{"id":871,"date":"2026-04-16T12:11:00","date_gmt":"2026-04-16T12:11:00","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-vmware-solution-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-compute\/"},"modified":"2026-04-16T12:11:00","modified_gmt":"2026-04-16T12:11:00","slug":"oracle-cloud-vmware-solution-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-compute","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-vmware-solution-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-compute\/","title":{"rendered":"Oracle Cloud VMware Solution Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Compute"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Compute<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>VMware Solution<\/strong> is Oracle\u2019s managed offering that lets you run a full VMware Software-Defined Data Center (SDDC) stack\u2014vSphere, vCenter, NSX, and typically vSAN\u2014on dedicated Oracle Cloud Infrastructure (OCI) bare metal.<\/p>\n\n\n\n<p>In simple terms: it\u2019s VMware in Oracle Cloud, using your familiar VMware tools and operational model, but hosted on OCI\u2019s infrastructure.<\/p>\n\n\n\n<p>Technically, VMware Solution (official product name: <strong>Oracle Cloud VMware Solution<\/strong>) provisions dedicated OCI bare metal hosts and installs\/configures VMware components into an SDDC that you administer through <strong>vCenter<\/strong> (and NSX Manager). Oracle manages the underlying OCI infrastructure and the service orchestration, while you operate the VMware layer much like you would on-prem.<\/p>\n\n\n\n<p>The core problem it solves is <strong>moving VMware workloads to the cloud without refactoring<\/strong>\u2014while keeping control over VMware networking\/security (NSX) and operations (vCenter), and integrating with OCI networking and native OCI services when needed.<\/p>\n\n\n\n<blockquote>\n<p>Naming note (important): The Oracle Cloud service is commonly referred to in Oracle documentation as <strong>Oracle Cloud VMware Solution (OCVS)<\/strong>. This tutorial uses <strong>VMware Solution<\/strong> as the primary term (as requested) and treats it as the same OCI service.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is VMware Solution?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>VMware Solution in Oracle Cloud provides a <strong>customer-managed VMware SDDC<\/strong> running on <strong>dedicated OCI bare metal<\/strong>. It is designed for lift-and-shift migrations, hybrid cloud, disaster recovery, and VMware modernization journeys where keeping VMware operational consistency matters.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provision VMware SDDCs in OCI with dedicated hosts.<\/li>\n<li>Manage VMware infrastructure using standard VMware tooling:<\/li>\n<li>vCenter Server for compute and VM lifecycle<\/li>\n<li>ESXi hosts for virtualization<\/li>\n<li>NSX (typically NSX-T) for software-defined networking and microsegmentation<\/li>\n<li>vSAN for storage (where configured), plus integration options with OCI storage depending on supported architectures<\/li>\n<li>Integrate with OCI networking (VCN, DRG, FastConnect\/VPN) to connect to on-prem and other OCI services.<\/li>\n<li>Scale by adding\/removing hosts and clusters (within service limits).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI tenancy + compartments<\/strong> (resource isolation and governance)<\/li>\n<li><strong>OCI networking<\/strong>:<\/li>\n<li>VCN, subnets, route tables, security lists\/NSGs<\/li>\n<li>DRG for connectivity to on-prem\/other networks<\/li>\n<li>FastConnect or IPSec VPN for hybrid connectivity<\/li>\n<li><strong>VMware SDDC<\/strong>:<\/li>\n<li>ESXi on OCI bare metal<\/li>\n<li>vCenter Server<\/li>\n<li>NSX Manager and NSX Edge (where applicable)<\/li>\n<li>vSAN datastore (where applicable)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Managed provisioning service<\/strong> for VMware SDDC on OCI.<\/li>\n<li>You manage the VMware layer (VMs, networks, policies).<\/li>\n<li>Oracle manages the service control plane and OCI infrastructure layer. Exact responsibility boundaries should be confirmed in the official documentation for your deployment model and support plan.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope: regional vs zonal vs account-scoped<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware Solution is provisioned <strong>inside an OCI region<\/strong> and associated with <strong>specific networking and availability constructs<\/strong> within that region.<\/li>\n<li>SDDC placement and multi-AD\/multi-fault-domain behavior depend on the region and the SDDC design you choose. <strong>Verify in official docs<\/strong> for current placement rules and HA\/FT capabilities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>VMware Solution is best understood as a <strong>hybrid\/compute<\/strong> bridge:\n&#8211; It uses <strong>OCI Compute bare metal<\/strong> as the physical substrate.\n&#8211; It attaches to <strong>OCI VCN<\/strong> for networking.\n&#8211; It can consume <strong>OCI storage and services<\/strong> (Object Storage, Block Volume, databases, observability) from VMs running in the SDDC, subject to supported networking and security design.<\/p>\n\n\n\n<p>Official entry points:\n&#8211; Product page: https:\/\/www.oracle.com\/cloud\/vmware\/\n&#8211; Documentation hub (Oracle): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/VMware\/home.htm<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use VMware Solution?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster migrations<\/strong>: move VMware workloads with minimal changes and lower project risk.<\/li>\n<li><strong>Preserve existing investments<\/strong>: keep VMware operating model, tooling, and staff skills.<\/li>\n<li><strong>Hybrid continuity<\/strong>: extend on-prem VMware environments to Oracle Cloud with consistent architecture patterns.<\/li>\n<li><strong>Data residency \/ regional needs<\/strong>: place VMware environments in OCI regions that meet organizational requirements (availability varies\u2014verify region support).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dedicated bare metal<\/strong> hosts for predictable performance and isolation.<\/li>\n<li><strong>VMware-native networking\/security<\/strong> via NSX (microsegmentation, distributed firewall, overlay networks).<\/li>\n<li><strong>VMware tooling compatibility<\/strong> for backups, DR, and operational workflows (compatibility depends on product versions and integrations\u2014verify vendor support matrices).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Consistent operations<\/strong>: vCenter workflows for provisioning, patching cadence planning, cluster operations.<\/li>\n<li><strong>Standard VM lifecycle<\/strong>: templates, clones, vMotion (capability depends on architecture).<\/li>\n<li><strong>Controlled change management<\/strong>: maintain VMware governance models while adopting cloud automation where helpful.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Isolation<\/strong>: dedicated hosts reduce noisy-neighbor concerns.<\/li>\n<li><strong>Network segmentation<\/strong>: NSX microsegmentation controls east-west traffic.<\/li>\n<li><strong>OCI governance<\/strong>: compartments, IAM policies, audit logging, tagging.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scale capacity by <strong>adding hosts<\/strong> (and potentially clusters) instead of redesigning applications.<\/li>\n<li>Use OCI\u2019s high-performance networking and bare metal capabilities (exact performance depends on the host shape and region\u2014verify in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You have significant VMware footprint and need <strong>lift-and-shift<\/strong>.<\/li>\n<li>You need <strong>hybrid<\/strong> connectivity (FastConnect\/VPN) and want VMware consistency.<\/li>\n<li>You need VMware features (NSX microsegmentation, existing VMware-based tooling) and cannot easily re-platform.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You want the lowest-cost way to run VMs in the cloud: native OCI Compute VMs are usually more cost-efficient than a full SDDC.<\/li>\n<li>Your workloads are cloud-native ready (containers, managed databases) and benefit from refactoring.<\/li>\n<li>You do not need VMware features and want to avoid VMware operational overhead.<\/li>\n<li>You need autoscaling, immutable infrastructure, or managed PaaS-first patterns that don\u2019t map cleanly to vSphere operations.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is VMware Solution used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Financial services (regulated workloads, strict segmentation)<\/li>\n<li>Healthcare (compliance-driven segmentation and audit needs)<\/li>\n<li>Retail and e-commerce (seasonal scaling with familiar ops)<\/li>\n<li>Manufacturing and supply chain (legacy ERP\/OT-adjacent systems)<\/li>\n<li>Government and public sector (data locality and controlled environments)<\/li>\n<li>SaaS providers with VMware-based internal platforms<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Infrastructure and platform teams running VMware estates<\/li>\n<li>SRE\/operations teams integrating VMware monitoring with cloud governance<\/li>\n<li>Security teams needing microsegmentation<\/li>\n<li>Migration teams running phased workload moves<\/li>\n<li>DR\/BC teams implementing pilot-light or warm standby patterns<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tier-1 enterprise apps on VMware (Windows\/Linux)<\/li>\n<li>Commercial off-the-shelf (COTS) applications certified on VMware<\/li>\n<li>Virtual desktop infrastructure (VDI) scenarios (verify vendor support)<\/li>\n<li>Middle-tier application clusters and shared services<\/li>\n<li>Backup\/restore landing zones and DR environments<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hybrid hub-and-spoke with on-prem + OCI<\/li>\n<li>Multi-tier apps with VMware for legacy tiers and OCI PaaS for new tiers<\/li>\n<li>DR site in OCI with periodic replication and failover runbooks<\/li>\n<li>Migration factory with staged moves by network segment\/app wave<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production<\/strong>: common when VMware operational consistency is required and budget supports dedicated hosts.<\/li>\n<li><strong>Dev\/test<\/strong>: used for realistic staging environments; cost discipline is essential due to host-based billing.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic use cases where VMware Solution in Oracle Cloud is a strong fit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Lift-and-shift data center exit<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Data center lease ends; dozens\/hundreds of VMs must move quickly.<\/li>\n<li><strong>Why it fits<\/strong>: Minimal refactoring; preserve VMware operations.<\/li>\n<li><strong>Scenario<\/strong>: Move 500 VMs from on-prem vSphere to VMware Solution, keep IP ranges via routed connectivity, and cut over per application wave.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Hybrid extension for burst capacity<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: On-prem clusters are near capacity during seasonal peaks.<\/li>\n<li><strong>Why it fits<\/strong>: Extend VMware capacity to OCI without redesigning apps.<\/li>\n<li><strong>Scenario<\/strong>: Add OCI SDDC capacity and migrate selected workloads for peak periods, then scale down after season (subject to minimum host constraints).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Disaster recovery (DR) site in OCI<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Secondary site is expensive; DR hardware refresh is due.<\/li>\n<li><strong>Why it fits<\/strong>: Build DR SDDC in OCI; replicate and run failover drills.<\/li>\n<li><strong>Scenario<\/strong>: Use VMware-based replication tooling to replicate critical VMs to OCI and run quarterly DR tests.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) VMware networking modernization with NSX microsegmentation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Flat networks cause lateral movement risk and audit findings.<\/li>\n<li><strong>Why it fits<\/strong>: NSX distributed firewall and segmentation are first-class in SDDC.<\/li>\n<li><strong>Scenario<\/strong>: Place regulated workloads in NSX segments with microsegmentation policies and strict egress control.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Migrate VMware workloads closer to Oracle services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Apps on VMware depend on Oracle databases; latency and network complexity are high.<\/li>\n<li><strong>Why it fits<\/strong>: Keep app tier in VMware, place DB tier on OCI services in the same region.<\/li>\n<li><strong>Scenario<\/strong>: Move app servers into VMware Solution and connect to OCI Database service over private networking.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Consolidate multi-site VMware into a single cloud region<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Multiple small VMware clusters across branches are costly and inconsistent.<\/li>\n<li><strong>Why it fits<\/strong>: Centralize into OCI SDDC with strong connectivity.<\/li>\n<li><strong>Scenario<\/strong>: Consolidate 20 branch workloads into one OCI SDDC, connect branches via VPN\/SD-WAN.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Maintain COTS vendor support requiring VMware<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Vendor only supports VMware for production deployment.<\/li>\n<li><strong>Why it fits<\/strong>: Full VMware SDDC environment meets deployment constraints.<\/li>\n<li><strong>Scenario<\/strong>: Deploy vendor application unchanged into OCI SDDC while modernizing surrounding services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) M&amp;A integration with fast workload consolidation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Two companies have separate VMware estates; need fast consolidation.<\/li>\n<li><strong>Why it fits<\/strong>: Provide a neutral landing zone in OCI.<\/li>\n<li><strong>Scenario<\/strong>: Migrate acquired company VMs to OCI SDDC and standardize security\/network policies with NSX.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Secure sandbox for malware analysis \/ isolated research<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Need isolated environment for security research and controlled testing.<\/li>\n<li><strong>Why it fits<\/strong>: Dedicated hosts + NSX microsegmentation to isolate traffic.<\/li>\n<li><strong>Scenario<\/strong>: Build an isolated SDDC segment with strict egress rules and detailed logging.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Migration factory with staging and validation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Need repeatable process for moving workloads in waves with validation gates.<\/li>\n<li><strong>Why it fits<\/strong>: VMware-native tooling for migration and rollback.<\/li>\n<li><strong>Scenario<\/strong>: Create a staging segment in OCI SDDC; validate apps, then promote to production segments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Legacy Windows application modernization in phases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Legacy apps can\u2019t be refactored quickly; still need modernization outcomes.<\/li>\n<li><strong>Why it fits<\/strong>: Host apps in VMware while modernizing databases\/CI\/CD around them.<\/li>\n<li><strong>Scenario<\/strong>: Keep legacy app servers in VMware Solution; shift logging, secrets, and monitoring to OCI-native services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Latency-sensitive workloads needing bare metal-backed virtualization<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Performance variability on shared infrastructure.<\/li>\n<li><strong>Why it fits<\/strong>: Dedicated bare metal hosts and consistent resource allocation.<\/li>\n<li><strong>Scenario<\/strong>: Run a high-throughput batch processing platform on vSphere clusters sized for peak.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Feature availability can vary by region, SDDC version, and Oracle\/VMware release updates. Always validate against the latest Oracle documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/VMware\/home.htm<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">1) Dedicated OCI bare metal hosts for ESXi<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Runs ESXi on single-tenant OCI bare metal.<\/li>\n<li><strong>Why it matters<\/strong>: Predictable performance and isolation.<\/li>\n<li><strong>Practical benefit<\/strong>: Suitable for steady enterprise workloads; easier capacity planning.<\/li>\n<li><strong>Caveats<\/strong>: Host-based billing is a major cost driver.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) VMware SDDC provisioning and lifecycle through OCI<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Creates SDDCs using OCI console\/API.<\/li>\n<li><strong>Why it matters<\/strong>: Cloud-style provisioning with governance via compartments and IAM.<\/li>\n<li><strong>Practical benefit<\/strong>: Repeatable deployments across environments.<\/li>\n<li><strong>Caveats<\/strong>: Provisioning is not instant; network prerequisites must be correct.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) vCenter Server access and VMware-native operations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: You manage clusters, hosts, VMs via vCenter.<\/li>\n<li><strong>Why it matters<\/strong>: Minimal retraining and consistent runbooks.<\/li>\n<li><strong>Practical benefit<\/strong>: Existing VMware admins can operate cloud SDDCs.<\/li>\n<li><strong>Caveats<\/strong>: You still own VMware operational discipline (patching strategy, RBAC, monitoring).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) NSX software-defined networking (SDN)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides overlay networking, distributed firewall, logical segments.<\/li>\n<li><strong>Why it matters<\/strong>: Strong east-west segmentation and flexible networking.<\/li>\n<li><strong>Practical benefit<\/strong>: Microsegmentation and consistent policy-driven network controls.<\/li>\n<li><strong>Caveats<\/strong>: NSX learning curve; careful integration with OCI routing and security.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Hybrid connectivity: FastConnect and IPSec VPN (via OCI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Connects on-prem networks to OCI VCN\/SDDC.<\/li>\n<li><strong>Why it matters<\/strong>: Enables hybrid migrations and shared services.<\/li>\n<li><strong>Practical benefit<\/strong>: Stable, private connectivity for vMotion\/migration patterns (design-dependent).<\/li>\n<li><strong>Caveats<\/strong>: FastConnect and DRG add cost and design complexity; route control is critical.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Integration with OCI Virtual Cloud Network (VCN)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: SDDC attaches to an OCI VCN for north-south connectivity.<\/li>\n<li><strong>Why it matters<\/strong>: Enables private access to OCI services and other VCNs (with routing).<\/li>\n<li><strong>Practical benefit<\/strong>: VMs can consume OCI services over private IPs where supported.<\/li>\n<li><strong>Caveats<\/strong>: CIDR planning is non-negotiable; overlapping ranges will block connectivity designs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Scaling by adding hosts (and potentially clusters)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Increase SDDC capacity by adding ESXi hosts.<\/li>\n<li><strong>Why it matters<\/strong>: Matches VMware operational model.<\/li>\n<li><strong>Practical benefit<\/strong>: Scale without re-architecting apps.<\/li>\n<li><strong>Caveats<\/strong>: Scaling is not elastic like autoscaling groups; host add\/remove takes time and may have minimums.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) VMware storage (commonly vSAN) depending on configuration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides shared datastore across hosts.<\/li>\n<li><strong>Why it matters<\/strong>: Enables HA features and VM mobility.<\/li>\n<li><strong>Practical benefit<\/strong>: Familiar VMware storage operations.<\/li>\n<li><strong>Caveats<\/strong>: vSAN has minimum host requirements for certain resilience levels; verify supported designs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Programmatic management (API\/SDK\/CLI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Automates SDDC provisioning and some lifecycle actions via OCI APIs.<\/li>\n<li><strong>Why it matters<\/strong>: Enables Infrastructure as Code and repeatable environments.<\/li>\n<li><strong>Practical benefit<\/strong>: Integrate into CI\/CD for platform provisioning.<\/li>\n<li><strong>Caveats<\/strong>: Not all VMware-layer tasks are exposed through OCI APIs; you still use VMware APIs\/tools for many operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) OCI governance: compartments, tags, audit events<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Applies OCI governance controls to SDDC resources.<\/li>\n<li><strong>Why it matters<\/strong>: Enterprise-grade control for access, cost allocation, and auditing.<\/li>\n<li><strong>Practical benefit<\/strong>: Clear ownership and lifecycle management.<\/li>\n<li><strong>Caveats<\/strong>: You must also implement governance inside VMware (vCenter roles, NSX roles, naming).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level service architecture<\/h3>\n\n\n\n<p>At a high level:\n1. You create required OCI networking (VCN\/subnets\/route tables) and policies.\n2. You provision an SDDC using VMware Solution.\n3. OCI allocates dedicated bare metal hosts and deploys VMware components.\n4. You access vCenter\/NSX Manager (typically via private networking and a bastion\/jump host).\n5. You create NSX segments, deploy VMs, and integrate with on-prem\/OCI networks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Control flow vs data flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control plane (OCI)<\/strong>: provisioning, metadata, lifecycle actions for the SDDC resource.<\/li>\n<li><strong>Management plane (VMware)<\/strong>: vCenter\/NSX Manager; you control clusters, VMs, networking policies.<\/li>\n<li><strong>Data plane<\/strong>: VM traffic within NSX segments and north-south routing to OCI VCN\/on-prem.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related OCI services<\/h3>\n\n\n\n<p>Common integrations (design-dependent):\n&#8211; <strong>VCN\/Subnets\/Route Tables<\/strong> for network placement and routing\n&#8211; <strong>DRG<\/strong> for on-prem connectivity and VCN-to-VCN routing\n&#8211; <strong>FastConnect<\/strong> or <strong>IPSec VPN<\/strong> for hybrid connectivity\n&#8211; <strong>OCI Bastion<\/strong> (or a hardened jump host) for private access to management endpoints\n&#8211; <strong>OCI Monitoring\/Logging\/Audit<\/strong> for governance and operational visibility (VMware metrics\/logs are still primarily in VMware tooling unless you forward\/export them)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI <strong>Identity and Access Management<\/strong><\/li>\n<li>OCI <strong>Networking<\/strong><\/li>\n<li>OCI <strong>Compute<\/strong> (bare metal under the hood)<\/li>\n<li>Optional: <strong>FastConnect<\/strong>, <strong>Bastion<\/strong>, <strong>Object Storage<\/strong>, <strong>Block Volume<\/strong>, <strong>Vault<\/strong>, <strong>Logging<\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI IAM<\/strong> controls who can create\/modify SDDCs and networking.<\/li>\n<li><strong>VMware identity<\/strong> (vCenter SSO and NSX RBAC) controls who can operate the SDDC.<\/li>\n<li>Best practice is to restrict management endpoints to private networks and require bastion-based access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI VCN provides the cloud network container.<\/li>\n<li>VMware Solution uses multiple subnets\/VLAN constructs for management and VMware traffic types (exact set depends on the service version and design\u2014verify in docs).<\/li>\n<li>NSX provides overlay networks (segments) for VM networks.<\/li>\n<li>Routing between on-prem and VM segments is typically handled via NSX Edge + OCI routing (design varies).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI <strong>Audit<\/strong> records OCI API events (who created\/modified SDDC resources).<\/li>\n<li>OCI <strong>Logging\/Monitoring<\/strong> helps observe OCI network and infrastructure components.<\/li>\n<li>vCenter\/NSX provide VMware-layer events, alarms, and logs.<\/li>\n<li>For centralized observability, forward VMware logs to a SIEM\/log platform (verify supported collectors and network paths).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (conceptual)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  User[Admin workstation] --&gt;|VPN\/Bastion| Bastion[OCI Bastion or Jump Host]\n  Bastion --&gt; VC[vCenter Server]\n  Bastion --&gt; NSX[NSX Manager]\n\n  subgraph OCI[Oracle Cloud (OCI Region)]\n    subgraph VCN[VCN]\n      VC\n      NSX\n      SDDC[VMware Solution SDDC&lt;br\/&gt;ESXi + NSX + (vSAN)]\n      VC --- SDDC\n      NSX --- SDDC\n    end\n  end\n\n  SDDC --&gt;|VM traffic| OCI_SVC[OCI Services&lt;br\/&gt;Object Storage\/DB\/etc.]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (hybrid + segmented)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph OnPrem[On-Prem Data Center]\n    OPvCenter[vCenter\/VMware]\n    Apps[App VLANs]\n    Users[Corporate Users]\n  end\n\n  subgraph Connectivity[Connectivity]\n    FC[FastConnect or IPSec VPN]\n    DRG[Dynamic Routing Gateway (DRG)]\n  end\n\n  subgraph OCI[Oracle Cloud (OCI Region)]\n    subgraph HubVCN[Hub VCN]\n      FW[Network Firewall \/ Security Controls&lt;br\/&gt;(optional)]\n      Shared[Shared Services Subnets&lt;br\/&gt;DNS\/AD\/Logging]\n    end\n\n    subgraph SDDCVCN[SDDC VCN]\n      OCVS[VMware Solution SDDC&lt;br\/&gt;ESXi Hosts + vCenter + NSX]\n      Mgmt[Management Subnets]\n      Edge[NSX Edge Uplinks]\n      Segs[NSX Segments&lt;br\/&gt;Prod \/ Dev \/ DMZ]\n      Mgmt --- OCVS\n      Edge --- OCVS\n      Segs --- OCVS\n    end\n\n    subgraph NativeOCI[Native OCI Services]\n      Obj[Object Storage]\n      DB[Database Services]\n      Mon[Monitoring\/Logging\/Audit]\n    end\n  end\n\n  Users --&gt; OPvCenter\n  Apps --&gt; FC\n  FC --&gt; DRG\n  DRG --&gt; HubVCN\n  HubVCN --&gt; SDDCVCN\n  SDDCVCN --&gt; NativeOCI\n  OCVS --&gt; DB\n  OCVS --&gt; Obj\n  OCVS --&gt; Mon\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Account\/tenancy requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud (OCI) tenancy<\/strong> with billing enabled.<\/li>\n<li>Ability to create networking resources and VMware Solution resources in a compartment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>At minimum, you need permissions to manage:\n&#8211; VMware Solution (OCVS) resources\n&#8211; VCN\/networking resources (VCN, subnets, route tables, gateways)\n&#8211; (Optional) Bastion, Vault, Logging, FastConnect\/DRG resources<\/p>\n\n\n\n<p>OCI IAM is policy-based. Example policy patterns (validate exact verbs\/resource families in official docs):\n&#8211; <code>allow group &lt;group&gt; to manage ocvs-family in compartment &lt;compartment&gt;<\/code>\n&#8211; <code>allow group &lt;group&gt; to manage virtual-network-family in compartment &lt;compartment&gt;<\/code>\n&#8211; <code>allow group &lt;group&gt; to manage bastion-family in compartment &lt;compartment&gt;<\/code> (if using OCI Bastion)<\/p>\n\n\n\n<blockquote>\n<p>Verify exact policy syntax and resource family names in OCI IAM documentation:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware Solution uses <strong>dedicated hosts<\/strong> and is typically <strong>not \u201cfree tier\u201d<\/strong>.<\/li>\n<li>Ensure your tenancy has spending limits\/alerts configured.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed<\/h3>\n\n\n\n<p>For this tutorial, the OCI Console is sufficient.\nOptional tools:\n&#8211; <strong>OCI CLI<\/strong>: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm\n&#8211; <strong>SSH client<\/strong> (OpenSSH) if using a jump host\n&#8211; <strong>VMware vSphere Client<\/strong> (web-based) access via browser\n&#8211; Network tools for validation: <code>ping<\/code>, <code>traceroute<\/code>, <code>curl<\/code>, <code>nc<\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware Solution is <strong>not available in every OCI region<\/strong>.<\/li>\n<li>Check availability in the console region selector and the official product\/region documentation.<\/li>\n<li>Region-specific constraints (shapes, host types, minimums) may apply.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You may need <strong>service limits<\/strong> for bare metal hosts and VMware Solution resources.<\/li>\n<li>Check <strong>Limits, Quotas and Usage<\/strong> in OCI and request increases ahead of time.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<p>Common prerequisites:\n&#8211; VCN and subnets prepared for the SDDC\n&#8211; DRG if connecting to on-prem or other VCNs\n&#8211; Bastion or jump host for secure management access<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<blockquote>\n<p>Do not rely on static numbers in blog posts for VMware Solution. Pricing varies by region, host shape\/SKU, term\/commit, and sometimes negotiated enterprise agreements. Always confirm using Oracle\u2019s official pricing pages and calculator.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Current pricing model (how it is typically structured)<\/h3>\n\n\n\n<p>VMware Solution costs are primarily driven by:\n1. <strong>SDDC hosts<\/strong> (dedicated bare metal capacity running ESXi)\n   &#8211; Charged per host based on the underlying OCI bare metal shape and the VMware license bundle included.\n2. <strong>Optional connectivity<\/strong> (FastConnect, DRG attachments, VPN, data transfer where applicable)\n3. <strong>Storage<\/strong> beyond what is included in the host configuration (depends on design)\n4. <strong>Outbound data transfer<\/strong> (internet egress) and interconnect-related charges depending on your network path\n5. <strong>Operational tooling<\/strong> you add (SIEM, backup storage targets, monitoring platforms)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Official pricing sources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware Solution pricing page (Oracle): https:\/\/www.oracle.com\/cloud\/compute\/vmware\/pricing\/ (verify if URL redirects in your region)<\/li>\n<li>OCI pricing overview: https:\/\/www.oracle.com\/cloud\/pricing\/<\/li>\n<li>OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions to understand<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Dimension<\/th>\n<th>What it means<\/th>\n<th>Why it matters<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Host count<\/td>\n<td>Number of ESXi hosts in the SDDC<\/td>\n<td>Biggest cost lever<\/td>\n<\/tr>\n<tr>\n<td>Host shape<\/td>\n<td>CPU\/RAM\/storage profile of bare metal<\/td>\n<td>Performance and cost<\/td>\n<\/tr>\n<tr>\n<td>Always-on vs temporary<\/td>\n<td>Whether you keep SDDC running 24\/7<\/td>\n<td>Determines monthly burn<\/td>\n<\/tr>\n<tr>\n<td>Connectivity<\/td>\n<td>FastConnect\/VPN\/DRG<\/td>\n<td>Adds recurring costs and complexity<\/td>\n<\/tr>\n<tr>\n<td>Data egress<\/td>\n<td>Outbound traffic to internet\/other regions<\/td>\n<td>Can become material in prod<\/td>\n<\/tr>\n<tr>\n<td>Backup\/DR storage<\/td>\n<td>Object Storage \/ block volumes \/ replication<\/td>\n<td>Often overlooked<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware Solution is generally <strong>not part of OCI Always Free<\/strong>.<\/li>\n<li>Some supporting services (like limited Object Storage or monitoring) may have free allocations, but they won\u2019t offset SDDC host costs meaningfully.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers (direct + indirect)<\/h3>\n\n\n\n<p><strong>Direct<\/strong>\n&#8211; Number of hosts and their shape\n&#8211; Any add-on services required for connectivity and routing<\/p>\n\n\n\n<p><strong>Indirect<\/strong>\n&#8211; Jump hosts\/bastions and their networking\n&#8211; Backup repositories and retention\n&#8211; Logging retention and SIEM ingestion\n&#8211; DR test environments (duplicate SDDCs)\n&#8211; IP addressing and network appliances (if you adopt a hub-and-spoke design)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Internet egress<\/strong> is often the surprise cost in cloud environments.<\/li>\n<li>Hybrid traffic over FastConnect\/VPN may have different cost characteristics than internet egress; confirm with Oracle pricing and your network design.<\/li>\n<li>Cross-region replication (if used) can add data transfer charges.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical levers)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size host count; avoid over-provisioning \u201cjust in case.\u201d<\/li>\n<li>Use clear environment separation:<\/li>\n<li>Production SDDC: always-on<\/li>\n<li>Non-prod SDDC: scheduled uptime windows (if operationally feasible)<\/li>\n<li>Use tagging and budgets to attribute costs by app\/team.<\/li>\n<li>Prefer private connectivity patterns for predictable network behavior and to reduce unintended egress (confirm cost model).<\/li>\n<li>For DR:<\/li>\n<li>Consider <strong>pilot light<\/strong> patterns where supported (reduced capacity until failover) \u2014 verify minimum host constraints and supported DR tooling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (model, not numbers)<\/h3>\n\n\n\n<p>A realistic \u201cstarter\u201d model to estimate:\n&#8211; 1 SDDC with the <strong>minimum supported host count<\/strong> for your design\n&#8211; Basic VCN + subnets\n&#8211; A bastion\/jump host\n&#8211; Minimal object storage for ISO\/tools\/log export\nThen calculate:\n&#8211; <code>host hourly rate * hours per month * number of hosts<\/code>\n&#8211; plus networking and storage costs<\/p>\n\n\n\n<p>Because host pricing is the dominant factor, even a minimal SDDC can be significant. Use the official cost estimator and confirm minimum host requirements for the topology you choose.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>For production, expect:\n&#8211; More hosts for capacity and HA requirements\n&#8211; Dedicated connectivity (FastConnect)\n&#8211; Centralized logging\/SIEM and longer retention\n&#8211; Backup and DR storage with multi-week retention\n&#8211; Separate non-prod SDDC(s) or at least isolated segments<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab focuses on a <strong>real, minimal workflow<\/strong>: prepare OCI networking, provision a VMware Solution SDDC, and securely access vCenter to validate the environment.<\/p>\n\n\n\n<blockquote>\n<p>Cost warning: Provisioning an SDDC can incur substantial charges because it uses dedicated hosts. If you want a no-cost guided experience, consider Oracle LiveLabs for VMware Solution (when available) and follow the \u201cGreen Button\u201d lab option. Official LiveLabs catalog: https:\/\/livelabs.oracle.com\/<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Provision a VMware Solution SDDC in Oracle Cloud and verify access to vCenter through a secure access path.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Create a compartment and basic IAM policy (if needed).\n2. Create a VCN and required subnets for VMware Solution.\n3. Provision an SDDC (minimum footprint for a lab).\n4. Create a secure access path (OCI Bastion or a jump host).\n5. Validate the SDDC: state, vCenter login, and host visibility.\n6. Clean up all resources to stop billing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Prepare a compartment and tags (governance first)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the OCI Console, open <strong>Identity &amp; Security \u2192 Compartments<\/strong>.<\/li>\n<li>Create a compartment, for example:\n   &#8211; Name: <code>vmware-solution-lab<\/code>\n   &#8211; Description: <code>VMware Solution tutorial lab<\/code><\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A dedicated compartment to contain and clean up all lab resources safely.<\/p>\n\n\n\n<p>Optional but recommended:\n&#8211; Define tags (e.g., <code>CostCenter=Lab<\/code>, <code>Owner=&lt;name&gt;<\/code>, <code>DeleteBy=&lt;date&gt;<\/code>) using <strong>Governance &amp; Administration \u2192 Tag Namespaces<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Confirm limits and region availability<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Choose an OCI region where VMware Solution is available (use the region selector).<\/li>\n<li>Navigate to <strong>Governance &amp; Administration \u2192 Limits, Quotas and Usage<\/strong>.<\/li>\n<li>Check for:\n   &#8211; Bare metal host limits (relevant shapes)\n   &#8211; VMware Solution\/OCVS-related limits (resource availability depends on OCI\u2019s current limit taxonomy\u2014search for \u201cVMware\u201d or \u201cOCVS\u201d)<\/li>\n<li>If limits are too low, request an increase before proceeding.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You confirm you can actually provision the required host capacity.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a VCN for the SDDC<\/h3>\n\n\n\n<p>VMware Solution requires a carefully planned network. The OCI wizard typically asks you to supply a VCN and multiple subnets for different traffic types.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Networking \u2192 Virtual Cloud Networks<\/strong>.<\/li>\n<li>Click <strong>Create VCN<\/strong>.<\/li>\n<li>\n<p>Choose:\n   &#8211; Name: <code>ocvs-vcn-lab<\/code>\n   &#8211; Compartment: <code>vmware-solution-lab<\/code>\n   &#8211; CIDR block: pick a non-overlapping range, for example <code>10.50.0.0\/16<\/code><br\/>\n     (Do <strong>not<\/strong> overlap with on-prem networks you\u2019ll connect later.)<\/p>\n<\/li>\n<li>\n<p>Create the VCN.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A VCN exists with a CIDR range reserved for VMware Solution.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Create required subnets (management + uplinks)<\/h3>\n\n\n\n<p>VMware Solution commonly uses separate subnets for management and NSX uplinks. Exact subnet requirements can change by service version and deployment type.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In your VCN, create the subnets required by the VMware Solution SDDC creation wizard.<\/li>\n<li>Use <strong>private subnets<\/strong> for management components whenever possible.<\/li>\n<li>Allocate CIDRs with room to grow.<\/li>\n<\/ol>\n\n\n\n<p>A practical lab approach is:\n&#8211; Management subnet (private): <code>10.50.10.0\/24<\/code>\n&#8211; NSX Edge uplink subnet(s): <code>10.50.20.0\/24<\/code> (and a second uplink subnet if required)\n&#8211; Additional subnets required by the wizard (vMotion\/vSAN\/replication\/provisioning) with <code>\/24<\/code> or as recommended<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; All required subnets exist and are empty (no overlapping CIDRs).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Ensure the subnets are in the same VCN and compartment.\n&#8211; Confirm route tables\/security lists exist (default is okay for a lab, but you will tighten later).<\/p>\n\n\n\n<blockquote>\n<p>Tip: Because exact subnet requirements can vary, use the console\u2019s VMware Solution creation flow to see the currently required set, then come back to networking to create any missing subnets. Do not invent subnet types\u2014follow the wizard and official docs.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Provision the VMware Solution SDDC<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the OCI Console, use the top search bar and search for <strong>\u201cVMware Solution\u201d<\/strong>.<\/li>\n<li>Open the VMware Solution service.<\/li>\n<li>Click <strong>Create SDDC<\/strong> (naming may vary slightly; follow the console).<\/li>\n<\/ol>\n\n\n\n<p>Provide:\n&#8211; Compartment: <code>vmware-solution-lab<\/code>\n&#8211; SDDC name: <code>ocvs-sddc-lab<\/code>\n&#8211; VCN: <code>ocvs-vcn-lab<\/code>\n&#8211; Subnets: select the subnets you created for management and uplinks (and others required)\n&#8211; Host shape and host count:\n  &#8211; Choose the smallest supported host profile for a lab.\n  &#8211; Minimum host count depends on architecture and VMware requirements. <strong>Verify in official docs and the console wizard<\/strong>.<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Start provisioning.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The SDDC enters a provisioning state and eventually becomes <strong>Active<\/strong> (wording may differ, e.g., \u201cSucceeded\u201d).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; In the SDDC details page, confirm:\n  &#8211; Lifecycle state is Active\/Available\n  &#8211; vCenter\/NSX Manager endpoints are listed\n  &#8211; OCIDs and networking attachments appear healthy<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Create secure admin access (Bastion or jump host)<\/h3>\n\n\n\n<p>Your SDDC management endpoints should typically not be exposed publicly. The two common patterns are:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Option A (recommended): OCI Bastion<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Identity &amp; Security \u2192 Bastion<\/strong>.<\/li>\n<li>Create a Bastion in the same compartment and VCN.<\/li>\n<li>Choose the Bastion type that supports your access method (SSH port forwarding is common).<\/li>\n<li>Create a bastion session to reach:\n   &#8211; vCenter private IP \/ hostname\n   &#8211; NSX Manager private IP \/ hostname<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You have an auditable, time-limited access path without a permanently running jump server.<\/p>\n\n\n\n<blockquote>\n<p>Bastion capabilities and exact steps depend on OCI Bastion features. Follow the official OCI Bastion docs:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Bastion\/home.htm<\/p>\n<\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\">Option B: Hardened jump host (lab-friendly but operationally heavier)<\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create a small OCI Compute VM in a <strong>private subnet<\/strong> in the same VCN.<\/li>\n<li>Allow SSH only from your IP (or from a VPN).<\/li>\n<li>SSH into the jump host, then access vCenter\/NSX internally.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You can access management endpoints without exposing them publicly.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Log in to vCenter and validate SDDC health<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p>From your workstation, establish access:\n   &#8211; Bastion port-forwarding to vCenter, or\n   &#8211; SSH to jump host and use a browser from a secure path (often via tunneled access)<\/p>\n<\/li>\n<li>\n<p>Open the vCenter URL from the SDDC details page (often a private endpoint).<\/p>\n<\/li>\n<li>Log in with the credentials provided during provisioning (or retrieved securely from OCI\/your secret store, depending on the setup).<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; vCenter loads successfully and shows:\n  &#8211; Datacenter\n  &#8211; Cluster\n  &#8211; ESXi host(s)\n  &#8211; Datastores and networking constructs<\/p>\n\n\n\n<p><strong>Verification checks (quick)<\/strong>\n&#8211; vCenter \u2192 Hosts and Clusters: hosts are connected, no critical alarms.\n&#8211; vCenter \u2192 Storage: datastores visible (vSAN or other configured datastore).\n&#8211; vCenter \u2192 Networking: port groups\/segments appear as expected.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist to confirm your lab is complete:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[ ] SDDC lifecycle state is Active\/Available in OCI Console<\/li>\n<li>[ ] vCenter is reachable via Bastion\/jump host (not public)<\/li>\n<li>[ ] You can authenticate to vCenter<\/li>\n<li>[ ] ESXi hosts show \u201cConnected\u201d<\/li>\n<li>[ ] Datastores are present and healthy<\/li>\n<li>[ ] You can view NSX Manager endpoint (optional validation)<\/li>\n<\/ul>\n\n\n\n<p>If any of these fail, use the troubleshooting section below.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: SDDC provisioning fails or stalls<\/h4>\n\n\n\n<p>Common causes:\n&#8211; Insufficient host capacity in the region (try another region or request capacity).\n&#8211; Quota\/limit issues for bare metal hosts.\n&#8211; Incorrect subnet selections or overlapping CIDRs.\nActions:\n&#8211; Check the SDDC work request \/ activity logs in OCI Console.\n&#8211; Validate limits in <strong>Limits, Quotas and Usage<\/strong>.\n&#8211; Validate subnets and route tables match the wizard requirements.\n&#8211; If the error message is unclear, cross-check with official troubleshooting docs for VMware Solution (verify in docs).<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Cannot reach vCenter\/NSX endpoints<\/h4>\n\n\n\n<p>Common causes:\n&#8211; No route from your access point to the management subnet.\n&#8211; Security lists\/NSGs block required ports.\n&#8211; Bastion session not configured for correct target\/port.\nActions:\n&#8211; Confirm your Bastion\/jump host is in the same VCN and can route to management subnet.\n&#8211; Temporarily test connectivity from the jump host:\n  <code>bash\n  # from jump host\n  nc -vz &lt;vcenter-ip&gt; 443\n  nc -vz &lt;nsx-ip&gt; 443<\/code>\n&#8211; Review NSGs\/security lists applied to the management subnet.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Authentication fails<\/h4>\n\n\n\n<p>Common causes:\n&#8211; Wrong username format (vCenter SSO domain vs local user).\n&#8211; Password copied incorrectly.\nActions:\n&#8211; Re-check provisioning outputs and credential storage.\n&#8211; Confirm you\u2019re using the correct vCenter SSO domain and account.\n&#8211; If using stored secrets, confirm you retrieved the latest value.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: DNS name doesn\u2019t resolve<\/h4>\n\n\n\n<p>Actions:\n&#8211; Use IP address temporarily to test.\n&#8211; Ensure VCN DNS settings and resolvers are configured appropriately.\n&#8211; In hybrid scenarios, confirm DNS forwarding between on-prem and OCI.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To stop billing, delete resources in the right order.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Delete the SDDC<\/strong> from VMware Solution.\n   &#8211; This is the biggest cost item. Confirm deletion completes.<\/li>\n<li>Delete any <strong>Bastion sessions<\/strong> and then the <strong>Bastion<\/strong>.<\/li>\n<li>Terminate the <strong>jump host<\/strong> (if created).<\/li>\n<li>Delete VCN resources:\n   &#8211; Subnets\n   &#8211; Route tables, gateways (if created)\n   &#8211; Finally delete the VCN<\/li>\n<li>Remove any Object Storage buckets or block volumes created for the lab.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; No running SDDC hosts remain, and the compartment is empty (or only contains intentionally retained governance objects like tags).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Design <strong>CIDR ranges<\/strong> early and avoid overlap with on-prem and other VCNs.<\/li>\n<li>Use a <strong>hub-and-spoke<\/strong> approach for larger environments:<\/li>\n<li>Hub VCN: shared services, inspection, connectivity<\/li>\n<li>SDDC VCN: VMware Solution attachment and NSX edge uplinks<\/li>\n<li>Keep a clear boundary between:<\/li>\n<li>OCI routing\/security controls (north-south, VCN-level)<\/li>\n<li>NSX segmentation (east-west, workload-level)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use least privilege:<\/li>\n<li>Separate \u201cplatform provisioning\u201d (OCI IAM) from \u201cVMware operations\u201d (vCenter\/NSX RBAC).<\/li>\n<li>Require MFA for administrators and integrate with your identity provider where supported (verify integration options).<\/li>\n<li>Store credentials in a secure vault (OCI Vault or equivalent); avoid sharing credentials in tickets\/docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat host count as a committed spend:<\/li>\n<li>Use budgets and alerts.<\/li>\n<li>Tag SDDCs, hosts, and related network resources for cost allocation.<\/li>\n<li>Separate non-prod and prod; don\u2019t keep non-prod SDDCs running 24\/7 unless required.<\/li>\n<li>Plan DR carefully to avoid paying for a full duplicate environment when a smaller footprint meets requirements (subject to minimum host constraints).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Choose host shapes based on workload profiles (CPU\/memory\/storage IO).<\/li>\n<li>Avoid oversubscription assumptions that work on-prem but fail in cloud (validate performance baselines).<\/li>\n<li>Keep latency-sensitive tiers close:<\/li>\n<li>Place dependent services in the same region\/VCN when possible.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define RTO\/RPO and implement a tested DR pattern.<\/li>\n<li>Implement monitoring at both layers:<\/li>\n<li>VMware alarms\/health<\/li>\n<li>OCI network health and audits<\/li>\n<li>Document runbooks for host expansion, incident response, and network changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use change windows for network\/routing changes affecting the SDDC.<\/li>\n<li>Standardize naming:<\/li>\n<li>SDDCs, clusters, segments, security groups<\/li>\n<li>Document ownership:<\/li>\n<li>OCI network team vs VMware team responsibilities<\/li>\n<li>Regularly review:<\/li>\n<li>vCenter roles\/users<\/li>\n<li>NSX policies<\/li>\n<li>OCI IAM policies and group membership<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Compartment strategy:<\/li>\n<li><code>prod\/<\/code>, <code>nonprod\/<\/code>, <code>shared\/<\/code> compartments<\/li>\n<li>Tag everything:<\/li>\n<li><code>Environment<\/code>, <code>Owner<\/code>, <code>CostCenter<\/code>, <code>App<\/code>, <code>DataClassification<\/code><\/li>\n<li>Keep a CMDB-style record of:<\/li>\n<li>SDDC OCID<\/li>\n<li>VCN\/subnet CIDRs<\/li>\n<li>Connectivity (DRG attachments, FastConnect circuit IDs)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI IAM<\/strong> governs creation and modification of VMware Solution resources and networking.<\/li>\n<li><strong>vCenter SSO + RBAC<\/strong> controls VMware operations:<\/li>\n<li>VM lifecycle<\/li>\n<li>Host\/cluster configuration<\/li>\n<li><strong>NSX RBAC<\/strong> governs network security policies, firewall rules, and segment operations.<\/li>\n<\/ul>\n\n\n\n<p>Recommendations:\n&#8211; Do not use shared admin accounts.\n&#8211; Use role-based groups for:\n  &#8211; Platform engineers (OCI provisioning)\n  &#8211; VMware admins (vCenter)\n  &#8211; Network\/security admins (NSX)\n&#8211; Enable audit logging and review administrative actions regularly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware encryption features (VM encryption, vSAN encryption) depend on your VMware design and KMS integration capabilities\u2014<strong>verify supported options<\/strong>.<\/li>\n<li>OCI provides encryption at rest for many services by default (Object Storage, Block Volume), but you must design key management (Oracle-managed keys vs customer-managed keys in OCI Vault).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep vCenter and NSX Manager on private IPs.<\/li>\n<li>Use OCI Bastion or private access paths.<\/li>\n<li>Restrict inbound management ports:<\/li>\n<li>Apply NSGs\/security lists with narrow source ranges.<\/li>\n<li>For internet-facing workloads, use layered controls (WAF\/LB\/firewalls) and avoid direct exposure from management networks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Store SDDC credentials and API tokens in a secure system (OCI Vault or enterprise secrets manager).<\/li>\n<li>Rotate credentials and immediately revoke access when staff changes occur.<\/li>\n<li>Avoid embedding secrets in IaC repos.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use OCI <strong>Audit<\/strong> for OCI actions.<\/li>\n<li>Export VMware logs (vCenter\/NSX) to a central log platform where feasible.<\/li>\n<li>Ensure time synchronization across VMware and OCI components for forensics.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Map controls across two layers:<\/li>\n<li>OCI controls (IAM, network, audit)<\/li>\n<li>VMware controls (RBAC, segmentation, logging)<\/li>\n<li>Ensure your compliance team understands the shared responsibility model for VMware Solution.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Exposing vCenter publicly.<\/li>\n<li>Flat NSX segments with no east-west controls.<\/li>\n<li>Overly permissive OCI security lists (<code>0.0.0.0\/0<\/code> inbound).<\/li>\n<li>No MFA on admin accounts.<\/li>\n<li>No documented ownership boundaries between cloud and VMware admins.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Private management endpoints + Bastion.<\/li>\n<li>NSX microsegmentation for regulated workloads.<\/li>\n<li>Central logging and alerting.<\/li>\n<li>Regular access reviews and policy validation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<blockquote>\n<p>This section highlights common real-world constraints. Validate current limits and feature availability in official docs for your region and SDDC version.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations \/ constraints (typical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Minimum host counts<\/strong>: Some designs require multiple hosts (especially for vSAN resilience). The minimum may vary by architecture and current service capabilities\u2014<strong>verify in official docs<\/strong>.<\/li>\n<li><strong>Regional availability<\/strong>: Not all OCI regions support VMware Solution or the same host shapes.<\/li>\n<li><strong>Provisioning time<\/strong>: SDDC creation and host operations can take significant time.<\/li>\n<li><strong>Networking complexity<\/strong>: Misconfigured routing between OCI VCN, DRG, and NSX edges is a frequent cause of outages.<\/li>\n<li><strong>CIDR overlap<\/strong>: Overlapping address space between on-prem, VCN, and NSX segments can block migrations and hybrid connectivity.<\/li>\n<li><strong>Tool compatibility<\/strong>: Backup\/DR\/migration tools must be validated against the VMware versions and the cloud environment. Always check vendor support matrices.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas and capacity<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bare metal capacity in a region can be constrained.<\/li>\n<li>Quota increases can take time; plan ahead.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Paying for hosts 24\/7 even when workloads are idle.<\/li>\n<li>FastConnect\/DRG and egress costs that were not included in initial estimates.<\/li>\n<li>Duplicate environments for DR or staging.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certain VMware features or third-party appliances might require specific networking modes or port access.<\/li>\n<li>MTU and overlay networking can introduce subtle issues if paths are inconsistent (especially hybrid).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Patching and lifecycle:<\/li>\n<li>VMware components have patch requirements; coordinate maintenance windows.<\/li>\n<li>Monitoring gaps:<\/li>\n<li>OCI monitoring doesn\u2019t automatically replace VMware monitoring.<\/li>\n<li>Access patterns:<\/li>\n<li>If you don\u2019t plan bastion\/jump access correctly, day-2 ops become painful.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Large-scale migrations need:<\/li>\n<li>Capacity planning<\/li>\n<li>Network cutover planning<\/li>\n<li>DNS and identity integration<\/li>\n<li>Rollback strategy<\/li>\n<li>\u201cLift-and-shift\u201d still requires application validation and dependency mapping.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VMware licensing and included components are tied to the service offer. Confirm exactly what is included for your subscription\/region on the official pricing and service pages.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>VMware Solution is one of several ways to run enterprise workloads in OCI or other clouds.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud VMware Solution (VMware Solution)<\/strong><\/td>\n<td>VMware lift-and-shift, hybrid, NSX microsegmentation<\/td>\n<td>VMware-native ops; dedicated bare metal; integrates with OCI networking<\/td>\n<td>Higher baseline cost; VMware operational overhead; host-based scaling<\/td>\n<td>When you need VMware consistency and minimal refactoring<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI Compute (VM instances)<\/strong><\/td>\n<td>Cloud-optimized VM hosting<\/td>\n<td>Lower cost; flexible instance shapes; integrates easily with OCI services<\/td>\n<td>Requires migration\/re-platforming effort; no vCenter\/NSX model<\/td>\n<td>When you can move off VMware operational model<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI Compute (Bare Metal)<\/strong><\/td>\n<td>High-performance workloads, custom hypervisors<\/td>\n<td>Maximum control\/performance<\/td>\n<td>You manage virtualization stack yourself<\/td>\n<td>When you need bare metal without a managed VMware SDDC<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure VMware Solution (AVS)<\/strong><\/td>\n<td>VMware in Azure<\/td>\n<td>Deep Azure integration<\/td>\n<td>Different cloud ecosystem<\/td>\n<td>If your org is Azure-centered and needs VMware<\/td>\n<\/tr>\n<tr>\n<td><strong>VMware Cloud on AWS<\/strong><\/td>\n<td>VMware in AWS<\/td>\n<td>Strong AWS ecosystem integration<\/td>\n<td>Different cost and service model<\/td>\n<td>If AWS is primary and VMware workloads must remain VMware<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Cloud VMware Engine (GCVE)<\/strong><\/td>\n<td>VMware in Google Cloud<\/td>\n<td>Google Cloud proximity<\/td>\n<td>Different ecosystem and pricing<\/td>\n<td>If you need Google Cloud services near VMware workloads<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed VMware in colocation<\/strong><\/td>\n<td>Full control and predictable environment<\/td>\n<td>Full customization<\/td>\n<td>Capex\/opex, hardware lifecycle, slower scaling<\/td>\n<td>If cloud is not viable due to regulation or constraints<\/td>\n<\/tr>\n<tr>\n<td><strong>KVM\/Proxmox\/other open-source virtualization on OCI<\/strong><\/td>\n<td>Cost-sensitive virtualization (self-managed)<\/td>\n<td>License savings<\/td>\n<td>More ops burden; ecosystem\/tooling differences<\/td>\n<td>If you can accept different tooling and manage it yourself<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: regulated bank migrating a VMware estate<\/h3>\n\n\n\n<p><strong>Problem<\/strong>\nA regional bank must exit an aging data center while maintaining strict segmentation and audit controls. Hundreds of VMs run on VMware; refactoring is not feasible within the timeline.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; VMware Solution SDDC in an OCI region meeting residency requirements\n&#8211; Hub-and-spoke OCI network:\n  &#8211; Hub VCN: shared services (AD\/DNS\/logging), security inspection\n  &#8211; Spoke: SDDC VCN with NSX edges\n&#8211; FastConnect for private connectivity to on-prem during migration\n&#8211; NSX microsegmentation for PCI\/regulated workloads\n&#8211; Central logging:\n  &#8211; OCI Audit for cloud actions\n  &#8211; VMware logs forwarded to SIEM<\/p>\n\n\n\n<p><strong>Why VMware Solution was chosen<\/strong>\n&#8211; Minimizes application changes and migration risk.\n&#8211; Maintains VMware operating model and tooling.\n&#8211; NSX enables strong east-west controls and audit-ready segmentation.<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Faster data center exit with controlled cutovers.\n&#8211; Improved segmentation compared to legacy VLAN sprawl.\n&#8211; Clear governance boundaries with OCI compartments and tagging.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: SaaS provider with a VMware-based appliance<\/h3>\n\n\n\n<p><strong>Problem<\/strong>\nA small SaaS company runs a vendor appliance that is only supported on VMware. They need a reliable cloud environment without building a full on-prem cluster.<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Small VMware Solution SDDC sized to the appliance needs (minimum supported host count)\n&#8211; Private access via OCI Bastion\n&#8211; OCI Load Balancer in front of application endpoints (if applicable)\n&#8211; Object Storage for backups and artifacts\n&#8211; Budgets and cost alerts to prevent runaway spend<\/p>\n\n\n\n<p><strong>Why VMware Solution was chosen<\/strong>\n&#8211; Vendor certification requires VMware.\n&#8211; Team can manage the appliance using known VMware workflows.\n&#8211; OCI provides regional flexibility and integration with cloud services.<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Faster time-to-production compared to building colocation.\n&#8211; Operational consistency with a small team.\n&#8211; Clear cost attribution and controlled access.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>Is VMware Solution the same as Oracle Cloud VMware Solution (OCVS)?<\/strong><br\/>\nYes. Oracle\u2019s official name is typically Oracle Cloud VMware Solution. This tutorial uses \u201cVMware Solution\u201d as the primary term.<\/p>\n\n\n\n<p>2) <strong>Do I manage the ESXi hosts and vCenter?<\/strong><br\/>\nYou manage the VMware environment (VMs, clusters, policies) through vCenter\/NSX. Oracle manages the underlying OCI infrastructure and the service provisioning layer. Confirm the exact shared responsibility model in the official docs.<\/p>\n\n\n\n<p>3) <strong>Is VMware Solution multi-tenant?<\/strong><br\/>\nThe ESXi hosts are dedicated to you (single-tenant hosts). Control plane is managed by Oracle. Validate isolation details in official documentation.<\/p>\n\n\n\n<p>4) <strong>Is this a good fit for cloud-native apps?<\/strong><br\/>\nUsually not the first choice. Cloud-native apps typically benefit more from OCI containers and managed services. VMware Solution shines for VMware lift-and-shift and hybrid.<\/p>\n\n\n\n<p>5) <strong>Can I connect VMware Solution to my on-prem network?<\/strong><br\/>\nYes, typically via OCI DRG with FastConnect or IPSec VPN. Routing design is critical.<\/p>\n\n\n\n<p>6) <strong>Does VMware Solution support NSX microsegmentation?<\/strong><br\/>\nNSX is a core part of the VMware SDDC design. Specific NSX capabilities depend on the deployed version\u2014verify in docs.<\/p>\n\n\n\n<p>7) <strong>Can I access vCenter publicly?<\/strong><br\/>\nIt is strongly recommended to keep vCenter private and use OCI Bastion or a private jump host. Public exposure increases risk.<\/p>\n\n\n\n<p>8) <strong>How do I estimate costs?<\/strong><br\/>\nStart with host count and shape, then add networking (FastConnect\/DRG), storage, backups, and egress. Use Oracle\u2019s pricing page and cost estimator.<\/p>\n\n\n\n<p>9) <strong>Is there an Always Free option?<\/strong><br\/>\nVMware Solution itself is generally not part of Always Free because it uses dedicated hosts.<\/p>\n\n\n\n<p>10) <strong>How long does it take to create an SDDC?<\/strong><br\/>\nIt can take a while (often tens of minutes or longer). Time depends on capacity and deployment options.<\/p>\n\n\n\n<p>11) <strong>Can I scale down to zero hosts when idle?<\/strong><br\/>\nVMware SDDCs typically have minimum host requirements. Verify supported scaling limits and minimums in the console and docs.<\/p>\n\n\n\n<p>12) <strong>What\u2019s the difference between OCI security lists and NSX firewall rules?<\/strong><br\/>\nOCI controls VCN-level security; NSX controls workload-level segmentation inside the SDDC. Use both layers appropriately.<\/p>\n\n\n\n<p>13) <strong>Can VMs in VMware Solution reach OCI services privately?<\/strong><br\/>\nYes, if network routing and private endpoints are designed correctly. Validate service endpoints and routing patterns in OCI docs.<\/p>\n\n\n\n<p>14) <strong>Do I need VMware skills to run this?<\/strong><br\/>\nYes. VMware Solution is best operated by teams comfortable with vCenter\/NSX concepts.<\/p>\n\n\n\n<p>15) <strong>What are the most common deployment mistakes?<\/strong><br\/>\nCIDR overlap, overly permissive security rules, exposing management endpoints, and underestimating cost (hosts + connectivity + DR).<\/p>\n\n\n\n<p>16) <strong>Can I use Infrastructure as Code?<\/strong><br\/>\nYou can automate OCI-side provisioning via APIs\/CLI\/Terraform (where supported) and VMware-side automation via VMware tooling. Validate current provider support and resources.<\/p>\n\n\n\n<p>17) <strong>Is VMware Solution only for migration?<\/strong><br\/>\nNo. It can also be used for steady-state production where VMware remains the desired operating model, but you should periodically re-evaluate modernization opportunities.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn VMware Solution<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Oracle Cloud VMware Solution Docs https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/VMware\/home.htm<\/td>\n<td>Canonical, up-to-date technical reference<\/td>\n<\/tr>\n<tr>\n<td>Official product page<\/td>\n<td>Oracle Cloud VMware https:\/\/www.oracle.com\/cloud\/vmware\/<\/td>\n<td>Service overview, supported scenarios, high-level architecture<\/td>\n<\/tr>\n<tr>\n<td>Official pricing page<\/td>\n<td>VMware Solution pricing https:\/\/www.oracle.com\/cloud\/compute\/vmware\/pricing\/<\/td>\n<td>Pricing model and SKUs (verify region specifics)<\/td>\n<\/tr>\n<tr>\n<td>Pricing calculator<\/td>\n<td>OCI Cost Estimator https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Build estimates without guessing list prices<\/td>\n<\/tr>\n<tr>\n<td>Official IAM docs<\/td>\n<td>OCI IAM https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<td>Policies, groups, compartments, security fundamentals<\/td>\n<\/tr>\n<tr>\n<td>Official networking docs<\/td>\n<td>OCI Networking https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/home.htm<\/td>\n<td>VCN, DRG, routing, security lists\/NSGs<\/td>\n<\/tr>\n<tr>\n<td>Official Bastion docs<\/td>\n<td>OCI Bastion https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Bastion\/home.htm<\/td>\n<td>Secure access patterns for private endpoints<\/td>\n<\/tr>\n<tr>\n<td>Architecture center<\/td>\n<td>OCI Architecture Center https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<td>Reference architectures and design patterns (search for VMware\/OCVS)<\/td>\n<\/tr>\n<tr>\n<td>Hands-on labs<\/td>\n<td>Oracle LiveLabs https:\/\/livelabs.oracle.com\/<\/td>\n<td>Guided labs; often offers temporary environments<\/td>\n<\/tr>\n<tr>\n<td>CLI documentation<\/td>\n<td>OCI CLI https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<td>Automate and validate deployments<\/td>\n<\/tr>\n<tr>\n<td>Community learning<\/td>\n<td>Oracle Cloud community\/blogs (verify relevance)<\/td>\n<td>Practical lessons learned; validate against official docs<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>DevOpsSchool.com<\/strong><br\/>\n   &#8211; Suitable audience: DevOps engineers, SREs, cloud engineers<br\/>\n   &#8211; Likely learning focus: DevOps practices, cloud operations, automation, platform engineering (verify VMware Solution coverage)<br\/>\n   &#8211; Mode: check website<br\/>\n   &#8211; Website: https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>ScmGalaxy.com<\/strong><br\/>\n   &#8211; Suitable audience: DevOps and SCM learners, build\/release engineers<br\/>\n   &#8211; Likely learning focus: SCM, CI\/CD, DevOps tooling, process (verify VMware Solution coverage)<br\/>\n   &#8211; Mode: check website<br\/>\n   &#8211; Website: https:\/\/www.scmgalaxy.com\/<\/p>\n<\/li>\n<li>\n<p><strong>CLoudOpsNow.in<\/strong><br\/>\n   &#8211; Suitable audience: Cloud operations engineers, platform teams<br\/>\n   &#8211; Likely learning focus: Cloud ops, monitoring, operational readiness (verify VMware Solution coverage)<br\/>\n   &#8211; Mode: check website<br\/>\n   &#8211; Website: https:\/\/www.cloudopsnow.in\/<\/p>\n<\/li>\n<li>\n<p><strong>SreSchool.com<\/strong><br\/>\n   &#8211; Suitable audience: SREs, operations teams, reliability engineers<br\/>\n   &#8211; Likely learning focus: SRE practices, reliability, observability, incident response (verify VMware Solution coverage)<br\/>\n   &#8211; Mode: check website<br\/>\n   &#8211; Website: https:\/\/www.sreschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>AiOpsSchool.com<\/strong><br\/>\n   &#8211; Suitable audience: Ops teams adopting AIOps approaches<br\/>\n   &#8211; Likely learning focus: AIOps concepts, automation, monitoring\/analytics (verify VMware Solution coverage)<br\/>\n   &#8211; Mode: check website<br\/>\n   &#8211; Website: https:\/\/www.aiopsschool.com\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>RajeshKumar.xyz<\/strong><br\/>\n   &#8211; Likely specialization: DevOps\/cloud training and guidance (verify current offerings)<br\/>\n   &#8211; Suitable audience: Beginners to intermediate practitioners<br\/>\n   &#8211; Website: https:\/\/rajeshkumar.xyz\/<\/p>\n<\/li>\n<li>\n<p><strong>devopstrainer.in<\/strong><br\/>\n   &#8211; Likely specialization: DevOps tooling and practices (verify VMware\/OCI content)<br\/>\n   &#8211; Suitable audience: DevOps engineers and students<br\/>\n   &#8211; Website: https:\/\/www.devopstrainer.in\/<\/p>\n<\/li>\n<li>\n<p><strong>devopsfreelancer.com<\/strong><br\/>\n   &#8211; Likely specialization: DevOps consulting\/training resources (verify scope)<br\/>\n   &#8211; Suitable audience: Teams seeking practical implementation help<br\/>\n   &#8211; Website: https:\/\/www.devopsfreelancer.com\/<\/p>\n<\/li>\n<li>\n<p><strong>devopssupport.in<\/strong><br\/>\n   &#8211; Likely specialization: DevOps support and enablement (verify services)<br\/>\n   &#8211; Suitable audience: Operations teams and project implementers<br\/>\n   &#8211; Website: https:\/\/www.devopssupport.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>cotocus.com<\/strong><br\/>\n   &#8211; Likely service area: Cloud\/DevOps consulting (verify exact portfolio)<br\/>\n   &#8211; Where they may help: Cloud migration planning, automation, operations setup<br\/>\n   &#8211; Consulting use case examples:  <\/p>\n<ul>\n<li>Migration readiness assessment for VMware workloads  <\/li>\n<li>CI\/CD and IaC enablement around OCI environments  <\/li>\n<li>Website: https:\/\/cotocus.com\/<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>DevOpsSchool.com<\/strong><br\/>\n   &#8211; Likely service area: DevOps consulting and training services (verify offerings)<br\/>\n   &#8211; Where they may help: Platform enablement, operational runbooks, DevOps practices<br\/>\n   &#8211; Consulting use case examples:  <\/p>\n<ul>\n<li>Operating model design for hybrid VMware + OCI teams  <\/li>\n<li>Observability and incident response process implementation  <\/li>\n<li>Website: https:\/\/www.devopsschool.com\/<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>DEVOPSCONSULTING.IN<\/strong><br\/>\n   &#8211; Likely service area: DevOps and cloud consulting (verify scope)<br\/>\n   &#8211; Where they may help: DevOps transformations, tooling integrations, cloud operations<br\/>\n   &#8211; Consulting use case examples:  <\/p>\n<ul>\n<li>Cost governance setup (budgets\/tags) for OCI projects  <\/li>\n<li>Secure access patterns (bastion, least privilege) for admin operations  <\/li>\n<li>Website: https:\/\/www.devopsconsulting.in\/<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before VMware Solution<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI fundamentals:<\/li>\n<li>Compartments, IAM policies, OCIDs<\/li>\n<li>VCN, subnets, route tables, NSGs\/security lists<\/li>\n<li>DRG, VPN, FastConnect concepts<\/li>\n<li>VMware fundamentals:<\/li>\n<li>vSphere concepts: clusters, resource pools, datastores, vMotion<\/li>\n<li>vCenter RBAC and identity<\/li>\n<li>NSX concepts if you will manage microsegmentation<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after VMware Solution<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Advanced hybrid networking:<\/li>\n<li>hub-and-spoke, route control, DNS integration<\/li>\n<li>Observability and security operations:<\/li>\n<li>log forwarding, SIEM integration, alerting, incident response<\/li>\n<li>Automation:<\/li>\n<li>OCI Terraform provider (verify OCVS resources support)<\/li>\n<li>VMware automation (PowerCLI, vSphere APIs, NSX APIs)<\/li>\n<li>DR strategy:<\/li>\n<li>runbooks, failover drills, RTO\/RPO validation<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Solutions Architect (hybrid focus)<\/li>\n<li>VMware\/Virtualization Engineer<\/li>\n<li>Platform Engineer (infrastructure platform operations)<\/li>\n<li>Network\/Security Engineer (NSX + cloud networking)<\/li>\n<li>SRE\/Operations Engineer (hybrid operations)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (practical approach)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle Cloud Infrastructure certifications (Architect Associate\/Professional) \u2014 verify current tracks on Oracle University.<\/li>\n<li>VMware certifications (e.g., VCP in data center virtualization and\/or network virtualization) \u2014 verify current VMware certification roadmap.<\/li>\n<li>A combined profile (OCI networking + VMware ops) is especially valuable for VMware Solution roles.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a landing zone for VMware Solution:<\/li>\n<li>compartments, policies, tags, budgets, hub-and-spoke<\/li>\n<li>Create a secure access pattern:<\/li>\n<li>bastion + private management endpoints + logging<\/li>\n<li>Design a DR plan:<\/li>\n<li>pilot-light\/warm standby (subject to minimums), runbooks, testing<\/li>\n<li>Implement segmentation:<\/li>\n<li>NSX microsegmentation policy model for a 3-tier app<\/li>\n<li>Cost governance project:<\/li>\n<li>chargeback tags, budget alerts, scheduled non-prod uptime<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI (Oracle Cloud Infrastructure)<\/strong>: Oracle Cloud\u2019s IaaS platform (networking, compute, storage, governance).<\/li>\n<li><strong>Compute<\/strong>: Cloud category covering virtual machines and bare metal; VMware Solution uses OCI bare metal underneath.<\/li>\n<li><strong>VMware Solution<\/strong>: Oracle Cloud service providing a VMware SDDC on OCI (often called OCVS).<\/li>\n<li><strong>SDDC<\/strong>: Software-Defined Data Center; virtualization + networking + storage delivered through software.<\/li>\n<li><strong>ESXi<\/strong>: VMware\u2019s hypervisor installed on hosts.<\/li>\n<li><strong>vCenter Server<\/strong>: VMware management plane for clusters, hosts, and VMs.<\/li>\n<li><strong>NSX (NSX-T)<\/strong>: VMware software-defined networking and security platform used for segments and microsegmentation.<\/li>\n<li><strong>vSAN<\/strong>: VMware software-defined storage aggregating host storage into a shared datastore (requirements vary).<\/li>\n<li><strong>VCN<\/strong>: Virtual Cloud Network; OCI\u2019s virtual network container.<\/li>\n<li><strong>Subnet<\/strong>: A CIDR range within a VCN with associated security and routing.<\/li>\n<li><strong>DRG<\/strong>: Dynamic Routing Gateway; OCI\u2019s gateway for connecting VCNs and on-prem networks.<\/li>\n<li><strong>FastConnect<\/strong>: OCI private connectivity service (dedicated circuits via partners).<\/li>\n<li><strong>IPSec VPN<\/strong>: Encrypted site-to-site VPN over the internet to OCI.<\/li>\n<li><strong>Bastion<\/strong>: Managed service\/pattern to securely access private resources without public IPs.<\/li>\n<li><strong>NSG (Network Security Group)<\/strong>: OCI security construct for instance\/VNIC-level security rules.<\/li>\n<li><strong>Security List<\/strong>: Subnet-level firewall rules in OCI.<\/li>\n<li><strong>CIDR<\/strong>: IP addressing notation (e.g., <code>10.50.0.0\/16<\/code>).<\/li>\n<li><strong>Egress<\/strong>: Outbound network traffic (often a cost factor).<\/li>\n<li><strong>Compartment<\/strong>: OCI logical container for resources and access control.<\/li>\n<li><strong>OCID<\/strong>: Oracle Cloud Identifier for a resource.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>VMware Solution in <strong>Oracle Cloud<\/strong> (Compute category) provides a VMware SDDC\u2014vSphere\/vCenter with NSX and related components\u2014running on <strong>dedicated OCI bare metal<\/strong>. It matters because it enables <strong>VMware migrations and hybrid cloud<\/strong> without forcing immediate refactoring, while still integrating with OCI networking and governance.<\/p>\n\n\n\n<p>Cost-wise, the biggest lever is <strong>host-based pricing<\/strong> plus connectivity and operational add-ons. Security-wise, keep management endpoints private, use least privilege across OCI IAM and VMware RBAC, and implement segmentation with NSX plus OCI network controls.<\/p>\n\n\n\n<p>Use VMware Solution when you need VMware operational consistency, rapid lift-and-shift, strong segmentation, and hybrid connectivity. Prefer native OCI Compute and managed services when you can modernize and want cloud-native elasticity and lower baseline costs.<\/p>\n\n\n\n<p>Next step: read the official VMware Solution documentation, then follow a LiveLabs workshop (if available) or build a small, tightly governed SDDC in a sandbox compartment and practice secure access, validation, and cleanup.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Compute<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,62],"tags":[],"class_list":["post-871","post","type-post","status-publish","format-standard","hentry","category-compute","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=871"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/871\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}