Lab Environment Overview

Overview

The pgnet.io home lab is a production-equivalent VMware Cloud Foundation 9.0.2 environment built on commodity AMD Ryzen hardware. It runs a Consolidated Architecture — a single 3-node cluster that carries both the VCF management stack and user workloads simultaneously, eliminating the need for a separate workload domain.

The lab covers the full VCF stack: core compute and storage (vSAN ESA), software-defined networking (NSX), identity (Active Directory + ADCS), observability (VCF Operations, Logs, Ops for Networks), automation (VCF Automation + Salt), and Kubernetes (Supervisor + VKS).

Design goals:

• Minimal hardware footprint — 3 nodes, no dedicated workload cluster
• Offline lifecycle management — no direct internet access from the VCF cluster
• BGP dynamic routing — full Tier-0 peering, no static routes
• Consumer hardware with lab-specific workarounds (vSAN ESA Mock VIB, AMD Ryzen patches)

Physical Topology

graph TB
    subgraph inet[Internet]
        ISP[ISP Uplink]
    end
    subgraph net[Physical Network]
        FW[Firewall / Router]
        SW[Core Switch]
    end
    subgraph vcf[VCF Cluster - 3 Nodes]
        H1[pgesxa1 - 10.200.1.220]
        H2[pgesxa2 - 10.200.1.222]
        H3[pgesxa3 - 10.200.1.224]
    end
    subgraph sup[Supporting Infrastructure]
        INF[DNS / NTP / Depot - 10.200.1.240]
        NAS[pgnas - NFS - 10.200.1.110]
        WIN[winsrv1 - Active Directory]
    end
    ISP --> FW
    FW --> SW
    SW --> H1
    SW --> H2
    SW --> H3
    SW --> INF
    SW --> NAS
    SW --> WIN
    style FW  fill:#1a3a3f,stroke:#62d6ec,color:#e4e3d9
    style SW  fill:#2a2a24,stroke:#7a7a6e,color:#e4e3d9
    style H1  fill:#2e2910,stroke:#9dd823,color:#e4e3d9
    style H2  fill:#2e2910,stroke:#9dd823,color:#e4e3d9
    style H3  fill:#2e2910,stroke:#9dd823,color:#e4e3d9
    style INF fill:#3a1f25,stroke:#ffb1c0,color:#e4e3d9
    style NAS fill:#1e2a0f,stroke:#9dd823,color:#e4e3d9
    style WIN fill:#3a1f25,stroke:#ffb1c0,color:#e4e3d9

VCF Cluster Hosts

Per-host spec:

• CPU: AMD Ryzen (16+ cores) — requires kernel workarounds for NSX Edge and Memory Tiering
• RAM: 128 GB — extended via vSAN ESA Memory Tiering (NVMe tier at 300%)
• Storage: vSAN ESA on NVMe — requires Mock VIB to pass HCL validation on consumer drives
• Network: 1GbE management (VLAN 201), 10GbE data/storage (VLANs 202–209, 250–251) — all ports trunked

Supporting Infrastructure

Network Architecture

VLAN & Subnet Schedule

Routing

The Tier-0 Gateway peers via BGP to both physical router uplinks (VLANs 250/251). No static routes are used for north-south traffic. NSX manages all East-West routing between segments.

Service Inventory

All services run in the 10.200.1.0/24 management VLAN unless noted. DNS is authoritative for pgnet.io via BIND 9 at 10.200.1.240.

VCF Core Stack

NSX Edge & Routing

Observability & Management

Automation & Platform

Storage

DNS & Identity

DNS

BIND 9 runs on 10.200.1.240 and is the sole authoritative resolver for pgnet.io.

• All VCF appliances, hosts, and services point to 10.200.1.240 as their primary DNS.
• SRV records and Kerberos lookups for pgnet.local / pggb.local are forwarded to the Active Directory DNS on winsrv1.

Identity

Authentication domain: pggb.local (Active Directory on winsrv1)

• Infrastructure FQDNs live in pgnet.io (managed by BIND 9).
• All user, service account, and SSO authentication is handled by pggb.local.
• ADCS on winsrv1 provides the certificate authority for wildcard and VCF-specific certificates.

NTP

10.200.1.240 also runs NTP. All hosts and appliances synchronise to this server to ensure consistent time across DNS, Kerberos, and VCF components.

Related Guides