in shown in italic and bold. 42

Design Decision # SDDC-PHY-005

Use two separate power feeds for each rack.

Decision Option Benefit Consequence

Redundant Power Feeds Redundant power feeds increase availability by All equipment used must support two separate
ensuring that failure of a power feed does not bring power feeds. The equipment must keep running if
down all equipment in a rack. one power feed fails.

Combined with redundant network connections into a If the equipment of an entire rack fails, the cause,
rack and within a rack, redundant power feeds prevent such as flooding or an earthquake, also affects
failure of equipment in an entire rack. neighboring racks. A second region is needed to
mitigate downtime associated with such an event.
Single Power Feeds Reduced cost for implementation of racks. Increased chance of failure if the power feed fails.
A second Region would be needed to mitigate
downtime in this case, increasing cost.

Note: The Recommended option is in shown in italic and bold. 43

Design Decision # SDDC-PHY-006

For each availability zone, mount the compute resources (minimum of 4 ESXi hosts) for the management cluster together in a rack.

Decision Option Benefit Consequence

Same Rack Mounting the compute resources for the management Can be a single point of failure for management
pod together can ease physical datacenter design, components.
deployment and troubleshooting.
Multiple Racks Prevents single points of failure where the entire rack Increases costs for data center space, power
fails. requirements, and networking between the racks.

Note: The Recommended option is in shown in italic and bold. 44

Design Decision # SDDC-PHY-007

For each availability zone, mount the compute resources for the compute cluster (minimum of 4 ESXi hosts) together in a rack.

Decision Option Benefit Consequence

Same Rack Mounting the compute resources for the compute pod together Can be a single point of failure for
can ease physical datacenter design, deployment and workload components.
troubleshooting.
Multiple Racks Prevents single points of failure where the entire rack fails. Increases costs for data center space,
power requirements, and networking
between the racks.

Note: The Recommended option is in shown in italic and bold. 45

Design Decision # SDDC-PHY-008

Use vSAN ReadyNodes.

Decision Option Benefit Consequence

Use vSAN Ready Nodes Using a vSAN Ready Node ensures seamless compatibility Might limit hardware choices, but future proofs the
with vSAN if the need arises in the future. design in the case that vSAN may be used at a later
date.
Use Custom hardware Use the full range of VMware Compatibility List Hardware More complex to design vSAN Hardware. Not
supported with vSAN unless using vSAN
compatibility list hardware.

Note: The Recommended option is in shown in italic and bold. 46

Design Decision # SDDC-PHY-009

Verify that all nodes have uniform configuration across a cluster.

Decision Option Benefit Consequence

Uniform Cluster A balanced cluster delivers more predictable performance even Vendor sourcing, budgeting and procurement
Configuration during hardware failures. In addition, performance impact considerations for uniform server nodes will be
during resync/rebuild is minimal when the cluster is balanced. applied on a per cluster basis.
Non-Uniform Cluster Different hardware types may be required based on customer Less predictable performance or availability
configuration requirements, and cost. during failures.

Note: The Recommended option is in shown in italic and bold. 47

Design Decision # SDDC-PHY-010

Set up each ESXi host in the management cluster with a minimum of 256 GB RAM.

Decision Option Benefit Consequence

Management cluster RAM The management and compute VMs in this cluster None.
require a total of 453 GB RAM.

The remaining RAM is available for new capabilities

of the SDDC such as deployment of VMware NSX-T or
VMware PKS.

Note: The Recommended option is in shown in italic and bold. 48

Design Decision Detail
Physical Network Design

49
Design Decision # SDDC-PHY-NET-001

Implement the following physical network architecture:

- A minimum of one 10-GbE port (one 25 GbE port recommended) on each ToR switch for ESXi host uplinks
- No EtherChannel (LAG/vPC) configuration for ESXi host uplinks
- Layer 3 device with BGP and IGMP support

Decision Option Benefit Consequence

Physical Network Architecture Guarantees availability during a switch failure. Hardware choices might be limited.

Provides compatibility with vSphere host profiles because Requires dynamic routing protocol
they do not store link-aggregation settings. configuration in the physical networking
Supports BGP as the dynamic routing protocol in the stack.
SDDC.

Provides compatibility with NSX hybrid mode replication

because it requires IGMP.

Note: The Recommended option is in shown in italic and bold. 50

Design Decision # SDDC-PHY-NET-002

Use a physical network that is configured for BGP routing adjacency.

Decision Option Benefit Consequence

BGP routing This design uses BGP as its routing protocol. Supports Requires BGP configuration in the physical
flexibility in network design for routing multi-site and multi- networking stack.
tenancy workloads.

Note: The Recommended option is in shown in italic and bold. 51

Design Decision # SDDC-PHY-NET-003

Use two ToR switches for each rack.

Decision Option Benefit Consequence

10 GB Networking This design uses two 10 GbE links to provide redundancy Requires two ToR switches per rack which can
and reduce overall design complexity. increase costs.
1 GB Networking Reduced cost, as 1GB networking is cheaper and more Slower speeds, could impact latency sensitive
common in older data centers. traffic, because 10GbE is recommended.

Note: The Recommended option is in shown in italic and bold. 52

Design Decision # SDDC-PHY-NET-004

Use VLANs to segment physical network functions.

Decision Option Benefit Consequence

VLAN Segmentation Supports physical network connectivity without requiring Requires uniform configuration and
many NICs. presentation on all the trunks made
available to the ESXi hosts.
Isolates the different network functions of the SDDC so that
you can have differentiated services and prioritized traffic as
needed.

Note: The Recommended option is in shown in italic and bold. 53

Design Decision # SDDC-PHY-NET-005

Assign static IP addresses to all management components in the SDDC infrastructure except for NSX VTEPs.
NSX VTEPs are assigned by using a DHCP server. Set the lease duration for the VTEP DHCP scope to at least 7 days..

Decision Option Benefit Consequence

Static Addressing Ensures that interfaces such as management and storage Requires precise IP address management.
always have the same IP address. In this way, you provide
support for continuous management of ESXi hosts using
vCenter Server and for provisioning IP storage by storage
administrators.
Dynamic Addressing Simplifies configuration as addressing comes from a central Additional overhead for configuration and the
server. risk of servers not getting addresses if DHCP
is down.

Note: The Recommended option is in shown in italic and bold. 54

Design Decision # SDDC-PHY-NET-006

Create DNS records for all management nodes to enable forward, reverse, short and FQDN resolution.

Decision Option Benefit Consequence

DNS Resolution Ensures consistent resolution of management nodes using None.
both IP address (reverse lookup) and name resolution.

Note: The Recommended option is in shown in italic and bold. 55

Design Decision # SDDC-PHY-NET-007

Use an NTP time source for all management nodes.

Decision Option Benefit Consequence

NTP Time Critical to maintain accurate and synchronized time If time is not properly synchronized authentication
between management nodes. can fail, and logs may not properly capture when
tasks and events occur.

Note: The Recommended option is in shown in italic and bold. 56

Design Decision # SDDC-PHY-NET-008

Configure the MTU size to 9000 bytes (Jumbo Frames) on the port groups that support vSAN, vMotion, VXLAN, vSphere
Replication, and NFS.

Decision Option Benefit Consequence

Jumbo Frames Setting the MTU to 9000 bytes (Jumbo Frames) improves traffic When adjusting the MTU packet size, the
throughput. entire network path (VMkernel port,
distributed switch, physical switches and
routers) must also be configured to support
the same MTU packet size.
No Jumbo Frames No configuration changes are required to existing environment. NSX requires an MTU change so a
configuration change is still required if it
is implemented in the future.

Note: The Recommended option is in shown in italic and bold. 57

Design Decision Detail
Physical Storage Design

58
Design Decision # SDDC-PHY-STO-006

When using a single availability zone, NFS storage is presented to provide:

- A datastore for shared storage and backup data
- An export for archive data
- A datastore for templates and ISOs

Decision Option Benefit Consequence

NFS Storage Option Separate primary virtual machine storage from backup An NFS capable external array is required.
data in case of primary storage failure.

Note: The Recommended option is in shown in italic and bold. 59

Design Decision # SDDC-PHY-STO-007

Store templates and ISO files on the primary datastore.

Decision Option Benefit Consequence

Shared NFS Datastore Non-backup related management applications can share a Enough storage space for shared volumes and their
common volume due to the lower I/O profile of these associated application data must be available.
applications.

Note: The Recommended option is in shown in italic and bold. 60

Design Decision # SDDC-PHY-STO-008

Provide storage for virtual machine backups for the availability zone.

Decision Option Benefit Consequence

Shared storage option To support backup and restore operations, backup targets The cost of the backup solution increases.
must be available on the primary array and that
appropriate safeguards have been taken to protect data.

Note: The Recommended option is in shown in italic and bold. 61

Design Decision # SDDC-PHY-STO-009

Use 10K SAS drives for NFS volumes.

Decision Option Benefit Consequence

NFS Drive Selection 10K SAS drives achieve a balance between performance and capacity. Faster 10K SAS drives are generally more
drives can be used if desired. expensive than other alternatives.

vSphere Data Protection requires high-performance datastores in order to

meet backup SLA's.

vRealize Automation uses NFS datastores for its content catalog which
requires high performance datastores.

vRealize Log Insight uses NFS datastores for its archive storage which,
depending on compliance regulations, can use a large amount of disk space.

Note: The Recommended option is in shown in italic and bold. 62

Design Decision # SDDC-PHY-STO-010

Use a dedicated NFS volume to support backup requirements.

Decision Option Benefit Consequence

Dedicated NFS Volume The back and restore process is I/O intensive. Using a Dedicated volumes add management overhead to
dedicated NFS volume ensures that the process does not storage administrators. Dedicated volumes might use
impact the performance of other management more disks, depending on the array and type of RAID.
components.
Shared NFS Volume Less overhead for storage administrators. Performance to the volume may be impacted during
backups.

Note: The Recommended option is in shown in italic and bold. 63

Design Decision # SDDC-PHY-STO-011

Use a shared volume for other management component datastores.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 64

Design Decision Detail
Virtual Infrastructure – ESXi Host Design

65
Design Decision # SDDC-VI-ESXi-001

Install and configure all ESXi hosts to boot using a SD device of 16 GB or greater.

Decision Option Benefit Consequence

SD card installation SD cards are an inexpensive and easy to configure option for installing When you use SD cards ESXi logs are not
ESXi. retained locally

Using SD cards allows allocation of all local HDDs to a VMware Virtual

SAN storage system.
HDD Installation Log data can be stored on each ESXi host. Additionally, hard drives have More expensive to add an additional Hard
less of a chance for a failure compared to SD cards for endurance of the Drive to the host.
drive.

Note: The Recommended option is in shown in italic and bold. 66

Design Decision # SDDC-VI-ESXi-002

Add each host to the Active Directory domain for the region in which it will reside.

Decision Option Benefit Consequence

AD Authentication Using Active Directory membership allows greater flexibility in Adding hosts to the domain can add some
granting access to ESXi hosts. administrative overhead.

Ensuring that users log in with a unique user account allows greater
visibility for auditing.
Local Authentication No additional configuration needed in Active Directory. Hard to maintain across many hosts, as all
users need to be configured and
maintained per host.

Note: The Recommended option is in shown in italic and bold. 67

Design Decision # SDDC-VI-ESXi-003

Change the default ESXi Admins group to the SDDC-Admins Active Directory group. Add ESXi administrators to the SDDC-
Admins group following standard access procedures.

Decision Option Benefit Consequence

ESXi Admins Group Having an SDDC-Admins group is more secure because it Additional changes to the host's advanced
removes a known administrative access point. In addition settings are required.
different groups allow for separation of management tasks.
No ESXi admins Group No additional configuration of the ESXi hosts required. ESXi hosts, not as secure.

Note: The Recommended option is in shown in italic and bold. 68

Design Decision # SDDC-VI-ESXi-004

Configure all ESXi hosts to synchronize time with the central NTP servers.

Decision Option Benefit Consequence

Use NTP Required because deployment of vCenter Server Appliance All firewalls located between the ESXi host and the
on an ESXi host might fail if the host is not using NTP. NTP servers have to allow NTP traffic on the
required network ports.

Note: The Recommended option is in shown in italic and bold. 69

Design Decision # SDDC-VI-ESXi-005

Enable Lockdown mode on all ESXi hosts.

Decision Option Benefit Consequence

Use Lockdown mode Increase the security of ESXi hosts by requiring that Lockdown mode settings are not part of vSphere host
administrative operations be performed only from vCenter profiles and must be manually enabled on all hosts.
Server.

Note: The Recommended option is in shown in italic and bold. 70

Design Decision Detail
Virtual Infrastructure – vCenter Server Design

71
Design Decision # SDDC-VI-VC-001

Deploy two vCenter Server systems. One vCenter Server supporting the SDDC management components. One vCenter Server
supporting the compute components and tenant workloads. Note: Platform Services Controller services are embedded in to the
vCenter appliance in vSphere 7.0. The external deployment model is no longer supported.

Decision Option Benefit Consequence

Management/Payload • Isolates vCenter Server failures to management or compute workloads. Adds additional overhead for
Separation of vCenter • Isolates vCenter Server operations between management and compute. management, and Requires licenses for
Servers • Supports a scalable cluster design where the management components each vCenter Server instance.
may be re-used as additional compute needs to be added to the SDDC.
• Simplifies capacity planning for compute workloads by eliminating
management workloads from consideration in the Compute vCenter
Server.
• Simplifies Disaster Recovery operations by supporting a clear
demarcation between recovery of the management components and
compute workloads.
Single vCenter Server for • Simplifies management of the environment Harder to isolate failures and plan for
both management and • Single License required Disaster Recovery operations. Harder
payloads • Good for small or test environments. to plan for capacity.

Note: The Recommended option is in shown in italic and bold. 72

Design Decision # SDDC-VI-VC-002

Deploy all vCenter Server instances as Linux-based vCenter Server Appliances.

Decision Option Benefit Consequence

vCenter Linux Appliances Allows for rapid deployment, enables scalability, and Operational staff might need Linux experience to
reduces Microsoft licensing costs. troubleshoot the Linux-based appliances.

Note: The Recommended option is in shown in italic and bold. 73

Design Decision # SDDC-VI-VC-003

Join all vCenter Server instances to a single vCenter Single Sign-On domain.

Decision Option Benefit Consequence

Single SSO Domain When all vCenter Server instances are joined in to a single Only one Single Sign-On domain will exist in this
vCenter Single Sign-On domain, they can share environment.
authentication and license data across all components and
regions.

Note: The Recommended option is in shown in italic and bold. 74

Design Decision # SDDC-VI-VC-004

Create a ring topology for the vCenter Server instances.

Decision Option Benefit Consequence

Ring Topology for vCenter By default, one vCenter Server instances replicate only with Command-line interface commands must
Server Instances another Platform Services Controller instance. This setup creates be used to configure the ring replication
a single point of failure for replication. A ring topology ensures topology.
that each vCenter Server instance has two replication partners and
removes any single point of failure.
Default vCenter Server No additional configuration needed via command line. There could be a single point of failure of
Configuration one of the vCenter Servers fail.

Note: The Recommended option is in shown in italic and bold. 75

Design Decision # SDDC-VI-VC-005

Protect all vCenter Server appliances by using vSphere HA.

Decision Option Benefit Consequence

vSphere HA protection Supports availability objectives for vCenter Server vCenter Server will be unavailable during a vSphere
appliances without a required manual intervention HA failover.
during a failure event.

Note: The Recommended option is in shown in italic and bold. 76

Design Decision # SDDC-VI-VC-006

Deploy Management vCenter Server Appliances of a small deployment size or larger.

Decision Option Benefit Consequence

Small Deployment Suitable for environments with up to 100 hosts or 1,000 If the size of the management environment changes, the
virtual machines. Based on the number of management vCenter Server Appliance size might need to be increased.
VMs that are running, a vCenter Server
Appliance installed with the small size setting is sufficient.
Tiny Deployment Suitable for environments with up to 10 hosts or 100 virtual If the size of the management environment changes, the
machines. vCenter Server Appliance size might need to be increased.
Medium Deployment Suitable for environments with up to 400 hosts or 4,000 If the size of the management environment changes, the
virtual machines. vCenter Server Appliance size might need to be increased.
Large Deployment Suitable for environments with up to 1,000 hosts or 10,000 If the size of the management environment changes, the
virtual machines. vCenter Server Appliance size might need to be increased.
X-Large Deployment Suitable for environments with up to 2,000 hosts or 35,000 If the size of the management environment changes, the
virtual machines. vCenter Server Appliance size might need to be increased.

Note: The Recommended option is in shown in italic and bold. 77

Design Decision # SDDC-VI-VC-007

Deploy Compute vCenter Server Appliances of a large deployment size or larger.

Decision Option Benefit Consequence

Large Deployment Suitable for environments with up to 1,000 hosts or 10,000 As the compute environment grows resizing to X-Large
virtual machines. Based on the number of compute or adding additional vCenter Server instances may be
workloads and NSX edge devices running, a vCenter Server required.
Appliance installed with the large size setting is
recommended.
Tiny Deployment Suitable for environments with up to 10 hosts or 100 virtual If the size of the compute environment changes, the
machines. vCenter Server Appliance size might need to be increased.
Small Deployment Suitable for environments with up to 100 hosts or 1,000 If the size of the compute environment changes, the
virtual machines. vCenter Server Appliance size might need to be increased.
Medium Deployment Suitable for environments with up to 400 hosts or 4,000 If the size of the compute environment changes, the
virtual machines. vCenter Server Appliance size might need to be increased.
X-Large Deployment Suitable for environments with up to 2,000 hosts or 35,000 If the size of the compute environment changes, the
virtual machines. vCenter Server Appliance size might need to be increased.

Note: The Recommended option is in shown in italic and bold. 78

Design Decision # SDDC-VI-VC-008

Use vSphere HA to protect all clusters virtual machines against failures.

Decision Option Benefit Consequence

Use vSphere HA vSphere HA supports a robust level of protection for both Sufficient resources on the remaining host are
host and virtual machine availability. required to so that virtual machines can be
migrated to those hosts in the event of a host
outage.

Note: The Recommended option is in shown in italic and bold. 79

Design Decision # SDDC-VI-VC-009

Set vSphere HA Host Isolation Response to Power Off.

Decision Option Benefit Consequence

Host Isolation Response vSAN requires that the HA Isolation Response be set to Power VMs are powered off in case of a false positive
Off and to restart VMs on available hosts. and a host is declared isolated incorrectly.

Note: The Recommended option is in shown in italic and bold. 80

Design Decision # SDDC-VI-VC-010

Create a single management cluster per region. This cluster contains all management ESXi hosts.

Decision Option Benefit Consequence

Management Cluster Simplifies configuration by isolating management workloads from Management of multiple clusters and
compute workloads. vCenter Server instances increases
operational overhead.
Ensures that compute workloads have no impact on the
management stack.

You can add ESXi hosts to the cluster as needed.

Note: The Recommended option is in shown in italic and bold. 81

Design Decision # SDDC-VI-VC-011

Create a compute cluster per region. This cluster contains tenant workloads.

Decision Option Benefit Consequence

Compute Cluster Simplifies configuration and minimizes the number of hosts Management of multiple clusters and vCenter
required for the initial deployment. Server instances increases operational overhead.

Ensures the management stack has no impact on compute

workloads.

You can add ESXi hosts to the cluster as needed.

Note: The Recommended option is in shown in italic and bold. 82

Design Decision # SDDC-VI-VC-012

In Region A, create a management cluster with a minimum of 4 ESXi hosts for a single availability zone (there is a minimum of 4
ESXi hosts in each availability zone).

Decision Option Benefit Consequence

Management Cluster Sizing Allocating four ESXi hosts provides full redundancy for Additional host resources are required for
each availability zone within the cluster. redundancy.

Having four ESXi hosts in each availability zone guarantees

redundancy during availability zone outages or maintenance
operations.

Note: The Recommended option is in shown in italic and bold. 83

Design Decision # SDDC-VI-VC-013

When using a single availability zone, configure Admission Control for 1 ESXi host failure and percentage based failover capacity.

Decision Option Benefit Consequence

HA Admission Controls Using the percentage-based reservation works well in situations In a four host management cluster only the
where virtual machines have varying and sometime significant resources of three hosts are available for
CPU or memory reservations. use.

vSphere 6.7 automatically calculates the reserved percentage

based on host failures to tolerate and the number of hosts in the
cluster.

Note: The Recommended option is in shown in italic and bold. 84

Design Decision # SDDC-VI-VC-014

When using a single availability zone, create a host profile for the Management Cluster.

Decision Option Benefit Consequence

Host Profile Utilization Utilizing host profiles simplifies configuration of hosts Anytime an authorized change to a host is made the
and ensures settings are uniform across the cluster. host profile must be updated to reflect the change or the
status will show non-compliant.
No Host Profiles None. Settings must be manually set on all hosts. There is
no compliance mechanism to tell if setting drift has
occurred.

Note: The Recommended option is in shown in italic and bold. 85

Design Decision # SDDC-VI-VC-015

For a single availability zone, configure vSphere HA to use percentage-based failover capacity to ensure n+1 availability.

Decision Option Benefit Consequence

Percentage Based Allows for more freely available resources when there are None.
Failover VMs of random sizes in the cluster.
Slot sized failover Ensures availability of resources in the event of a failure May have excess resources reserved if there are very large
by taking an average size for CPU and RAM. This doesn’t VMs in the cluster.
work well in the case of varying VM sizes.
Dedicated hosts Using explicit host failover limits the total available The resources of one host in the cluster is reserved which
resources in a cluster. can cause provisioning to fail if resources are exhausted.

Note: The Recommended option is in shown in italic and bold. 86

Design Decision # SDDC-VI-VC-016

Enable Virtual Machine Monitoring for each cluster.

Decision Option Benefit Consequence

VM Monitoring Enabled Virtual Machine Monitoring provides adequate in-guest If a hang occurs VMs may be rebooted when it could
protection for most VM workloads. be caused by temporary contention. Not an
administrator decision.
VM Monitoring Disabled No unexpected reboots of VMs, and a simplified configuration. If a hang occurs, than a VM may become unresponsive
and no action will be taken until an administrator acts
upon the situation.

Note: The Recommended option is in shown in italic and bold. 87

Design Decision # SDDC-VI-VC-017

Create virtual machine groups for use in startup rules in the management and compute clusters.

Decision Option Benefit Consequence

Use Virtual Machine By creating Virtual Machine groups, rules can be created to Creating the groups is a manual task and adds
Groups configure the startup order of the SDDC management components. administrative overhead.

Note: The Recommended option is in shown in italic and bold. 88

Design Decision # SDDC-VI-VC-018

Create Virtual Machine rules to specify the startup order of the SDDC management components.

Decision Option Benefit Consequence

Use VM rules The rules enforce the startup order of virtual machine groups to Creating the rules is a manual task and adds
ensure the correct startup order of the SDDC management administrative overhead.
components.

Note: The Recommended option is in shown in italic and bold. 89

Design Decision # SDDC-VI-VC-019

Enable DRS on all clusters and set it to Fully Automated, with the default setting (medium).

Decision Option Benefit Consequence

Fully Automated DRS The default settings provide the best trade-off between load In the event of a vCenter outage, mapping from
balancing and excessive migration with vMotion events. virtual machines to ESXi hosts might be more
difficult to determine.
Partially Automated DRS Allows full administrator control to approve any Migration May not see the full benefit of DRS.
recommendations, but allows automatic placement on startup.
Manual DRS Fully manual and requires administrative control on all May not see the full benefit of DRS.
decisions.

Note: The Recommended option is in shown in italic and bold. 90

Design Decision # SDDC-VI-VC-020

Enable Enhanced vMotion Compatibility (EVC) on all clusters.

Decision Option Benefit Consequence

Use EVC Allows cluster upgrades without virtual machine You can enable EVC only if clusters contain hosts with CPUs
downtime. from the same vendor.

Note: The Recommended option is in shown in italic and bold. 91

Design Decision # SDDC-VI-VC-021

Set EVC mode to the highest available setting supported for the hosts in the cluster.

Decision Option Benefit Consequence

Use EVC with highest Provide the lowest CPU architecture on the hosts none
baseline in the cluster that allows cluster upgrades without
virtual machine downtime.

Note: The Recommended option is in shown in italic and bold. 92

Design Decision # SDDC-VI-VC-022

Replace the vCenter Server machine certificate and Platform Services Controller machine certificate with a certificate signed by a
3rd party Public Key Infrastructure.

Decision Option Benefit Consequence

Use custom certificates Infrastructure administrators connect to both vCenter Server and Replacing and managing certificates is an
the Platform Services Controller by way of s Web browser to operational overhead.
perform configuration, management and troubleshooting
activities. Certificate warnings result with the default certificate.
Add PSC root certificate Simplified PKI implementation. Since the PSC uses a fully Change required on all clients. Regulatory
to clients functional Certificate Authority, by installing the root CA certificate requirements may require integration to
on clients you can trust the default configuration of the PSC. existing Certificate Authority infrastructure.

Note: The Recommended option is in shown in italic and bold. 93

Design Decision # SDDC-VI-VC-023

Use a SHA-2 or higher algorithm when signing certificates.

Decision Option Benefit Consequence

Certificate Algorithm More secure environment. The SHA-1 algorithm is considered Not all certificate authorities support SHA-2.
less secure and has been deprecated.

Note: The Recommended option is in shown in italic and bold. 94

Design Decision Detail
Virtual Infrastructure – Network Design

95
Design Decision # SDDC-VI-NET-001

Use vSphere Distributed Switches (VDSs).

Decision Option Benefit Consequence

Use Distributed Switches Distributed switches simplify management. Migration from a VSS to a VDS requires a minimum of two
physical NICs to maintain redundancy.
Use Standard Switches No additional licensing required. No Network I/O Control or other features specific to the
distributed switch release.

Note: The Recommended option is in shown in italic and bold. 96

Design Decision # SDDC-VI-NET-002

Use a single VDS per cluster.

Decision Option Benefit Consequence

Single distributed switch per • Reduces complexity of the network design. Increases the number of vSphere Distributed Switches
cluster • Allows the reuse of VLAN ID's across pods. that must be managed.

Note: The Recommended option is in shown in italic and bold. 97

Design Decision # SDDC-VI-NET-003

Use ephemeral port binding for the management port group.

Decision Option Benefit Consequence

Virtual Switch port binding Using ephemeral port binding provides the option for Port-level permissions and controls are lost across power
recovery of the vCenter Server instance that is cycles, and no historical context is saved.
managing the distributed switch.

Note: The Recommended option is in shown in italic and bold. 98

Design Decision # SDDC-VI-NET-004

Use static port binding for all non-management port groups.

Decision Option Benefit Consequence

Virtual Switch port binding Static binding ensures a virtual machine connects to None.
the same port on the vSphere Distributed Switch. This
allows for historical data and port level monitoring.

Note: The Recommended option is in shown in italic and bold. 99

Design Decision # SDDC-VI-NET-005

Enable vSphere Distributed Switch Health Check on all virtual distributed switches.

Decision Option Benefit Consequence

Distributed Switch Health vSphere Distributed Switch Health Check ensures all VLANS You must have a minimum of two physical
Check are trunked to all hosts attached to the vSphere Distributed uplinks to use this feature.
Switch and ensures MTU sizes match the physical network.

Note: The Recommended option is in shown in italic and bold. 100

Design Decision # SDDC-VI-NET-006

Use the Route based on physical NIC load teaming algorithm for all port groups except for ECMP uplinks and ones that carry
VXLAN traffic.
- ECMP uplink port groups use Route based on originating virtual port.
- VTEP kernel ports and VXLAN traffic use Route based on SRC-ID.

Decision Option Benefit Consequence

NIC Teaming Algorithm Reduce complexity of the network design and increase Because NSX does not support route based on physical
resiliency and performance. NIC load, two different algorithms are necessary.

Note: The Recommended option is in shown in italic and bold. 101

Design Decision # SDDC-VI-NET-007

Enable network I/O control on all distributed switches.

Decision Option Benefit Consequence

Enable NIOC Increase resiliency and performance of the network. If configured incorrectly Network I/O Control could
impact network performance for critical traffic types.

Note: The Recommended option is in shown in italic and bold. 102

Design Decision # SDDC-VI-NET-008

Set the share value for vSphere vMotion traffic to Low.

Decision Option Benefit Consequence

Low share value During times of contention vMotion traffic is not as important as During times of network contention vMotion's will
virtual machine or storage traffic. take longer then usual to complete.
Normal share value Average importance for traffic during times of contention. During times of network contention this traffic may
be impacted.
High share value High importance for the traffic during times of contention. This traffic may consume significant amount of
bandwidth when there is contention and impact other
traffic types.
Custom share value Completely custom share definition based on environmental need. May not be a relative to other traffic value set
which could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 103

Design Decision # SDDC-VI-NET-009

Set the share value for vSphere Replication traffic to Low.

Decision Option Benefit Consequence

Low share value During times of contention vSphere Replication traffic is During times of network contention vSphere
not as important as virtual machine or storage traffic. Replication will take longer and could violate the
defined SLA.
Normal share value Average importance for traffic during times of contention. During times of network contention this traffic may be
impacted.
High share value High importance for the traffic during times of contention. This traffic may consume significant amount of
bandwidth when there is contention and impact other
traffic types.
Custom share value Completely custom share definition based on May not be a relative to other traffic value set which
environmental need. could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 104

Design Decision # SDDC-VI-NET-010

Set the share value for vSAN to High.

Decision Option Benefit Consequence

High share value During times of contention vSAN traffic needs guaranteed bandwidth This traffic may consume significant
so virtual machine performance does not suffer. amount of bandwidth when there is
contention and impact other traffic types.
Low share value Low importance for traffic during times of contention. Traffic will be impacted during times of
contention, but vSAN is not used so there is
no impact.
Normal share value Average importance for traffic during times of contention. During times of network contention this
traffic may be impacted.
Custom share value Completely custom share definition based on environmental need. May not be a relative to other traffic value
set which could cause unpredictable share
values.

Note: The Recommended option is in shown in italic and bold. 105

Design Decision # SDDC-VI-NET-011

Set the share value for Management to Normal.

Decision Option Benefit Consequence

Normal share value By keeping the default setting of Normal management traffic is prioritized None.
higher then vMotion and vSphere Replication but lower then vSAN
traffic. Management traffic is important as it ensures the hosts can still be
managed during times of network contention.
Low share value Low importance for traffic during times of contention. Traffic will be impacted during times of
contention.
High share value High importance for the traffic, during times of contention. This traffic may consume significant amount
of bandwidth when there is contention and
impact other traffic types.
Custom share value Completely custom share definition based on environmental need. May not be a relative to other traffic value
set which could cause unpredictable share
values.

Note: The Recommended option is in shown in italic and bold. 106

Design Decision # SDDC-VI-NET-012

Set the share value for NFS Traffic to Low.

Decision Option Benefit Consequence

Low share value Low importance for traffic during times of contention. Traffic will be impacted during times of contention.

High share value High importance for the traffic, during times of contention. This traffic may consume significant amount of
bandwidth when there is contention and impact other
traffic types.
Normal share value Because NFS is used for secondary storage, such as VDP During times of contention VDP backups will be
backups and vRealize Log Insight archives it is not as slower than usual.
important as vSAN traffic, by prioritizing it lower vSAN is not
impacted.
Custom share value Completely custom share definition based on environmental May not be a relative to other traffic value set
need. which could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 107

Design Decision # SDDC-VI-NET-013

Set the share value for backup traffic to Low.

Decision Option Benefit Consequence

Low share value During times of contention it is more important that During times of contention backups will be slower than
primary functions of the SDDC continue to have access usual.
to network resources over backup traffic.
Normal share value Average importance for traffic, during times of During times of network contention this traffic may be
contention. impacted.
High share value High importance for the traffic, during times of This traffic may consume significant amount of bandwidth
contention. when there is contention and impact other traffic types.
Custom share value Completely custom share definition based on May not be a relative to other traffic value set which
environmental need. could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 108

Design Decision # SDDC-VI-NET-014

Set the share value for virtual machines to High.

Decision Option Benefit Consequence

High share value Virtual machines are the most important asset in the SDDC. None.
Leaving the default setting of High ensures that they will
always have access to the network resources they need.
Low share value Low importance for traffic during times of contention. Traffic will be impacted during times of contention.

Normal share value Average importance for traffic, during times of contention. During times of network contention this traffic may be
impacted.
Custom share value Completely custom share definition based on environmental May not be a relative to other traffic value set which
need. could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 109

Design Decision # SDDC-VI-NET-015

Set the share value for Fault Tolerance to Low.

Decision Option Benefit Consequence

Low share value Fault Tolerance is not used in this design therefore it None.
can be set to the lowest priority.
Normal share value Average importance for traffic, during times of During times of network contention this traffic may be
contention. impacted.
High share value High importance for the traffic, during times of This traffic may consume significant amount of
contention. bandwidth when there is contention and impact other
traffic types.
Custom share value Completely custom share definition based on May not be a relative to other traffic value set which
environmental need. could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 110

Design Decision # SDDC-VI-NET-016

Set the share value for iSCSI traffic to Low.

Decision Option Benefit Consequence

Low share value iSCSI is not used in this design therefore it can be set to None.
the lowest priority.
Normal share value Average importance for traffic, during times of contention. During times of network contention this traffic
may be impacted.
High share value High importance for the traffic, during times of contention. This traffic may consume significant amount of
bandwidth when there is contention and impact
other traffic types.
Custom share value Completely custom share definition based on environmental May not be a relative to other traffic value set
need. which could cause unpredictable share values.

Note: The Recommended option is in shown in italic and bold. 111

Design Decision # SDDC-VI-NET-017

Use the vMotion TCP/IP stack for vMotion traffic.

Decision Option Benefit Consequence

Use vMotion TCP/IP Stack By leveraging the vMotion TCP/IP stack, vMotion traffic can utilize The vMotion TCP/IP stack is not available
a default gateway on its own subnet allowing for vMotion traffic to in the vDS VMkernel creation wizard and
go over Layer 3 networks. as such the VMkernal adapter must be
created directly on a host.
Use Default TCP/IP Stack Simplicity of design. vMotion Traffic is not routable unless
configured on the same network as
management network.

Note: The Recommended option is in shown in italic and bold. 112

Design Decision Detail
Virtual Infrastructure – Storage Design

113
Design Decision # SDDC-VI-Storage-001

When using a single availability zone in the management cluster, use NFS as the shared storage platform for the management
cluster.

Decision Option Benefit Consequence

Storage Choice NFS as the primary shared storage solution can take advantage of None.
existing enterprise Storage.

Note: The Recommended option is in shown in italic and bold. 114

Design Decision # SDDC-VI-Storage-002

In all clusters, ensure that at least 20% of free space is always available on all datastores.

Decision Option Benefit Consequence

Free Space If the datastore runs out of free space, applications and services within Monitoring and capacity management are
Requirement the SDDC, including but not limited to the NSX Edge core network critical and must be proactively performed.
services, the provisioning portal and VDP backups, will fail. To prevent
this, maintain adequate free space.

Note: The Recommended option is in shown in italic and bold. 115

Design Decision # SDDC-VI-Storage-003

Select an array that supports vStorage APIs for Array Integration (VAAI) over NAS (NFS).

Decision Option Benefit Consequence

Use VAAI VAAI offloads tasks to the array itself, enabling the ESXi hypervisor Not all VAAI arrays support VAAI over
to use its resources for application workloads and not become a NFS. A plugin from the array vendor is
bottleneck in the storage subsystem. required to enable this functionality.

VAAI is required to support the desired number of virtual machine

lifecycle operations.

Note: The Recommended option is in shown in italic and bold. 116

Design Decision # SDDC-VI-Storage-004

Enable Storage I/O Control with the default values on all non-vSAN datastores (not supported with vSAN as it is built into the
product).

Decision Option Benefit Consequence

Use Storage I/O Control Storage I/O Control ensures that all virtual machines on Virtual machines that use more I/O are throttled to allow
where appropriate. a datastore receive an equal amount of I/O. other virtual machines access to the datastore only when
contention occurs on the datastore.

Note: The Recommended option is in shown in italic and bold. 117

Design Decision Detail
Virtual Infrastructure – NFS Storage Design

118
Design Decision # SDDC-VI-Storage-NFS-001

Use NFS v3 for all NFS datastores.

Decision Option Benefit Consequence

Use NFS v3 datastores NFS v4.1 datastores are not supported with Storage I/O Control NFS v3 does not support Kerberos
and with Site Recovery Manager. authentication.

Note: The Recommended option is in shown in italic and bold. 119

Design Decision # SDDC-VI-Storage-NFS-002

Create volumes for the clusters as appropriate for the workloads running.

Decision Option Benefit Consequence

Single Export The storage requirements of these management components are separate You can add exports if you expand the
from the primary storage. design.
Multiple Exports Segregate traffic to the different volumes. Increases administrative overhead.

Note: The Recommended option is in shown in italic and bold. 120

Design Decision # SDDC-VI-Storage-NFS-003

Place the VADP based backup export on its own separate volume as per SDDC-PHY-STO-010.

Decision Option Benefit Consequence

Separate volume for VADP Backup activities are I/O intensive. vSphere Data Protection or other Dedicated exports can add management
backups applications suffer if vSphere Data Protection is placed on a shared overhead to storage administrators.
volume.

Note: The Recommended option is in shown in italic and bold. 121

Design Decision # SDDC-VI-Storage-NFS-004

For each export, limit access to only the application VMs or hosts requiring the ability to mount the storage.

Decision Option Benefit Consequence

Use access control Limiting access helps ensure the security of the underlying data. Securing exports individually can introduce
operational overhead.

Note: The Recommended option is in shown in italic and bold. 122

Design Decision Detail
Virtual Infrastructure – vSphere Lifecycle Manager
Design

123
Design Decision # SDDC-OPS-VLM-001

Use the vSphere Lifecycle Manager service on each vCenter Server Appliance to provide a total of two vSphere Lifecycle Manager
instances that you configure and use for patch management.

Decision Option Benefit Consequence

Use VLM with the vCenter Enables centralized, automated patch and version The physical design decisions for vCenter Server
Server Appliance management for VMware vSphere and offers support determine the setup for vSphere Lifecycle Manager.
for VMware ESXi hosts, virtual machines, and virtual
appliances managed by each vCenter Server. The mapping between vCenter Server and vSphere
Lifecycle Manager is one-to-one. Each Management
vCenter Server or Compute vCenter Server in each
region has its own vSphere Lifecycle Manager.

Note: The Recommended option is in shown in italic and bold. 124

Design Decision # SDDC-OPS-VLM-002

Use the network settings of the vCenter Server Appliance for vSphere Lifecycle Manager.

Decision Option Benefit Consequence

vSphere Networking Simplifies network configuration because of the one-to-one mapping None.
between vCenter Server and vSphere Lifecycle Manager. You
configure the network settings once for both vCenter Server and
vSphere Lifecycle Manager.

Note: The Recommended option is in shown in italic and bold. 125

Design Decision # SDDC-OPS-VLM-003

Use the default patch repositories by VMware.

Decision Option Benefit Consequence

Use default patch repositories Simplifies the configuration because you do not configure None.
additional sources.

Note: The Recommended option is in shown in italic and bold. 126

Design Decision # SDDC-OPS-VLM-004

Set the VM power state to Do Not Power Off.

Decision Option Benefit Consequence

VM Power State Ensures highest uptime of management components and compute Manual intervention will be required if
workload virtual machines. migration fails.

Note: The Recommended option is in shown in italic and bold. 127

Design Decision # SDDC-OPS-VLM-005

Enable parallel remediation of hosts assuming that there are enough resources available to support update of multiple hosts at the
same time.

Decision Option Benefit Consequence

Parallel Remediation Remediation of host patches can occur more quickly. More resources unavailable at the same time during
remediation.
Single Host Remediation Can be used in smaller environments where there are not a Slower times to remediate the whole environment.
significant amount of additional resources available.

Note: The Recommended option is in shown in italic and bold. 128

Design Decision # SDDC-OPS-VLM-006

Enable migration of powered off virtual machines and templates.

Decision Option Benefit Consequence

Migrate Powered Off VMs Ensures that templates stored on all management hosts Increases the amount of time to start remediation for
are accessible. templates to be migrated.

Note: The Recommended option is in shown in italic and bold. 129

Design Decision # SDDC-OPS-VLM-007

Use the default critical and non-critical patch baselines for the management cluster and for the compute cluster.

Decision Option Benefit Consequence

Use default baselines No customized baselines required. All patches are added to the baselines as soon as they are
released.
Use custom baselines Exact upgrade paths can be chosen based on Additional overhead to create and administer the baseline.
business requirements and testing versus having all
things patched.

Note: The Recommended option is in shown in italic and bold. 130

Design Decision # SDDC-OPS-VLM-008

Use the default schedule of a once-per-day check and patch download.

Decision Option Benefit Consequence

Default Schedule No change required for this engagement. None.

Custom Schedule Allows for checks to be done as appropriate, such as during change None.
control windows or the like.

Note: The Recommended option is in shown in italic and bold. 131

Design Decision # SDDC-OPS-VLM-009

Remediate hosts, virtual machines, and virtual appliances once a month or per business guidelines.

Decision Option Benefit Consequence

Remediation policy Schedule must be aligned to the business policies. None.

Note: The Recommended option is in shown in italic and bold. 132

Design Decision Detail
Virtual Infrastructure – Data Protection and Backup Design

133
Design Decision # SDDC-OPS-BKP-001

Use a backup solution that is compatible with vSphere Storage APIs - Data Protection (VADP) and can perform image level backups
of the management components.

Decision Option Benefit Consequence

VADP backup solution Provides the capability to back up and restore most of None.
the management components at the virtual machine
image level.
Without VADP compatibility None. Have to install backup agent on guest OS and only
guest OS level backup available.

Note: The Recommended option is in shown in italic and bold. 134

Design Decision # SDDC-OPS-BKP-002

Use a VADP-compatible backup solution that can perform application-level backups of the management components.

Decision Option Benefit Consequence

VADP backup solution Provides application awareness when performing You must install application-aware agents on the
backup and restore procedures. virtual machine of the management component.
Without VADP compatibility None. Have to install both OS backup agent and application
backup agent on guest OS for application-level
backups.

Note: The Recommended option is in shown in italic and bold. 135

Design Decision # SDDC-OPS-BKP-003

Allocate a dedicated datastore for the VADP-compatible backup solution and the backup data according to NFS Physical Storage
Design.

Decision Option Benefit Consequence

Dedicated datastore for backup Emergency restore operations are possible even when You must provide additional capacity using a storage
solution the primary VMware vSAN datastore is not available array.
because the VADP-compatible backup solution
storage volume is separate from the primary vSAN
datastore.

The amount of storage required for backups is greater

than the amount of storage available in the vSAN
datastore.
Shared datastore for backup No additional dedicated capacity for backup solution. Poor datastore performance issue during backup jobs
is running.

Note: The Recommended option is in shown in italic and bold. 136

Design Decision # SDDC-OPS-BKP-004

Provide storage with a capacity of at least 12 TB on-disk.

Decision Option Benefit Consequence

Secondary storage capacity Secondary storage handles the backup of the You must provide more secondary storage capacity to
management stack of a single region. The accommodate increased disk requirements.
management stack consumes approximately 12 TB of
disk space, uncompressed and without deduplication.

Note: The Recommended option is in shown in italic and bold. 137

Design Decision # SDDC-OPS-BKP-005

Use HotAdd to back up virtual machines.

Decision Option Benefit Consequence

HotAdd backup option HotAdd optimizes and speeds up virtual machine All ESXi hosts must have the same visibility of the
backups, and does not impact the vSphere virtual machine datastores.
management network.
Network Block Device (NBD) Same visibility of the virtual machine datastores for all The performance of the virtual machine network
ESXi hosts are not required. traffic might be lower.

NBD takes a quiesced snapshot. As a result, it might

interrupt the I/O operations of the virtual machine to
swap the .vmdk file or consolidate the data after the
backup is complete.

NBD does not work in multi-writer disk mode.

Note: The Recommended option is in shown in italic and bold. 138

Design Decision # SDDC-OPS-BKP-006

Use the VADP solution agent for backups of the Microsoft SQL Server.

Decision Option Benefit Consequence

Use VADP solution agent You can restore application data instead of entire You must install and maintain the VADP solution
virtual machines. agent.
Without VADP solution agent None. Cannot restore application data instead of entire VM.

Note: The Recommended option is in shown in italic and bold. 139

Design Decision # SDDC-OPS-BKP-007

Schedule daily backups.

Decision Option Benefit Consequence

Daily backup schedule You can recover virtual machine data that is at most a You lose data that changed since the last backup 24
day old hours ago.

Note: The Recommended option is in shown in italic and bold. 140

Design Decision # SDDC-OPS-BKP-008

Schedule backups outside the production peak times.

Decision Option Benefit Consequence

Non-peak times Backups occur when the system is under the lowest None.
load. Make sure that backups are completed in the
shortest time possible with the smallest risk of errors.
Peak times None. There may be limited non-peak time to complete
backups. Backup duration will be impacted by storage
I/O throughput.

Note: The Recommended option is in shown in italic and bold. 141

Design Decision # SDDC-OPS-BKP-009

Retain backups for at least 3 days.

Decision Option Benefit Consequence

3-days retention level Keeping 3 days of backups enables administrators to None.
restore the management applications to a state within
the last 72 hours.
More than 3 days Provides better RPO (more than 72 hours). Depending on the rate of change in virtual machines,
backup retention policy can increase the storage target
size.

Note: The Recommended option is in shown in italic and bold. 142

Design Decision # SDDC-OPS-BKP-010

Configure a service account in vCenter Server for application-to-application communication from VADP-compatible backup
solution with vSphere.

Decision Option Benefit Consequence

Use service account for backup Provides the following access control features: You must maintain the service account's life cycle
outside of the SDDC stack to ensure its availability.
Provide the VADP- compatible backup solution with a
minimum set of permissions that are required to
perform backup and restore operations.

In the event of a compromised account, the

accessibility in the destination application remains
restricted.

You can introduce improved accountability in tracking

request-response interactions between the components
of the SDDC.

Note: The Recommended option is in shown in italic and bold. 143

Design Decision # SDDC-OPS-BKP-011

Use global permissions when you create the service account in vCenter Server.

Decision Option Benefit Consequence

Use global permissions Simplifies and standardizes the deployment of the All vCenter Server instances must be in the same
service account across all vCenter Server instances in vSphere domain.
the same vSphere domain.

Provides a consistent authorization layer.

No global permissions vCenter Server instances can be in different vSphere Service account management across all vCenter
domain Server instances will be more complicated.

Note: The Recommended option is in shown in italic and bold. 144

Thank You

Azure Databricks-Security Best Practices and Threat Model
No ratings yet
Azure Databricks-Security Best Practices and Threat Model
18 pages
ECMS2 2.0 Fast Lane LAB Guide 2.0.5
No ratings yet
ECMS2 2.0 Fast Lane LAB Guide 2.0.5
125 pages
ExtremeXOS - Switching&Routing
No ratings yet
ExtremeXOS - Switching&Routing
348 pages
Module 5: NSX-T Data Center Logical Switching Design: © 2020 Vmware, Inc
No ratings yet
Module 5: NSX-T Data Center Logical Switching Design: © 2020 Vmware, Inc
36 pages
BCCPP Student v341 Us WMK PDF
No ratings yet
BCCPP Student v341 Us WMK PDF
334 pages
DS8 STS 20feb2012 PDF
No ratings yet
DS8 STS 20feb2012 PDF
525 pages
ISE 2.1 Guest SAML Portal-Pingfed
No ratings yet
ISE 2.1 Guest SAML Portal-Pingfed
44 pages
A.1.2 TestOut Server Pro 2016 - Install and Storage Objectives by Course Section
No ratings yet
A.1.2 TestOut Server Pro 2016 - Install and Storage Objectives by Course Section
7 pages
Vsphere Design
No ratings yet
Vsphere Design
59 pages
VMW NSX Network Virtualization Design Guide
No ratings yet
VMW NSX Network Virtualization Design Guide
93 pages
NSXTD3 M02 Basic Design 0720
No ratings yet
NSXTD3 M02 Basic Design 0720
58 pages
SS002 KTWorkshop
No ratings yet
SS002 KTWorkshop
42 pages
Enhanced VPC: Topology, Configuration & Verification
No ratings yet
Enhanced VPC: Topology, Configuration & Verification
5 pages
M05 - SDDC Advanced Security
No ratings yet
M05 - SDDC Advanced Security
70 pages
Goodbye Legacy VDI
No ratings yet
Goodbye Legacy VDI
22 pages
Cisco Nexus 7000 Series Virtual Device Context Configuration Guide
No ratings yet
Cisco Nexus 7000 Series Virtual Device Context Configuration Guide
94 pages
NSX Reference Design Guide - VMware
No ratings yet
NSX Reference Design Guide - VMware
224 pages
VMware VSphere Security Configuration Guide 7 - Guidance - 703-20221031-03
No ratings yet
VMware VSphere Security Configuration Guide 7 - Guidance - 703-20221031-03
7 pages
Cisco Firepower Hardening Guide
No ratings yet
Cisco Firepower Hardening Guide
36 pages
Vxrail Tech Faq
No ratings yet
Vxrail Tech Faq
59 pages
Fortinet
No ratings yet
Fortinet
21 pages
Pre-Flight IP Address Allocation Checklist Nutanix
No ratings yet
Pre-Flight IP Address Allocation Checklist Nutanix
4 pages
NSXTICM24 M07 Services
No ratings yet
NSXTICM24 M07 Services
139 pages
NSXT Install 24
No ratings yet
NSXT Install 24
226 pages
Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
No ratings yet
Cisco MDS 9000 Family NX-OS Fundamentals Configuration Guide
244 pages
Edu en Nsxtis31 Lec Se
No ratings yet
Edu en Nsxtis31 Lec Se
574 pages
PDF Nf102 Nutanix Ahv Basics
No ratings yet
PDF Nf102 Nutanix Ahv Basics
22 pages
Data Protection and Disaster Recovery
No ratings yet
Data Protection and Disaster Recovery
460 pages
BP 2071 AHV Networking
No ratings yet
BP 2071 AHV Networking
48 pages
CIS VMWare ESXi 7.0 Benchmark V1.4.0 PDF
No ratings yet
CIS VMWare ESXi 7.0 Benchmark V1.4.0 PDF
252 pages
VMW VCP NV Exam Preparation Guide
No ratings yet
VMW VCP NV Exam Preparation Guide
7 pages
VMware VCenter Site Recovery Manager Cheat Sheet en
No ratings yet
VMware VCenter Site Recovery Manager Cheat Sheet en
4 pages
Casb Admin Guide
No ratings yet
Casb Admin Guide
322 pages
Vxrail Apresentação11
No ratings yet
Vxrail Apresentação11
15 pages
2022-03-02 Veeam Disaster Recovery Orchestrator
No ratings yet
2022-03-02 Veeam Disaster Recovery Orchestrator
30 pages
SC 200t00a Enu Powerpoint 00
No ratings yet
SC 200t00a Enu Powerpoint 00
11 pages
VMware NSX VRealized Network Insight Customer Presentation en
No ratings yet
VMware NSX VRealized Network Insight Customer Presentation en
13 pages
Cloudguard For NSX: Administration Guide
No ratings yet
Cloudguard For NSX: Administration Guide
45 pages
DLP Manger Interview Question
No ratings yet
DLP Manger Interview Question
14 pages
HPE GreenLake For Block Storage
No ratings yet
HPE GreenLake For Block Storage
122 pages
Deployment Guide PDF
No ratings yet
Deployment Guide PDF
10 pages
VMware Cloud Director 10.3 Configuration - Maximums
No ratings yet
VMware Cloud Director 10.3 Configuration - Maximums
8 pages
Freeit VDI Questionnaire
No ratings yet
Freeit VDI Questionnaire
5 pages
FortiOS-6 2 0-Cookbook PDF
No ratings yet
FortiOS-6 2 0-Cookbook PDF
1,221 pages
Ch4 NFV
No ratings yet
Ch4 NFV
22 pages
FortiOS-6.4-VMware ESXi Cookbook PDF
No ratings yet
FortiOS-6.4-VMware ESXi Cookbook PDF
56 pages
POC Citrix On Nutanix HLD Draft v0.1
No ratings yet
POC Citrix On Nutanix HLD Draft v0.1
48 pages
NSX V Security Configuration Guide Ver2.1
No ratings yet
NSX V Security Configuration Guide Ver2.1
48 pages
Deep Security - DS - 8.0 - PSTL - v1.9
No ratings yet
Deep Security - DS - 8.0 - PSTL - v1.9
74 pages
FortiSIEM-6.1.2-External Systems Configuration Guide
No ratings yet
FortiSIEM-6.1.2-External Systems Configuration Guide
727 pages
Steering Traffic Through Netskope Security Service Edge
100% (1)
Steering Traffic Through Netskope Security Service Edge
47 pages
Distributed Switch
No ratings yet
Distributed Switch
20 pages
Sonicwall Workshopv2.3
No ratings yet
Sonicwall Workshopv2.3
35 pages
Citrix VDI Handbook (7.6 LTSR)
No ratings yet
Citrix VDI Handbook (7.6 LTSR)
136 pages
Dell Emc Vxrail Planning Guide For Virtual San Stretched Cluster
No ratings yet
Dell Emc Vxrail Planning Guide For Virtual San Stretched Cluster
8 pages
NSX 64 Admin
No ratings yet
NSX 64 Admin
456 pages
NPM Administrator Guide
No ratings yet
NPM Administrator Guide
225 pages
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Dumps
No ratings yet
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Dumps
11 pages
Citrix WHITEPAPER XD Enterprise Design White Paper
No ratings yet
Citrix WHITEPAPER XD Enterprise Design White Paper
42 pages
20741B - 11-Implementing Software Defined Networking
No ratings yet
20741B - 11-Implementing Software Defined Networking
29 pages
Implementing NetScaler VPX™ - Second Edition
From Everand
Implementing NetScaler VPX™ - Second Edition
Sandbu Marius
No ratings yet
VMware Horizon View Essentials
From Everand
VMware Horizon View Essentials
Peter von Oven
No ratings yet
Enterprise Mobile Device Management Complete Self-Assessment Guide
From Everand
Enterprise Mobile Device Management Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Mastering Netscaler VPX: Learn how to deploy and configure all the available Citrix NetScaler features with the best practices and techniques you need to know
From Everand
Mastering Netscaler VPX: Learn how to deploy and configure all the available Citrix NetScaler features with the best practices and techniques you need to know
Marius Sandbu
No ratings yet
Delivery Reference Guide
No ratings yet
Delivery Reference Guide
11 pages
PD005 InstallGuide Vsphere 8.0.x
No ratings yet
PD005 InstallGuide Vsphere 8.0.x
109 pages
Engagement WBS
No ratings yet
Engagement WBS
10 pages
EngagementWBS For MSProject
No ratings yet
EngagementWBS For MSProject
12 pages
SSa D
No ratings yet
SSa D
2 pages
SS Checklist
No ratings yet
SS Checklist
35 pages
SS SolutionSetOverview
No ratings yet
SS SolutionSetOverview
20 pages
Brijesh Yadav: Bhushan Joshi
No ratings yet
Brijesh Yadav: Bhushan Joshi
11 pages
Soft RM IPO91
No ratings yet
Soft RM IPO91
25 pages
Elementary TCP Sockets
No ratings yet
Elementary TCP Sockets
23 pages
Tosibox Lock500 User Manual
No ratings yet
Tosibox Lock500 User Manual
71 pages
CSS Unit V Internet Infrastructure Security
No ratings yet
CSS Unit V Internet Infrastructure Security
12 pages
PL12-1004EN Quick Start Guide
No ratings yet
PL12-1004EN Quick Start Guide
20 pages
CP R77 Multi-DomainSecurityManagement AdminGuide
No ratings yet
CP R77 Multi-DomainSecurityManagement AdminGuide
159 pages
BM626 WiMAX CPE Online Help (V100R001 - 05, Basic)
No ratings yet
BM626 WiMAX CPE Online Help (V100R001 - 05, Basic)
33 pages
Fortus 360mc 400mc User Guide
No ratings yet
Fortus 360mc 400mc User Guide
162 pages
A World Connected An Internet Info-Graphic by Kabir Maindarkar
No ratings yet
A World Connected An Internet Info-Graphic by Kabir Maindarkar
1 page
SonicOS Advanced Outlook Web Access (OWA) Configuration With Exchange Across SonicWALL Firewall
No ratings yet
SonicOS Advanced Outlook Web Access (OWA) Configuration With Exchange Across SonicWALL Firewall
4 pages
SMG Installation Guide 10 9 1
No ratings yet
SMG Installation Guide 10 9 1
60 pages
8.1.2.4 Lab - Configuring Basic DHCPv4 On A Router - Solution
50% (2)
8.1.2.4 Lab - Configuring Basic DHCPv4 On A Router - Solution
14 pages
UD06737B-A Baseline Fingerprint Time Attendance Termimal User Manual V1.1.1 20180502
No ratings yet
UD06737B-A Baseline Fingerprint Time Attendance Termimal User Manual V1.1.1 20180502
144 pages
UM-ME3-Rev1.2-April 2020
No ratings yet
UM-ME3-Rev1.2-April 2020
98 pages
DAP-1155 A1 Manual v1.10
No ratings yet
DAP-1155 A1 Manual v1.10
80 pages
AP ReferenceGuide
No ratings yet
AP ReferenceGuide
1,096 pages
PRO42IC Install Guide 09122020 PDF
No ratings yet
PRO42IC Install Guide 09122020 PDF
40 pages
Implementation of Dynamic Multipoint VPN
No ratings yet
Implementation of Dynamic Multipoint VPN
81 pages
Alarm Monitoring & Control System TWCT22: User Manual 1.1
No ratings yet
Alarm Monitoring & Control System TWCT22: User Manual 1.1
32 pages
Hypermedia Tech
No ratings yet
Hypermedia Tech
79 pages
Basic Config Access-List Route-Map Filter - BGP Permit 10 Match Ip Address
100% (2)
Basic Config Access-List Route-Map Filter - BGP Permit 10 Match Ip Address
1 page
NS3 Notes
No ratings yet
NS3 Notes
66 pages
6.-IP Network Scanning
No ratings yet
6.-IP Network Scanning
36 pages
Manual Intructure (Installasi) Flat Panel Detector Ke Komputer
No ratings yet
Manual Intructure (Installasi) Flat Panel Detector Ke Komputer
72 pages
DG Wm2003sie New Um
No ratings yet
DG Wm2003sie New Um
27 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

SS DesignWorkshop

Uploaded by

SS DesignWorkshop

Uploaded by

VMware Solution

©2019 VMware, Inc.

​Introduction to Architecture Models

​vSphere Design Session

​Solution Set Goals and Objectives

PSO Consultant: Insert

Technology/Product Components Version

Product Component Name Purpose of Component Key External Component

​vSphere is designed in a two-cluster design, one cluster

​Payload cluster hosts all of the other workloads, that

Design Decision ID Design Decision Description Applicable to

Design Decision ID Design Decision Description Applicable to Architecture

SDDC-PHY-NET-003 Use two ToR switches for each rack. PS-Custom

SDDC-PHY-NET-004 Use VLANs to segment physical network functions. PS-Custom

SDDC-PHY-STO-010 Use a dedicated NFS volume to support backup requirements. PS-Custom

Design Decision ID Design Decision Description Applicable to Architecture

Design Decision ID Design Decision Description Applicable to Architecture Model

Design Decision ID Design Decision Description Applicable to

Design Decision ID Design Decision Description Applicable to

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 39

Use one region.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 40

Decision Option Benefit Consequence

If the equipment in this entire rack fails, a

Note: The Recommended option is in shown in italic and bold. 41

Allocate one or more racks to external storage.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 42

Use two separate power feeds for each rack.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 43

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 44

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 45

Use vSAN ReadyNodes.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 46

Verify that all nodes have uniform configuration across a cluster.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 47

Decision Option Benefit Consequence

The remaining RAM is available for new capabilities

Note: The Recommended option is in shown in italic and bold. 48

Implement the following physical network architecture:

Decision Option Benefit Consequence

Provides compatibility with NSX hybrid mode replication

Note: The Recommended option is in shown in italic and bold. 50

Use a physical network that is configured for BGP routing adjacency.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 51

Use two ToR switches for each rack.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 52

Use VLANs to segment physical network functions.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 53

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 54

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 55

Use an NTP time source for all management nodes.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 56

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 57

When using a single availability zone, NFS storage is presented to provide:

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 59

Store templates and ISO files on the primary datastore.

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 60

Decision Option Benefit Consequence

Note: The Recommended option is in shown in italic and bold. 61

Introduction to Architecture Models

vSphere Design Session

Solution Set Goals and Objectives

vSphere is designed in a two-cluster design, one cluster

Payload cluster hosts all of the other workloads, that