VMware Cloud Community
mrstorey303
Enthusiast
Enthusiast

Design Discussion - Separate Mgmt + Compute vCenters?

Hi,

In each of our datacenters today we have a separate 4 node management cluster to hold our vcenters, nsx managers, domain controllers etc for that site.  The hosts in these clusters deliberately do not have NSX agents installed to 100% guarantee we don’t fat finger DFW rules etc, have standard switching (to remove all VDS / vCenter dependancies), run on seperate compute infrastructure etc, but the vcenter / vcsa appliance managing this cluster is the same vcenter that’s managing all other clusters - ie compute clusters.

Now that we’ve started to dip our toe in the Auto Deploy waters (stateful installs at this stage), I’ve been reading that best practice is to have a separate vcenter + sso domain to manage the management cluster....

Do you all subscribe to this theory?  Or is this advice old?  Noticed the v6.5+ vCenter HA deployment automation (basic mode) relies on the vcenter / vcsa you’re enabling it on to be in the same management plane.  I doubt this is an indication of what is considered ‘modern best practice’, but thought it interesting that it would be a promoted deployment model, because it assumes you’re not following what I’ve read is ‘best practice’ elsewhere in auto deploy design docs.

What are your thoughts?  Separate management vcenter to manage the management cluster, or it’s fine to use the same for mgmt+compute?  Or do you only consider separating the vcenters if you’re using auto deploy?

Interested to hear from those who run medium - large vsphere environments and have had similar design debates.

Thanks.

4 Replies
ryanrpatel
Enthusiast
Enthusiast

We have over 700+ Hosts and in multiple datacenters and run our mgmt in a separate Cluster but not separate vCenters. We have over 10 vCenters already so we were trying to keep that number down.

mrstorey303
Enthusiast
Enthusiast

OK interesting thanks.  Are you leveraging auto deploy at all?

Reply
0 Kudos
ryanrpatel
Enthusiast
Enthusiast

We don't use auto-deploy because we don't want DHCP in our datacenters. I wrote build scripts that does everything for us.

Reply
0 Kudos
lukez1985
Contributor
Contributor

I came across your thread while searching for the same answer myself.

I have worked in various environments and generally additional vCenters have only been created when there is a specific need E.G. different site or different environment (secure environment separation etc).

Having also worked in some large enterprise / managed service provider environments I have noticed quite a lot have separated out their management and compute utilising separate vCenters, however I am yet to understand why / what is the benefit. Even with NSX and other product integrations as long as the clusters are separate (which I completely understand and agree with) I fail to understand or agree on why vCenter separation is required.

Now saying that, if you are not running VCSA 6.5+ and taking advantage of vCenter HA I can appreciate that having them separate gives you a bit of a safety net but really nowadays is it necessary to have them separate?

I have yet to come across or think of a solution that would specifically require this separation, has anyone else? Responses from Architects and VMware would go down a treat Smiley Wink

Reply
0 Kudos