Active Directory and DNS

Active Directory serves to authenticate access to manage the VMware® instances only and not to house users of the workloads in the deployed instances. The forest root domain name of the Active Directory server equals to the Domain Name Services (DNS) domain name that you specify during initial deployment.

Domain name services (DNS) in this design support cloud management and infrastructure components only. The DNS zone files are also replicated on the Active Directory servers.

Veeam management backup

Veeam is used to continuously back up the management stack for protection against disasters and rapid restoration to known good states. Veeam is also available for use in the workload cluster to provide back up and disaster recovery services for the SaaS consumer workloads.

vCenter

The vCenter Server with an embedded PSC is installed on a portable subnet on the private VLAN that is associated with management VMs. Its default gateway is set to the IP address assigned on the perimeter gateway.

One vCenter Server is deployed to manage the management cluster, the gateway cluster, and the SaaS consumer workload clusters.

NSX

NSX™ provides a highly secure and flexible software-defined network to support the application requirements. NSX controllers are hosted in the management cluster.

NSX is configured with three controllers, which provide a highly available and redundant configuration. Additionally a virtual IP (VIP) address is used to access the cluster to provide fault tolerance and high availability (HA) to NSX Manager nodes. Each controller manager is assigned a VLAN–backed IP address from the private portable address block that is designated for management components.

Hosting the NSX controllers in the management cluster ensures that network and security changes are not possible by anyone other than the designated administrators.

VMware Aria Operations Manager

The VMware Aria Operations analytics cluster contains the nodes that analyze and store data from the monitored components in this deployment.

The analytics cluster consists of the following components:

• Primary node – The primary node is the initial node in a VMware Aria Operations cluster. In a large environment, this node manages all the other nodes.
• Primary node replica – This node enables HA of the primary node.
• Data nodes – The data node enables scale out of VMware Aria Operations in larger environments.

For more information, see VMware Aria Operations Manager design.

VMware Aria Operations for Logs

The VMware Aria Operations for Logs environment consists of four virtual machines (VMs) with an integrated load balancer.

VMware Aria Operations for Logs enables real-time logging for components in the Regulated Workloads environment. The design deploys a VMware Aria Operations for Logs cluster that consists of four nodes in each instance. This configuration provides continued availability and increased log ingestion rates.

VMware Aria Operations for Logs collects log events from the following virtual infrastructure and cloud management components (logging clients):

• vCenter Server
• ESXi hosts
• NSX managers
• NSX gateways
• NSX distributed firewall ESXi kernel module
• VMware Aria Operations Manager analytics cluster nodes and remote collectors
• VMware Aria Operations for Logs instance in the other instances as a result of event forwarding (MZR configuration)

For more information, see VMware Aria Operations for Logs design.

Backup server

This server is a Linux® VM that is manually deployed to provide a location for file-based backups. It is used by the vCenter Server Appliance to perform a file-based backup of the vCenter Server core configuration, inventory, and historical data. Similarly, NSX controller backups are done to this server.

Caveonix server

The Caveonix RiskForesight service manages cyberrisk and compliance risk with proactive monitoring and automated defense controls to protect against threats and to meet industry or government regulations.