What is a SDDC?

The term “Software Defined Data Center” (SDDC) is something that most people in IT are familiar with, but few have seen it in action or experienced how powerful it can really be.  I am going to be writing a series of blog posts over the next few months in order to show how powerful having a SDDC can be, as well as some really interesting use cases for it.  I will focus on my most recent use case, a software defined lab that utilizes vSphere, NSX-T, VSAN, Horizon, vRealize Automation and other components of the vRealize Suite.

My current employer tasked me with building a lab environment where our consultants would be able to easily spin up VMs that they can use to learn or test new technology.  The environment also needed the ability to house purpose built demos that we would be able use to showcase certain products or features to our clients.  We use the term “Pods” to describe these isolated dynamic environments inside the lab.

The Pods

Pods is the term we use to describe each isolated environment within the lab infrastructure.  The pods can we grouped into two main categories, Lab Pods and Demo Pods.  Each pod is built with a script and can be built as a bulk scripting operation.  That means if you are creating 10 lab pods, you don’t need to run the script 10 times to accomplish this.  You would enter 10 lines of information into the CSV file that the script reads, and the script would repeat itself 10 times to create 10 different pods.  This same method is used for creating Demo pods, although it uses a different script than the Lab pod script.  Lab and Demo pods differ mainly because Demo pods have the possibility of having physical infrastructure attached to them, while Lab pods are purely virtual in nature.  There will always be one-off situations where we have to bend the rules (and we can do that if needed), but the script lays the foundation for what works 99.9% of the time.  

The Script

The script for creating a Pod is written in PowerShell.  We chose this language because it’s universal, easy to adapt, works well with Active Directory, can make API calls, and is relatively easy for a novice to understand.  The script is over 700 lines of code and can accomplish the following tasks:

  • Create AD Users
  • Create AD Groups
  • Add users to AD groups
  • Create Office365 Contacts
  • Create NSX Network Segments
  • Attach segments to Tier-1 gateways
  • Create NSX Groups
  • Create NSX Tags
  • Create NSX Security Policies
  • Create Resource Pools in vCenter
  • Create Folders in vCenter
  • Move Objects into Folders
  • Assigned Permissions to Folders
  • Create Virtual Machines
  • Rename Virtual Machines
  • Create Customization Specifications
  • Pass Variables into a Virtual Machine
  • Install Active Directory in a Virtual Machines (and name the domain to match the user)
  • Assign IPs to VM
  • Place VMs on Networks
  • Create Code Snippets for Palo Alto, Nexus and Catalyst Switches

All of these tasks working in unison, based on a single line from a CSV file that contains less than a dozen attributes, can generate an entire Pod in less than 5 minutes.  This task completed manually would take 1-2 hours and you would hope that you didn’t miss a step.  The script not only saves time, but it removes the chance of making a mistake when setting up a Pod.

That last line is probably the most important part of a SDDC.  You save time by scripting a repeatable task, but you also save time by not having to troubleshoot a mistake made by manually doing this repeatable task.  

Speed and Accuracy are two huge benefits of a SDDC.

The workflow of “The Script”

The script accomplishes all the tasks listed above in a particular order.  For example, you can’t create VM unless you created the NSX segment to put it on, or you can’t assign user permissions to a folder unless you have created the User in AD first.  The workflow of this script is mapped out below and followed a particular order of operations that is required to make it complete successfully.


As you can see, there are a lot of steps that need to happen in order for a script like this to accomplish such a large and complex task.  The only way to really understand how it works, is to break it down in sections.  I will use the next series of blog posts to do just this.  We will start with Active Directory and work our way into NSX-T, then vCenter and then code snippet generation.  Stay tuned!