VMware Cloud Ready Framework: Identity and Access Management Services for Oracle Cloud VMware Solution

Identity and Access Management Services

On-premises or cloud native infrastructure services, such as DNS, DHCP, and authentication, can be used for Oracle Cloud VMware Solution (OCVS). 

DNS

The Oracle Cloud VMware Solution DNS is hosted by Oracle and read-only. To support the VMware SDDC post implementation and workloads local VM workloads a new DNS environment is required. There are a couple of options for where DNS services can be located to support the environment:

  1. Option 1: Build a DNS server inside or external to the SDDC.
  • If DNS server is outside of SDDC then DNS forwarding is required in NSX-T
  1. Option 2: Utilize Oracle Cloud Infrastructure Domain Name System Service
  • If DNS server is outside of SDDC then DNS forwarding is required in NSX-T
  • Connectivity Between a VCN And On-Premises Name Servers is supported

For SDDC components, Oracle Cloud VMware Solution will use a private DNS resolver in the VCN it was created in. To allow naming resolution between multiple environments, consider the following:

  • A DNS forwarder within the VCN Private DNS should be created to allow name resolution for other services in the organization’s network. Then, DNS forwarding can be made to a central DNS solution, either on-premises or a cloud-based solution.
  • To ensure the SDDC components can be resolved from outside the VCN, a DNS listener needs to be configured, or the appropriate DNS records can be created within the organization’s DNS.
  • The workloads running in the Oracle Cloud VMware Solution SDDC can be configured to use any DNS server, either statically or using DHCP.

DHCP

DHCP is a service crucial to proper operations of workloads within an Oracle Cloud VMware Solution environment. NSX-T in Oracle Cloud VMware Solution can provide DHCP services for lookup and IP address assignment. DHCP relay services can be configured as well to relay DHCP traffic to external DHCP servers. Please refer to the official VMware NSX-T documentation for more information on how to configure DHCP services on NSX-T.

Authentication Services

In vCenter, local users and group can be created, in addition to providing access to a directory service to integrate with either a local or cloud based organizational directory. To provide directory integration for NSX-T, VMware Identity Manager must be used.

 


Filter Tags

Document