VMware in a private cloud

A private cloud is an isolated VMware stack (ESXi hosts, vCenter, vSAN, and NSX) environment managed by a vCenter server in a management domain. You can deploy VMware natively on bare metal infrastructure in the private cloud hosted locations.

A private cloud is deployed with the following VMware stack components:

  • VMware ESXi: hypervisor on dedicated nodes
  • VMware vCenter: appliance for centralized management of private cloud vSphere environment
  • VMware vSAN: hyper-converged infrastructure solution
  • VMware NSX Data Center: network virtualization and security software
  • HCX Advanced: application mobility platform

VMware component versions

A private cloud VMware stack has the following software versions.

Component Version Licensed version
ESXi 6.7U3 Enterprise Plus
vCenter 6.7U3 vCenter Standard
vSAN 6.7U3 Enterprise
NSX Data Center 2.5.1 Advanced
HCX 3.5.2 Advanced


When you create a private cloud, VMware ESXi is installed on provisioned Google Cloud VMware Engine nodes. ESXi provides the hypervisor for deploying workload virtual machines (VMs). Nodes provide hyper-converged infrastructure (compute and storage) on your private cloud. The nodes are a part of the vSphere cluster on the private cloud.

Each node has four physical networks interfaces connected to the underlying network. With two physical network interfaces, VMware Engine creates a vSphere distributed switch (VDS) on the vCenter. With the other two interfaces, VMware Engine creates an NSX-managed virtual distributed switch (N-VDS). Network interfaces are configured in active-active mode for high availability.

vCenter Server Appliance

vCenter Server Appliance (VCSA) provides the authentication, management, and orchestration functions for VMware Engine. When you create and deploy your private cloud, VMware Engine deploys a VCSA with embedded Platform Services Controller (PSC) on the vSphere cluster. Each private cloud has its own VCSA. Extending a private cloud adds nodes to the VCSA.

vCenter Single Sign-On

Embedded platform services controller on VCSA is associated with a vCenter Single Sign-On. The domain name is gve.local. To access vCenter, use the default user, CloudOwner@gve.local, which is created for you to access vCenter. You can add your on-premises/Active Directory identity sources for vCenter.

vSAN storage

Private clouds have fully configured all-flash vSAN storage that is local to the cluster. Three nodes of the same SKU is the minimum number required to create a vSphere cluster with a vSAN datastore. Deduplication and compression are enabled on the vSAN datastore by default. Each node of the vSphere cluster has two disk groups. Each disk group contains one cache disk and three capacity disks.

vSAN storage policies

The storage policy defines the Failures to tolerate (FTT) and the Failure tolerance method. You can create new storage policies and apply them to the VMs. To maintain SLA, you must maintain 25% spare capacity on the vSAN datastore.

There is a default vSAN storage policy on the vSphere cluster that is applied to the vSAN datastore. This policy determines how to provision and allocate the VM storage objects within the datastore to guarantee the required level of service. The following table shows the default vSAN storage policy parameters.

FTT Failure tolerance method Number of nodes in vSphere cluster
1 RAID 1 (mirroring)
Creates 2 copies
3 and 4 nodes
2 RAID 1 (mirroring)
Creates 3 copies
5 to 16 nodes

Supported vSAN storage policies

The following table shows the supported vSAN storage policies and the minimum number of hosts required for enabling the policy.

FTT Failure tolerance method Minimum number of nodes required in vSphere cluster
1 RAID 1 (mirroring) 3
1 RAID 5 (erasure coding) 4
2 RAID 1 (mirroring) 5
2 RAID 6 (erasure coding) 6
3 RAID 1 (mirroring) 7

NSX Data Center

NSX Data Center provides network virtualization, micro segmentation, and network security capabilities on your private cloud. You can configure all services supported by NSX Data Center on your private cloud by using NSX. When you create a private cloud, VMware Engine installs and configures the following NSX components:

  • NSX-T Manager
  • Transport Zones
  • Host and Edge Uplink Profile
  • Logical Switch for Edge Transport, Ext1, and Ext2
  • IP Pool for ESXi Transport Node
  • IP Pool for Edge Transport Node
  • Edge Nodes
  • DRS Anti-affinity rule for controller and Edge VMs
  • Tier 0 Router
  • Enable border gateway protocol (BGP) on Tier0 Router

vSphere cluster

To ensure high availability of the private cloud, ESXi hosts are configured as a cluster. When you create a private cloud, management components of vSphere are deployed on the first cluster. A resource pool is created for management components, and all management VMs are deployed in this resource pool.

The first cluster cannot be deleted to shrink the private cloud. vSphere cluster uses vSphere HA to provide high availability for VMs. Failures to tolerate (FTT) are based on the number of available nodes in the cluster. You can use the formula Number of nodes = 2N+1 where N is the number of failures to tolerate.

vSphere cluster limits

Resource Limit
Minimum number of nodes to create a private cloud (first vSphere cluster) 3
Maximum number of nodes in a vSphere Cluster on a private cloud 16
Maximum number of nodes in a private cloud 64
Maximum number of vSphere clusters in a private cloud 21
Minimum number of nodes on a new vSphere cluster 3

Guest operating system support

A VMware Engine private cloud consists of a cluster of VMware ESXi 6.7U3 hypervisor nodes with an Enterprise Plus license installed. You can install a VM with any guest operating system supported by VMware for ESXi 6.7U3. For a list of supported guest operating systems, see VMware Compatibility Guide.

VMware infrastructure maintenance

Occasionally it's necessary to make changes to the configuration of the VMware infrastructure. Currently, these intervals can occur every 1‑2 months, but the frequency is expected to decline over time. This type of maintenance can usually be done without interrupting normal consumption of the services. During a VMware maintenance interval, the following services continue to function without any effect:

  • VMware management plane and applications
  • vCenter access
  • All networking and storage
  • All cloud traffic

Updates and upgrades

Google is responsible for lifecycle management of VMware software (ESXi, vCenter, PSC, and NSX) in the private cloud.

Software updates include:

  • Patches: security patches or bug fixes released by VMware
  • Updates: minor version change of a VMware stack component
  • Upgrades: major version change of a VMware stack component

Google tests a critical security patch as soon as it becomes available from VMware. Per SLA, Google rolls out the security patch to private cloud environments within a week.

Google provides quarterly maintenance updates to VMware software components. For a new major version of VMware software version, Google works with customers to coordinate a suitable maintenance window for upgrade.

What's next