VMware Cloud Foundations – questions and answers

These are just some questions I asked related to the product during sessions and I will

Why use more than one workload domain?

  • Horizon view (VDI)
  • Prod
  • QA/DEV
  • Separate customer environment

Are network shared by default between workload domains?

  • No, individual VSAN, VXLAN networks created.

Can you setup network with universal logical router between workload domains?

  • yes

When you enable vROPS and or VRLI, does it create a new instance for each workload domain?

  • No, add-on applications like vROPS/VRLI is shared between all workload domains.

When login can see all the vcenters and hosts.

  • DNS/naming resolution

During initial configuration of Cloud Foundation environment through VIA (evo-rack imaging appliance), how is naming resolution taken care of?

  • DNS/naming resolution is handled by vrack management appliance.
  • Cloud Foundation uses own naming convention (can be changed)
  • ESXi hosts connected through IP address to vCenter server in each domain workload.

vSAN ready nodes

  • 8 minimum
  • Technically can be 6, but 8 provides the necessary recommended redundancy for VSAN.
  • 4 nodes for Cloud Foundation management cluster and other 4 for first VI (virtual infrastructure)

What if problem occurs during the installation process?

  1. Process will stop, logs can be reviewed, changes can be made to installation scritps and process re-run.
  2. Can also install/reinstall to individual ESXi host

What are the resource selection options when creating a workload domain?

  • Only per physical hosts (4 min)
  • Workload domains cannot be shared by for instance a resource pool

Is tags/ storage profiles supported?

Yes but it is not available natively within SDDC manager.  Storage profiles would have be create in vCenter server within each workload domain.

Are all vCenter Servers from each workload domain configured with advanced linked mode?

  • yes

How are PSCs configured?

  • 2 x PSCs
  • First PSC assigned management
  • Second PSC assigned to first VI (virtual infrastructure) workload domain.
  • Each additional workoad domain will round robin between the 2 PSCs.
  • Uses default vsphere.local domain name.
  • SDDC manager is connected to PSC.

ESXi host profiles used when deployed?

  • Not sure and will update when I have any answer.

Can  you attached other storage devices?

  • Can setup NFS datastores through vCenter server.

After deployment, how do you retrieve your application addresses so can login to for instance your vCenter Server, NSX Manager etc?

  • Management info tab provide in SDDC manager which shows all management software components and provides hotlinks to each!

Backups integration?

  • Not sure and will update when i have any answer.

How are passwords handled?

  • Cloud foundation will provide an application that will reset all the passwords which includes all hardware and software components.
  • It will also create a master password which is only available to customer.


VMware Cloud Foundations – Hardware information

Support max up to 8 racks!(192 servers)

  • When you add a new rack some redundant spine switch are added to interconnect racks.


  • Min 4 hosts management
  • Min 4 host infrastructure

Here are some information on the physical requirements for Cloud foundation:

  • Redundant power
  • 8 to 24 VSAN ready nodes
  • Management switch
  • 48 x 1GB
  • Redundant Top-of-Rack switches
  • 48 x10GB
  • 4 x 40GB (2 to each switch)
  • Redundant Spine switches (only require if more than 1 rack)
  • Multi rack config
  • 32 x 40Gbps

Network architecture:

  • Automated installation and configuration of physical networking.
  • Integrates with existing data center network infrastructure
  • Uplink fully compatible to existing switches (Cisco, juniper)
  • vMotion shared across all workload domains
  • VXLAN shared across all workload domains
  • Different VLANS for each network

Different VLANs created for each workload domain:

  • Non-routable management VLAN
  • Public management
  • Corporate external
  • VSAN
  • vMotion

Switch count for 1 rack?

  • 1 x management switch
  • 2 x top-of-rack switches

Switch count for 2 racks?

  • 1 x management switch
  • 2 x top-of-rack switches
  • 2 x spine switches

VMware will also be providing a wire map for implementations.


VMware Cloud Foundations – Workload domain

What is a workload domain?

  • A Workload domain consists of ESXi, vCenter, VSAN and NSX
  • SDDC Manager is used to create a workload domain which is wizard driven with automated host selection
  • There are current 2 different workload domains which can be deployed:
    • vDI workload domain
    • VI workload domain (Virtual Infrastructure or can call it IAAS)
  • Requires about 45 minutes to deploy which is crazy if you think about it since I installs ESXi on each host, install and configure networks, physical ports, vCenter Server, VSAN and NSX and have it ready to just deploy your VMs.
  • You can deploy as many workload domains as required.
  • Seamless expansion with additional hosts
  • Policy based control:
    • Capacity, performance, availability (networking, security)
  • Automated deletion and reclamation of capacity
  • Workload domain can be expanded, deleted as well as patched/updated through lifecycle management.


VMware Cloud Foundations – Installation

VIA (evo-rack imaging appliance)

    • VIA was pretty awesome to see! I do hope in the future that this product will be integrated into SDDC manager so you don’t have to switch between the two.

VIA provides a UI from where all the necessary information is entered to setup the initial environment.  It will install the ESXi hosts, vCenter Server, VSAN and NSX software as well as all the necessary networks.

High level steps to bring up SDDC:

  • Physical deployment
    • Fully assembled rack arrived at customer
    • Power and networking connect per site survey
  • Power-on validation
    • SDDC manager and HMS brought up
    • System check against known good inventory
    • DOA, other discrepancies identified
  • Customer info input (Collected during site survey) (json input)
    • DC parameters, DNS, AD, NTP etc
    • IP address for vMotoin, VSAN, VXLAN
  • Management cluster
    • SDDC manager
    • SDDC stack brought up
    • VSAN datastore created
    • Vrealize products configured
    • Management packs installed and configured
    • HA for management cluster configured
  • SDDC ready to use
    • Workload domains created
    • VM brought up

VMworld 2016: VMware Cloud Foundations

VMware announced yesterday the upcoming release of VMware Cloud Foundations which is its first SDDC solution and provides a natively-integrated infrastructure stack.

I was one of the lucky ones to get invited and attend VMware’s first ever bootcamp session on VMware Cloud Foundations and it did not disappoint.  We got some first hand knowledge of the product and its offerings and here is what I learned.

To start off with what exactly is Cloud Foundations.

  • Its a software defined solution which integrates vSphere, VSAN and NSX into a single platform.
  • It provides a common foundation across clouds with flexible deployment options and primary focus is on simplifying deployment and operations.
  • Cloud foundation can run in private and public cloud.

Both private and public cloud faces a problem of availability with being able to move data across private and public cloud. This is where Cloud Foundations can build a common base and with the use of NSX can create a universal transport zone which provides the connectivity necessary to move your workload between sites.

Two different deployments:

  • Customer self-deployment onsite
  • Factory pre-loaded

Private cloud:

  • Ready systems:
    • Qualified VSAN ready nodes – DELL, QCT, HP
    • Qualified networking – Cisco 9k, Arista 7500 (Northbound L2,L3)
  • Integrated systems:
    • VxRack 1000 SDDC

Public cloud:

  • Cloud service provider
    • IBM SoftLayer (Q3 2016 GA)
  • Vmware vCloud air Network (vCAN)
  • Vmware vCloud air

In my next couple of posts I will provide a bit more detail  on the Cloud Foundation private cloud components and installation.  These posts will only cover my notes from the bootcamp session so apologies for any mistakes and do let me know if you find any.  I will also update the posts in future when more information is available.

VMworld 2016: VMware Cross-Cloud services

With the first keynote completed by Pat Gelsinger, VMware gave a tech preview of there new SAAS offering which provides visibility vSphere and non-vSphere private and public clouds.  The non-vSphere public clouds being the most interesting here since they will support IBM, Amazon, Google and Azure. This is huge since customers want choice and this provides the opportunity for hybrid cloud solutions.

This new service will provide a single pane of glass to manage all private and public clouds with additional ability to migrate workloads between VMware Cloud foundation and external cloud service providers.  It also provides the following functionality:

  • Connectivity
  • Segmentation
  • Encryption
  • Usage and costs


VMware Cloud Foundations – Software components

External integration


Add-on components

vRealize suite,





App volumes

Cloud foundation

SDDC Manager, Hardware management services (naming resolution function)

SDDC foundation

Vsphere, VSAN, NSX


Ready nodes, private clouds

SDDC Manager:

  • Runs as VA in management domain, protected by vSphere HA
  • Roles:
    • Provision workload domains
    • Provision/manage/monitor logical and physical resources

HMS (hardware management system)

  • Manage/monitor physical servers and switches
  • Pulling information directly from hardware and not vSphere.

Infrastructure Manager (LCM)

  • Vmware cloud foundation
  • Two LCM VM’s in management domain
    • LCM repository
    • LCM backup repository
  • SDDC manager notifies when patches/upgrade become available
  • Administrator downloads and schedules updates
  • Workload domains updated individually

Lifecycle management:  Predictable, Automated Upgrades and Updates

  • Apply upgrades/updates per workload domain.
  • 3 step process
    • Software repository. (Interop tested software bundle)
    • Publication (create bundles)
    • SDDC manager used to deploy to workload domains
  • 2 different package types
    • Upgrade – mayor release (90 days behind)
    • Update  – point fixes (day or week behind)

Patch Tuesday no more…Microsoft servicing model changes

Coming October Microsoft will be changing the way it delivers patches to many of their OS’s and only time will tell how successful this will be but in my opinion this is an overdue change and a good thing.

I was a MS engineers in a my previous life and I know how tedious it can be to manage all the individual patches released with testing and verification, and this gets even more complicated when you have different OS’s.  Sometimes hated those Tuesdays 🙂

Microsoft will be releasing a monthly rollup which includes security and reliability issues. How does this impact you?


There is a great MS blog which explains this in detail which I have provided below:







vRealize Business 7.1 Standalone installation with VMware Identity Manager

With the new version of vRealize Business 7.1 released on 23 August they finally made it possible to install vRB standalone without using vRealize Automation which is great, however you still need to connect vRB to a VMware Identity Manager to authenticate. Below are the steps to follow to configure both vRB and vIDM.


  • DNS A record for vIDM server (unable to create the database in configuration wizard if using IP Address in browser)
  • DNS A record for vRB.


  1. Deploy both vIDM and vRB appliances. Not going to go into details here since this is pretty straight forward.
  2. After deployment is completed and appliance is up and running.
  3. Browse (https) to vIDM FQDN, which will give a configuration wizardScreen Shot 2016-08-24 at 12.04.16 PM
  4. Set passwordScreen Shot 2016-08-24 at 12.04.41 PM
  5. Set DatabaseScreen Shot 2016-08-24 at 12.05.25 PM
  6. Finish
  7. Login to vRB VAMI (https://FQDN:5480)
    1. Register with viDM. (admin username)Screen Shot 2016-08-24 at 12.47.55 PM
    2. Verify registration successful.
  1. Next step is to provide local admin user access to vRB
    1. Open a webpage to vIDM
    2. Login with admin/password
    3. Select Users and Groups
    4. Screen Shot 2016-08-24 at 1.06.52 PM
    5. Select VCBM_ALL
    6. Select Users in this group
    7. Click Modify users in this group
    8. Screen Shot 2016-08-24 at 1.07.23 PM
    9. Check box for “Additional specific Users”
    10. Type “admin”, press Enter
    11. Select Admin, Local (Admin@local Users)
    12. Next
    13. Save
  2. Provide domain user access to vRB.
    1. Open a webpage to vIDM
    2. Login with admin/<password>
    3. Select Identity & Access Management
    4. Select Directories
    5. Click “Add Directory” -> Add Active Directory over LDAP/IWA
    6. Screen Shot 2016-08-25 at 8.30.47 AM
    7. Select either Active Directory of LDAP or Active Director (Integrated Windows Authentication)Screen Shot 2016-08-25 at 8.32.06 AM
    8. (Option 1) If you select AD over LDAP:
      1. If you AD does not support DNS service Location then uncheck the box and specify your AD server.
      2. Specify Bind User details:
      3. In the Base DN field, enter DN from which to start account searches
      4. OU=department,DC=domain,DC=com
      5. In the Bind DN field, enter the account that can search for users
      6. CN=Users,OU=department,DC=domain,DC=com.
    9. (Option 2) If you select AD Integrated Windows Authentication
      1. Enter domain name
      2. Enter Domain Admin username
      3. Enter Domain password
      4. Enter Domain authenticated Bind User UPN (user@domain.com)
      5. Save & Next
  3. Select the Domains you want associated with AD connection.
  4. Map user attributes
  5. Screen Shot 2016-08-25 at 8.41.45 AM
  6. Select the groups you want to sync
    1. CN=users,DC=example,DC=company,DC=com
    2. Screen Shot 2016-08-25 at 8.42.28 AM
  7. Select the users you want to sync
    1. CN=username,CN=users,DC=example,DC=company,DC=com
    2. Screen Shot 2016-08-25 at 8.47.20 AM
  8. Review the users and groups.
  9. Click Sync Directory
  10. Open a webpage to VRB.
    1. Login with Admin
    2. Enter serial number
    3. Select Administration tab
    4. Select Manage Private Cloud Connections -> vCenter Server
      1. Click Plus (+) button on right.
      2. Screen Shot 2016-08-25 at 8.52.42 AM
    5. Enter vCenter server information
    6. Screen Shot 2016-08-25 at 8.53.02 AM
    7. Select Update Reference Database
      1. Click Run Automatic Update if you have internet access. (If greyed out then might be on latest version or verify internet connectivity)
      2. Verify the following ports are open on firewall
        1. Port 443, which connects to https://vrb-hub.vmware.com/manualupdate/welcome#/
        2. Port 22, which connects to SaasFTP.digitalfuel.com
  11. Complete