Sovereign Cloud Design
The Sovereign Cloud validated solution has objectives to deliver prescriptive content about the solution so that it is fast to deploy and is suitable for use in production environments.
||Provide VMware Validated Solution for Soveriegn Cloud evnvironments.
|Network security profile support
- Segration between security domains
- Multiple Availability Zones
- Resident Domain security profile
- Management plane traffic policy creation
- Firewall exception rules for external services
- Sovereign Domain security profile
- Traffic policy creation
- Firewall exception rules for inbound and outbound traffic
- KMS Provisioning
- VM Encryption
- Storage Encryption
- Replication of encrypted objects
|Scope of guidance
- Detailed design for solution components.
- Deployment and initial configuration of solution.
- Operational guidance for solution components
|Scope of implementation
- Deployment and configuration of solution components:
- Configuration of …
|Number of VMware Cloud Foundation instances
||NSX Advanced Load Balancer (AVI)
|Authentication, authorization, and access control
The configuration of Microsoft Active Directory Federation Services as the external identity provider is not included in this solution.
- Use of Microsoft Active Directory over LDAP as the identity provider.
- Use of security groups and roles for least-privilege access control.
- Use of service accounts and least-privilege access control for solution integration.
||Certificates are signed by a certificate authority (CA) that consists of a root and intermediate certificate authority layers.