VMware Cloud Foundation

 View Only

 How to deploy VCF 5.1.1 across multiple data centers?

cmangiarelli's profile image
cmangiarelli posted Jul 12, 2024 04:07 PM

I've been supporting VMware products for a few decades now and VCF has been the most frustrating solution to date. I have been working with technical support for over 2 weeks now to deploy my first VCF greenfield environment. After resolving 5x fatal cloud builder errors, we finally got the builder to deploy our first environment. I want to move on to my second, but TSE can't help with deployment architecture. I've done my share of RTFM but can't figure out how to move forward. How do I properly deploy VCF across 2 independent data centers?

Let me give you some background here:

I work for a company that delivers a critical public service. We have a standardized approach to our solution. While most customers utilize 2x data centers for redundancy, we have a few larger customers that require more. Each data center needs to be capable of standing alone should the other peers become disabled; some performance degradation is acceptable due to the increased load, but failure is not tolerated. Most solutions are active/active and spread across data centers, while a few utilize SRM for active/passive failover. My standard virtualization solution deploys a multi-host cluster with its own vCenter and a slew of other VMware products for management support. The vCenter's are linked to allow for easy management and a view of the entire infrastructure.

Now, I have a customer with 2x data centers who purchased the VCF product sku. We are using vSAN storage. As the cost of VCF was cheaper than VVF+vSAN entitlements, we obviously want to deliver the best solution given their licensing. As I mentioned earlier, we finally got their primary data center deployed with VCF, but I can't figure out how to deploy the second data center. VMware TSE won't help unless a specific problem occurs during the next deployment activity. The first site was deployed as consolidated (management and workload in a single domain). If I deploy a new workload domain, the new vCenter will not get deployed in the second data center (which is required for our customer). I found out that old versions of VCF supported multi-site federation for SDDC manager, but that capability was removed in 4.4. I found another document that showed how to use cloud builder to deploy a second VCF region, but linked to the SSO of the first region (don't recall which version), however the 5.1.1 deployment workbook does not posses that option. Normally I would link a new vCenter during its initial deployment, but I am aware of the manual process to link after install. I can't find any documentation on how to properly link two separate VCF 5.1.1 regions.

Looking for advice on how to proceed here. I'm tempted to abandon VCF, but as this is greenfield and we have the licenses, it just makes sense to utilize the automated upgrade mechanics built into SDDC Manager. We do plan to fully deploy the vRealize/Aria suite using its lifecycle manager, preferably linked to SDDC Manager, though I'd like to avoid workspace one (if I can). Thoughts?

P.S. I am not allowed to use NSX to transfer traffic outside the data center. Our network team requires all traffic leaving the physical data center to go through their firewalls and they control the routing. I can use NSX internally if I want, but I don't see any benefit and prefer to just use VLAN-backed port groups. In order to satisfy the cloud builder, we created the internal overlay VLAN and TEP pool, but the managers are basically sitting idle. 

cmangiarelli's profile image
cmangiarelli

I also posted my question on Reddit and got some feedback. It appears none of this is possible in VCF 5.x. I previously knew that multi-site management was deprecated in 4.4 and I just found out that ELM between multiple VCF regions was deprecated in 4.5.

"In VMware Cloud Foundation 4.5, the ability to join multiple VMware Cloud Foundation instances to the same vCenter Single Sign-On domain is deprecated." (link)

The way I read this, all VCF (5.x) regions are completely "stand-alone". You can SRM between them, including protecting the management domain VMs, but you need to manage them as separate entities. I know my management won't agree to this and we are not going to change SOP for this deployment, so I'll have to give VCF the boot.

Jean-Claude Daunois's profile image
Broadcom Employee Jean-Claude Daunois

Hi, 

if you want to have 2 DC for redundancy, il means you shouldn’t use the same instance of VCF.

in VCF, admin cluster will works into a single site, meaning if you have problem, with site where admin cluster is, you will loose all management part. Not a good idea (vCenter server for workload domain will run into admin cluster).

So, thinking of VCF (at least until we support Brownfield ingestion), will not give you availability you are looking for.

for your case, 2 site = 2 vcf instance. Then for each workload domain you create « locally », you can decide to implement DR solution. 

vcf will manage local infrastructure (1 vcf per site). And dr solution will manage VM which need to be replicated on other site.

so for you case, do a dr infrastructure exactly like you should have done it with an infra without vcf.

you need to think about network reachability and data/VM replication to put that in place.

with VCF 5.2, we will support « Brownfield ingestion » which will help in such case as you will be able to import a vCenter which is not working into you admin cluster. It will give you new case to support you infrastructure. Vcf (sddc manager) will then be able to manage both site without risk of loosing management boni case of a site failure. 

so, if you want to start now : 

  • 2 vcf instance : 1 per site,
  • Make you de plan just like you should have done it without vcf
  • or wait for vcf 5.2 to use brownfield support to bike new architecture.

whatever, keep in mind that network bandwidth and latency is key to build a DR  solution. 

cmangiarelli's profile image
cmangiarelli

Thanks for the info Jean, but my issue isn't having to deploy 2 separate VCF regions, but not being allowed to have single pane-of-glass management over both regions through vCenter ELM. If I could instantiate a separate consolidated VCF region in both data centers and then link the vCenter's with ELM, I would be fine with the end result. Since this configuration has been deprecated in 4.5, I have no choice but to abandon VCF as I am required to maintain official VMware support and consolidated VI management.

Jean-Claude Daunois's profile image
Broadcom Employee Jean-Claude Daunois

Ok, so best case is to wait for 5.2 vcf version which will answer most of your use case. Single pane of glasses, an single mgt point even for multiple site (again depending on bandwidth and latencies). 

Best regards.