Sovereign Cloud Planning and Preparation

Sovereign Cloud Planning and Preparation #

Before you start implementing the components of the Sovereign Cloud solution, you must set up an environment that has a specific compute, storage, and network configuration, and that provides external services to the components of the solution.

Using the different VMware Validated Solution documenation sets will guide you in implementing a good foundation in order to configure a Sovereign Cloud solution. However, there are some design decisions and considerations that will directly impact the sovereign cloud solution. These will be called out in the Design Objectives, Detailed Design, and Design Decision sections of this guide.

Carefully review the Sovereign Cloud Detailed Design and Implementation steps before deploying to avoid costly rework and delays. Capture input values that are specific to your environment and verify that the components that are required by this solution are available.

Review all of the legal policies that pertain to the sovereignty of data and its transmission that are applicable to your country/jurisdiction. Capture the design decisions that these policies directly effect in the design decisions workbook for implementation. Determine the impact these design decisions will have on the implementation. You will want to develop a test plan to validate the functionality of the Sovereign Cloud environment after these policies have been implemented.

Supporting Services #

Services you use that will support the VMware Sovereign Cloud implementation.

Supporting Service Description
Active Directory (AD) Active Directory (AD) is used to provide authentication and authorization to the VMware Cloud Foundation infrastructure.
This includes dedicated Domain Users with least privilege access to act as service accounts for component connectivity.
Domain Name Services (DNS) Domain Name Services is used to ensure components are resolvable by FQDN and by IP address.
Network Time Protocol (NTP) Network Time Protocol is used to synchronize time consistently across components.
Certificate Authority (CA) Certificate Authority is used to provide signed certificates for user facing interfaces.
Authentication & Access Control
Application Filters
Data Filters
Auditing Services
Key Management Services (KMS)
Firewall Services