Welcome to part 9 of the VCF-9 series. The previous post in this series discussed VPC networking in greater detail. In this post, I will demonstrate how to deploy vSphere Kubernetes Service (VKS) in an NSX VPC.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

4: NSX Edge Cluster Deployment

5: ESXi Host Commission in VCF

6: Deploying a Workload Domain

7: Deploy VCF Operations for Logs

8: VPC Creation with Centralized Networking

9: VPC Networking Deep Dive

VKS, when integrated with NSX VPCs, enables self-service, secure, and automated network and security consumption for Kubernetes clusters within an NSX Virtual Private Cloud (VPC). This approach provides users with a simplified, self-service model to manage network segments, security policies, and external connectivity for their applications, all within predefined infrastructure guardrails set by the administrator.… Read More

Welcome to part 9 of the VCF-9 series. The previous post in this series discussed how to create Virtual Private Clouds (VPCs) with centralized network connectivity. In this post, I will dive deep into the fundamentals of VPC networking.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

4: NSX Edge Cluster Deployment

5: ESXi Host Commission in VCF

6: Deploying a Workload Domain

7: Deploy VCF Operations for Logs

8: VPC Creation with Centralized Networking

Part 3 of this series discussed the networking models in VCF-9. In the previous post, I covered the concepts of default transit gateway and VPC gateway, as well as the types of subnets that can be created in a VPC. It is essential to recall these concepts to comprehend VPC networking.… Read More

Welcome to part 8 of the VCF-9 series. The previous post in this series discussed how to deploy VCF Operations for Logs and configure log forwarding for vSphere and NSX components.

In this post, I will discuss the creation of Virtual Private Clouds (VPCs) with centralized network connectivity.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

4: NSX Edge Cluster Deployment

5: ESXi Host Commission in VCF

6: Deploying a Workload Domain

7: Deploy VCF Operations for Logs

The NSX VPC feature is not new and was first introduced in NSX 4.0. NSX VPCs provide multi-tenancy capabilities, as they offer networking and security services to multiple tenants that are completely isolated from one another. Access to networking constructs (T1 gateways, segments, etc.) is controlled via RBAC policies, and limits are enforced by assigning quotas to the objects that can be created inside a tenant.… Read More

Welcome to part 7 of the VCF-9 series. The previous post in this series discussed how to configure an online depot in VCF operations and download the product installation binaries. This post will discuss the steps of deploying an instance of VCF Operations for Logs and configuring vSphere and NSX integration for log forwarding.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

4: NSX Edge Cluster Deployment

5: ESXi Host Commission in VCF

6: Deploying a Workload Domain

7: Depot Configuration and Binary Management in VCF Operations

VCF Operations for Logs, formerly vRealize Log Insight, is a VMware solution for centralized log management and analysis within a VMware Cloud Foundation (VCF) environment. It provides deep visibility into operational issues, enabling faster troubleshooting and proactive issue detection.… Read More

In older versions of VCF (4.x & 5.x), before you deploy any of the Aria suite components, you have to download the binaries online or download the binaries manually and upload them into VMware Aria Suite Lifecycle, followed by binary mapping. Then, you can leverage these binaries to install, upgrade, or patch products from the Aria suite.

In VCF 9, this functionality has been moved to the unified VCF Operations component. All VCF fleet-related configurations/tasks are now performed through the VCF Operations. Using VCF operations, you can configure an online depot (token-based) or an offline depot for binary management. A depot serves as a source for downloading installation, upgrade, and patch binaries. You must set up a depot before downloading and installing components like VCF Operations for Logs and VCF Operations for Networks.

Only one depot connection can be ACTIVE at a time. If a depot is already ACTIVE, you must disconnect it before switching the depot to Online or Offline.… Read More

Welcome to part 6 of the VCF-9 series. The previous post in this series discussed the ESXi host commissioning process. Now it’s time to put those hosts into action by creating a workload domain. This post will guide you on creating a new workload domain.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

4: NSX Edge Cluster Deployment

5: ESXi Host Commission in VCF

A typical VCF deployment includes a management domain and one or more VI workload domains. Each VI workload domain can be configured with specific resources, network configurations, and policies to support its intended workloads. The VI workload domains are isolated from the management domain and are used for hosting business applications and providing cloud-like operations within a private data center.… Read More

Welcome to part 5 of the VCF-9 series. The previous post in this series discussed the new method of deploying the Edge cluster and the transit gateway. In this post, I will discuss the process of commissioning an ESXi host.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

4: NSX Edge Cluster Deployment

In the VCF world, host commissioning refers to the process of adding physical servers (with ESXi installed) to the SDDC Manager inventory to create a pool of available capacity for workload domains and clusters. Starting with VCF-9, VMware has announced the deprecation of the SDDC manager and moved the majority of the day-1 & day-2 configurations to VCF operations. As part of this change, the process of ESXi host commissioning has also changed, and this feature has been moved to the vCenter server UI.… Read More

Welcome to part 4 of the VCF-9 series. The previous post in this series discussed the networking models (VPC Networking and Segment Networking) and the key differences between them. In this post, I will discuss deploying NSX Edges through a built-in wizard in the vCenter UI.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

3: VCF-9 Networking Models

In previous VCF releases, NSX Edges were deployed through SDDC Manager using the UI/JSON. VCF-9 has introduced a newer way of deploying NSX Edge VMs, and the deployment can now be performed through vCenter UI to simplify the process, particularly for centralized external network connectivity.However, installation and configuration via the NSX Manager is still possible.

You will notice one change when deploying Edges through vCenter Server, i.e., instead of creating a tier-1 gateway, the wizard deploys a Transit Gateway.… Read More

Welcome to part 3 of the VCF-9 series. Part 1 of this series dived into VCF-9 architecture and deployment models, and Part 2 showcased the deployment of a VCF instance using the new VCF installer. In this post, I will discuss the networking models available in VCF-9.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: VCF-9 Architecture & Deployment Models

2: VCF Installer Walk-through

In VCF 9, NSX introduces two networking object models: VPC Networking and Segment Networking.

VPC Networking: The VPC networking model offers a streamlined approach for configuring networking and security services, making it accessible even to non-networking experts. It aligns with the user experience found in public cloud platforms and integrates seamlessly within the VCF stack. Cloud users can interact with the VPC model through the NSX UI/API, vCenter UI, VCF Automation, or Supervisor cluster.… Read More

Welcome to part 2 of the VCF-9 series. In part 1, I discussed what’s new in VCF-9 and the deployment models and cluster topologies supported by VCF. In this post, I will walk through the deployment of VCF using the new VCF installer tool.

The cloud builder tool that was included with earlier VCF editions has been replaced by the VCF installer. The new installer offers a whole new experience for deploying VCF instances and is lightweight. VCF-9 deployment methodology is more robust, well-designed, and efficient than the previous Excel-based Cloud Builder method. The installer can deploy VCF instances via UI or through JSON files and supports both brownfield and greenfield deployments. The installer also includes an improved built-in validation.

The VCF installer is available in the OVA file format and can be downloaded from here.

Prepping the Environment

Network & VLANs

I am using a VyOS router to provide network connectivity to my nested lab and have configured the following VLANs.… Read More