VCF 4.2 and later versions support NSX Federation, which is the foundation to support a multisite dual-region deployment. It allows two separate VCF instances in data centers at two different locations in large distance regions to be connected. This connection provides for centralized management, consistent networking, and security policy configuration with enforcement and synchronized operational state. With NSX Federation, VCF can use stretched networks and unified security policies across multi-region VCF deployments, providing workload mobility and simplified disaster recovery. The deployment and configuration are done manually following prescriptive guidance in VMware VVD documentation.
The NSX Global Manager is part of multi-region deployments where NSX Federation is required. NSX Global Manager is a central component deployed as a cluster for availability and can connect multiple NSX Local Manager instances under a single global management plane. NSX Global Manager provides the user interface and the RESTful API for creating, configuring, and monitoring NSX global objects, such as global virtual network segments, and global Tier-0 and Tier-1 gateways.
Connected NSX Local Manager instances create the global objects on the underlying software-defined network that you define from NSX Global Manager. An NSX Local Manager instance in an individual region directly communicates with NSX Local Manager instances in other regions to synchronize configuration and state needed to implement a global policy.
Consider the following additional requirements for an NSX Federation deployment:
An NSX Global Manager cluster is deployed in the management WLD at region A and region B. The cluster in the second region acts as a standby and becomes active if the first region cluster fails or is lost. A cluster consists of three manager VMs. Each NSX domain that needs to be federated require an NSX Global Manager cluster deployed in the management workload at each region. The following figure shows a dual region deployment with a single NSX VI WLD. A Global Manager cluster is deployed at each location for the Mgmt WLD and the VI WLD NSX domains.
In a dual region deployment, each region has its own NSX Edge cluster. In each region, the Edge Nodes and clusters are deployed with the same design but with region-specific settings such as IP addressing, VLAN IDs, and names. Each Edge cluster is managed by the NSX Local Manager instance for that region and WLD. After a VCF deployment of the Mgmt WLD, all NSX network components will be local to the Mgmt WLD NSX instance. As part of the NSX Federation deployment, the network components are configured to span both regions. For more detail for the deployment of NSX Federation, see the VCF documentation
Region-to-region workload traffic traverses the inter-region overlay tunnels which terminate on the RTEPs on the NSX Edge Nodes. To support this inter-region communication, you must provision additional RTEP VLANs for the Edge Nodes. If the region also contains multiple availability zones, this network must be stretched across all availability zones in Region A.
The VVD routing design uses region preference for north-south traffic and does not use local-egress. All segments have a preferred and failover region for network traffic ingress and egress for that segment. This design eliminates the complexities of trying to prevent asymmetrical routing and control of local ingress at the physical network layer. For full details about the north-south routing design, see .
The NSX Global Managers are deployed manually outside of VCF. LCM of these components must be done outside of SDDC Manager because SDDC Manager has no awareness of the Global Managers. The upgrade of the NSX Global Managers must be done using the upgrade coordinator available on the Global Manager appliance. When planning an upgrade of VCF when NSX Federation has been deployed: