Standard Architecture is designed for more flexible and scalable deployments than the Consolidated Architecture. A key feature of the VCF Standard Architecture is the single NSX domain for all VI Workload Domains (WLDs), which provides a unified networking and security model across the entire deployment, even when multiple WLDs are involved. This architecture is particularly suitable for medium to large environments that require scalability, multi-tenant support, and centralized networking and security management.
A single NSX domain in this context refers to using a single NSX-T instance to manage networking and security across all VI WLDs within a single site or data center. The NSX Manager handles all networking components like virtual switches, routers, firewalls, load balancers, and VPNs across multiple WLDs.
Key Characteristics:
-
Unified Networking and Security Model:
- In this deployment, NSX-T serves as the single platform for managing network topology, security policies, and routing configurations across all the Workload Domains.
- A single NSX domain is responsible for creating logical networks (i.e., virtual switches and distributed routers), implementing security policies (such as Distributed Firewall and Micro-Segmentation), and enabling cross-WLD communication.
-
Workload Domain Independence:
- While all WLDs share the same NSX domain, each WLD can have its own vSphere cluster to handle workloads independently. These WLDs can be provisioned with different resource profiles, such as more compute power or different storage configurations based on workload requirements, but the networking and security components (NSX) remain centralized.
- This setup allows for scaling the compute (vSphere) and storage (vSAN) resources independently while using a common network fabric managed by NSX.
-
Centralized NSX Management:
- NSX Manager in the Management Domain acts as the central controller for the entire networking stack. The NSX Manager configures logical switches, distributed routers, firewalls, and load balancers, and ensures that network policies are consistent across all WLDs.
- NSX enables cross-WLD networking (East-West and North-South traffic), ensuring that virtual machines (VMs) in different WLDs can communicate with each other if needed, while still respecting network isolation and security policies.
-
Single vCenter and NSX-T Integration:
- A single vCenter Server manages all the WLDs, simplifying the operational overhead. It also integrates seamlessly with the NSX-T networking stack.
- All WLDs are connected through the same NSX-T instance, which ensures that networking services, including load balancing, VPNs, and firewall rules, are applied uniformly across all domains.
-
Networking Flexibility:
- The single NSX domain enables flexible network designs for all WLDs. For example, overlay networkscan be used for VM-to-VM communication, VXLAN can be used to extend networks across the WLDs, and Segment IDs help isolate traffic within the same site or across multiple data centers.
- This architecture also supports BGP (Border Gateway Protocol) and OSPF (Open Shortest Path First) for dynamic routing across the NSX domain.
-
Scalability and Performance:
- With NSX-T handling all network services, it scales effectively across multiple vSphere clusters in different WLDs, providing high availability and failover for network components.
- The single NSX domain architecture ensures that as the environment grows (e.g., additional WLDs, more ESXi hosts), network management remains simplified.
