Cloud Foundation 50 Concepts - Part III

VCF 50 Concepts

 

This Post is Part III in the VCF 50 Concept series. If you missed Part I and Part II, I recommend you look for a better understanding first.
In Part III, we are going to focus on the Lifecycle.

Let's get started!

VCF Lifecycle Management: This is one of the most exciting features of Cloud Foundation. Integrated into the SDDC Manager and comparable with the Vienna Symphonic Orchestra, the Lifecycle Management orchestrates the upgrade of the entire solution in combination with vSphere Lifecycle, NSX and Aria Suite Lifecycle.

Online Depot: Public VMware Repository where the SDDC Manager can download the available Patch and Upgrades.
Suppose the SDDC Manager is not allowed to connect to the Internet. In that case, it is possible to manually download the files and move them securely from a laptop to the SDDC Manager using the Bundle Transfer Utility.

VCF Bundle Transfer Utility

Backup Server: This is a storage repository for the SDDC Manager file-based backups. The SDDC Manager provides the same storage to the NSX Manager Cluster to make it possible to configure the file-based backups of the NSX. Configuring the Backup Server in VCF is a MUST, mainly because it will be the only Backup for the NSX Clusters.

TIP: For my VCF deployments, I use one virtual machine as a backup server repository for the SDDC Manager and the NSX Manager Clusters and the file-based backup of every single vCenter Server. The storage depends on the amount of VI Workload Domains you plan to deploy, and one AlmaLinux or Ubuntu works fine.

VCF Backup Server

Note: Remember to schedule the script to remove the Old NSX Backups to avoid storage capacity problems in your backup repository.
https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-ECFFBD6D-4D2F-4773-B552-B27D4ECE0AC4.html

Aria Suite Lifecycle: This is the new name of the solution since VCF v5.1 (formerly vRealize Suite Lifecycle Manager), and it provides the Lifecycle for the "VCF optional components" that belong to Aria Suite like Aria Automation, Aria Operations, Aria Operations for Logs and more.
The "Suite" word indicates that Aria Lifecycle is deployed in "VCF Mode" using the SDDC Manager.
To be ready to deploy the Aria Suite Lifecycle from the SDDC Manager, you have to previously deploy an EDGE Cluster and an AVN in the Management Domain.

AVN: Stands for Application Virtual Network and it's a group of virtual elements like two network segments, one NSX T1 and one NSX T0, that provides the required infrastructure for deploying the Aria Suite Lifecycle. The AVN will be deployed only on the Management Domain, and the requirement is to previously deploy an NSX EDGE in the same Management Domain using the SDDC Manager.

Password Management: Another great feature the SDDC Manager provides is that it allows us to centralize the management of the ESXi's, vCenter, NSX Managers and Aria Suite Lifecycle.
With this feature embedded in the SDDC Manager, it is possible to rotate all the passwords, schedule the password rotation, or simply manually set a new password for one particular account.
You can manage this using the UI or, even better, using the SDDC Manager API!

Note: After a password rotation, remember to export the list of the new passwords. You can do that using the lookup_passwords via the SDDC Manager command line or the API.

Certificate Management: The SDDC Manager allows us to create CSR (Certificate Signing Request) and Install/Replace the certificates of the SDDC Manager, vCenter Servers, NSX Managers and Aria Suite Lifecycle using the UI or the API of the SDDC Managers.
It is possible to integrate a Microsoft CA with the SDDC Manager, use Open SSL embedded in the SDDC Manager or work with a 3rd party CA.

Identity Sources: Once the Bring-up is finished, the SDDC Manager uses the vCenter Server of the Management Domain SSO as the Identity Provider. It is possible to integrate, from the SDDC Manager, an Active Directory or an OpenLDAP to the vCenter Server SSO.
The SDDC Manager has only three types of Roles: Admin, Operator and Viewer.
Since VCF version 5.0, it is possible to isolate the SSO of any VI Workload Domain or, if preferred, you can share the same SSO with all the vCenter Servers and, for instance, you will work with enhanced linked mode between all the vCenter Servers.

Security Tip: Consider using an AD different from the company's for the management infrastructure for security reasons. That isolation won't guarantee security, but at least you won't depend on the security and risk of the Corporate AD using an air gap identity manager only for the Operations team.

Solutions (vSphere with Tanzu): This is an option in the main SDDC Manager menu and is where the SDDC Manager runs a validation for the Domain and Cluster where we want to deploy vSphere with Tanzu.
The validation includes the number of hosts, principal storage, license, and EDGE cluster.
At some point, the names are a nightmare because they start with Solutions, and after the validation, the wizard continues in vSphere Client, where the menu name is Workload Management, and it has nothing to do with VCF. (Is it complex enough? Enjoy it!)

vSphere with Tanzu on VCF

Workflows: Every task run on the SDDC Manager works with a Workflow in the background. There are several workflows, and those workflows are the heart of VCF.
When it comes to VCF troubleshooting, it's good to know that every workflow will have an associated Token ID, which will be extremely useful in case of a failure when you have to look at the Logs.

All right! In this way, we've reached 33 VCF Concepts!

In the next Post, we will focus on Stretched Cluster, vSAN in general and EDGE Clusters. Stay tuned!

Deja un comentario

Muchas gracias por tus comentarios!!
Tras la revisión rutinaria, será publicado.