Home > VMWare platform > vCloud Foundation > Production deployment for vCF 4.3.1.0

Site readiness

For vCF 4.3.1.0 deployment we need to ensure following before we start deployment:

• We need one ESXi host to deploy cloud builder appliance. At least 4vCPU, 8GB Memory, 300GB storage is required for vCF cloud builder VM
• Download the appropriate version of cloud builder appliance for exact same version and keep it ready for use
• Download the parameter file for exact same version and fill it as per requirements
  • This parameter file till vCF 4.2 has option for AVN, Edge cluster and BGP configuration as part of vCF build process
  • From 4.3.1 onwards the build is split into two parts. Parameter file will only ask about management, vSAN and vMotion. Various NSX Edge cluster related deploy is done later via SDDC Manager using "Add Edge Cluster" wizard
• We need 7 VLANs -- Ensure MTU 9216 for these VLANs in all switches
  • Management - For ESXi, vCenter, Edges, NSX manager, SDDC manager etc. Management IP
  • vSAN - For vSAN traffic between ESXi hosts
  • vMotion - For vMotion traffic between ESXi hosts
  • Edge VTEP or Overlay - For communication between different edges which are part of same edge cluster.
  • Host VTEP or Overlay - For communication between different ESXi hosts. VxLAN traffic from one host to other host can travel via this VLAN.
    • This VLAN must have DHCP based IP addressing
  • Uplink 1 connectivity - For Uplink1 or ISP-1 connectivity for Edges. Edges and ToR (or L3) do BGP peering using IP addresses in this VLAN. All traffic leaving or entering vCF / NSX environment will use this VLAN for Edge to L3 connectivity / traversal.
  • Uplink 2 connectivity - For Uplink2 or ISP-2 connectivity for Edge. Same as Uplink-1. This is for HA purposes.
• We need to have NTP - Either local NTP server or access to Internet based ntp such as pool.ntp.org or time.google.com
• We need to have DNS - We need to create forward and reverse DNS entries. This DNS would be required in future forever so that the nodes, vCenter etc. can discover each other
  • Create all DNS entries in DNS for ESXi host, vCenter, NSX, SDDC and cloud builder
• Based on the ESXi version which is part of release notes of particular vCF version, we need to install ESXi on all the nodes matching exact same version - https://docs.vmware.com/en/VMware-Cloud-Foundation/4.3.1/rn/VMware-Cloud-Foundation-431-Release-Notes.html
  • If exact same version of ESXi is not available we download a lower version iso file
  • Then download the exact matching path depot zip file from https://customerconnect.vmware.com/patch by giving exact same build number as in release notes
• Various passwords and license keys as per parameter file and while deploying cloud builder ova

Deployment steps

• Install the ESXi using downloaded file
  • Then update to exactly required version using Install ESXi patch via depot zip file, if required
• On ESXi we need to do following:
  • Configure NTP and enable it on host boot
  • Configure SSH and enable it on host boot
  • Ensure Management and VM network have correct VLAN-ID as per requirement
  • Configure Management IP with just one uplink port
  • Disable all 1G ports at BIOS level. The server should only show 10G ports at ESXi level.
• Deploy cloud builder ova on ESXi host
• Upload parameter file
• Deploy vCF based on parameters

Deploy Edge cluster

After vCF is deployed go through "Add Edge cluster" wizard. Most values are same as what we would have specified in vCF 4.2 paramter file.

• Specify MTU as: 9000
• Edge cluster profile type: Default
• Edge cluster will be used for: Application Virtual Networks (AVN)
• Tier-0 service high availability: Active/Active
• Tier-0 routing type: EBGP
• Cluster type: L2 uniform

Post deployment configuration changes

After deployment of vCF consider making following changes

• Change vSAN default storage profile to all-flash and FTT to FTT=1, RAID-5 Erasure coding instead of RAID-1 mirroring. This is possible only in case of all-flash deployments
• If the vmnics used are of type vmnic0, vmnic1, vmnic4, vmnic5 etc. then by default the port-groups might be using only two NICs and other two might be unused. For each and every port-group make following changes:

  This can be done even for edge uplink related port-groups.

  • Under "Teaming and failover" - Change failure detection to beacon probing instead of default link status
  • Make all four ports active
  • Have failover policy of "Route based on NIC load"
• Enable VLAN based segments, if required. For this add the VLAN related transport zone to each ESXi host. Refer Enable VLAN backed segments on NSX deployment
• Not optional, we must disable password expiry to avoid issues
  • Disable password expiry on NSX manager and edges via Avoid password expiry on NSX managers and edges
  • Disable password expiry on vCenter via Disable root password expiry on vCenter
  • Disable password expiry on SDDC manager via Disable password expiry on SDDC Manager

Home > VMWare platform > vCloud Foundation > Production deployment for vCF 4.3.1.0