Networking and Security Design

Networking and Security Design #

The Networking and Security validated solution has objectives to deliver prescriptive content about the solution so that it is fast to deploy and is suitable for use in production environments.

Objective Description
Main objective Provide Networking and Security validated solution for VMware Cloud Director deployment on VMware Cloud Foundation.
VMware Cloud Foundation architecture support
  • vSAN ReadyNodes
    • Standard
      • Single VMware Cloud Foundation instance
  • VxRail Nodes
    • Standard
      • Single VMware Cloud Foundation instance
Workload domain type support
  • Management Workload domain
  • VI Workload domain
Scope of guidance
  • Detailed design for solution components.
  • Deployment and initial configuration of intelligent logging and analytics components for management and VI workload domains.
  • Operational guidance for solution components, such as operational verification, password management, and certificate management.
  • Solution interoperability with solution components, such as monitoring and life cycle.
Scope of implementation Deployment and configuration of solution components:
  • VMware Cloud Director
  • NSX Advanced Load Balancer

    		•
    Cloud type Private Cloud
    Number of VMware Cloud Foundation instances 1
    Load Balancing NSX Advanced Load Balancer
    Availability 99%
    Authentication, authorization, and access control
    • Use of VMware Cloud Director security groups and roles for least-privilege access control.
    • Use of service accounts and least-privilege access control for solution integration.
    Certificate signing Certificates are signed by a certificate authority (CA) that consists of a root and intermediate certificate authority layers.