Sovereign Cloud Design
#
The Sovereign Cloud validated solution has objectives to deliver prescriptive content about the solution so that it is fast to deploy and is suitable for use in production environments.
| Objective |
Description |
| Main objective |
Provide VMware Validated Solution for Soveriegn Cloud evnvironments. |
| Network security profile support |
- Segration between security domains
- Multiple Availability Zones
- Resident Domain security profile
- Management plane traffic policy creation
- Firewall exception rules for external services
- Sovereign Domain security profile
- Traffic policy creation
- Firewall exception rules for inbound and outbound traffic
|
| Encryption support |
- KMS Provisioning
- VM Encryption
- Storage Encryption
- Replication of encrypted objects
|
| Scope of guidance |
- Detailed design for solution components.
- Deployment and initial configuration of solution.
- Operational guidance for solution components
|
| Scope of implementation |
- Deployment and configuration of solution components:
- Configuration of …
|
| Cloud type |
Sovereign Cloud |
| Number of VMware Cloud Foundation instances |
1 |
| Load Balancing |
NSX Advanced Load Balancer (AVI) |
| Availability |
99.999% |
| Authentication, authorization, and access control |
- Use of Microsoft Active Directory over LDAP as the identity provider.
- Use of security groups and roles for least-privilege access control.
- Use of service accounts and least-privilege access control for solution integration.
The configuration of Microsoft Active Directory Federation Services as the external identity provider is not included in this solution. |
| Certificate signing |
Certificates are signed by a certificate authority (CA) that consists of a root and intermediate certificate authority layers. |