VCF 4.0 Starting Simple: Consolidated Design Deployment

I was asked several times about VCF and how to start easily, and that’s is possible deploying a Consolidated Design Architecture.

In a VCF Consolidated Design Architecture Compute workloads co-reside in the management workload domain, so only four hosts are needed.

VCF is deployed via Cloud Builder when finished SDDC Manager is ready, and you will find the Management Domain (4 Host running vSphere 7, vSAN 7 and NSX-T 3.0)

As you can see, it’s straightforward, and you can also deploy vSphere with Kubernetes on the Management Domain, no need to build a separate Workload Domain to run it.


GA VMware Cloud Foundation 4.0.1

Last week I wrote about VCF, but now VFC 4.0.1 is out.

What’s new?

New Bill of Materials:

  • Cloud Builder 4.0.1
  • SDDC Manager 4.0.1
  • ESXi 7.0
  • vCenter Server Appliance 7.0.0
  • vSAN 7.0.1
  • NSX-T 3.0.1
  • vIDM 3.3.2
  • vRealize Automation 8.1
  • vRealize Log Insight 8.1
  • vRealize Operations Manager 8.1
  • vRealize Lifecycle Manager 8.1

New Features:

  • NSX-T cluster-level upgrade support
  • Multi-pNIC/multi-vDS during bring-up
  • Kubernetes in the management domain

VMware Cloud Foundation 4.0 – Quick Overview


  • Cloud Builder
    The VMware Cloud Builder appliance automates the deployment of the entire software-defined stack. 
  • SDDC Manager
    SDDC Manager automates the entire system lifecycle (from configuration and provisioning to upgrades and patching), and simplifies day-to-day management and operations.
  • VMware vSphere
    VMware vSphere uses virtualization to transform individual data centers into aggregated computing infrastructures that include CPU, storage, and networking resources. VMware vSphere manages these infrastructures as a unified operating environment and provides you with the tools to administer the data centers that participate in that environment.
  • VMware vSAN
    VMware vSAN™ aggregates local or direct-attached data storage devices to create a single storage pool shared across all hosts in the vSAN cluster. vSAN eliminates the need for external shared storage, and simplifies storage configuration and virtual machine provisioning. Built in policies allow for flexibility in data availability. 
  • NSX-T Data Center
    The management domain and VI workload domains support the NSX-T Data Center platform. 
  • vRealize Suite
    Cloud Foundation supports automated deployment of vRealize Suite Lifecycle Manager. You can then deploy and manage the lifecycle of the vRealize Suite of products (vRealize Log Insight, vRealize Automation , and vRealize Operations Manager) through vRealize Suite Lifecycle Manager.

VMware Cloud Foundation 4.0 contains the following VMware SDDC Products.

Cloud Foundation Architecture

Cloud Foundation supports two architecture models – standard and consolidated. 

  • Consolidated Architecture Model
    Compute workloads co-reside in management workload domain
    Shared vSphere cluster with resource pools
  • Standard Architecture Model
    Management domain is dedicated to running infrastructure workloads
    Compute workloads run in VI domain(s) and are managed by separate vCenter servers

Google Cloud VMware Engine

Google Cloud VMware Engine, delivers a fully managed VMware Cloud Foundation stack VMware solution, including:

  • vSphere
  • vCenter
  • vSAN
  • NSX-T
  • HCX

Google Cloud VMware Engine Features:

On-demand self-service provisioning of VMware private clouds

Deploy, expand, or shrink your VMware private clouds in minutes. Pay for what you use and benefit from flexible consumption options.

Integrated connectivity to Google Cloud services

Benefit from full access and seamless integration with innovative Google Cloud services such as BigQuery, Cloud Operations, Cloud Storage, Anthos, and Cloud AI.

VMware ecosystem compatibility

VMware Engine allows users to obtain administrative rights to install and maintain continuity with third-party tools for backup, disaster recovery, and monitoring along with adding external identity sources and users.

Performant networking

VMware Engine is built on Google Cloud’s highly performant, scalable infrastructure with fully redundant and dedicated 100Gbps networking. Cloud networking services such as Interconnect and Cloud VPN ease access from your on-premises environments to the cloud.

Purpose built to run your most demanding workloads

A scalable hyper-converged architecture with all NVMe disks allows you to run and scale your infrastructure in minutes to meet the needs of your most demanding workloads such as transactional databases and applications.

Simplified operations

VMware Engine is designed to minimize your operational burden so you can focus on your business. We take care of life cycle management of the VMware software stack and manage all related infrastructure and upgrades.

VMware CloudFlix series is here!!

Starting today, VMware created a series of 60-minute business and technical sessions that will enable you to capture business opportunities in a Multi-Cloud World. 

During these webinars, you will gain information and context to better understand the rapidly evolving Cloud Services market and how VMware can help you be successful in delivering compelling new services to your end customers. 

To learn more, please join our VMware CloudFlix series, see specific topics listed below. 

Ten insightful sessions are coming up where our VMware experts will deep dive into the new technical Cloud capabilities. The first ones are listed below : 


– May 12th: Extending SDWAN services into your cloud platform with VeloCloud – Registration ->

– May 14th: How to move from NSX-V to NSX-T using the migration tool – Registration ->

– May 19th : VCD 10.1 What’s New – Registration ->

– May 26th: Cloud Director Service – Registration ->

– June 2nd: vSAN reset – Registration -> 

– June 4th: Cloud Availability – Unleash a powerful and cost-effective DR to Cloud – Reg– Registration ->

– June 16th: Service providers guide to Bitnami – Reg– Registration ->

– June 18th: vSAN Practice Builder TECH Live Online Workshop – Reg– Registration ->

– June, 25th: VMware’s Multicloud Strategy with Hyperscalers – Reg– Registration ->

Don’t miss it

VMware Cloud Director 10.1 System Requirements and Installation

Supported VMware Cloud Director Server Operating Systems

  • CentOS 6
  • CentOS 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Supported AMQP Servers

VMware Cloud Director uses AMQP to provide the message bus used by extension services, object extensions, and notifications. This release of VMware Cloud Director requires RabbitMQ version 3.7.9 and 3.8.2

For more information, see the VMware Cloud Director Installation, Configuration, and Upgrade Guide.

Supported Databases for Storing Historic Metric Data

You can configure your VMware Cloud Director installation to store metrics that VMware Cloud Director collects about virtual machine performance and resource consumption. Data for historic metrics is stored in a Cassandra database. VMware Cloud Director supports Cassandra versions 3.x.

For more information, see the VMware Cloud Director Installation, Configuration, and Upgrade Guide.

Disk Space Requirements

Each VMware Cloud Director server requires approximately 2100MB of free space for the installation and log files.

Memory Requirements

Please consult VMware Cloud Director Installation, Configuration, and Upgrade Guide for memory requirements

CPU Requirements

VMware Cloud Director is a CPU-bound application. CPU over-commitment guidelines for the appropriate version of vSphere should be followed. In virtualized environments, regardless of the number of cores available to VMware Cloud Director, there must be a sensible vCPU to physical CPU ratio, that does not result in extreme over-committing.

Required Linux Software Packages

Each VMware Cloud Director server must include installations of several common Linux software packages. These packages are typically installed by default with the operating system software. If any of the packages are missing, the installer fails with a diagnostic message.

alsa-lib bash chkconfig coreutils findutils glibc grep initscripts krb5-libs libgcclibICE libSM libstdc++ libX11 libXau libXdmcp libXext libXi libXt libXtstmodule-init-tools net-tools pciutils procps redhat-lsb sed tar wget which

In addition to the installer required packages, several procedures for configuring the network connections and creating SSL certificates require the use of the Linux nslookup command, which is available in the Linux bind-utils package.

Supported LDAP Servers

You can import users and groups to VMware Cloud Director from the following LDAP services.

PlatformLDAP ServiceAuthentication Methods
Windows Server 2012Active DirectorySimple, Simple SSL
Windows Server 2016Active DirectorySimple, Simple SSL
LinuxOpenLDAPSimple, Simple SSL

Supported Security Protocols and Cipher Suites

VMware Cloud Director requires the client connections to be secure. SSL version 3 and TLS version 1.0 and 1.1 have been found to have serious security vulnerabilities and are no longer included in the default set of protocols that the server offers to use when making a client connection. System administrators can enable more protocols and cipher suites. See the Cell Management Tool section in the VMware Cloud Director Installation, Configuration, and Upgrade Guide. The following security protocols are supported:

  • TLS version 1.2
  • TLS version 1.1 (disabled by default)
  • TLS version 1.0 (disabled by default)

Supported cipher suites enabled by default:


System administrators can use the cell management tool to explicitly enable other supported cipher suites that are disabled by default.

Note: Interoperation with releases of vCenter Server earlier than 5.5-update-3e and versions of ovftool earlier than 4.2 require VMware Cloud Director to support TLS version 1.0. You can use the cell management tool to reconfigure the set of supported SSL protocols or ciphers. See the Cell Management Tool section in the VMware Cloud Director Installation, Configuration, and Upgrade Guide.

Supported Browsers

VMware Cloud Director is compatible with the current major and previous major release of the following browsers:

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Microsoft Internet Explorer 11

Supported Guest Operating Systems and Virtual Hardware Versions

VMware Cloud Director supports all guest operating systems and virtual hardware versions supported by the ESXi hosts that back each resource pool.

VMware Cloud Director WebMKS 2.1.1

The VMware Cloud Director WebMKS 2.1.1 console adds support for:

  • the PrintScreen key in Google Chrome and in Mozilla Firefox for Windows.
  • the Windows key in Windows and macOS. To simulate pressing the Windows key, press Ctrl+Windows in Windows OS, or Ctrl+Command in macOS.
  • Automatic keyboard layout detection in Google Chrome and Mozilla Firefox. 

Compatibility Matrix

See the VMware Product Interoperability Matrixes for current information about:

  • VMware Cloud Director interoperability with other VMware platforms
  • Supported VMware Cloud Director databases

VMware Cloud Director 10.1 now available!

VMware Cloud Director™ 10.1 is now Available, with a few core updates in this release.

So, what’s new?

  • App Launchpad
  • Container Service Extension (CSE) 2.6
  • Object Storage Extension (OSE) 1.5
  • Terraform VMware Cloud Director Provider 2.7
  • Tenant App 2.4
  • NSX-T Migration Tool
  • NSX-T Enhancements
  • Encryption as a service


  • NSX-T migration tool script is part of Cloud Director, as NSX-T features are getting parity with NSX-V
  • Network downtime is minimized using bridged networks during migration.
  • vSphere Encryption from VMware Cloud Director. Encryption requires certificate keys that require a key management server (KMS) and Cloud Providers can choose from partners such as Fortanix or Dell Cloudlink.
  • New monitoring and metering capability with closer integration with NSX data collection, more network metrics and sizing profile-based metering.
  • K8 Kubernetes Clusters or PKS Kubernetes Clusters for VMware Cloud Director.
  • App Launchpad is a free component for VMware Cloud Director

Multitenant Use of VMware vRealize Operations as a Service

Service Providers Use cases:

  • Shared multitenant environment with tenant and service provider access 
  • Dedicated environment with tenant access 
  • Shared and/or dedicated environment with no tenant access

Shared Multitenant Environment with Tenant and Service Provider Access 

In this scenario, the service provider operates a centralized vRealize Operations Manager instance to collect all data generated by the resource cluster. Both service provider personnel and tenants will access the same instance of vRealize Operations, and data access will be controlled with RBAC. This scenario allows for easy management and deployment. This approach is especially attractive for service providers who can operate their complete environment within one vRealize Operations Manager environment.

Advantages include the following: 
• Easy to deploy and manage
• No additional data/configuration distribution for dashboards, policies, and so on is needed
• Only one instance to maintain (software updates, management packs, and so on) 

Disadvantages involve the following: 
• Role-based access control requires careful maintenance 
• Objects can only be operated under one policy, removing the ability to limit alert visibility for a customer/tenant
• Sizing can become complex and larger environments could be limited by sizing parameters. A possible workaround is to build instances per larger resource group.

Dedicated Environment with Tenant Access 

This scenario is unrelated to the vRealize Operations Manager multitenant use case that this document is focused on. This scenario is included for comparison reasons. In this scenario, the service provider operates a vRealize Operations Manager instance per dedicated customer. This is usually done when the customer operates its own cluster and vCenter Server within the service provider environment. Access to this environment is primarily focused on the tenant, but might be open for the service provider as well. An extended scenario might be that the service provider also collects data from the customer operated vCenter Server. This approach is commonly used in managed service environments or dedicated public cloud offerings where the customer rents a dedicated hardware stack. 

The advantages are as follows: 
• Easy to deploy and manage 
• Sizing is easy because it can be done per tenant/customer 
• Object policies can be customized to be tenant specific 

Disadvantages include the following: 
• Difficult to get a “big picture” when each customer operates on its own 
• Currently no data federation available for vRealize Operations 
• Service provider must monitor a high number of instances 
• Maintenance (upgrades and so on) requires more resources

Shared and/or Dedicated Environment with No Tenant Access 

In this scenario, the service provider operates a centralized vRealize Operations Manager instance to collect all data generated by the resource cluster. The primary difference from the, Shared Multitenant Environment with Tenant and Service Provider Access is that access is only provided for the service provider. This scenario allows for easy management and deployment. This approach is often used in managed services environments where the service provider focuses on resource optimization. 

The following advantages apply: 
• Easy to deploy and manage 
• No additional data/configuration distribution for dashboards, policies, and so on necessary 
• Only one instance to maintain (software updates, management packs and so on) 
• No complex RBAC necessary 

Disadvantages include the following: 

• Sizing can become complex and larger environments might be limited by sizing parameters. A possible workaround is to build instances per larger resource group.
• No customer/tenant access to vRealize Operations Manager possible.