Private cloud VMware components

A private cloud is an isolated VMware stack (ESXi hosts, vCenter, vSAN, and NSX) environment managed by a vCenter Server in a management domain. Google Cloud VMware Engine deploys private clouds with the following VMware stack components:

  • VMware ESXi: hypervisor on dedicated nodes
  • VMware vCenter: centralized management of private cloud vSphere environment
  • VMware vSAN: hyper-converged, software-defined storage platform
  • VMware NSX Data Center: network virtualization and security software
  • VMware HCX: application migration and workload rebalancing across data centers and clouds

You can retrieve generated sign-in credentials for VMware stack components from the private cloud details page.

VMware component versions

A private cloud VMware stack has the following software versions:

Component Version Licensed version
ESXi 7.0.1 U1a Enterprise Plus
vCenter 7.0 U1a vCenter Standard
vSAN 7.0 U1 Enterprise
NSX Data Center 3.0.2 Advanced
HCX 3.5.31 Advanced
1VMware Engine deploys a version of HCX made available to Google Cloud by VMware. Update HCX after private cloud creation to retrieve the latest version of HCX for your environment.

ESXi

When you create a private cloud, VMware ESXi is installed on provisioned Google Cloud VMware Engine nodes. ESXi provides the hypervisor for deploying workload virtual machines (VMs). Nodes provide hyper-converged infrastructure (compute and storage) and are a part of the vSphere cluster on your private cloud.

Each node has four physical network interfaces connected to the underlying network. Using two physical network interfaces, VMware Engine creates a vSphere distributed switch (VDS) on the vCenter. Using the other two interfaces, VMware Engine creates an NSX-managed virtual distributed switch (N-VDS). Network interfaces are configured in active-active mode for high availability.

vCenter Server Appliance

vCenter Server Appliance (VCSA) provides the authentication, management, and orchestration functions for VMware Engine. When you create and deploy your private cloud, VMware Engine deploys a VCSA with an embedded Platform Services Controller (PSC) on the vSphere cluster. Each private cloud has its own VCSA. Adding nodes to a private cloud adds nodes to the VCSA.

vCenter Single Sign-On

The embedded platform services controller on VCSA is associated with a vCenter Single Sign-On. The domain name is gve.local. To access vCenter, use the default user, CloudOwner@gve.local, which is created for you to access vCenter. You can add your on-premises/Active Directory identity sources for vCenter.

vSAN storage

Private clouds have fully configured all-flash vSAN storage that's local to the cluster. At least three nodes of the same SKU are required to create a vSphere cluster with a vSAN datastore. Deduplication and compression are enabled on the vSAN datastore by default. Each node of the vSphere cluster has two disk groups. Each disk group contains one cache disk and three capacity disks.

vSAN storage policies

A vSAN storage policy defines the Failures to tolerate (FTT) and the Failure tolerance method. You can create new storage policies and apply them to VMs. To maintain SLA, you must maintain 25% spare capacity on the vSAN datastore.

On each vSphere cluster, there's a default vSAN storage policy that applies to the vSAN datastore. The storage policy determines how to provision and allocate VM storage objects within the datastore to guarantee a level of service.

The following table shows the default vSAN storage policy parameters:

FTT Failure tolerance method Number of nodes in vSphere cluster
1 RAID 1 (mirroring)
Creates 2 copies
3 and 4 nodes
2 RAID 1 (mirroring)
Creates 3 copies
5 to 32 nodes

Supported vSAN storage policies

The following table shows the supported vSAN storage policies and the minimum number of nodes required to enable the policy:

FTT Failure tolerance method Minimum number of nodes required in vSphere cluster
1 RAID 1 (mirroring) 3
1 RAID 5 (erasure coding) 4
2 RAID 1 (mirroring) 5
2 RAID 6 (erasure coding) 6
3 RAID 1 (mirroring) 7

NSX Data Center

NSX Data Center provides network virtualization, micro segmentation, and network security capabilities on your private cloud. You can configure all services supported by NSX Data Center on your private cloud by using NSX. When you create a private cloud, VMware Engine installs and configures the following NSX components:

  • NSX-T Manager
  • Transport Zones
  • Host and Edge Uplink Profile
  • Logical Switch for Edge Transport, Ext1, and Ext2
  • IP Pool for ESXi Transport Node
  • IP Pool for Edge Transport Node
  • Edge Nodes
  • DRS Anti-affinity rule for controller and Edge VMs
  • Tier 0 Router
  • Enable border gateway protocol (BGP) on Tier0 Router

HCX

VMware Engine handles initial installation, configuration, and monitoring of HCX in private clouds. You are responsible for lifecycle management of HCX Cloud and service appliances like HCX-IX Interconnect.

VMware provides updates for HCX Cloud through its HCX service. You can upgrade HCX Manager and deployed HCX service appliances from the HCX Cloud interface. To find the end of support date for a product release, refer to the VMware Product Lifecycle Matrix.

vSphere cluster

To ensure high availability of the private cloud, ESXi hosts are configured as a cluster. When you create a private cloud, VMware Engine deploys management components of vSphere on the first cluster. VMware Engine creates a resource pool for management components, and deploys all management VMs in this resource pool.

The first cluster cannot be deleted to shrink the private cloud. The vSphere cluster uses vSphere HA to provide high availability for VMs. Failures to tolerate (FTT) are based on the number of available nodes in the cluster. The formula Number of nodes = 2N+1, where N is the FTT, describes the relationship between available nodes in a cluster and FTT.

vSphere cluster limits

Resource Limit
Minimum number of nodes to create a private cloud (first cluster) 3
Minimum number of nodes to create a cluster 3
Maximum number of nodes per cluster 32
Maximum number of nodes per private cloud 64
Maximum number of clusters per private cloud 21

Guest operating system support

You can install a VM with any guest operating system supported by VMware for the ESXi version in your private cloud. For a list of supported guest operating systems, see the VMware Compatibility Guide for Guest OS.

VMware infrastructure maintenance

Occasionally it's necessary to make changes to the configuration of the VMware infrastructure. Currently, these intervals can occur every 1‑2 months, but the frequency is expected to decline over time. This type of maintenance can usually be done without interrupting normal usage of the services.

During a VMware maintenance interval, the following services continue to function without any effect:

  • VMware management plane and applications
  • vCenter access
  • All networking and storage
  • All cloud traffic

Updates and upgrades

Google is responsible for lifecycle management of VMware software (ESXi, vCenter, PSC, and NSX) in the private cloud.

Software updates include:

  • Patches: security patches or bug fixes released by VMware
  • Updates: minor version change of a VMware stack component
  • Upgrades: major version change of a VMware stack component

Google tests a critical security patch as soon as it becomes available from VMware. Per SLA, Google rolls out the security patch to private cloud environments within a week.

Google provides quarterly maintenance updates to VMware software components. For a new major version of VMware software version, Google works with customers to coordinate a suitable maintenance window for upgrade.

What's next