Provisioning an Oracle Cloud VMware Solution Software Defined Data Center (SDDC)

This topic includes information and instructions for provisioning a software-defined data center (SDDC) by using the Oracle Cloud Infrastructure Console or the API.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.


  • An existing VCN with an IP address CIDR of /24 or larger available for running the SDDC. The following table shows the allowed CIDR sizes and the number of nodes you can create in each:
    CIDR Block Size Segment Size Number of Nodes in Cluster
    /24 /28 3-12
    /23 /27 3-28
    /22 /26 3-60
    /21 /25 3-64
  • We recommend that you set up connectivity between the VCN and your on-premises network before provisioning your SDDC. See Access to Your On-Premises Network.
  • If you do not plan to use the workflow to create an SDDC, ensure that you configure the SDDC's networking resources with the security rules detailed in Security Rules for Oracle Cloud VMware Solution SDDCs. Otherwise, provisioning the SDDC will fail.

If you do not yet have a VCN for your SDDC, you can quickly create one and set up an IPSec connection between your on-premises network and the VCN by using the Site-to-Site VPN workflow. See Site-to-Site VPN Quickstart to learn how.

Using the Console

The Create SDDC workflow can create the required networking resources for you (recommended), or you can create them yourself and then select them in the workflow. If you plan to select existing networking resources for your SDDC, ensure that you create them before you start the workflow. The following networking resources are required for both mult-host and single host SDDCs:

To create an SDDC
  1. Open the navigation menu, click Hybrid, and then click VMware Solution.
  2. Click Create SDDC.
  3. Provide basic information for the SDDC:

    • SDDC Name: A descriptive name for the SDDC. This name must be unique among all SDDCs in the creating, active, or updating state across all compartments in the region. Avoid entering confidential information.


      Unlike most display names in the Oracle Cloud Infrastructure Console, this name has the following additional requirements because it is used by vCenter to build URLs:

      • It must be from 1-16 characters long and must start with a letter
      • It can contain only alphanumeric characters and hyphens (-), and hyphens cannot be next to each other

      This name is not case sensitive. For example, "test" and "Test" are treated as the same name.

    • SDDC Compartment: The compartment in which to create the SDDC. All ESXi hosts for this SDDC will be placed in this compartment.
    • HCX:
      • Enable HCX: Select this checkbox to have the workflow install the HCX Manager plugin and integrate it with vCenter in the SDDC. You cannot install this plugin later.
      • Choose the HCX License Type to install. For more detail, see HCX License Types. You can change the license type after provisioning.
    • VMware Software Version: The version of VMware software to install on the ESXi hosts. While the VMware software bundle includes vSphere, vSAN, NSX, and vCenter components, the version you specify here is the version of vSphere. Compatible versions of the other components are installed with the version of vSphere you select. See About the VMware Software for details about the vSAN, NSX, or vCenter component versions installed. You can change this software version after provisioning.
    • Pricing Interval Commitment: The pricing interval to apply to the ESXi hosts. See VMware Billing Options for more information about available pricing intervals. Choose an option, and then select Confirm the pricing interval.
    • Availability Domain: The availability domain in which to create the SDDC. ESXi hosts in the SDDC are distributed across the fault domains in the availability domain to ensure high availability. The management subnet and VLANs for this SDDC must be in this same availability domain.
    • SDDC Hardware Type: Select a shape to use for ESXi hosts in the SDDC. A shape is a template that determines the number of CPUs, amount of memory, and other resources allocated to a newly created instance. If you choose a shape with an AMD processor, select the number of cores.
    • SDDC Type: Select if you want to create a Single Host SDDC. If you want a Multi-Host SDDC, leave this option unchecked.
    • Number of ESXi Hosts: The initial number of ESXi hosts to create in a Multi-Host SDDC. Specify at least 3 and at most 64 hosts.
    • Prefix for ESXi Hosts: (Optional) You can enter a prefix to use for the names of the ESXi hosts to help identify them. This string has the same criteria as the SDDC name. It must be from 1-16 characters long, must start with a letter, and can contain only alphanumeric characters and hyphens (-). Avoid entering confidential information.
    • Enable shielded instances: (Optional) This option enables shielded instances for all ESXi hosts created in the SDDC.

      You can only enable this option when you create the SDDC. You can't enable this option later, or only for specific ESXi hosts.
    • Capacity Type: Select a capacity type to use when the ESXi hosts are created.
      • On-demand capacity provisions the compute capacity when the host is created.
      • Capacity reservation uses capacity that is counted against a previously created reservation. Choose a compartment and the name of a reservation. For more information, see Capacity Reservations.

        Capacity reservation is not supported for an SDDC that uses multiple availability domains.
    • SSH Key: Provide the public key portion of the SSH key. This key is required for remote connections to the ESXi hosts.
    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator. To see the tagging options, click Show Advanced Options. The tags you specify are applied to all of the resources in the SDDC.
  4. After you complete the Basic Information page, click Next to advance to the Networking page.
  5. Choose a VCN for the SDDC. The VCN can be in a different compartment than the SDDC and its ESXi hosts.
  6. If you enabled HCX in step 3, the selected VCN must have a NAT gateway attached to it.
    • If a NAT gateway already exists for the VCN, the name, compartment, and public IP address information is displayed.
    • If there is no NAT gateway attached to the selected VCN, the workflow creates one for you. Enter a name and select a compartment for the NAT gateway.
  7. Select whether the workflow should create the network resources for this SDDC (recommended) or use existing network resources that you specify.

    To have the workflow create the network resources:

    1. Click Create New Subnet and VLANs.
    2. Enter an available CIDR block in your selected VCN for the SDDC management CIDR. The workflow divides this CIDR into equal segments to use for the provisioning subnet and the required VLANs. The workflow creates 1 subnet and 7 VLANs for version 6.x and 1 subnet and 9 VLANs for version 7.x of the VMware software. If you enable HCX, one additional VLAN is created. For more information about CIDR blocks, segment sizes, and nodes, see Prerequisites.
    3. (Optional) Click Show Network Details to view or edit the information for the subnet and VLANs the workflow will create. Details include the route table and security list for the subnet, and the route table and NSG for each VLAN. To update the information for the subnet or a VLAN, click the the Actions menu on a row, and choose Edit Subnet or Edit VLAN.

      If you have enabled HCX, an additional route rule is created to allow traffic from the vSphere VLAN to the NAT gateway.

    To use existing network resources:

    1. Click Select Existing Subnet and VLANs.
    2. Choose the compartment and provisioning subnet for your SDDC's management network. You cannot change the subnet after provisioning.

      The CIDR value shown is the private address space for your chosen subnet.

    3. Choose the compartment and VLAN for each function of your SDDC's management network.

      The VLAN Gateway CIDRs shown are the CIDR blocks from which to derive IP addresses for each VLAN's layer 3 traffic. These CIDR blocks also provide the private IP addresses Oracle uses as attachment objects for public IP addresses when EXSi hosts require internet access.

      • NSX Edge Uplink 1: Uplink used for communication between the VMware SDDC and Oracle Cloud Infrastructure.
      • NSX Edge Uplink 2: Reserved for future use to deploy public-facing applications on the VMware SDDC.
      • NSX Edge VTEP: Used for data plane traffic between the ESXi host and NSX Edge.
      • NSX VTEP: Used for data plane traffic between ESXi hosts.
      • vMotion: Used for vMotion (VMware migration tool) management and workload.
      • vSAN: Used for vSAN (VMware storage) data traffic.
      • vSphere: Used for management of the SDDC components (ESXi, vCenter, NSX-T, and NSX Edge).

        If you checked the Enable HCX checkbox, verify that the VLAN selected for vSphere contains a route table rule that allows traffic to the NAT gateway. See Managing Layer 2 Networking Resources for an SDDC for more information.
      • Replication Net: Used for the vSphere Replication engine. (VMware version 7.x only)
      • Provisioning Net: Used for virtual machine cold migration, cloning, and snapshot migration.
      • HCX: Used for HCX traffic. This VLAN appears only if you checked the Enable HCX checkbox.
  8. (Optional) Provide an SDDC workload CIDR block for the workflow to create an initial logical segment for your VMs. The value must be /30 or larger and must not overlap with the VCN or the SDDC network CIDRs. Note that you can add network segments for the SDDC in NSX Manager after the SDDC is provisioned.

  9. After you complete the Networking page, click Next to advance to the Notifications page.
  10. (Optional) Enable notifications and provide information about alarms and notifications. See Configuring Notifications for more information.
    1. (Optional) Enable instance alarms and provide information about the alarm.
      • Alarm name prefix: Each bare metal ESXi host has a separate alarm created for it. Enter a prefix that will appear at the beginning of the alarm names for this SDDC.
      • Alarm severity: Choose a severity for the alarm. You can choose Info, Warning, Error, or Critical. All non-zero health issues for a bare metal instance will trigger an alarm with the selected severity.
      • Interval: The interval at which the metric is emitted. Default: 1 minute.
      • Trigger delay: The number of minutes that the condition must be maintained before the alarm is in firing state. Default: 1 minute.
    2. Select an existing notification topic, or create a new one. To create a new topic, choose Create new and enter the following information:
      • Topic name: Enter a friendly name for the notification topic.
      • Subscription protocol: Choose the protocol that you want to use to receive your notifications. Default is email.
      • Email address: Choose the email address or address list you want to send the notification to.
      • Notification compartment: Choose a compartment for the notification.
    3. Choose events that you want to receive notifications for. By default, all available notifications are selected.
      • To deselect a notification event, click the X on the notification.
      • To reselect a notification event, click on the selection field and select the notification from the list.
  11. Click Next to review the summary of settings for creating the SDDC.

    If you need to make changes, click Edit to return to a page, and update the settings.

  12. When you are satisfied with the summary information, click Create SDDC.

    The page shows the provisioning status of each resource.

    When provisioning is complete, the SDDC's details page includes a username and an initial password that lets you access the vCenter management utility for the SDDC.


    The password value displayed in the Oracle Cloud Infrastructure Console is not updated with your current password after you change it.
  13. (Optional) You can check the status of provisioning by viewing its work request item from the SDDC's details page, under Resources.

    Provisioning takes approximately two and a half hours to complete.

    If errors occur, you can click Retry Provisioning. Clicking Cancel Provisioning cancels the provisioning process and deletes all resources created for the SDDC.

What's Next?

After provisioning your SDDC, you might want to perform some of the following tasks:

  • Configure network connectivity between the SDDC and resources in your on-premises network, the Oracle Services Network, the internet throught a NAT gateway, or other resources in the VCN. See Configuring Networking Connectivity for an SDDC for information and instructions.
  • Modify resources or properties of your SDDC. For example, add ESXi hosts. See Managing Oracle Cloud VMware Solution SDDCs.
  • Create VMs in your SDDC or perform other VMware tasks. To do so, you can log into vCenter by using the vSphere Client link from the detail page of the SDDC.