Owner: Virtualisation Engineering · Platform: VMware vSphere 8 · Review Cycle: 6 months
The on-premises virtualisation platform is built on VMware vSphere 8 with vSAN for hyper-converged storage. The platform is managed via vCenter Server and extended with NSX-T for software-defined networking and vRealize Operations (vROps) for performance management.
| Component | Product | Version | Purpose |
|---|---|---|---|
| Hypervisor | VMware ESXi | 8.0 U2 | Host compute layer |
| Management | vCenter Server | 8.0 U2 | Centralised cluster management |
| Storage | vSAN | 8.0 U2 | Hyper-converged storage |
| Networking | NSX-T | 4.1 | Micro-segmentation, overlay networking |
| Operations | vROps | 8.14 | Performance analytics, right-sizing |
| Automation | vRealize Automation | 8.14 | Self-service, IaC provisioning |
| Backup | Veeam B&R | 12.1 | VM backup and replication |
vCenter (DC1)
├── Cluster: PROD-DC1
│ ├── ESXi Host: dc1-esxi-01 (Dell R750 — 2x 32c, 1.5TB RAM)
│ ├── ESXi Host: dc1-esxi-02 (Dell R750 — 2x 32c, 1.5TB RAM)
│ ├── ESXi Host: dc1-esxi-03 (Dell R750 — 2x 32c, 1.5TB RAM)
│ ├── ESXi Host: dc1-esxi-04 (Dell R750 — 2x 32c, 1.5TB RAM)
│ └── ESXi Host: dc1-esxi-05 (Dell R750 — 2x 32c, 1.5TB RAM)
│ vSAN datastore: 5 x (4x 3.84TB NVMe = 15.36TB raw per host)
└── Cluster: NONPROD-DC1
├── ESXi Host: dc1-esxi-06 (Dell R750 — 2x 24c, 768GB RAM)
└── ESXi Host: dc1-esxi-07 (Dell R750 — 2x 24c, 768GB RAM)
| Setting | Production | Non-Production |
|---|---|---|
| HA | Enabled — Host failures cluster tolerates: 1 | Enabled — 1 |
| HA Admission Control | 25% CPU/RAM reserved | 20% |
| DRS | Fully Automated | Partially Automated |
| DRS Threshold | Level 3 (moderate) | Level 4 (conservative) |
| vSAN FTT | 1 (RAID-5) | 1 (RAID-1) |
| Size | vCPU | RAM | OS Disk | Notes |
|---|---|---|---|---|
| XS | 2 | 4 GB | 60 GB | Dev/test only |
| S | 2 | 8 GB | 60 GB | Standard workload |
| M | 4 | 16 GB | 60 GB | Medium workload |
| L | 8 | 32 GB | 60 GB | Large app server |
| XL | 16 | 64 GB | 100 GB | Requires arch review |
| Custom | — | — | — | Requires arch + capacity review |
CPU Hot-Add is enabled on all VM templates. Memory Hot-Add is enabled on M and above.
All new VMs must be provisioned from an approved template. Templates are maintained by the Virtualisation team and patched monthly.
| Template | OS | Notes |
|---|---|---|
tmpl-rhel9-base |
RHEL 9.3 | Standard Linux — security hardened |
tmpl-win2022-base |
Windows Server 2022 | Standard Windows — CIS L1 |
tmpl-win2022-iis |
Windows Server 2022 | Pre-configured IIS + .NET |
tmpl-ubuntu2204-base |
Ubuntu 22.04 LTS | Dev/container workloads |
Snapshots are not a backup mechanism and must be treated as short-term, operational tooling only.
| Use Case | Maximum Duration | Approval Required |
|---|---|---|
| Pre-change capture | 72 hours | None |
| Prolonged testing | 7 days | Team Lead |
| Extended exception | 14 days | Infrastructure Manager |
Snapshots exceeding policy age are automatically flagged in vROps and escalated to the VM owner.
vSAN storage policies are applied at provisioning and enforced throughout the VM lifecycle:
| Policy Name | RAID Level | FTT | Use Case |
|---|---|---|---|
prod-gold |
RAID-5 | 1 | Standard production VMs |
prod-platinum |
RAID-1 | 1 | Mission-critical / Tier 1 |
nonprod-silver |
RAID-1 | 1 | Non-prod, test |
db-optimised |
RAID-1 | 1 + dedupe off | Database workloads |
| Component | Frequency | Window |
|---|---|---|
| ESXi Hosts | Monthly | 3rd Saturday, 02:00–06:00 local |
| vCenter | Quarterly | Dedicated Sunday window |
| NSX-T | Quarterly | Dedicated Sunday window |
| VM OS (Linux) | Monthly | Per-host rolling schedule |
| VM OS (Windows) | Monthly | Patch Tuesday + 7 days |