VMware Cloud Foundation 2.

3 – The Software-Defined Data Center for your Private Cloud

Overview vRealize Operations Manager Architecture vRealize Automation Architecture vRealize Log Insight Architecture
VMware Cloud Foundation is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, networking and security, and cloud management vRealize Operations Manager is installed by the SDDC Manager using the vRealize Suite Lifecycle Manager API and is load balanced with vRealize Automation is installed by the SDDC Manager using the vRealize Suite Lifecycle Manager API and is load balanced with NSX. Log Insight is automatically installed by the SDDC Manager during the bring up process. Once installed, It is then configured to collect
to run both traditional enterprise applications and modern cloud native workloads. Cloud Foundation drastically simplifies the hybrid cloud by delivering a single integrated solution that is easy to operate, NSX. Once installed, it is then configured to automatically collect performance metric data from all of the VMs in the Management Domain. Once deployed the vRA administrator can create blueprints and deploy VMs to the VMware Cloud Foundation Private cloud. unstructured syslog data from all VMware Cloud Foundation components. Including the SDDC Manager controller, PSC, vCenter,
thanks to new built-in automated lifecycle management. Including the SDDC Manager controllers, PSC, vCenter, vRealize Suite, NSX, Horizon suite, and ESXi hosts. The cloud administrator is then vRealize Suite, NSX, Horizon suite, ESXi hosts, top of rack and management switches. The cloud administrator is then able to review
able to manage performance, monitor alerts, and optimize capacity all from the vRealize Operations Manager dashboards. all the aggregated log information from the Log Insight dashboard.
Software Components

Horizon
SDDC Manager
VMware Cloud Foundation VMware Cloud Foundation
Private Cloud Private Cloud Components
VMware Cloud Foundation
Horizon App Volumes
VMware Cloud Foundation
PSC vRA NSX ESXi PSC vRA NSX ESXi
SDDC SDDC
Private Cloud SDDC Management
Horizon
vRealize vRealize vRealize Manager Manager Manager Switch
Cloud Management Operations Manager Automation Network Insight vCenter vROPs vRLI VM VM vCenter vROPs TOR Switch
VM
VM
vRealize vRealize
Log Insight Business
Compute Storage Network
vRSLCM NSX Edge vRSLCM NSX Edge ILB
vSphere vSAN NSX API Load Balancer API Load Balancer VIP
Lifecycle Automation

Master Worker Worker

vROPs vROPs vROPs Log Insight Log Insight Log Insight
Master Replica Data VRA Web Agent DEM SQL

vRealize Operations Manager Cluster vRealize Automation Cluster Single Log Insight Cluster
Private cloud Public cloud Using Integrated Load Balancer

Lifecycle Architecture Physical Infrastructure Architecture Workload Domain Network Architecture

By default, SDDC Manager routinely checks the VMware software depot to discover when software updates are available. If SDDC Manager does not have internet A Cloud Foundation private cloud deployment is comprised of between one to eight racks, with each rack containing: between 4 and 32 certified vSAN ReadyNodes, one certified management switch, and two certified Top-of-Rack (ToR) switches. In Cloud Foundation implements a virtual network overlay that runs on top of the physical network data plane. Physical hosts are logically grouped into vSphere clusters (represented as workload domains) wherein
connectivity, use the Bundle Transfer Utility to manually download update bundles from the VMware software depot and manually transfer them to SDDC Manager. multi-rack configurations, a pair of redundant inter-rack switches are added to the second rack to provide for inter-rack connectivity. Refer to the VMware Compatibility Guide (VCG) http://vmware.com/go/cloudfoundation-vcg) a Virtual Distributed Switch is configured and port groups created. VMware NSX is also installed with a default transport zone. Logical switches, Edge Service Gateways (ESGs), distributed logical routers,
for a list of qualified hardware. distributed firewalls and application virtual networks are manually created based on workload needs.

External Network
depot.vmware.com Bundle Transfer Utility vCenter & NSX Manager Management Domain
Upstream
Network Runs in Management
vCenter NSX Manager
Domain
Upstream Upstream
Switch/Router - 01 Switch/Router - 02
SDDC Manager

Workload Domain

NSX
VM VM VM
Transport
Monitor / Track update status Top-of-Rack Switches
Notification of update Zone NSX Logical Switch
and history Management Switch (Optional) VM VM VM

Virtual Infrastructure Domain

Expand
Maximum NSX CTL 01 NSX CTL 02 NSX CTL 03
32 Servers
Qualified Top of Rack (ToR) switches NSX Edge (Optional)
Download update
Qualified management switch
Management

Available Capacity Qualified vSAN ReadyNodes Virtual Corporate

Distributed vMotion
Minimum configuration is 1 rack and 4 ReadyNodes
Schedule update Switch
vSAN
Expandable to 8 racks and 256 ReadyNodes
VXLAN
Expand
Heterogeneous Server Support

Virtual Desktop Domain

Mgmt VI VDI
Workload Domains
WLD WLD WLD VTEP ESXi-01 VTEP ESXi-02 VTEP ESXi-03
updated independent vSphere
of each other Cluster
Minimum
Management Domain
VI VDI 4 Servers vSAN
WLD WLD

Compute Architecture Storage Architecture Security Architecture Features

VMware Cloud Foundation scales up to 15 workload domains per installation. Each workload domain can be patched or upgraded independently. Workload domains Cloud Foundation uses certified rack mount vSAN ReadyNodes to implement a highly scalable and performant VMware Cloud Foundation includes many comprehensive security features to protect your virtual infrastructure. This includes VMDK encryption, vMotion encryption, vSAN data at rest encryption, NSX distributed
start with a minimum of 3 hosts and can scale up to 64 hosts. Each workload domain has its own vCenter Server and NSX Manager instance. All vCenter Server hyper-converged (HCI) based storage subsystem. Both hybrid and all-flash configurations are supported. As an firewall, NSX edge VPN, NSX edge firewall, and vRealize Network Insight.
instances are connected together with vSphere Enhanced Link Mode. option, iSCSI and NFS network attached storage are supported. Refer to the VMware Compatibility Guide
(VCG) http://vmware.com/go/cloudfoundation-vcg) for a list of qualified ReadyNodes
and available configuration options.
Encrypted
Management Workload Domain VM VM VM VM VM
vMotion vRNI
vSAN ReadyNodes
PSC Single Sign-on Domain PSC
IP attached storage 1 1 0 External
Hybrid (i.e. NFS / iSCSI) 1 0 1
1 0 0
Traditional IP Attached Storage
NSX Edge
Management VDI Workload VI Workload VI Workload SSD PCIe NVMe
Caching 0 0 1
Domain vCenter Domain vCenter Domain vCenter Domain vCenter
Tier Firewall
Read and Write Cache 0 1 0
VPN
NSX Manager NSX Manager NSX Manager NSX Manager

Option 1: Hybrid Option 2: All-Flash vSphere Distributed Switch

vRealize vRealize vRealize SDDC Manager SDDC Manager

Log Insight Operations Manager Automation Controller Utility
Capacity
ESXi + vSAN + NSX ESXi + vSAN + NSX ESXi + vSAN + NSX
Capacity
Tier
NSX Controller NSX Controller NSX Controller
SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD SSD

ESXi ESXi ESXi ESXi VM Encryption

All-Flash vSAN Datastore vSAN Datastore vSAN Datastore
Encryption Data-at-rest Encryption Data-at-rest Encryption Data-at-rest Distributed Firewall

Caching vMotion Encryption

SSD PCIe NVMe
Tier
Read and Write Cache Edge VPN
VDI Domain VI Workload Domain VI Workload Domain vSAN vSAN
Partner Provided KMS vSAN Encryption

VDI VDI ... VDI

APP
OS
APP
OS
... APP
OS
APP
OS
APP
OS
... APP
OS
Edge Firewall

vRealize Network Insight

NSX NSX NSX NSX NSX NSX NSX NSX NSX
Capacity
Controller Controller Controller Controller Controller Controller Controller Controller Controller
Capacity
Tier

ESXi ... ESXi ESXi ... ESXi ESXi ... ESXi Hyper-converged vSAN
Storage with Flash and HDD
Hyper-converged vSAN
Storage with All-Flash

Copyright © 2018 VMware, Inc. All rights reserved. vmware.com