Deployment Overview of
VMware Cloud Foundation

The deployment of

VMware Cloud Foundation

is automated. You use

VMware Cloud Builder

to deploy the management domain, SDDC Manager to deploy VI workload domains for customer workloads, and VMware vRealize® Suite Lifecycle Manager™ in

VMware Cloud Foundation

mode to deploy vRealize Suite products and Workspace ONE Access. You deploy management components manually only in a few cases according to the instructions.

An example deployment flow can start with deploying all management components in

VMware Cloud Foundation

. You deploy the management domain and extend its capabilities with cloud management and cloud monitoring by using vRealize Suite or with other solutions. Next, you deploy VI workload domains for customer workloads and integrate each newly deployed domain with the solutions in place. Finally, you can introduce multiple availability zones for workload high-availability and mobility inside a data center, and additional

VMware Cloud Foundation

instances for workload mobility across physical locations.

Start with the management domain, add vRealize Suite in the management domain, and add a VI workload domain and connect it to vRealize Suite, all with SDDC Manager. — Example Deployment Flow for a Single
VMware Cloud Foundation
Instance

For NSX Federation, also deploy NSX Global Manager in the management domain of each VCF instance. Use SDDC Manager for vSAN stretched clusters. — Example Deployment Flow with NSX Federation

Deploying
VMware Cloud Foundation
in Cloud-Connected Subscription Mode

If you plan to use

VMware Cloud Foundation+

, you must deploy

VMware Cloud Foundation

in subscription mode based on keyless licensing. In this mode, you do not need license keys for the products in the platform. Instead, you use a subscription to VMware Cloud with a term and allocated capacity that can be distributed across multiple

VMware Cloud Foundation

instances.

Deploy Directly in Subscription Mode: You activate subscription mode in the deployment parameter workbook for
VMware Cloud Builder
at bring-up. You cannot switch to key-based licensing mode after bring-up is complete.
After the management domain is deployed,
VMware Cloud Foundation
enters subscription-ready mode in preparation for getting connected to the cloud and added to a
VMware Cloud Foundation+
subscription you purchased. In subscription-ready mode, you cannot add infrastructure to
VMware Cloud Foundation
, such as VI workload domains or hosts and clusters to the management domain.
After you complete the subscription process, the
VMware Cloud Foundation
enters subscription mode.
Transition Through Mixed Licensing Mode: This path is available in
VMware Cloud Foundation
4.5.2.
You deploy
VMware Cloud Foundation
in key-based licensing mode, adding VI workload domains as needed.
You connect the management domain or all available workload domains to the cloud. As a result, the
VMware Cloud Foundation
instance is transitioned to mixed licensing mode where you can add workload domains under key-based or keyless licenses.
To permanently use the management components for all workload domains under keyless subscription, you can commit the
VMware Cloud Foundation
instance to keyless subscription.

For more information on

VMware Cloud Foundation+

, see What is VMware Cloud Foundation+?.

Getting Started with VMware Cloud Foundation

Deploying the Management Domain

The management domain of a

VMware Cloud Foundation

instance contains the components for deployment and operation of virtual infrastructure for customer workloads. Following a certain sequence of operations, you bring up

VMware Cloud Foundation

first. This operation deploys the management domain. Then, you can proceed with deploying vRealize Suite products and VI workload domains.

Steps		Description
0. Plan and prepare for the management domain deployment.		Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS).
1. Deploy VMware Cloud Builder Appliance		Deploy the VMware Cloud Builder appliance on a laptop running VMware Workstation or VMware Fusion, or on an ESXi host.
2. Prepare the ESXi Hosts for VMware Cloud Foundation		Prepare a minimum of four ESXi hosts for the management domain by manually installing ESXi or by using the VMware Imaging Appliance.
3. Deploy the management domain by using VMware Cloud Builder.		Download the deployment parameter workbook for VMware Cloud Builder for VMware Cloud Foundation or for VMware Cloud Foundation on Dell EMC VxRail from VMware Customer Connect and fill in the details for the management domain deployment. In the workbook, select subscription-ready mode or key-based licensing mode for VMware Cloud Foundation . You can use the details from the VMware Cloud Foundation Planning and Preparation Workbook. Then, upload the deployment parameter workbook to VMware Cloud Builder . After VMware Cloud Builder validates the target environment against the specification in the deployment parameter workbook, perform bring-up of the management domain. After bring-up is complete, the management domain contains vCenter Server, vSAN, and SDDC Manager.
Post-Deployment Configuration	Configure the Repository Settings for SDDC Manager	After the deployment of the management domain, configure SDDC Manager with repository credentials by using a VMware Customer Connect account. In this way, SDDC Manager can access the inventory of installation and upgrade bundles on depot.vmware.com. You can update the components of VMware Cloud Foundation as soon as an update is available.
	Configure backup of management components.	Optional. Reconfigure SFTP Backups for SDDC Manager and NSX-T Data Center By default, backups of NSX-T Data Center and SDDC Manager are stored on the SDDC Manager appliance. You should change the destination of the backups to an external SFTP server to ensure you can recover these components in the event of a failure. File-Based Backup of SDDC Manager and vCenter Server You should also configure a backup schedule for SDDC Manager and management domain vCenter Server, and export the vSphere Distributed Switch configuration.
	Configure certificate management in SDDC Manager.	Optional. If you want to use SDDC Manager to manage CA-signed certificates for management components, prepare a Microsoft certificate authority server, configure the integration with SDDC Manager, and then update the certificates for components for establishing a secure communication to the components of VMware Cloud Foundation .
	Configure password management.	To provide best security and proactively prevent any passwords from expiring, rotate passwords over a regular period according to the security policy of your organization, for example, every 90 days. You can use one of these password rotation options: Auto-rotate passwords according to a schedule in SDDC Manager. Manually rotate passwords.
	Create an automation account.	If you plan to use VMware Cloud Foundation APIs in automation scripts, create a special service account and generate tokens for protected access to the automation platform.

Deploying
vRealize Suite Lifecycle Manager
and
Workspace ONE Access

vRealize Suite Lifecycle Manager

is the foundation for automated deployment of

vRealize Suite

products on

VMware Cloud Foundation

for operations management, logging and workload provisioning. You use

Workspace ONE Access

that is integrated with

vRealize Suite Lifecycle Manager

for central role-based access control in

vRealize Suite

Steps	Description
0. Plan and prepare for the deployment of vRealize Suite Lifecycle Manager and Workspace ONE Access .	Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in theVMware Cloud Foundation Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS).
1. Set up routing and networks in NSX.	Deploy an NSX Edge Cluster Deploy an NSX Edge cluster in the management domain and application virtual networks. SDDC Manager deploys the edge cluster and creates Tier-0 and Tier-1 gateways for north-south and east-west routing for management components in VMware Cloud Foundation . Deploy Application Virtual Networks When SDDC Manager creates the NSX segments for the application virtual networks, it connects them to the NSX gateways. See NSX Segments Design for the Management Domain.
2. Deploy VMware Aria Suite Lifecycle.	You deploy vRealize Suite Lifecycle Manager in the management domain. SDDC Manager provides inventory information about the management domain in vRealize Suite Lifecycle Manager . SDDC Manager also configures the NSX Tier 1 gateway to support the load balancer for the cross-region solutions.
Post-Deployment Configuration of vRealize Suite Lifecycle Manager	Replace the Certificate of the VMware Aria Suite Lifecycle Instance Upload a CA-signed certificate for trusted communication to vRealize Suite Lifecycle Manager Configure Data Center and vCenter Server in VMware Aria Suite Lifecycle Perform configuration procedures so that you can manage the deployment and life cycle of vRealize Suite .
3. Deploy Workspace ONE Access.	Optional. If you want to provide centralized identity and access management to vRealize Suite , deploy a Workspace ONE Access instance and integrate it with Active Directory. For a clustered Workspace ONE Access instance, vRealize Suite Lifecycle Manager calls SDDC Manager to configures the required NSX load balancer.
Post-Deployment Configuration for vRealize Suite Lifecycle Manager and Workspace ONE Access	Add the Workspace ONE Access Passwords to VMware Aria Suite Lifecycle Optional. Create separate passwords for the administrator accounts for the vRealize Suite Lifecycle Manager global environment and Workspace ONE Access . Image-Based Backup and Restore of VMware Cloud Foundation Optional. Create full virtual machine image-level backup jobs by using a backup solution that is compatible with VMware vSphere Storage APIs - Data Protection (VADP).
4. Deploy a vRealize Suite solution that is required by your SDDC design.	Deploy a vRealize Suite solution in VMware Cloud Foundation and connect it with the platform and with other vRealize Suite components to form a fully-integrated cloud management system. For information on deploying vRealize Suite components and integrating them with the VMware Cloud Foundation platform, see VMware Validated Solutions.

Deploying a Virtual Infrastructure Workload Domain

After you deploy the management domain and vRealize Suite solutions in

VMware Cloud Foundation

, following a certain sequence of operations, you create a VI workload domain to run customer workloads with specific requirements.

vCenter Server and the NSX Manager cluster for the VI workload domain are deployed on the management domain. You deploy the NSX edge cluster in the VI workload domain. See Workload Domains in VMware Cloud Foundation.

Steps	Description
0. Plan and prepare for the VI workload domain deployment.	Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS).
1. Prepare the ESXi hosts and add them to VMware Cloud Foundation.	Prepare the ESXi Hosts for VMware Cloud Foundation Prepare a minimum of three ESXi hosts for the VI workload domain by manually installing ESXi or using the VMware Imaging Appliance. Create a Network Pool A network pool is a collection of subnets within a Layer-2 network domain. Each ESXi host is assigned IP addresses from this network pool for vSphere vMotion and storage. Commission Hosts Adding hosts to the SDDC Manager inventory is called commissioning. Add hosts individually or use a JSON template to add multiple hosts at once. SDDC Manager validates the specification of the hosts against the requirements for operating in VMware Cloud Foundation . Add License Keys Optional. Add license keys with sufficient capacity and required feature scope for vSphere, NSX-T Data Center, vCenter Server, and vSAN if used as principal storage. If the licenses you provided for the management domain at bring-up have enough capacity, you can use them instead.
2. Deploy a VI Workload Domain.	After the hosts are commissioned, deploy the VI workload domain by using the automated workflow in SDDC Manager.
3. Deploy an NSX Edge Cluster.	Deploy an NSX Edge cluster in a vSphere cluster in the VI workload domain to provide networking services and connectivity to the external network for your workloads.
4. Connect the vRealize Suite solution to the workload domains.	After you deploy the VI workload domain, use SDDC Manager to integrate it with the vRealize Suite components in your environment. For information on connecting vRealize Suite components with the VMware Cloud Foundation platform, see VMware Validated Solutions.
Post-Deployment Configuration	File-Based Backup of SDDC Manager and vCenter Server Optional. Configure a backup schedule and location for the VI workload domain vCenter Server, and export the vSphere Distributed Switch configuration. Configure certificate management in SDDC Manager Optional. If you want to manage signed certificates for management components of the VI workload domain, use the SDDC Manager UI to update them. Configure password management To provide best security and proactively prevent any passwords from expiring, rotate passwords over a regular period according to the security policy of your organization, for example, every 90 days. You can use one of these password rotation options: Auto-rotate passwords according to a schedule in SDDC Manager. Manually rotate passwords.

Deploying Additional Availability Zones and
VMware Cloud Foundation
Instances

After you initially deploy

VMware Cloud Foundation

in a single availability zone, following a certain sequence of operations, you can expand the environment to multiple availability zones by using vSAN stretched clusters or add another VMware Cloud Foundation instance connecting it to the environment by using NSX Federation.

Steps	Description
Deploy multiple availability zones in the management domain and in the VI workload domain.	Plan and prepare for configuring the vSAN stretched clusters. Work with the technology team of your organization on configuring the physical servers, network, and storage in the data centers. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS). Deploy the vSAN witness appliance for the management domain on a third site and configure the vSAN stretched cluster for the management domain. Deploy the vSAN witness appliance for the VI workload domain cluster on a third site and configure the vSAN stretched cluster for a vSAN cluster in the VI workload domain.
Configure NSX Federation to add more VMware Cloud Foundation instances.	Plan and prepare for configuring NSX Federation. Work with the technology team of your organization on configuring the physical servers, network, and storage in the data centers. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS). In the first VMware Cloud Foundation instance, deploy an NSX Global Manager cluster for the management domain. If you plan to implement customer workload mobility across physical locations, deploy an NSX Global Manager cluster for the VI workload domain too. Activate NSX Federation by setting each NSX Global Manager in the first instance as active. Connect the NSX Global Manager to the local NSX Manager and prepare Tier-0 and Tier-1 gateways and NSX segments for stretched networking. Deploy a second VMware Cloud Foundation instance. Deploy manually one or more NSX Global Manager clusters in the second VMware Cloud Foundation instance. Set each NSX Global Manager in the second VMware Cloud Foundation instance as standby in the federation. Connect it to the local NSX Manager and complete the configuration of Tier-0 and Tier-1 gateway and NSX segments for stretched networking according to the requirements for workload mobility. Add more VMware Cloud Foundation instances connecting their local NSX Managers to the dedicated NSX Global Manager in the first instance.

Steps

Description

Deploy multiple availability zones in the management domain and in the VI workload domain.

Plan and prepare for configuring the vSAN stretched clusters.

Work with the technology team of your organization on configuring the physical servers, network, and storage in the data centers. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook in Microsoft® Excel® spreadsheet format (XLS).

Deploy the vSAN witness appliance for the management domain on a third site and configure the vSAN stretched cluster for the management domain.

Deploy the vSAN witness appliance for the VI workload domain cluster on a third site and configure the vSAN stretched cluster for a vSAN cluster in the VI workload domain.

Configure NSX Federation to add more

VMware Cloud Foundation

instances.

Plan and prepare for configuring NSX Federation.

In the first

VMware Cloud Foundation

instance, deploy an NSX Global Manager cluster for the management domain. If you plan to implement customer workload mobility across physical locations, deploy an NSX Global Manager cluster for the VI workload domain too.

Activate NSX Federation by setting each NSX Global Manager in the first instance as active. Connect the NSX Global Manager to the local NSX Manager and prepare Tier-0 and Tier-1 gateways and NSX segments for stretched networking.

Deploy a second

VMware Cloud Foundation

instance.

Deploy manually one or more NSX Global Manager clusters in the second

VMware Cloud Foundation

instance.

Set each NSX Global Manager in the second

VMware Cloud Foundation

instance as standby in the federation. Connect it to the local NSX Manager and complete the configuration of Tier-0 and Tier-1 gateway and NSX segments for stretched networking according to the requirements for workload mobility.

Add more

VMware Cloud Foundation

instances connecting their local NSX Managers to the dedicated NSX Global Manager in the first instance.

Content feedback and comments

VMware Cloud Foundation 4.5

Deployment Overview of VMware Cloud Foundation

Deploying VMware Cloud Foundation in Cloud-Connected Subscription Mode

Deploying the Management Domain

Deploying vRealize Suite Lifecycle Manager and Workspace ONE Access

Deploying a Virtual Infrastructure Workload Domain

Deploying Additional Availability Zones and VMware Cloud Foundation Instances

Deployment Overview of
VMware Cloud Foundation

Deploying
VMware Cloud Foundation
in Cloud-Connected Subscription Mode

Deploying
vRealize Suite Lifecycle Manager
and
Workspace ONE Access

Deploying Additional Availability Zones and
VMware Cloud Foundation
Instances