Welcome to part 7 of the VCF-9.1 home lab series. The previous post in this series discussed setting up network connectivity in the management domain. In this post, I will demonstrate deploying a new workload domain.
If you are not following along, I encourage you to read the earlier parts of this series from the links below:
3: VCF 9.1 Pre-Deployment Planning
4: Setting up VCF 9.1 Offline Depot
5: VCF 9.1 Deploy Management Domain
6: Configure Management Domain Network Connectivity
A typical VCF deployment includes a management domain and one or more VI workload domains. Each VI workload domain can be configured with specific resources, network configurations, and policies to support its intended workloads. The VI workload domains are isolated from the management domain and used for hosting business applications and providing a public cloud-like experience within a VCF private cloud.
For deploying a workload domain, you have different topologies (single rack, multi-rack, stretched, etc.), and depending on the application needs and business use case, you deploy a supported topology. In this post, I will demonstrate the single-rack deployment topology.
Deploying a new VI Workload Domain (WLD) in VCF 9.1 creates an isolated pool of compute, storage, and network resources for tenant or application workloads. VCF 9.x shifts workload domain creation into the VCF Operations workflow, which automates vCenter, NSX, vSAN, and cluster provisioning.
Before initiating the deployment, ensure that you have commissioned the ESXi hosts in the vCenter inventory and met all prerequisites of a workload domain deployment. The host commission process is unchanged in 9.1, and you can refer to this blog post for instructions.
Deployment Steps
Step 1: Login to the VCF Operations, navigate to the Inventory tab, and click Detailed View. Select the VCF instance to which this workload domain will be added and click Add Workload Domain > Create New.
Step 2: Review and confirm that the workload domain prerequisites have been met, and click Proceed.
Step 3: Enter the workload domain name and select the deployment type.
- The full deployment type deploys vCenter, NSX, creates a vSphere cluster and prepares the hosts for NSX Networking & Security.
- The deploy infrastructure option will only deploy vCenter and NSX. You can manually add vSphere clusters in vCenter and configure hosts for NSX.
Choose whether to enable vSphere Supervisor. I choose to deploy this later.
Password for vcenter and NSX will be auto-created by VCF OPS and can be retrieved later.
Step 4: Provide the vCenter server FQDN and SSO domain name.
Step 5: Provide the name of the vSphere cluster that will be created in the workload domain.
Step 6: Select the image for configuring the hosts. If the server model used in the management domain and workload domain is the same, you can use the management domain image.
Alternatively, you can choose the host for the image reference.
Step 7: For the NSX deployment, you have two choices:
- Create a new NSX Manager instance—if this is a new workload domain that requires its own dedicated NSX instance.
- Join an existing NSX Manager instance—If a new workload domain wants to reuse the NSX Manager of an existing workload domain.
Select the deployment and appliance size and enter the NSX manager nodes/VIP FQDN.
Configure the network connectivity type and external IP block for VPC. I discussed this topic already in my previous post.
Step 8: Select the storage type for the domain.
Step 9: Select the host that will be added to the workload domain. The wizard only shows hosts that are commissioned successfully and are active in inventory.
Step 10: Configure Distributed Switch
To configure the distributed switch, you have 2 options. Select the default profile or create a custom profile.
- If your hosts have only 2 pNICs, you select the default profile, and it will provide a unified fabric for all traffic types using a single vSphere Distributed Switch.
- If your hosts have more than 2 pNICs, you can create a custom profile to isolate storage traffic from the rest of the traffic or isolate your NSX traffic from the regular infrastructure traffic.
When you use a custom profile, multiple distributed switches can be configured. Each distributed switch can hold one or more network traffic configurations.
If you select the default profile, the port groups are auto-created, and you can’t control the names. If you wish to create port groups per your infrastructure naming standard, choose custom configuration even if your hosts have 2 physical NICs.
For custom switch configuration, use the custom switch option. Click Create Distributed Switch.
Provide a name for the VDS, set the MTU and map the uplinks to the active physical adapters on your ESXi hosts.
Click Configure Network Traffic to add the required port groups and select the traffic type.
Enter the port group name and select the teaming policy. Click “Save Configuration.”
Repeat the process to configure other traffic types (vMotion, vSAN, etc.)
For configuring NSX traffic, enter the transport zone type, transport zone name, and ESX TEP VLAN.
Select the IP allocation method for TEP. If a static IP pool will be used, enter the TEP VLAN CIDR, IP range, and gateway. Also, map the NSX uplinks with the VDS uplinks.
Enter the uplink profile name and teaming policy.
Click Save configuration to go back to the VDS configuration page and click next.
Review the supplied inputs and ensure they are correct.
Clicking the JSON preview shows the supplied inputs in the JSON format. You can download the JSON for reusability and one-click automated deployment for future workload domains.
On the Validation page, VCF OPS runs a system check against the supplied inputs to ensure they are correct. After all tests are passed, you initiate the deployment by clicking the Finish button.
Click the View SDDC Manager Tasks button to see the backend tasks.
Clicking the button takes you to Fleet Management > Tasks view, where you can see all tasks related to workload domain creation.
After workload domain creation completes, navigate to the VCF Instances, select the workload domain, and from the Actions menu, select Retrieve Domain Passwords.
Store the password in your password vault.
The next step in this series will be setting up network connectivity. Refer to my previous post on how to deploy the edge cluster and configure connectivity. The steps are the same.
And that’s it for this post. In the next post of this series, I will discuss VKS deployment. Stay tuned!!!
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.