Sovereign Cloud Design

Sovereign Cloud Design #

The Sovereign Cloud validated solution has objectives to deliver prescriptive content about the solution so that it is fast to deploy and is suitable for use in production environments.

Objective Description
Main objective Provide VMware Validated Solution for Soveriegn Cloud evnvironments.
Network security profile support
  • Segration between security domains
    • Multiple Availability Zones
    • Resident Domain security profile
      • Management plane traffic policy creation
      • Firewall exception rules for external services
    • Sovereign Domain security profile
      • Traffic policy creation
      • Firewall exception rules for inbound and outbound traffic
Encryption support
  • KMS Provisioning
  • VM Encryption
  • Storage Encryption
  • Replication of encrypted objects
Scope of guidance
  • Detailed design for solution components.
  • Deployment and initial configuration of solution.
  • Operational guidance for solution components
Scope of implementation
  • Deployment and configuration of solution components:
    • Component 1
    • Component 2
  • Configuration of …
    • Component 1
    • Component 2
Cloud type Sovereign Cloud
Number of VMware Cloud Foundation instances 1
Load Balancing NSX Advanced Load Balancer (AVI)
Availability 99.999%
Authentication, authorization, and access control
  • Use of Microsoft Active Directory over LDAP as the identity provider.
  • Use of security groups and roles for least-privilege access control.
  • Use of service accounts and least-privilege access control for solution integration.
The configuration of Microsoft Active Directory Federation Services as the external identity provider is not included in this solution.
Certificate signing Certificates are signed by a certificate authority (CA) that consists of a root and intermediate certificate authority layers.