IBM Cloud Docs
Active Directory Domain Services introduction

Active Directory Domain Services introduction

IBM Cloud® for VMware Solutions is a deployment service that delivers the automated deployment of a VMware Software Defined Data Center (SDDC), along with optional third-party products and with IBM Cloud bare metal servers and network. After deployment, the systems are managed by the customer, who is responsible for ongoing software patches and updates. The customer has full access to the systems. For more information, see Customer versus IBM responsibility for vCenter Server. To enable the deployment lifecycle (additions, removals), IBM Cloud for VMware Solutions retains user IDs with administrator privileges to deploy and configure the SDDC software.

Active Directory™ (AD) is a foundation of the IT infrastructure for many large enterprises. This document covers best practices for integrating Active Directory Domain Services architecture in IBM Cloud for VMware Solutions. For the design of Active Directory Domain Services, see Active Directory Domain Services overview. AD serves as a distributed hierarchical data storage for information about corporate IT infrastructure; devices and users, user credentials, and access privileges based on group membership. It also includes the Domain Name System (DNS) zones and records.

Terms used

The following terms are used:

  • IBM Cloud for VMware Solutions infrastructure domain - This domain is configured as part of the automation process when your VMware Cloud Foundation for Classic - Automated instance is initially deployed. It is used for the user credentials and service accounts of your system administrators and the computer objects for the underlay-connected infrastructure components only. This document describes the components and configuration of this domain and how it can be incorporated in your AD design.
  • IBM Cloud for VMware Solutions workload domain - This term is used for the domain that needs to be designed and implemented by you after the deployment of the vCenter Server instance. This domain becomes the resource domain where your workload VMs computer objects are located and optionally the user credentials and service accounts of your users. This document describes some typical deployment patterns that are used in IBM Cloud for VMware Solutions.
  • Underlay networks - These networks use the IBM Cloud IP address schema. The IBM Cloud for VMware Solutions automation deploys IBM Cloud bare metal servers, physical appliances, Virtual Server Instances (VSI), virtual machines (VMs), and appliances onto these networks. Do not deploy customer workload VMs onto these networks. The domain controllers for the IBM Cloud for VMware Solutions infrastructure domain are connected to these underlay networks.
  • Overlay networks - These networks are virtual networks that are enabled by VMware NSX and use your IP address schema. You can design your network topology to suit your requirements. Your workload VMs are connected to these networks. If connection to these networks from on-premises is required, then these networks are connected typically through layer 3 IP connectivity over the internet or through Direct-Link connection. The domain controllers for your IBM Cloud for VMware Solutions workload domain are connected to these overlay networks.

Preventing problems with Active Directory

To prevent problems with your system in the future, you must keep your Active Directory (AD) up to date. A current AD is required for various functions, such as managing DNS records.