VMware Cloud Foundation Frequently Asked Questions (FAQ)

Cloud Foundation 5.1
Cloud Foundation 5.0
Cloud Foundation 4.5.2

VMware Cloud Foundation Releases

VMware Cloud Foundation 5.1

What’s new with VMware Cloud Foundation 5.1?

Here are the new features in VMware Cloud Foundation 5.1:

Iaas Onboarding features

  • Onboarding simplification

vLCM will be available in the management domain during bring-up and become the primary domain lifecycle mechanism bringing consistency and ability to consume vLCM features such as hardware support and cluster upgrades.

  • Deeper cloud console integration
  • Automated NSX-Edge deployment

New workflows to deploy, manage and scale custom configured NSX edges.

  • ·Customers will get async-prechecks from VCF so they will not have to wait for specific releases for features.

vSAN ESA support

  • Support for native vSAN ESA

vSAN Express Storage Architecture (ESA), is an evolution of the Original Storage Architecture (OSA), optimized for high performance NVMe devices.

  • Support mixed mode OSA/ESA

New management domains, and new/upgraded VCF deployment can be configured using OSA or ESA options.

  • Performance and scaling enhancements

vSAN ESA has been designed to efficiently and cost-effectively leverage different tiers of storage.

For more details on vSAN ESA refer to vSAN ESA FAQ

DPU SmartNIC support

  • DPU support

Low-latency and high-bandwidth applications can offload NSX networking to DPUs, freeing up host cpu resources and boosting performance of customer workloads.

  • Support for Monterey-enabed vSAN Ready Nodes which come preconfigured with DPU NICs
  • Support for NVIDIA Bluefield-2 and AMD Pensando-2 DPU devices

NSX integration

  • Distributed management domain
  • Centralized policy management
  • Sub-NTP functionality
What is being delivered in Cloud Foundation 5.1?

VMware Cloud Foundation 5.1 includes the following components:   

o    VMware SDDC Manager 5.1

o    ESXi 8.0 U2

o    vCenter Server Standard 8.0 U2

o    Tanzu Kubernetes Grid (S)

o    vSAN 8.0 U2

o    ARIA Suite Lifecycle 8.14

o    ARIA Operations for Networks

o    HCX Enterprise

o    NSX (Networking Only)

o    Select Support and SRE

*See Pricing and Packaging section for details

What are the add-on services available with VCF 5.1?
  • Disaster Recovery &
  • Ransomware Recovery
  • NSX Distributed Firewall
  • NSX Distributed Firewall with ATP
  • NSX Load Balancer
  • vSAN Add-On
  • VMware Tanzu Application Platform
  • Tanzu Intelligence Services
  • Support Account Managers
  • Dedicated Technical Support Engineers
Does VCF 5.1 support vSAN MAX?

No. This feature is not supported in VCF 5.1

Does VCF 5.1 support stretched clusters with vSAN ESA?

No. This feature is not supported in VCF 5.1. vSAN ESA is supported on VMware Cloud Foundation 5.1, however, not with stretched clusters.

Is VCF 5.1 available for subscription licensing?



Where can I get details of the new features delivered with VCF 5.1?

Note that this section documents what are the updated components of the release as well as a summary of the new features within each of the components. For more specifics and details of the features, please refer to the corresponding FAQ subsections below.


VMware Cloud Foundation 5.0

What’s new with VMware Cloud Foundation 5.0?

Here are the new features in VMware Cloud Foundation 5.0:

·       Lifecycle Management enhancements

o    Context aware pre-checks: New SDDC Manager pre-checks ensure a deployment is updated to the desired version and in the correct order.

o    Config Drift Awareness: Administrators can now view net new parameter or configuration changes prior to upgrades.

o    vRealize Suite pre-checks: Administrators can now run a pre-check for vRealize/ARIA suite compatibility.

·       Scale enhancements

o   Workload domain scalability: Support for up to 25 domains when isolated workload domains are used.

o   Skip hosts on failure during Cluster creation:  New toggle setting allows administrators to skip hosts during cluster creation and increase resilience of their deployments.

o   Parallelization enhancements: Administrators can now add multiple workload domains without having to wait for existing deployment workflows to complete.

·       Usability and Experience enhancements

o   Isolated workload domains: Administrators can create new workload domains using a single shared SSO domain or a separate isolated SSO domain.

o   Enhanced certificate management: Improved certificate upload and installation and new workflows to ensure certificate validity, trust and proper validation.

o   In-product feedback tool: New feedback tool allows customers to share feedback to product functions.

o   In place upgrade VCF 4.x to 5.0: All components are upgraded in the correct order without the need for migration hardware, saving significant time, planning and remediation effort.

o   Direct Skip-level upgrade support: Existing 4.3x and above deployments can be upgraded directly to 5.0.

What is being delivered in Cloud Foundation 5.0?

VMware Cloud Foundation 5.0 includes the following components:   

o    VMware SDDC Manager 5.0

o    ESXi 8.0 U1

o    vCenter Server 8.0 U1

o    vSAN 8.0 U1

o    vRealize Suite Lifecycle Manager 8.10 Patch 1. 

o    NSX 4.1. 

*See Pricing and Packaging section for details.

Will existing VMware Cloud Foundation deployments be able to upgrade to VMware Cloud Foundation 5.0?

Yes, perpetual customers running VCF version 4.3.x or higher can upgrade directly to VCF 5.0 (no migration required). Systems running VCF 4.2.x or lower must first upgrade, or ( in the case of VCF 3.x) migrate to supported versions of VCF 4.x before upgrading to VCF 5.0.


Does VMware Cloud Foundation 5.0 support automated deployment, patching and updating of vRealize Suite?

VMware Cloud Foundation 4.4 and later releases support automated deployment for vRealize Suite Lifecycle Manager (vRSLCM) and then vRSLCM provides deployment of the underlying vRealize components as well as ongoing life cycle management of the vRealize Suite. VMware provides manual guidance to ensure that the vRealize Suite updates are successful.


VMware Cloud Foundation 4.5.2

What's new with VMware Cloud Foundation 4.5?

Here are the new features in Cloud Foundation 4.5:    

·       Parallel workflows and scale enhancements

o   Commission and decommission up to 32 nodes at a given time.

o   Grow and shrink cluster in parallel.

o   Configure compute-only clusters using vSAN HCI Mesh.

·       Lifecycle management and scale enhancements

o   SDDC Manager Proxy workflows and Async Patch Tool enhancements

o   Numerous Usability enhancements including user defined tags and guided onboarding.

What is being delivered in Cloud Foundation 4.5?

VMware Cloud Foundation 4.5 includes the following components:   

•       VMware SDDC Manager 4.5

•       ESXi  7.0 Update 3g

•       vCenter Server 7.0 Update 3h

•       vSAN 7.0 Update 3g

•       vRealize Suite provides numerous enhancements to vRealize log insight 8.8.2, vRealize Operations 8.8.2, and vRealize Automation 8.8.2. 

Note: VMware Cloud Foundation 4.5 deploys vRealize Lifecycle Manager (VRSLCM) 8.8.2, then vRSLCM deploys and provides ongoing life cycle management of other vRealize Components.

•       NSX-T, includes new networking and security features including NSX Federation scaling to 8 locations, updated security and malware detection and enhanced container support with Antrea/NSX policy integration. 

*See Pricing and Packaging section for details.


What is mixed licensing mode?

Mixed licensing mode was introduced with 4.5.2. Mixed licensing mode allows customer to create workload domains using KEY-BASED licensing (VCF-Perpetual / VCF-Subscription) within the same VCF instance. However, all components and clusters of a workload domain MUST be configured using the same licensing type.


When can mixed licensing mode be used?

Mixed licensing mode can be used in new or upgraded VCF  4.5.2 instances which have been initially deployed using key-based licensing. 


How is mixed licensing mode enabled?

The management domain of a VCF 4.5.2 instance needs to be registered, connected and subscribed to the VMware Cloud portal. Once subscribed, SDDC Manager workflows provide the option to configure a new workload domain using key-based licensing. 



What is VMware Cloud Foundation?

VMware Cloud Foundation provides the simplest path to hybrid cloud through an integrated software platform that is the foundation for both private and public cloud environments. VMware Cloud Foundation provides a complete set of software-defined services for compute, storage, network, and security, along with cloud management capabilities. The result is simple, secure, and agile cloud infrastructure that can be deployed on premises and consumed as a service from public cloud.

How can I use VMware Cloud Foundation in the public cloud ?

Select service providers from the VMware Cloud Service Provider program offer cloud services powered by VMware Cloud Foundation. Reach out to the specific service providers for more information.

VMware Cloud on AWS is an on-demand service operated, managed, and sold by VMware. VMware Cloud on AWS is powered by VMware Cloud Foundation.

Additional solutions such as Azure VMware Solution and Google Cloud VMware Engine are services offered by these Cloud providers built upon a consistent SDDC stack that enables seamless migration with VMware Cloud Foundation.


Can I install the VMware Cloud Foundation software myself?

Yes. VMware provides documentation for customers to deploy the Cloud Foundation software on their own. It is highly recommended that you work with VMware Professional Services or your Solution Provider to receive assistance with your deployment. Visit the Documentation page for more information on how to deploy Cloud Foundation.


What VMware technical support options are available for VMware Cloud Foundation ?

The VMware Technical Support Matrix lists the following support options for VMware Cloud Foundation:

•        VMware Select Support

•        Support Account Manager

•        Dedicated Technical Support Engineer

You can compare the support options here. With VMware Cloud Foundation, a customer who deploys the full VMware Cloud Foundation stack (including SDDC Manager) will have the ability to access VMware by Broadcom's "Activation and Upgrade Support" as defined below:

•        Support for the activation and verification of one (1) VMware Cloud Foundation instance based on VMware prescribed designs only. Custom design and activation are considered out of scope.

•        Environmental analysis and guidance on remediation

•        Health check and post-deployment verification for the activated environment

When the customer is upgrading their VMware Cloud Foundation environment, VMware will provide the following:

•        Support customer development of an upgrade plan per VMware Cloud Foundation instance

•        Support customer when customer performs the upgrade

•        Health check and post-upgrade verification for the VMware Cloud Foundation environment which has been upgraded




Where can I find more information and resources?

You can find additional VMware Cloud Foundation information here:

•        VMware Cloud Foundation Resource Center: http://vmware.com/go/vcfrc

•        Product Page: vmware.com/go/cloudfoundation

•        Documentation: vmware.com/go/cloudfoundation-docs

•        Community: vmware.com/go/cloudfoundation-community

•        Talk to your VMware Sales team.


GPU Support

Does VMware Cloud Foundation support the NVIDIA AI Enterprise (NVAIE) Suite and GPUs?

Yes. VMware Cloud Foundation 4.4 or later supports the NVAIE Suite. This integration with NVAIE allows IT admin teams to deliver and provision GPU resources easily, while allowing data scientists to easily consume and scale GPU resources quickly when they need.

By integrating with the NVAIE, VMware Cloud Foundation supports the NVIDIA Ampere A30 and A100 GPUs.

Does VMware Cloud Foundation 5.0 support GPU virtualization?

Yes. With the support of the NVIDIA AI Enterprise Suite, NVIDIA Ampere A100 and A30 GPUs can now be configured with VMware Cloud Foundation to support AI/ML workloads. VMware in partnership with NVIDIA has integrated the latest virtual GPU (vGPU) capabilities enabled by vSphere, into VMware Cloud Foundation. VMware Cloud Foundation customers can now extend their software defined private cloud platform to support a flexible and easily scalable AI-ready infrastructure.


What is Multi Instance (MIG) support?

MIG is a new feature available with the NVIDIA Ampere A30 and A100 GPUs and helps maximize utilization of GPU devices and provides dynamic scalability by partitioning GPU devices into multiple smaller GPU instances. This enables right sizing the GPU allocations for optimized utilization of these GPUs and better QOS. MIG is supported on the A30 and A100 GPUs.


Perpetual offerings

Does VMware by Broadcom offer perpetually licensed products?

No, learn more about VMware by Broadcom's Business Transformation. LEARN MORE


Jointly engineered solutions

What types of OEM integrated systems are available with Cloud Foundation from OEMs?

Integrated Systems from OEMs can be either:

•        Jointly Engineered Solutions - VMware Cloud Foundation on Dell EMC VxRail

•        VMware vSAN Ready Node

What is the unique integration of a jointly engineered solution?

Jointly engineered systems, such as VMware Cloud Foundation on VxRail, provide unique integration with VMware Cloud Foundation components. VxRail integration with VMware Cloud Foundation includes, but is not limited to, lifecycle management of the hardware and software sub-systems using native SDDC Manager orchestrated workflows integrated with VxRail Manager. Note that VxRail does require Dell professional services for installation.

Can vSAN ReadyNodes be added to Dell EMC VxRail deployments (and vice versa)?

No. It is not possible to deploy vSAN ReadyNodes and VxRail nodes within the same deployment.  Refer to the VCF on VxRail admin guide for more information.



Subscription offerings

Can a customer purchase individual products a-la-carte?

No. Customers can only purchase eligible offerings: VMware Cloud Foundation or vSphere Foundation.

Can a customer upgrade vSphere, vSAN, NSX (perpetual) to VCF?

Yes, as long as the customer is at the end of a SNS term. Contact your VMware account team or channel partner for additional information.

Can customers use VMware Tanzu using VMware Cloud Foundation?

Yes, the Tanzu Kubernetes Grid(s) is included in VMware Cloud Foundation.

Where can I go for additional information on VMware Cloud Foundation Pricing and Packaging?

Consult with your VMware Sales Representative, channel partner or qualified OEM partner for pricing.


SDDC Manager

What is VMware SDDC Manager?

SDDC Manager is the management appliance deployed by Cloud Builder as part of the VMware Cloud Foundation Bring-up process. SDDC Manager is unique to VMware Cloud Foundation and contains in-built workflows that automate daily operational tasks, scaling and the lifecycle management of the platform.

Can I add SDDC Manager to an existing vSphere deployment?

No. A customer will need to deploy the full VCF stack to be able to utilize SDDC Manager. An existing vSphere deployment cannot be upgraded to VMware Cloud Foundation without redeployment. Contact sales for more information.

What is the difference between SDDC Manager and vRealize Automation?

SDDC Manager and vRealize Automation automate different aspects of building and running private and Hybrid clouds.

SDDC Manager automates the installation and lifecycle management of the vSphere, vSAN, NSX, and vRealize Suite components from bring-up and configuration to patching and upgrading, making it simple for the cloud admin to build and maintain the SDDC.

SDDC Manager is used to deploy vRealize Suite Lifecycle Manager (vRSLCM) in VMware Cloud Foundation mode and creates a two-way communication channel between the two products. 

When deployed in this way, vRSLCM is now VCF aware, and reports back to the SDDC Manager what vRealize products are installed. With the new flexible upgrades capability, vRSLCM enables the selection of the desired version of vRealize suite independent of the VMware Cloud Foundation version.


Does SDDC Manager replace other existing management tools, such as vCenter Server?

No. SDDC Manager is exclusive to VMware Cloud Foundation and is used to automate the deployment, scale and lifecycle management of a VCF instance.

SDDC Manager deploys a vCenter server for each new workload domain. Once the workload domain has been configured through SDDC Manager, administrators can access the vCenter server console directly to manage the virtualized environment for that workload domain.


What is the Cloud Builder?

Cloud Builder is a Photon OS VM that is delivered as an OVA file and includes a virtual imaging appliance (VIA). It contains all code and product bits to automate the deployment of the full SDDC stack for the management domain for your VMware Cloud Foundation instance. The VM can be deployed on any physical device that has connectivity with the ESXi hosts, including laptops and external hosts. Follow the Cloud Builder UI on the VM to deploy the SDDC stack. Input parameters are entered using the Deployment Parameters Workbook xlsx or a JSON file can be used.



What are the physical server requirements?

VMware Cloud Foundation is supported on vSphere-compatible server hardware which meets the minimum requirements for VMware Cloud Foundation and the desired workloads. For Workload Domains using vSAN, refer to the vSAN Compatibility Guide and the VMware Cloud Foundation product documentation for details.

What switching hardware is supported?

You can use those Enterprise-grade network switches that meet the requirements of vSAN, and which are capable of meeting the scale demands of a highly connected set of vSAN hosts.

How does VMware Cloud Foundation leverage Composable Infrastructure?

Composable Infrastructure allows building physical servers on the fly using an API. Cloud Foundation has a composability plug-in which uses the “RedFish API” to perform this integration. This API communicates with the composable hardware manager to request physical infrastructure on demand.

Which Composable Infrastructure systems are supported?

VMware Cloud Foundation supports Dell MX and HPE Synergy as composable infrastructure systems.

How does VMware Cloud Foundation integrate with composable systems?

Composable systems, such as Dell MX and HPE Synergy integrate with Cloud Foundation through the Redfish API that enables the ability to compose and decompose hardware resources under control of VMware Cloud Foundation.


Who supports VMware Cloud Foundation software and hardware?

When purchasing an OEM Solution, the OEM partner will be the single point of contact for support of both hardware and software. When Cloud Foundation software is purchased from VMware, the support model will follow the standard practice of VMware products with VMware Technical Support delivering support for the Cloud Foundation software.


Workload domains

What is a workload domain?

Workload Domains are a logical abstraction of private Cloud capacity that is provisioned automatically by SDDC Manager and administered and patched independently.  Workload Domains provide a unit of consumption at the SDDC level by presenting an integrated selection of compute, storage, and network resources for business workloads to run in.

Why would a user create another workload domain?

In order to scale deployments, assign unique characteristics and maintain workload isolation, it is a best practice to create additional workload domains for new workloads.

What is a management domain?

The management domain is a special purpose workload domain that is used to host the infrastructure components needed to instantiate, manage, and monitor the Cloud Foundation infrastructure. The management domain is automatically created using the Cloud Builder appliance when it is initially configured.

How many nodes are required for the management domain?

The management domain leverages vSAN for storage and requires a minimum of 4 nodes.

How many vCenter Server instances can be deployed in a workload domain?

Each workload domain has one dedicated vCenter Server instance. (Note: Only one vCenter Server license is needed per Cloud Foundation instance).

Can a vCenter Server configured as part of a workload domain be used to manually configure a cluster of hosts outside of VCF?

No, this is not a support configuration. SDDC Manager should be used to commission new hosts into the VCF inventory. Following this, SDDC Manager is then used to add a cluster into a new or existing workload domain.


What is the minimum number of vSphere hosts that can be in a Virtual Infrastructure Workload Domain?

When vSAN is used workload domains require a minimum of three hosts [four is recommended] and when supplemental storage options such as NFS, vVOLS or VNFS on FC are used, clusters of two nodes can be configured.


Can I extend/delete a workload domain after it has been created?

Yes, Cloud Foundation provides a fully automated process for creating, extending, and deleting workload domains using SDDC Manager. If supplemental storage has been added to the workload domain, manual processes may be required to provision or un-provision this storage accordingly.


Can I reduce the size of a workload domain?

Yes, VMware Cloud Foundation allows removing hosts and clusters from workload domains.



What is the difference between Principal storage and Supplemental storage within VMware Cloud Foundation?

Principal storage is selected when creating a management domain, workload domain, or when creating a new cluster within a workload domain. Supplemental storage may be added to management or workload domain clusters after their creation. Principal storage is required for every cluster. Supplemental storage can be used for additional storage options. Both principal and supplemental storage can be used for primary workloads/use-cases.

Can I change the principal storage selection after creating a workload domain cluster?

No, you must create a new cluster within the workload domain or a new workload domain to change the principal storage selection. vMotion can be used to move the VMs to the newly created cluster. Supplemental storage can be manually added or removed without re-creating the cluster.

Is vSAN required with VMware Cloud Foundation?

vSAN is required for the Cloud Foundation management domain principal storage. It is possible to add supported storage options as supplemental storage for the management domain. The workload domains may use vSAN or a supported storage option for principal storage, with a variety of additional storage options available as supplemental storage.

Which principal storage options are supported with VMware Cloud Foundation?

VMware Cloud Foundation can consume and is validated against vSAN, vVols, NFS v3, and VMFS on FC. vSAN is the only principal storage option for the management domain. NVMe-oF and iSCSI are not currently supported as principal storage for Workload Domains.

VMware recommends using vSAN as the principal storage for all workload domains to leverage the benefits of managing and maintaining a full software defined stack. vSAN is also updated and patched by SDDC Manager. Updating and patching non-vSAN storage is a manual task and falls outside of the lifecycle management offered by SDDC Manager.  To ensure supportability, the storage system will need to be validated on the vSphere SAN/NAS Compatibility Guide: http://vmw.re/storagevcg

Which supplemental storage options are supported with VMware Cloud Foundation?

VMware Cloud Foundation supports the use of NFS (v3, or v4.1), VMFS on FC, iSCSI, NVMe-oF, and vVols as supplemental storage. Supplemental storage is not integrated to or shown within SDDC Manager.

Can I use any server to create a workload domain when utilizing non-vSAN storage?

Yes, any vSphere-compatible server can be used for a workload domain cluster not using vSAN. They do not need to be vSAN ReadyNodes in this case. Please reference the VMware compatibility guide.

Does VMware Cloud Foundation 5.0 support vSAN Stretched Clusters?

vSAN stretched clusters are currently only supported on workload domains using vLCM Baselines. vSAN stretched clusters are not supported for use on workload domains configured with vLCM images.

Note: In VCF 4.2 vSphere Update Manager (VUM) was rebranded as vSphere Lifecycle Manager (vLCM) Baselines in the SDDC Manager UI.

Metro cluster/stretch solutions on external storage are supported for both principal and supplemental storage within Workload Domains. Please consult with your external storage vendor for guidance on how to implement metro cluster/stretch cluster in VMware Cloud Foundation.

Is stretched clustering supported for a workload domain configured for Kubernetes?

No. vSAN Stretched Clustering for workload domains that are configured for Kubernetes Workload Management is currently not supported.

What is VMware HCI Mesh?

VMware HCI Mesh is vSAN’s all new feature that provides for “Disaggregated HCI” or DHCI exclusively through software.  HCI Mesh allows an administrator to easily define a relationship between two vSAN clusters, and borrow capacity from another cluster, improving the agility and efficiency in an environment.  This disaggregation allows the administrator to separate compute from storage.  HCI Mesh uses vSAN’s native protocols for optimal efficiency and interoperability between clusters.  Complimenting the inherent capability within vSAN to treat storage as an exclusive resource of the cluster, HCI Mesh delivers the flexibility in resource provisioning that many of our customers have been asking for.


Which vSAN features are not supported by VMware Cloud Foundation ?

-       HCI Mesh support for remote or stretched clusters – Not Supported

-       2-node vSAN clusters in Remote Office Branch Office (ROBO) scenarios. – Not Supported

-       Storage DRS – Not Supported

-       Multiple pNIC (physical NIC) with external storage and vVols – Not Supported

-       vSAN Direct – Not Supported

-       L3 support for external storage including vVols – Not Supported


Remote Clusters

Is there a hard requirement of 3-4 nodes per VCF Remote Cluster site?

If vSAN is used, VCF only supports a minimum of 3 nodes  and a maximum of 16 nodes per VCF Remote Cluster. If NFS, vVOLs or Fiber Channel is used as principal storage, then VCF supports a minimum of 2 nodes and a maximum of 4 nodes.

What is the license requirement for VCF Remote Clusters?

Standard VCF licensing constructs apply to VCF Remote Clusters.

Are there any hardware specific requirements for VCF Remote Clusters?

No, any vSAN Ready Nodes or Dell VX Rail system will support VCF Remote Clusters.

Why is the requirement to have two active WAN links from the remote sites to the central site?

VCF Remote Cluster is designed to optimize for cost when deploying a VCF workload domain in a remote site. The SDDC Manager & NSX Manager is installed and runs in the central data center, so if the WAN link between the central site and remote sites fails when a node in the remote site reboots, resulting in a dual failure state, the VMs running on the note at the remote site will not be operational until the WAN link becomes active. This can cause application instability in the remote sites. To avoid, it is strongly recommended to use dual active WAN links across sites.

Does VCF+ support the configuration of a Remote Cluster?

No. Remote clusters and remote workload domains are not supported when VCF+ is enabled. When VCF+ is enabled in a VCF 5.0 deployment, each workload domain is subscribed and connected to the VMware Cloud Console.


Patching and Upgrading

What software components can be patched/upgraded using SDDC Manager?

VMware vSphere, vSAN, NSX, vCenter Server and SDDC Manager components are patched and upgraded using SDDC Manager or the API. SDDC Manager is used to manage the inventory and lifecycle management of a VMware Cloud Foundation instance and should be used to operate and maintain the environment.

How am I notified when patches/upgrades become available?

Users need to log into the repository/VMware depot. Once logged in, users are automatically notified from the SDDC Manager user interface when patches and upgrades become available. From VCF 4.5, the vRealize Suite, components are updated using vRealize Suite Lifecycle Manager.

Can I schedule when patches and upgrades are applied?

Yes, SDDC Manager allows patches and upgrades to be scheduled to coincide with regular maintenance windows.

Can I patch/upgrade workload domains independent of each other?

Yes, workload domains and clusters can be upgraded independently of each other. VMware Cloud Foundation lifecycle management allows workload domains and clusters to be updated sequentially (one after another) or in parallel (at the same time).

Can an existing VCF environment be manually upgraded and patched?

Performing manual deployment, scaling operations and lifecycle management of VMware Cloud Foundation outside of SDDC Manager or the API may break the integration of SDDC components of the platform and is not supported

How can critical patches be applied to a VCF component?

The Async Patch Tool (AP Tool) can be used to apply critical patches to VCF components between VCF releases. The AP Tool is supported for VCF 4.2.1 and above..


Config Max and Mins

What is the minimum size of a Cloud Foundation environment with a consolidated deployment?

You need at least 4 servers to run Cloud Foundation in a consolidated architecture. Workload VMs are placed in dedicated resource pools in the Management Domain.

What is the license requirement for VCF Remote Clusters?

Standard VCF licensing constructs apply to VCF Remote Clusters.

How many hosts are required at a minimum to configure a Cloud Foundation environment with a single VI workload domain?

Deploying a VMware Cloud Foundation standard architecture requires a management domain with a minimum of 4 hosts and a VI workload domain comprising of a minimum of 3 hosts when vSAN is used. Customers also have the option to deploy a VI workload domain of 2 hosts using NFS or Fiber Channel storage.

What is the maximum size of a Cloud Foundation environment?

Cloud Foundation inherits configuration maximums from the component products. For information on sizing VMware Cloud Foundation refer to  https://configmax.vmware.com

What is the maximum size of a workload domain?

For up-to-date VMWare Cloud Foundation maximum please refer to the configurations maximum document. See https://configmax.vmware.com for more information.


How many workload domains can a Cloud Foundation instance have?

Cloud Foundation always has 1 management domain and up to 14 VI workload domains. Each workload domain can contain multiple ESXi host clusters. This limit is imposed by the max number of vCenter Server instances that can be configured in enhanced linked mode which supports up to 15 vCenter Servers, and each workload domain has its own vCenter Server.

Note: the number of workload domains is different while using mixed licensing mode. For the VCF 4.5.2 release, administrators can deploy up to eight (8) domains when using mixed license mode.  An additional seven (7) workload domains can be configured using key-based licensing. 

See https://configmax.vmware.com for more information.


Security Add-Ons

What are the security add-ons available with VMware Cloud Foundation?

VMware Cloud Foundation customers are eligible to add-on the following security services:

  • VMware Firewall
  • VMware Firewall with Advanced Threat Prevention
  • VMware Avi Load Balancer
What is VMware Firewall?
VMware Firewall is a software-defined Layer 2-7 firewall purpose-built to secure virtualized workloads in a private cloud. It provides stateful firewalling capabilities that can be used by organizations to protect against the lateral movement of threats. VMware Firewall is available in two form factors: a Distributed Firewall that can be deployed at each vSphere workload and a Gateway Firewall that can be deployed on a vSphere host, either as a Virtual Machine (VM) or as an ISO image on a physical server.
What is VMware Firewall with Advanced Threat Prevention?

VMware Firewall with Advanced Threat Prevention (ATP) is a software-defined Layer 2–7 firewall purpose-built to secure virtualized workloads in a private cloud. It provides stateful firewalling with threat prevention capabilities that protect organizations against advanced threats. ATP combines multiple detection technologies—Intrusion Detection/Prevention System (IDS/IPS), Network Sandboxing, and Network Traffic Analysis (NTA)—with aggregation, correlation, and context engines from Network Detection and Response (NDR).

What is VMware Avi Load Balancer?

VMware Avi Load Balancer provides multi-cloud load balancing, web application firewall and application analytics across on-premises data centers and any cloud. The software-defined platform delivers applications consistently across bare metal servers, virtual machines and containers to ensure a fast, scalable, and secure application experience.

Can the security add-ons be added to previous versions of VMware Cloud Foundation?

The Network and App Security Add-On for Cloud Foundation is available on Cloud Foundation 4.5 and above.

Will Security Add-Ons for VMware Cloud Foundation work in a vSphere environment?

No, only as part of a VMware Cloud Foundation environment running NSX 3.2 or later



Does SDDC Manager automate the deployment of other management components, such as Aria Operations for Network?

AON can be manually deployed and externally integrated with VMware Cloud Foundation.

What logs are sent to the vRealize Log Insight in the Cloud Foundation management cluster?

Cloud Foundation can be configured to send event logs for vSphere, vSAN, NSX, SDDC Manager, vCenter and Horizon into vRealize Log Insight.

How can SDDC Manager be protected by backup?

In Cloud Foundation 4.3 and later releases, SDDC Manager backup and recovery capabilities have been enhanced, allowing administrators to configure external backup targets as well as scheduled backups.



Can I connect the NSX Manager in VMware Cloud Foundation to other non-Cloud Foundation infrastructure?

No. This is not supported. NSX is only aware of the corresponding VMware Cloud Foundation Workload Domains.


Does VMware Cloud Foundation support Bare Metal Edge Servers in NSX?

Yes.  The overwhelming majority of customers deployment use case can be fulfilled with VM form factor edge nodes.  Support for Bare Metal Servers configured as NSX Edge Nodes is provided for customers specific use cases which cannot be supported on an VM form factor edge node.


Does VCF support Bare Metal Servers (i.e., Windows or Linux servers) or KVM as NSX transport nodes?

No, VCF does not support hosts which are not managed by SDDC Manager to be part of the NSX installation. Today, SDDC Manager does not support KVM or other NSX bare metal servers as transport nodes.


What is NSX Federation?

NSX Federation capabilities provide a cloud-like operating model for network administrators by simplifying the consumption of networking and security constructs. This includes centralized management, consistent networking and policy configuration with enforcement and synchronized operational state across large scale federated NSX deployments.


What value does NSX Federation provide?

With NSX Federation, VCF customers can leverage stretched networks and unified security policies that span multi-region VCF deployments providing workload mobility and simplifying disaster recovery.


How does NSX Federation work in VMware Cloud Foundation?

VCF customers can now leverage NSX Federation capabilities to federate and manage multiple NSX domains through a single pane of glass, using Global Manager (GM). GM provides a graphical user interface and an intent-based REST API endpoint. Through the GM, you can configure consistent security policies across multiple locations and stretched networking objects: Tier0 and Tier1 gateways.


For which use cases is NSX Federation support in VMware Cloud Foundation targeted?

NSX Federation can support a variety of use cases based on business demands and preferred architectures.  NSX is well-suited for hybrid cloud connectivity, workload mobility, and disaster recovery across cloud environments.


Is NSX Federation automatically implemented by SDDC Manager?

NSX Federation in 5.0 is implemented and supported through manual guidance, including architecture and design documentation, on the VMware Docs site here (link).


Are there limitations with NSX Federation in VMware Cloud Foundation?

SDDC Manager is not integrated with NSX Global Manager in this release.  As such, SDDC Manager functions (like password rotation, certificate replacement, and LCM) do not interact with NSX Global Manager.  Further, vRealize Operations cannot collect data from the Global Managers, and vRealize Automation cannot provision workloads with Global Managers.


Are there any limitations with NSX Federation working with 2nd/3rd party products?

NSX Federation moves the management plane from Local Manager to Global Manager. Any products that integrate with NSX or consume NSX APIs should evaluate their compatibility with NSX Federation.


Once I upgrade to VMware Cloud Foundation 4.2 or later, can my existing VCF deployment adopt NSX Federation?

NSX Federation in VCF 4.2 or later releases is targeted for greenfield (pre-production) deployments only. Please raise a ticket with GSS and your account team to evaluate if your brownfield VCF deployment (production) is suitable to adopt NSX Federation.


Is NSX Federation supported between VCF Ready Node and VCF on VxRail deployments?

Yes, this is supported when deployed in the following way:

•  NSX Federation for vSAN Ready Node (vSRN) and VxRail was initially supported with VCF 4.3 greenfield only. There is no support available for brownfield environments prior to VCF 4.3. 

  VCF deployments on both environments need to have Application Virtual Networks (AVNs) deployed so the NSX-T edges are deployed and configured. 

•  Designating which site is primary is up to the customer, there is no VCF preference.

Is NSX Federation supported between VCF and non-VCF deployments?

Yes. However the customer is responsible for the deployment and lifecycle of the NSX Global Managers, as well as maintaining version interoperability between VCF owned NSX Local Managers, non-VCF NSX Local Managers, and the NSX Global Manager.


What are NSX Edge clusters and when should they be used?

NSX Edge clusters in VMware Cloud Foundation comprise of a pair of NSX Edge transport nodes (VMs) that can be deployed at a per workload domain level or a per cluster level. NSX Edge clusters provide ingress and egress access as well as other networking services such as routing, firewalling, load balancing and NAT. Edge clusters are recommended for all workload domains. Edge clusters are required prior to deploying vSphere with Tanzu and when deploying the vRealize suite.


Do I need to federate the Management Domain in order to federate the VI Workload domain?

No. You can choose to federate VI Workload domains without federating the management domain. If you need availability of the management components such as Aria Automation or Aria Operations deployed in the management domain, then you need to federate the management domain.


Can I federate between the Management domain and VI Workload domain?

No. This is not supported.


Can a customer connect externally configured vCenter servers or instances to a VCF deployment?

No, connecting externally configured vCenter servers or NSX instances to VCF is not supported. VCF provides automated capabilities to scale and lifecycle manage the platform using SDDC workflows or the API.


Does VCF require the configuration of Application Virtual Networks (AVNs) at Bring-up?

No.  Cloud Foundation no longer provides an option to deploy AVN at Bring-up with VCF 4.3 and later releases.  This results in a faster and seamless initial deployment. For customers who are looking to deploy vRealize Suite components through vRSLCM, AVN is configured through SDDC Manager.


Filter Tags

Cloud Foundation 4.5 Cloud Foundation 5.0.0 Document