VMware Cloud Community
NFerrar
Enthusiast
Enthusiast
Jump to solution

Federated VCF & Workspace ONE Access connections

Hi,

My understanding is that the cross-region vRealize Suite components are the ones that link to the cross-region Workspace ONE Access, however could someone clarify whether the local region components (vRealize Suite and NSX-T) point at the region-specific standalone Workspace ONE Access instances (in their local region) as region B configuration documentation (that I've found) doesn't seem to mention it?

So for example:

NSX-T Global (primary) Manager (deployed in region A) connects to the region A standalone Workspace ONE Access instance

NSX-T Global (secondary) Manager (deployed in region B) connects to the region B standalone Workspace ONE Access instance

vRLI in region A connects to the region A standalone Workspace ONE Access instance

vRLI in region B connects to the region B standalone Workspace ONE Access instance

vRSLCM in region B connects to the region B standalone Workspace ONE Access instance

2 Solutions

Accepted Solutions
shank89
Expert
Expert
Jump to solution

Hi,
The components that will / can move between regions (vRA, vROPs (management), vRLCM etc) will reside on the cross region AVN and use the cross region WS1 cluster.

The components that are not going to be moving (vRLI, NSX-T, and vROPs collectors) will reside on the region specific AVN and utilize the region specific WS1 appliance.  (note, the collectors do not need to auth, I just included them as they reside on the same network).

 

Hope this clears it up for you.

 

Thanks

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3

View solution in original post

shank89
Expert
Expert
Jump to solution

It's actually a single vrlcm for both regions, I think this will help to clarify for you.

https://docs.vmware.com/en/VMware-Validated-Design/6.2/introducing-vmware-validated-design/GUID-AC5D...

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3

View solution in original post

8 Replies
shank89
Expert
Expert
Jump to solution

Hi,
The components that will / can move between regions (vRA, vROPs (management), vRLCM etc) will reside on the cross region AVN and use the cross region WS1 cluster.

The components that are not going to be moving (vRLI, NSX-T, and vROPs collectors) will reside on the region specific AVN and utilize the region specific WS1 appliance.  (note, the collectors do not need to auth, I just included them as they reside on the same network).

 

Hope this clears it up for you.

 

Thanks

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
NFerrar
Enthusiast
Enthusiast
Jump to solution

Thanks - that was my thinking to, the one I'm still not sure about though is the region B vRSLCM. It will never move (and I assume goes on the region B AVN) and presumably you wouldn't want it dependent on the cross-region WOA cluster (that's usually running out of region A) but it would benefit from connecting to a WOA so you can use your AD to authenticate access to it.

Reply
0 Kudos
shank89
Expert
Expert
Jump to solution

It's actually a single vrlcm for both regions, I think this will help to clarify for you.

https://docs.vmware.com/en/VMware-Validated-Design/6.2/introducing-vmware-validated-design/GUID-AC5D...

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
NFerrar
Enthusiast
Enthusiast
Jump to solution

Ah, cheers for that link (and the help provided), had missed it when googling! It's the first time I've seen it clearly documented you deploy the region B vRealize components from the region A vRSLCM

Reply
0 Kudos
NFerrar
Enthusiast
Enthusiast
Jump to solution

Although now I'm confused again...

This is the main link I was following when I came up with the need for a region B specific vRSLCM: https://docs.vmware.com/en/VMware-Cloud-Foundation/4.3/vcf-vrslcm-wsa-design/GUID-D59D9A51-F829-4472...

Not only does the logical architecture diagram imply a vRSLCM in region B but the text also seems to back that up? Under the "Multiple VMware Cloud Foundation Instances" section of the table at the bottom it states:

In each VMware Cloud Foundation instance, a vRealize Suite Lifecycle Manager appliance deployed on the cross-instance NSX segment

(although I still don't see why the region B vRSLCM would need to be on a cross-region AVN)

vRealize Suite Lifecycle Manager in each additional VMware Cloud Foundation instance provides life cycle management for:

  • vRealize Log Insight

That link doesn't specifically say there's federation linking the VCFs but surely saying "multiple VCF instances" is only relevant in that context?

Has the architecture changed with v4.3.x (as the VVS link was for v4.2)?

Reply
0 Kudos
shank89
Expert
Expert
Jump to solution

I see where your confusion is coming form and tbh my goto is the link i provided.  I also think it makes more sense to have a single vrlcm appliance managing the regions, I wouldn't want to manage two.

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Reply
0 Kudos
NFerrar
Enthusiast
Enthusiast
Jump to solution

Just found this in the v4.3.1 release notes to:

Deploying a second vRealize Suite Lifecycle Manager fails

If you have multiple instances of VMware Cloud Foundation in the same SSO domain and you try to deploy vRealize Lifecycle Manager on both, the second deployment will fail with the message Add vCenter Server and Data Center to vRealize Suite Lifecycle Manager Failed.

Workaround: Use a single vRealize Suite Lifecycle Manager to manage instances of VMware Cloud Foundation in the same SSO domain

Reply
0 Kudos
shank89
Expert
Expert
Jump to solution

Good find, even more reason now 😛

Shashank Mohan

VCIX-NV 2022 | VCP-DCV2019 | CCNP Specialist

https://lab2prod.com.au
LinkedIn https://www.linkedin.com/in/shankmohan/
Twitter @ShankMohan
Author of NSX-T Logical Routing: https://link.springer.com/book/10.1007/978-1-4842-7458-3
Reply
0 Kudos