2V0-13.24 Plan and Design the VMware by Broadcom Solution
Plan and Design the VMware by Broadcom Solution
Detailed list of 2V0-13.24 knowledge points
Plan and Design the VMware by Broadcom Solution Detailed Explanation
Use this domain to rehearse VCF architecture planning decisions: prerequisites, management and workload network paths, management-domain resilience, VI workload-domain boundaries, NSX Edge placement, and T0/T1 routing design evidence.
Validating prerequisites for VCF deployment and design approval
Exam Radar
- Core Priority: Prerequisite validation tests whether the candidate can stop a design before automation fails on unresolved infrastructure facts.
- High Frequency: Stems mention DNS, NTP, certificates, IP pools, VLANs, MTU, host readiness, management reachability, and physical switch preparation.
- Confusion Alert: Adding more hosts or changing domain placement does not fix an unresolved name, time, or network dependency.
- Scenario Logic: Validate identity, time, reachability, and host readiness before approving bring-up or domain expansion.
- Version Delta: VCF 5.2 workflows rely on platform automation, so preflight evidence is more important than manual compensation after failure.
- Failure Trigger: Missing reverse DNS, time skew, unreachable gateways, or inconsistent MTU can surface as certificate, host commissioning, NSX, or lifecycle workflow failures.
- Operational Dependency: VCF bring-up depends on reliable management networking and host identity.
- How the Exam Asks It: The question asks what should be corrected or validated before deployment proceeds.
- How Distractors Are Designed: Wrong answers add capacity, move workloads, or tune monitoring while the prerequisite remains broken.
- Why the Correct Answer Works: The correct answer removes the dependency that would block automated platform workflows.
Practice Question: Pre-deployment checks show that ESXi host forward lookup succeeds but reverse lookup returns no record. NTP and management VLAN reachability are healthy. What should the architect require before VCF bring-up? A. Proceed because vCenter can add hosts by IP address. B. Correct DNS forward and reverse records for the hosts before platform deployment. C. Increase the management-domain host count to absorb onboarding failure. D. Move NSX Edge nodes into the future workload domain.
Correct Answer: B
Explanation: Option B is correct because VCF workflows and certificate identity depend on consistent host naming. Option A ignores an identity prerequisite. Option C adds capacity without fixing onboarding. Option D changes a later network placement decision and does not repair DNS.
Exam Takeaway: Prerequisites are architecture dependencies. DNS, NTP, host readiness, VLANs, MTU, and certificates must be proven before VCF automation can be trusted.
Atomic Deconstruction - Operational Level
VCF deployment prerequisites are design dependencies, not administrative trivia. DNS forward and reverse lookup, NTP consistency, IP pools, VLAN reachability, MTU, certificates, host readiness, and physical switch preparation all influence whether bring-up and later lifecycle workflows can trust host identity and network reachability.
The architect validates prerequisites before approval because VCF workflows automate across components. A missing PTR record, time skew, or unreachable gateway can surface later as certificate errors, host commissioning failure, NSX transport-node issues, or lifecycle workflow failure. The exam usually expects the candidate to stop at the prerequisite defect rather than compensate with unrelated capacity or placement changes.
Component Specifications
| Object | Attribute | Value Range | Default State | Dependency | Failure State |
|---|---|---|---|---|---|
| DNS forward/reverse records | Host and appliance identity | A/AAAA and PTR records for ESXi, SDDC Manager, vCenter, NSX | Customer-provided | DNS zone ownership and naming standard | Certificate, host commissioning, or workflow identity failure |
| NTP source | Time consistency for authentication and certificates | Approved enterprise NTP servers | Unset until configured | Network reachability and host/appliance configuration | Token, certificate, or log correlation errors |
| Management VLAN and gateway | Reachability for control-plane traffic | Management subnet, gateway, firewall path | Not validated by name alone | Physical switch trunks and routing | Bring-up or lifecycle workflow cannot reach endpoints |
| Host readiness | ESXi version, hardware, NICs, disks, BIOS/firmware | VCF-compatible values | Unknown until precheck | Hardware compatibility and installation standard | Host cannot be commissioned or added to domain |
| Certificate plan | Trust and replacement ownership | VMCA, enterprise CA, replacement schedule | Default or customer-defined | Identity source and operations process | Management components fail trust or compliance review |
Step-by-Step Execution Path
- Validate identity first: forward and reverse DNS for ESXi hosts and management appliances.
- Validate time next because certificate and authentication failures can masquerade as product workflow defects.
- Trace management reachability through VLAN, gateway, firewall, and routing path before discussing workload-domain buildout.
- Check host readiness against VCF compatibility and hardware expectations before accepting the bill of materials.
- Treat any missing prerequisite as a design blocker or risk item, not as something to fix by adding capacity.
Technical Chain
Prerequisite validation starts outside VCF and protects the automation that follows. DNS names identify hosts and appliances, NTP keeps certificates and authentication coherent, VLANs and gateways carry management traffic, and host readiness allows automated commissioning. If any foundational item is wrong, SDDC Manager and related workflows may fail in a way that looks like a product problem but is really an unmet design dependency.
Operational Skills Matrix
| Task | Precise Command or Path | Verification Standard |
|---|---|---|
| Validate DNS readiness | Infrastructure evidence: forward and reverse lookup for ESXi hosts, SDDC Manager, vCenter, NSX, and supporting appliances | Names resolve consistently before deployment or domain expansion |
| Validate time readiness | Infrastructure evidence: NTP source reachability and time consistency across hosts and management appliances | Time skew is within acceptable operational tolerance for authentication and certificates |
| Validate management reachability | Network evidence: management VLAN, gateway, routing, and firewall path review | Host and appliance management addresses can communicate as required |
| Review supporting evidence | Conceptual verification method: compare design decision, dependency register, and acceptance evidence | The selected object, rationale, risk treatment, and validation evidence are traceable without relying on an unverified CLI syntax |
| Check VCF inventory context | SDDC Manager UI or supported API inventory view, version-aware | The relevant domain, cluster, component, and lifecycle-managed product boundary are visible and match the design scenario |
Designing VCF network infrastructure at logical and physical layers
Exam Radar
- Core Priority: VCF network design questions test whether logical NSX intent is backed by a physical path that can actually carry the traffic.
- High Frequency: Stems mention management traffic, vMotion, vSAN, overlay TEPs, transport VLANs, edge uplinks, T0/T1 routing, DFW, MTU, gateway placement, or intermittent tenant connectivity.
- Confusion Alert: An NSX object can exist in the UI while the physical underlay still drops encapsulated packets or blocks edge routing.
- Scenario Logic: Identify the traffic class, map it to VLAN/segment and uplink, verify MTU and reachability, then inspect NSX transport or edge state.
- Version Delta: In VCF 5.2, network design must also respect SDDC Manager-managed domain boundaries and supported NSX lifecycle state.
- Failure Trigger: Missing trunk VLANs, TEP reachability gaps, MTU mismatch, incorrect uplink profile, or edge route adjacency failure can all produce similar symptoms.
- Operational Dependency: Overlay segments and north-south services depend on ESXi transport nodes, edge nodes, physical switch configuration, and routing peers.
- How the Exam Asks It: The question often asks what the architect should verify first when overlay or edge connectivity is unstable.
- How Distractors Are Designed: Strong distractors are same-domain actions such as changing DFW policy, adjusting T0 routing, or resizing edge nodes before proving transport readiness.
- Why the Correct Answer Works: The correct answer validates the lowest shared packet-path dependency before changing higher-layer network policy.
Practice Question: A VI workload domain uses NSX overlay segments. Tenant VMs on different hosts intermittently lose east-west connectivity after a physical switch change. NSX segments and DFW rules are unchanged, and edge north-south routing still works. What should the architect validate first? A. Increase NSX Edge node size because routing still works but east-west traffic is unstable. B. Verify transport VLAN trunking, TEP reachability, and end-to-end MTU on ESXi uplinks and physical switch ports. C. Recreate the tenant segment because the logical segment object may be corrupt. D. Add an allow-any DFW rule between the affected VMs to bypass policy enforcement.
Correct Answer: B
Explanation: Option B is correct because east-west overlay traffic between hosts depends on TEP reachability and underlay MTU/trunk consistency. Option A targets north-south edge capacity even though edge routing still works. Option C changes a logical object without evidence that the segment is wrong. Option D weakens security policy and ignores the physical-switch change clue.
Exam Takeaway: For network questions, trace the packet: logical segment or traffic service, VMkernel/TEP/edge object, uplink profile, VLAN or routed subnet, MTU, switch trunk, gateway, destination.
Atomic Deconstruction - Operational Level
VCF networking has two layers that must be designed together. The logical layer names the traffic and service intent: management, vMotion, vSAN, NSX overlay, edge uplinks, tenant segments, T0/T1 gateways, and external connectivity. The physical layer decides how those packets move: VLANs, routed subnets, NICs, uplink profiles, teaming policy, MTU, switch trunks, gateway placement, and failure-domain separation.
The operational point is that NSX overlay and edge services cannot compensate for an underlay that drops or fragments traffic. A TEP is the tunnel endpoint that encapsulates overlay packets on ESXi hosts or edge nodes. If TEP IP reachability, transport VLAN trunking, or MTU is wrong, tenant segments may exist in the UI while data-plane traffic fails. This is why the architect should validate the underlay before changing distributed firewall rules, storage policy, or automation catalog settings.
Physical design also has to reflect traffic behavior. vSAN is latency-sensitive storage traffic. vMotion can create bursty transfer load. NSX edge uplinks carry north-south tenant traffic and may require dedicated bandwidth and routing adjacency. Management traffic must remain reachable during maintenance and troubleshooting. The exam often tests whether the candidate can identify which traffic class is failing and then select the validation point closest to that data path.
Component Specifications
| Object | Attribute | Value Range | Default State | Dependency | Failure State |
|---|---|---|---|---|---|
| Management network | Control-plane reachability | Management VLAN/subnet, gateway, DNS, NTP, firewall path | Required before bring-up | Physical switch trunking and routing | SDDC Manager, vCenter, NSX, or ESXi management becomes unreachable |
| vSAN network | Storage data path | VMkernel adapter, VLAN, MTU, latency, host-to-host reachability | Configured per cluster design | Consistent host networking and physical underlay | Storage health alarms, resync delay, data unavailability risk |
| vMotion network | Mobility data path | VMkernel adapter, VLAN/subnet, MTU, bandwidth | Configured when mobility required | Host reachability and sufficient throughput | Migration timeout or maintenance-window breach |
| NSX host TEP | Overlay tunnel endpoint | TEP IP pool/DHCP, transport VLAN, transport zone, MTU, uplink profile | Created during transport-node preparation | ESXi uplinks and physical underlay | East-west overlay traffic fails or becomes intermittent |
| NSX Edge uplink | North-south routing path | Edge TEP, uplink VLAN, T0 gateway, route peer, BGP/static route | Active after edge and gateway configuration | Edge placement, uplink reachability, routing peer | Tenant north-south outage or asymmetric routing |
Step-by-Step Execution Path
- Identify the failing traffic class: management, vSAN, vMotion, overlay east-west, or edge north-south.
- Trace the traffic class to its logical object and physical carrier. Overlay means segment to transport zone to TEP to uplink to VLAN or routed TEP path.
- Validate the physical switch change or underlay dependency before changing DFW rules or recreating logical segments.
- Check MTU along the encapsulated path because a normal ping may pass while overlay frames fail.
- Inspect edge routing only when the symptom is north-south traffic; do not use healthy edge routing as proof that host-to-host overlay transport is healthy.
Technical Chain
A tenant frame on an NSX overlay segment is encapsulated by the source ESXi transport node and sent through a TEP over the transport network. The physical switch path must carry the transport VLAN or routed TEP network with the expected MTU to the destination transport node. If the path drops larger encapsulated frames or blocks the transport VLAN, DFW and segment objects can look healthy while east-west forwarding fails. Edge routing is a different path, so healthy north-south traffic does not prove host-to-host overlay transport is healthy.
Operational Skills Matrix
| Task | Precise Command or Path | Verification Standard |
|---|---|---|
| Validate overlay transport | NSX Manager UI/API: inspect host transport nodes, tunnel status, transport-zone membership, and TEP reachability | Affected hosts show healthy transport status for the expected overlay transport zone |
| Validate physical underlay | Network evidence: switch trunk VLANs, routed TEP path, MTU, uplink teaming, and gateway reachability | The underlay carries encapsulated overlay traffic without VLAN or MTU mismatch |
| Validate edge path separately | NSX Manager UI/API: inspect edge transport nodes, T0/T1 gateways, route peers, and uplink status | Edge health is evaluated as north-south routing evidence, not as proof of host overlay transport |
| Review supporting evidence | Conceptual verification method: compare design decision, dependency register, and acceptance evidence | The selected object, rationale, risk treatment, and validation evidence are traceable without relying on an unverified CLI syntax |
| Check VCF inventory context | SDDC Manager UI or supported API inventory view, version-aware | The relevant domain, cluster, component, and lifecycle-managed product boundary are visible and match the design scenario |
Designing the VCF management domain for platform control-plane resilience
Exam Radar
- Core Priority: Management-domain design protects the services used to operate and recover the VCF platform.
- High Frequency: Stems contrast hardware efficiency with control-plane isolation, management appliance placement, vSAN policy, backup, and monitoring requirements.
- Confusion Alert: Consolidating tenant workloads into the management domain can save hosts while weakening the recovery handle of the environment.
- Scenario Logic: Keep SDDC Manager, management vCenter, NSX management components, and operations services resilient before optimizing tenant placement.
- Version Delta: VCF 5.2 lifecycle operations depend on the health of platform-managed management services.
- Failure Trigger: Management-domain contention or poor placement can make the tools needed for repair unavailable during an incident.
- Operational Dependency: Platform inventory, lifecycle, monitoring, and orchestration depend on management-domain availability.
- How the Exam Asks It: The stem asks whether a consolidation choice or placement choice protects control-plane resilience.
- How Distractors Are Designed: Wrong options focus on workload efficiency, storage-only controls, or unrelated DNS changes.
- Why the Correct Answer Works: The correct answer keeps management services available when workload domains need operations support.
Practice Question: A customer proposes running production tenant VMs in the management domain to reduce initial hardware. The platform must still support controlled lifecycle operations and recoverability during workload incidents. What is the main architectural concern? A. Tenant workload contention can affect the management services required for inventory, lifecycle, monitoring, and recovery. B. vSAN storage policies cannot be assigned in a management-domain cluster. C. DNS reverse lookup is automatically disabled when tenant VMs run near SDDC Manager. D. NSX Edge nodes are never allowed to connect to workload domains.
Correct Answer: A
Explanation: Option A is correct because the issue is control-plane resilience and blast radius. Option B is false; storage policies still exist. Option C invents a DNS behavior. Option D is unrelated to the reason tenant workloads should not compromise management services.
Exam Takeaway: The management domain is the recovery handle for the whole platform. Do not trade it away merely to save initial host capacity unless the risk is explicit.
Atomic Deconstruction - Operational Level
The management domain is the platform's recovery handle: it contains the services used to inventory, lifecycle-manage, monitor, and coordinate the rest of the environment. Its cluster, storage, network, and appliance placement must survive the failures that the organization expects the platform to handle.
The operational decision is to protect management services from tenant workload volatility. Anti-affinity, vSAN policy, management VLAN design, backup placement, and monitoring coverage are not decorative controls; they keep the tools needed for repair available during contention, maintenance, and component failures.
Component Specifications
| Object | Attribute | Value Range | Default State | Dependency | Failure State |
|---|---|---|---|---|---|
| SDDC Manager appliance | Platform inventory and lifecycle authority | Management domain appliance | Created during bring-up | Management vCenter, DNS/NTP, network reachability | Domain workflows and upgrades cannot be coordinated |
| Management vCenter | Management cluster inventory | Management-domain clusters and appliances | Created during bring-up | ESXi hosts, vSAN, identity, network | Control-plane placement and visibility are impaired |
| Management vSAN datastore | Storage for management appliances | Policy, capacity, slack, resync health | Configured during bring-up | Host disks and vSAN network | Control-plane VM availability is threatened |
| Management network | Control-plane access path | Management VLAN, gateway, DNS, NTP, firewall policy | Required before bring-up | Physical underlay and security policy | Repair tools become unreachable during an incident |
| Management backup and monitoring | Recovery evidence for platform services | Backup schedule, alert policy, log forwarding, ownership | Undefined until operations design | Platform cannot be restored or audited predictably |
Step-by-Step Execution Path
- List the platform services that must remain available during tenant incidents: SDDC Manager, management vCenter, NSX management, operations tools, and backups.
- Evaluate whether tenant workloads would share CPU, memory, storage, or network failure domains with those services.
- Apply anti-affinity, backup, monitoring, and capacity headroom to the management appliances before optimizing tenant placement.
- Record any consolidation as a risk with recoverability and manageability impact.
- Reject answers that use tenant efficiency as the primary justification when the stem asks for control-plane resilience.
Technical Chain
The management domain hosts the platform services that coordinate the rest of VCF. When tenant workloads consume the same failure and capacity boundary, a workload incident can reduce the availability of the tools required to diagnose or repair the platform. A resilient design protects management capacity, storage, networking, backup, and monitoring so that operational control remains available during lifecycle or failure events.
Operational Skills Matrix
| Task | Precise Command or Path | Verification Standard |
|---|---|---|
| Validate management placement | SDDC Manager and vCenter inventory review: inspect management-domain clusters and platform appliances | Management services are placed in the intended protected domain |
| Validate control-plane resilience | Architecture review: inspect anti-affinity, backup, vSAN policy, management VLAN, monitoring, and capacity headroom | A single workload event does not remove access to platform repair tools |
| Review supporting evidence | Conceptual verification method: compare design decision, dependency register, and acceptance evidence | The selected object, rationale, risk treatment, and validation evidence are traceable without relying on an unverified CLI syntax |
| Check VCF inventory context | SDDC Manager UI or supported API inventory view, version-aware | The relevant domain, cluster, component, and lifecycle-managed product boundary are visible and match the design scenario |
| Validate tenant boundary | Design review: inspect workload-domain placement for production tenant VMs | Tenant workloads use appropriate VI workload domains unless an accepted exception is documented |
Designing VI workload domains and edge clusters for tenant services
Exam Radar
- Core Priority: Workload-domain and edge-cluster design determines tenant isolation, routing capacity, and north-south service behavior.
- High Frequency: Stems mention dedicated edge capacity, tenant routing, NAT, load balancing, T0/T1 topology, edge uplinks, or workload-domain lifecycle separation.
- Confusion Alert: A healthy workload cluster does not prove that edge placement, edge uplinks, or route peering can carry tenant traffic.
- Scenario Logic: Match tenant requirements to VI workload domain boundaries, NSX transport design, edge sizing, uplink profiles, and route adjacency.
- Version Delta: VCF 5.2 workload domains and NSX components should remain within supported platform lifecycle and domain design.
- Failure Trigger: Undersized edge nodes, shared uplink bottlenecks, missing route peers, or poor placement can break tenant service-level expectations.
- Operational Dependency: Tenant north-south traffic depends on edge node placement, T0/T1 design, uplinks, and external routing.
- How the Exam Asks It: The stem asks what design element supports tenant isolation or dedicated routing capacity.
- How Distractors Are Designed: Distractors improve monitoring, naming, or storage but do not provide routing isolation.
- Why the Correct Answer Works: The correct answer places the network service where tenant traffic is actually forwarded.
Practice Question: A customer requires a tenant workload domain with dedicated north-south throughput, separate maintenance windows, and routing isolation from other tenants. Which design element should receive primary attention? A. Dedicated or appropriately isolated NSX Edge cluster placement, uplink design, and T0/T1 routing for the VI workload domain. B. A longer Aria Operations metric-retention period for the shared management domain. C. A vSAN stripe-width increase for the management datastore. D. A single shared T0 gateway for all tenants with no edge-capacity reservation.
Correct Answer: A
Explanation: Option A is correct because tenant routing isolation and throughput are controlled by edge placement, uplinks, and gateway topology. Option B improves observability but not forwarding capacity. Option C affects storage behavior in the wrong domain. Option D moves in the opposite direction by increasing shared routing dependency.
Exam Takeaway: A workload domain gives tenant lifecycle and compute boundary; the edge cluster gives north-south network services. Both must match the tenant service objective.
Atomic Deconstruction - Operational Level
A VI workload domain gives application or tenant workloads their own compute, storage, lifecycle, and network design surface. NSX Edge clusters provide the north-south gateway services and routing capacity that those workloads consume. The architect must decide whether edge nodes are shared or dedicated, where they run, which uplinks they use, and how T0/T1 routing aligns with tenant boundaries.
This matters because edge placement is both a capacity decision and a failure-domain decision. An undersized or incorrectly placed edge cluster can make the workload domain look healthy while tenant routing, NAT, load balancing, or firewall enforcement fails under load.
Component Specifications
| Object | Attribute | Value Range | Default State | Dependency | Failure State |
|---|---|---|---|---|---|
| VI workload domain | Tenant/application compute boundary | Domain, cluster, vCenter, NSX association | Created after management domain | Commissioned hosts and SDDC Manager inventory | Tenant lifecycle remains coupled to wrong boundary |
| Workload cluster | Capacity and HA container | Host count, vSAN policy, DRS/HA, resource profile | Undefined until domain design | Workload sizing and failure model | Workloads cannot meet performance or availability target |
| NSX Edge cluster | North-south service capacity | Edge node form factor, placement, uplinks, HA mode | Not present until deployed | Transport nodes and physical uplinks | Routing, NAT, or load-balancing capacity is insufficient |
| T0/T1 gateway model | Tenant routing boundary | Shared or dedicated T0/T1, route advertisement, NAT/firewall | Undefined until network design | Edge cluster and route peers | Tenant isolation or route control is wrong |
| External uplink | Physical network adjacency | Uplink VLAN, BGP/static route, gateway, MTU | Customer network dependent | Physical switch and upstream router | North-south path fails despite healthy workload cluster |
Step-by-Step Execution Path
- Determine whether the tenant needs separate lifecycle, separate capacity, routing isolation, or all three.
- Place workloads in the VI workload domain that matches the operational boundary.
- Design edge nodes and uplinks from traffic profile, not from default appliance size alone.
- Map VM segment to T1, T0, edge uplink, route peer, and external network.
- Eliminate answers that improve monitoring or storage while leaving tenant routing and edge capacity undefined.
Technical Chain
A tenant workload reaches external networks through NSX gateway services hosted on edge nodes. The workload domain supplies the compute boundary, while the edge design supplies north-south forwarding, uplink connectivity, and routing adjacency. If the edge cluster is shared or undersized, the workload domain can still be healthy while tenant traffic fails to meet isolation or throughput goals.
Operational Skills Matrix
| Task | Precise Command or Path | Verification Standard |
|---|---|---|
| Validate workload-domain boundary | SDDC Manager UI/API: inspect VI workload domain, clusters, and associated NSX configuration | Tenant workloads and lifecycle scope match the intended domain |
| Validate edge design | NSX Manager UI/API: inspect edge cluster, edge nodes, uplinks, T0/T1 gateways, and route peers | Edge capacity and routing topology match tenant isolation and throughput requirements |
| Review supporting evidence | Conceptual verification method: compare design decision, dependency register, and acceptance evidence | The selected object, rationale, risk treatment, and validation evidence are traceable without relying on an unverified CLI syntax |
| Check VCF inventory context | SDDC Manager UI or supported API inventory view, version-aware | The relevant domain, cluster, component, and lifecycle-managed product boundary are visible and match the design scenario |
| Validate tenant path | Network design review: trace VM segment to T1, T0, edge uplink, and external gateway | The traffic path is complete and does not rely on an unintended shared bottleneck |
Frequently Asked Questions
What must be validated before starting a VCF deployment?
DNS, NTP, IP addressing, VLANs, MTU, host firmware, hardware compatibility, and storage readiness must be validated.
VCF bring-up is sensitive to infrastructure prerequisites. Missing DNS records, time synchronization problems, unsupported firmware, incorrect VLAN tagging, MTU mismatch, or hardware compatibility gaps can cause deployment failure or later lifecycle problems. Architects should collect evidence before installation begins. Exam scenarios often describe failed bring-up or delayed deployment when prerequisite validation was incomplete.
Demand Score: 92
Exam Relevance Score: 98
Why must logical NSX design be aligned with the physical network underlay?
Because NSX overlay services depend on the physical network correctly supporting transport, routing, MTU, and uplink requirements.
NSX can provide logical segments, routing, and edge services, but the physical network must still carry the required underlay traffic reliably. Incorrect MTU, missing VLAN trunking, weak uplink redundancy, or routing adjacency problems can break overlay communication even when the NSX design looks correct. For exam scenarios, the correct design answer usually validates both logical and physical networking instead of treating NSX as independent from the underlay.
Demand Score: 89
Exam Relevance Score: 96
Why is management domain sizing critical in a VCF design?
It ensures that platform control-plane services remain stable during normal operations, maintenance, and failure events.
The management domain must have enough CPU, memory, storage, and host capacity to run core infrastructure services reliably. Under-sizing can cause performance issues for vCenter, NSX management, SDDC Manager, monitoring tools, and other control-plane services. If these services degrade, administrators may lose the ability to manage or recover the wider platform. In exams, management domain sizing is strongly tied to availability and operational resilience.
Demand Score: 86
Exam Relevance Score: 95
What should be considered when designing VI workload domains and NSX Edge clusters?
Workload isolation, capacity, routing requirements, north-south connectivity, edge sizing, and service availability should be considered.
VI workload domains host application workloads, while NSX Edge clusters provide external connectivity and services such as routing, NAT, VPN, and load balancing. If edge nodes are undersized or poorly placed, tenant applications may experience connectivity or performance issues. The design must also account for redundancy, failure domains, and expected traffic patterns. Exam questions often use edge cluster scenarios to test both network design and workload service planning.
Demand Score: 87
Exam Relevance Score: 96
Why should lifecycle independence be addressed during VCF design planning?
Different domains may require different maintenance windows, upgrade timing, risk tolerance, or service-level expectations.
Planning lifecycle boundaries helps avoid unnecessary disruption across unrelated workloads. For example, a business-critical workload domain may need a slower upgrade cadence and stricter testing than a development domain. VCF design should align domain structure with operational ownership and business requirements. In exam scenarios, lifecycle independence often justifies separate workload domains or careful domain placement.
Demand Score: 82
Exam Relevance Score: 93
