VMware Cloud Foundation - A Technical Overview
VMware Cloud Foundation – A Technical Overview (based on VCF 4.5)
This technical overview supersedes this version, which was based on VMware Cloud Foundation 4.3, and now covers all capabilities and enhancements that were delivered with VCF 4.5.
What is VMware Cloud Foundation (VCF)?
VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. VCF is based on different components like vSphere (compute), vSAN (storage), NSX (networking), and some parts of the Aria Suite (formerly vRealize Suite). The idea of VCF follows a standardized, automated, and validated approach that simplifies the management of all the needed software-defined infrastructure resources.
This stack provides customers with consistent infrastructure and operations in a cloud operating model that can be deployed on-premises, at the edge, or in the public cloud.
Tanzu Standard Edition is included in VMware Cloud Foundation with Tanzu Standard, Advanced, and Enterprise editions.
Note: The VMware Cloud Foundation Starter, Standard, Advanced and Enterprise editions do NOT include Tanzu Standard.
What software is being delivered in VMware Cloud Foundation?
The BoM (bill of materials) is changing with each VCF release. With VCF 4.5 the following components and software versions are included:
- VMware SDDC Manager 4.5
- vSphere 7.0 Update 3g
- vCenter Server 7.0 Update 3h
- vSAN 7.0 Update 3g
- NSX-T 18.104.22.168
- VMware Workspace ONE Access 3.3.6
- vRealize Log Insight 8.8.2
- vRealize Operations 8.8.2
- vRealize Automation 8.8.2
- (vRealize Network Insight)
Note: Only one vCenter Server license is required for all vCenter Servers deployed in a VMware Cloud Foundation system.
What is VMware Cloud Foundation+ (VCF+)?
With the launch of VMware Cloud Foundation (VCF) 4.5 in early October 2022, VCF introduced new consumption and licensing models.
VCF+ is the next cloud-connected SaaS product offering, which builds on vSphere+ and vSAN+. VCF+ delivers cloud connectivity to centralize management and a new consumption-based OPEX model to consume VMware Cloud services.
VCF+ components are cloud entitled, metered, and billed. There are no license keys in VCF+. Once the customer is onboarded to VCF+, the components are entitled from the cloud and periodically metered and billed.
The following components are included in VCF+:
- NSX (term license)
- SDDC Manager
- Aria Universal Suite (formerly vRealize Cloud Universal aka vRCU)
- Tanzu Standard
- vCenter (included as part of vSphere+)
Note: In a given VCF+ instance, you can only have VCF+ licensing, you cannot mix VCF-S (term) and VCF perpetual licenses with VCF+.
What are other VCF subscription offerings?
VMware Cloud Foundation Subscription (VCF-S) is an on-premises (disconnected) term subscription offer that is available as a standalone VCF-S offer using physical core metrics and term subscription license keys.
You can also purchase VCF+ and VCF-S licenses as part of the VMware Cloud Universal program.
Note: You can mix VCF-S with perpetual license keys as long as you use the same key (either or) for a workload domain.
Which VMware Cloud Foundation editions are available?
A VCF comparison matrix can be found here.
VMware Cloud Foundation Architecture
VCF is made for greenfield deployments (brownfield not supported) and supports two different architecture models:
- Standard Architecture
- Consolidated Architecture
The standard architecture separates management workloads and lets them run on a dedicated management workload domain. Customer workloads are deployed on a separate virtual infrastructure workload domain (VI workload domain). Each workload domain is managed by a separate vCenter Server instance, which allows autonomous licensing and lifecycle management.
Note: The standard architecture is the recommended model because it separates management workloads from customer workloads.
Customers with a small environment (or a PoC) can start with a consolidated architecture. This allows you to run customer and management workloads together on the same workload domain (WLD).
Note: The management workload domain's default cluster datastore must use vSAN. Other WLDs can use vSAN, NFS, FC, and vVols for the principal storage.
What is a vSAN Stretched Cluster?
vSAN stretched clusters extend a vSAN cluster from a single site to two sites for a higher level of availability and inter-site load balancing.
Does VCF provide flexible workload domain sizing?
Yes, that's possible. You can license the WLDs based on your needs and use the editions that make the most sense depending on your use cases.
How many physical nodes are required to deploy VMware Cloud Foundation?
A minimum of four physical nodes is required to start in a consolidated architecture or to build your management workload domain. Four nodes are required to ensure that the environment can tolerate a failure while another node is being updated.
VI workload domains require a minimum of three nodes.
This means, to start with a standard architecture, you need to have the requirements (and money) to start with at least seven physical nodes.
What are the minimum hardware requirements?
These minimum specs have been listed for the management WLD since VCF 4.0 (September 2020):
Can I mix vSAN ReadyNodes and Dell EMC VxRail deployments?
No. This is not possible.
What about edge/remote use cases?
When you would like to deploy VMware Cloud Foundation workload domains at a remote site, you can deploy so-called "VCF Remote Clusters". Those remote workload domains are managed by the VCF instance at the central site and you can perform the same full-stack lifecycle management for the remote sites from the central SDDC Manager.
Prerequisites to deploy remote clusters can be found here.
Note: If vSAN is used, VCF only supports a minimum of 3 nodes and a maximum of 4 nodes per VCF Remote Cluster. If NFS, vVOLs or Fiber Channel is used as principal storage, then VCF supports a minimum of 2 and a maximum of 4 nodes.
Important: Remote clusters and remote workload domains are not supported when VCF+ is enabled.
Does VCF support HCI Mesh?
Yes. VMware Cloud Foundation 4.2 and later supports sharing remote datastores with HCI Mesh for VI workload domains.
HCI Mesh is a software-based approach for disaggregation of compute and storage resources in vSAN. HCI Mesh brings together multiple independent vSAN clusters by enabling cross-cluster utilization of remote datastore capacity within vCenter Server. HCI Mesh enables you to efficiently utilize and consume data center resources, which provides simple storage management at scale.
Note: At this time, HCI Mesh is not supported with VCF ROBO.
What is SDDC Manager?
SDDC Manager is a preconfigured virtual appliance that is deployed in the management workload domain for creating workload domains, provisioning additional virtual infrastructure and lifecycle management of all the software-defined data center (SDDC) management components.
You use SDDC Manager in VMware Cloud Foundation to perform the following operations:
- Commissioning or decommissioning ESXi hosts
- Deployment of workload domains
- Extension of clusters in the management and workload domains with ESXi hosts
- Adding clusters to the management domain and workload domains
- Support for network pools for host configuration in a workload domain
- Product licenses storage
- Deployment of vRealize Suite components.
- Lifecycle management of the virtual infrastructure components in all workload domains, and of vRealize Suite Lifecycle Manager components.
- Certificate management
- Password management and rotation
- NSX-T Edge cluster deployment in the management domain and workload domains
- Backup configuration
How many resources does the VCF management WLD need during the bring-up process?
We know that VCF includes vSphere (ESXi and vCenter), vSAN, SDDC Manager, NSX-T and eventually some components of the vRealize Suite. The following table should give you an idea what the resource requirements look like to get VCF up and running:
If you are interested to know how many resources the Aria Suite (formerly vRealize Suite) will consume of the management workload domain, have a look at this table:
How can I migrate my workloads from a non-VCF environment to a new VCF deployment?
VMware HCX provides a path to modernize from a legacy data center architecture by migrating to VMware Cloud Foundation.
What is NSX Advanced Load Balancer?
NSX Advanced Load Balancer (NSX ALB) formerly known as Avi is a solution that provides advanced load balancing capabilities for VMware Cloud Foundation.
Which security add-ons are available with VMware Cloud Foundation?
VMware has different workload and network security offerings to complement VCF:
- NSX Advanced Threat Prevention (ATP for IDS/IPS, malware detection, NDR)
- NSX Advanced Load Balancer (for GSLB and WAF)
- Carbon Black Workload (NGAV, EDR, audit & remediation)
Can I get VCF as a managed service offering?
Yes, this is possible. Please have a look at Data Center as a Service based on VMware Cloud Foundation.
Can I install VCF in my home lab?
Yes, you can. With the VLC Lab Constructor, you can deploy an automated VCF instance in a nested configuration. There is also a Slack VLC community for support.
Where can I find more information about VCF?
Please consult the VMware Foundation 4.5 FAQ for more information about VMware Cloud Foundation.
|About the Author:
Michael Rebmann works as a Lead Solution Architect for VMware Switzerland and focuses on some of the largest and most strategic customers. He is alao part of VMware's Office of the CTO Global Field and Industry team in the role of a CTO Ambassador. Michael shares his knowledge and opinion on his private blog cloud13.ch as well.