As part of the security and compliance layer, this design uses Workspace ONE Access to provide identity and access management to the SDDC management components. To satisfy the requirements of the management components for availability and locality, you deploy a region-specific Workspace ONE Access instance and a cross-region Workspace ONE Access instance.
Workspace ONE Access provides these services:
Directory integration to authenticate users against existing directories such as Active Directory or LDAP.
Addition of two-factor authentication through integration with third-party software such as RSA SecurID, Entrust, and others.
Cross-Region and Region-Specific Workspace ONE Access Deployments in Region A
Region-Specific Workspace ONE Access
The region-specific Workspace ONE Access instance provides identity and access management services to regional SDDC solutions.
Logical Design of the Region-Specific Workspace ONE Access Deployment
Design Details on Region-Specific Workspace ONE Access
Cross-Region Workspace ONE Access
The cross-region Workspace ONE Access provides identity and access management services to cross-region SDDC solutions.
Design Details on Cross-Region Workspace ONE Access
Cloud Operations Layer
The cloud operations layer of the SDDC provides capabilities for life cycle management by using SDDC Manager in VMware Cloud Foundation and vRealize Suite Lifecycle Manager. The layer also supports performance and capacity monitoring, and log collection for the SDDC management components by using vRealize Operations Manager and vRealize Log Insight.
SDDC Manager
You use SDDC Manager in VMware Cloud Foundation to perform the following operations:
Deploy virtual infrastructure workload domains and extend the virtual infrastructure of the management domain.
Deploy the NSX-T Edge cluster for a workload domain.
Expand a cluster with hosts and add clusters to workload domains.
Manage the life cycle of the virtual infrastructure components in all workload domains, and of vRealize Suite Lifecycle Manager.
Manage certificates and passwords of the SDDC management components.
Logical Design of SDDC Manager
SDDC Manager Design Details
vRealize Suite Lifecycle Manager
vRealize Suite Lifecycle Manager provides life cycle management capabilities for vRealize Suite components including automated deployment, configuration, and upgrade. vRealize Suite Lifecycle Manager communicates with each management domain vCenter Server in the SDDC to orchestrate the deployment, upgrade, and configuration drift analysis of vRealize Suite components in the SDDC.
Starting with VMware Cloud Foundation 4.1, vRealize Suite Lifecycle Manager is deployed in VMware Cloud Foundation mode. In this mode, vRealize Suite Lifecycle Manager and VMware Cloud Foundation are integrated for inventory synchronization, life cycle management of the vRealize Suite products, and workload domain integration.
Logical Design of vRealize Suite Lifecycle Manager
vRealize Suite Lifecycle Manager Design Details
vRealize Operations Manager
You use vRealize Operations Manager to monitor the management components of the SDDC including vSphere, vSAN, NSX-T Data Center, Workspace ONE Access, and vRealize Automation.
vRealize Operations Manager is also sized to accommodate the number of tenant workloads according to the design objectives.
Logical Design of vRealize Operations Manager
vRealize Log Insight
You use vRealize Log Insight to access the logs of the SDDC management components from a central place and view this information in visual dashboards.
Logical Design of vRealize Log Insight
Cloud Automation Layer
Logical Design of vRealize Automation
vRealize Automation Usage Model
Cloud Automation Design Details
Comments