Sovereign Cloud Design

Sovereign Cloud Design #

The {VVS for CP Title} validated solution has objectives to deliver prescriptive content about the solution so that it is fast to deploy and is suitable for use in production environments.

Objective Description
Main objective Provide {VVS for CP function} for VMware Cloud Foundation infrastructure components. {optionally add: through services in the VVS}
VMware Cloud Foundation architecture support
  • vSAN ReadyNodes
    • Consolidated
    • Standard
      • Single VMware Cloud Foundation instance
      • Multiple VMware Cloud Foundation instances with NSX Federation
      • Single or multiple VMware Cloud Foundation instances with multiple availability zones
  • VxRail Nodes
    • Standard
      • Single VMware Cloud Foundation instance
      • Multiple VMware Cloud Foundation instances with NSX Federation
      • Single or multiple VMware Cloud Foundation instances with multiple availability zones
Workload domain type support
  • Management Workload domain
  • VI Workload domain
Scope of guidance
  • Detailed design for solution components.
  • Deployment and initial configuration of intelligent logging and analytics components for management and VI workload domains.
  • Operational guidance for solution components, such as operational verification, password management, and certificate management.
  • Solution interoperability with solution components, such as monitoring and life cycle.
Scope of implementation
  • Deployment and configuration of solution components:
    • Component 1
    • Component 2
  • Configuration of …
    • Component 1
    • Component 2
Cloud type Public Cloud
Number of VMware Cloud Foundation instances 1
Load Balancing
Availability 99%
Authentication, authorization, and access control
  • Use of Microsoft Active Directory over LDAP as the identity provider.
  • Use of security groups and roles for least-privilege access control.
  • Use of service accounts and least-privilege access control for solution integration.
The configuration of Microsoft Active Directory Federation Services as the external identity provider is not included in this solution.
Certificate signing Certificates are signed by a certificate authority (CA) that consists of a root and intermediate certificate authority layers.