vCenter Server overview

Bare metal server

You can order three or more bare metal servers on the consolidated or management cluster, and optionally two or more bare metal servers on the workload cluster.

If you plan to use vSAN storage, the configuration requires a minimum of four bare metal servers.

The following configurations are available:

• Cascade Lake - 4-CPU Intel® Cascade Lake generation servers (Quad Intel Xeon® 6200/8200 series) or 2-CPU Intel Cascade Lake generation servers (Dual Intel Xeon 4200/5200/6200/8200 series) with your selected RAM size.
• SAP-certified Cascade Lake - 2-CPU Intel Cascade Lake generation servers (Dual Intel Xeon 5200/6200/8200 series).

Networking

The following networking components are ordered:

• 10 Gbps dual public and private network uplinks.

• Three VLANs (Virtual LANs) - one public and two private.

• (NSX-T only) One overlay network with a T1 and T0 router for potential east-west communication between local workloads that are connected to layer 2 (L2) networks. This network is deployed as a sample routing topology, which you can modify, build on, or remove.

• (NSX-V only) One VXLAN (Virtual eXtensible LAN) with DLR (Distributed Logical Router) for potential east-west communication between local workloads that are connected to layer 2 (L2) networks. The VXLAN is deployed as a sample routing topology, which you can modify, build on it, or remove it. You can also add security zones by attaching extra VXLANs to new logical interfaces on the DLR.

• VMware NSX Edge Services Gateways (four for NSX-T and two for NSX-V):

  • One secure management services VMware NSX Edge Services Gateway (ESG) for outbound HTTPS management traffic, which is deployed by IBM as part of the management networking typology. This ESG is used by the IBM management VMs to communicate with specific external IBM management components that are related to automation. For more information, see Configuring your network to use the customer-managed ESG.

    This ESG is named mgmt-nsx-edge, it's not accessible to you and you can't use it. If you modify it, you might not be able to manage the vCenter Server instance from the IBM Cloud for VMware Solutions console. In addition, by using a firewall or disabling the ESG communications to the external IBM management components might cause VMware Solutions to become unusable.

  • Secure customer-managed ESG for outbound and inbound HTTPS workload traffic. The ESG is deployed by IBM as a template that can be modified by you to provide VPN access or public access. For NSX-V, one ESG is deployed. For NSX-T, two ESGs are deployed on the datastore with the highest IOPS.

  For more information, see Does the customer-managed NSX Edge pose a security risk?

Virtual Server Instances

The following virtual server instances (VSIs) are ordered:

• A VSI for IBM CloudDriver, which is deployed as needed for initial deployment and for Day 2 operations.
• Choose to deploy a single Microsoft® Windows® Server VSI for Microsoft Active Directory™ (AD) or two high availability Microsoft Windows VMs on the management cluster to help enhance security and robustness.

Storage

During initial deployment, you can choose between NFS and vSAN storage options.

After deployment, you can add NFS storage shares to an existing NFS or vSAN cluster. For more information, see Adding NFS storage to vCenter Server instances.

Licenses (IBM-provided or BYOL) and fees

• VMware vSphere Enterprise Plus 7.0 (NSX-T only)
• VMware vCenter Server 7.0 or later
• VMware NSX Service Providers Edition (Base, Advanced, or Enterprise) 6.4
• (For vSAN clusters) VMware vSAN Advanced or Enterprise 7.0
• Support and Services fee (one license per node)

Hardware for expansion nodes

One bare metal server with the configuration presented in Technical specifications for vCenter Server instances.

Licenses and fees for expansion nodes

• One vSphere Enterprise Plus 7.0 (NSX-T only)
• One NSX Service Providers Edition (Base, Advanced, or Enterprise) 6.4
• (For vSAN clusters) vSAN Advanced or Enterprise 6.6
• One Support and Services fee

You must manage the IBM Cloud for VMware Solutions components that are created in your IBM Cloud account only from the IBM Cloud for VMware Solutions console, not the IBM Cloud infrastructure customer portal, or any other means outside of the console. If you change these components outside of the IBM Cloud for VMware Solutions console, the changes are not synchronized with the console. Managing any IBM Cloud for VMware Solutions components, which were installed into your IBM Cloud account when you ordered the instance, from outside the IBM Cloud for VMware Solutions console can make your environment unstable. These management activities include:

• Adding, modifying, returning, or removing components
• Expanding or contracting instance capacity through adding or removing ESXi servers
• Powering off components
• Restarting services Exceptions to these activities include managing the shared storage file shares from the IBM Cloud infrastructure customer portal. Such activities include - ordering, deleting (which might impact data stores if mounted), authorizing, and mounting shared storage file shares.

Base infrastructure architecture specifications

The base infrastructure has the following specifications:

• Each site has its own dedicated gateway and management cluster.
• The resource cluster is a vSphere + vSAN stretched cluster.
• The witness site contains two VMware ESXi™ hosts that provide quorum for both vSAN and vCenter.
• Single vCenter Server and NSX Manager architecture.
• vCenter Server Appliance with embedded Platform Services Controller (PSC) that uses vCenter Server High Availability (HA) over an L3 network architecture.
• NSX Manager recovery is using a Hot Standby method that syncs up backup files.

Tools and technology architecture specifications

The tools and technology architecture has the following specifications:

• VMware Aria Operations, VMware Aria Operations for Logs, and VMware Aria Operations for Networks to provide operations and management capabilities specific to the VMware products that are used, for example NSX, vSAN, and vSphere.
• IBM Software Defined Environment (SDE) automation tool health check for validating deployments against best practices and security policies.
• Optional Disaster Recovery (DR) to an out of Region IBM Cloud site.
• FortiGate Security Appliance or similar to secure any internet access and to facilitate active-active network integration with the on-premises network.

vSphere + vSAN stretched cluster architecture specifications

The vSphere + vSAN stretched cluster architecture has the following specifications:

• Provides storage and compute capabilities, which span two sites for enhanced availability.
• Write requests from VMs are synchronously written to both sites, which incur site-to-site network latency.
• Read requests from VMs are fulfilled locally to the physical location of where the VM is located, thus avoiding extra latency.
• The witness site and witness host act as the split brain or quorum.
• vSAN native encryption (for at rest encryption) can be used in combination with this architecture.

Network architecture specifications

The network architecture has the following specifications:

• Edge/DLR/VXLANs in combination with BGP metric-based routing to facilitate an active-active site design with automated failover.
• Each site has the concept of their own set of Edges, DLRs, and VXLANs.
• Under normal circumstances, any VMs connected to DLR-A, for example VM-A, are in IBM Cloud availability zone #1 and traffic is both ingress and egress locally.
• During a vMotion activity for VM-A, traffic still ingresses and egresses through the IBM Cloud availability zone #1.
• During a site or edge failure, traffic routes out of the remaining available site.