Deploy and configure the cluster components for both the management cluster and the shared edge and compute cluster.


Two external Platform Services Controller instances must be deployed in Region A. One will be associated with the management cluster, and one will be associated with the shared edge and compute cluster. Work through this procedure twice, using the vCenter Server appliance ISO file and the customized data for each instance. 


After you have successfully installed the Platform Services Controller instances, you must add the appliances to your Active Directory domain. After that, add the Active Directory domain as an identity source to vCenter Single Sign-On. When you do, users in the Active Directory domain are visible to vCenter Single Sign-On and can be assigned permissions to view or manage SDDC components. This procedure will be done for the Platform Services Controllers for the management cluster and the shared edge and compute cluster.


You replace the machine SSL certificate on each Platform Services Controller instance with a custom certificate that is signed by the certificate authority (CA) available on the parent Active Directory (AD) server.


Before installing vCenter Server the Platform Services Controller endpoints must be updated to reflect the name of the load balancers virtual IP.


You can now install the vCenter Server appliance for the management applications and assign a license.


You must now create and configure the management cluster.


After all ESXi hosts have been added to the clusters, create a vSphere Distributed Switch to handle the traffic of the management applications in the SDDC. You must also create port groups to prepare your environment to migrate the Platform Services Controller and vCenter Server instances to the distributed switch.


This step is to set the vSAN storage policy for the Platform Services Controller and vCenter Server appliances.


vSAN disk groups must be created on each host that is contributing storage to the vSAN datastore.


After vSphere vSphere Distributed Switch has been created and connected with all hosts, enable vSphere HA on the cluster. 


Change the default ESX Admins group to achieve greater levels of security and enable vSAN to provision the Virtual Machine Swap files as thin to save space in the vSAN datastore. 


You must mount an NFS datastore where vSphere Data Protection will later be deployed.


Host Profiles ensure all hosts in the cluster have the same configuration.


After you apply the host profile to all of the hosts, set the storage policy of the Management Virtual Machines to the vSAN Default Storage Policy.


Create folders to group objects of the same type for easier management.


Anti-Affinity rules prevent virtual machines from running on the same host. This helps to maintain redundancy in the event of host failures.


VM Groups allow you to define the startup order of virtual machines. Startup orders are used during vSphere HA events such that vSphere HA powers on virtual machines in the correct order.