Setting Up an Oracle Cloud VMware Solution SDDC

This topic includes information and instructions for provisioning a software-defined data center (SDDC) by using the Oracle Cloud Infrastructure Console or the API.


Avoid entering confidential information when assigning descriptions, tags, or friendly names to your cloud resources through the Oracle Cloud Infrastructure Console, API, or CLI.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  you should work in.


  • An existing VCN with an IP address CIDR size of /22 or larger available for running the SDDC.
  • We recommend that you set up connectivity between the VCN and your on-premises network before provisioning your SDDC. See Access to Your On-Premises Network.
  • If you do not plan to use the workflow to create an SDDC, ensure that you configure the SDDC's networking resources with the security rules detailed in Security Rules for Oracle Cloud VMware Solution SDDCs. Otherwise, provisioning the SDDC will fail.

If you do not yet have a VCN for your SDDC, you can quickly create one and set up an IPSec VPN between your on-premises network and the VCN by using the VPN Connect workflow. See VPN Connect Quickstart to learn how.

Using the Console

The Create SDDC workflow can create the required networking resources for you (recommended), or you can create them yourself and then select them in the workflow. If you plan to select existing networking resources for your SDDC, ensure that you create them before you start the workflow. The following networking resources are required:

To create an SDDC
  1. Open the navigation menu. Under Solutions and Platform, click VMware Solution.
  2. Click Create SDDC.
  3. Provide basic information for the SDDC:

    • SDDC Name: A descriptive name for the SDDC. This name must be unique among all SDDCs in the creating, active, or updating state across all compartments in the region. Avoid entering confidential information.


      Unlike most display names in the Oracle Cloud Infrastructure Console, this name has the following additional requirements because it is used by vCenter to build URLs:

      • It must be from 1-16 characters long and must start with a letter
      • It can contain only alphanumeric characters and hyphens (-), and hyphens cannot be next to each other

      This name is not case sensitive. For example, "test" and "Test" are treated as the same name.

    • SDDC Compartment: The compartment in which to create the SDDC. All ESXi hosts for this SDDC will be placed in this compartment.
    • Enable HCX: Select this checkbox to have the workflow install the HCX Manager plugin and integrate it with vCenter in the SDDC. You cannot install this plugin later.
    • VMware Software Version: The version of VMware software to install on the ESXi hosts. While the VMware software bundle includes vSphere, vSAN, NSX, and vCenter components, the version you specify here is the version of vSphere. Compatible versions of the other components are installed with the version of vSphere you select. See About the VMware Software for details about the vSAN, NSX, or vCenter component versions installed. You can change this software version after provisioning.
    • Number of ESXi Hosts: The initial number of ESXi hosts to create. Specify at least 3 and at most 64 hosts.
    • Prefix for ESXi Hosts: (Optional) You can enter a prefix to use for the names of the ESXi hosts to help identify them. This string has the same criteria as the SDDC name. It must be from 1-16 characters long, must start with a letter, and can contain only alphanumeric characters and hyphens (-). Avoid entering confidential information.
    • SSH Key: Provide the public key portion of the SSH key. This key is required for remote connections to the ESXi hosts.
    • Availability Domain: The availability domain in which to create the SDDC. ESXi hosts in the SDDC are distributed across the fault domains in the availability domain to ensure high availability. The management subnet and VLANs for this SDDC must be in this same availability domain.
    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, then skip this option (you can apply tags later) or ask your administrator. To see the tagging options, click Show Advanced Options. The tags you specify are applied to all of the resources in the SDDC.
  4. After you complete the Basic Information page, click Next to advance to the SDDC Networks page.
  5. Choose a VCN for the SDDC. The VCN can be in a different compartment than the SDDC and its ESXi hosts.
  6. If you enabled HCX in step 3, the selected VCN must have a NAT gateway attached to it.
    • If a NAT gateway already exists for the VCN, the name, compartment, and public IP address information is displayed.
    • If there is no NAT gateway attached to the selected VCN, the workflow creates one for you. Enter a name and select a compartment for the NAT gateway.
  7. Select whether the workflow should create the network resources for this SDDC (recommended) or use existing network resources that you specify.

    To have the workflow create the network resources:

    1. Click Create New Subnet and VLANs.
    2. Enter an available CIDR block in your selected VCN for the SDDC management CIDR. The workflow divides this CIDR into eight equal segments to use for the provisioning subnet and the seven required VLANs. If you are enabling HCX, the segment for the vSphere VLAN is further divided into two equal segments, one for vSphere and the other for HCX.The size must be at least /22 to allow the maximum of 64 ESXi hosts to each have their own IP address.
    3. Click Check Availability to ensure that CIDR block is available in the selected VCN. The check scans all subnets and VLANs in all compartments of the VCN.

      You can show or hide details for the subnet and VLANs the workflow will create. Details include the route table and security list for the subnet, and the route table and NSG for each VLAN.

      If you have enabled HCX, an additional route rule is created to allow traffic from the vSphere VLAN to the NAT gateway.

    To use existing network resources:

    1. Click Select Existing Subnet and VLANs.
    2. Choose the compartment and provisioning subnet for your SDDC's management network. You cannot change the subnet after provisioning.

      The CIDR value shown is the private address space for your chosen subnet.

    3. Choose the compartment and VLAN for each function of your SDDC's management network.

      The VLAN Gateway CIDRs shown are the CIDR blocks from which to derive IP addresses for each VLAN's layer 3 traffic. These CIDR blocks also provide the private IP addresses Oracle uses as attachment objects for public IP addresses when EXSi hosts require internet access.

      • NSX Edge Uplink 1: Uplink used for communication between the VMware SDDC and Oracle Cloud Infrastructure.
      • NSX Edge Uplink 2: Reserved for future use to deploy public-facing applications on the VMware SDDC.
      • NSX Edge VTEP: Used for data plane traffic between the ESXi host and NSX Edge.
      • NSX VTEP: Used for data plane traffic between ESXi hosts.
      • vMotion: Used for vMotion (VMware migration tool) management and workload.
      • vSAN: Used for vSAN (VMware storage) data traffic.
      • vSphere: Used for management of the SDDC components (ESXi, vCenter, NSX-T, and NSX Edge).

        If you checked the Enable HCX checkbox, verify that the VLAN selected for vSphere contains a route table rule that allows traffic to the NAT gateway. See Managing Layer 2 Networking Resources for an SDDC for more information.
      • HCX: Used for HCX traffic. This VLAN appears only if you checked the Enable HCX checkbox.
  8. (Optional) Provide an SDDC workload CIDR block for the workflow to create an initial logical segment for your VMs. The value must be /30 or larger and must not overlap with the VCN or the SDDC network CIDRs. Note that you can add network segments for the SDDC in NSX Manager after the SDDC is provisioned.

  9. Click Next to review the summary of settings for creating the SDDC.

    If you need to make changes, click Edit Basic Information or Edit SDDC Networks to return to a page, and update the settings, as applicable.

  10. When you are satisfied with the summary information, click Create SDDC.

    The page shows the provisioning status of each resource.

    When provisioning is complete, the SDDC's details page includes a username and an initial password that lets you access the vCenter management utility for the SDDC.


    The password value displayed in the Oracle Cloud Infrastructure Console is not updated with your current password after you change it.
  11. (Optional) You can check the status of provisioning by viewing its work request item from the SDDC's details page, under Resources.

    Provisioning takes approximately two and a half hours to complete.

    If errors occur, you can click Retry Provisioning. Clicking Cancel Provisioning cancels the provisioning process and deletes all resources created for the SDDC.

What's Next?

After you provisioning your SDDC, you might want to perform some of the following tasks:

  • Configure network connectivity between the SDDC and resources in your on-premises network, the Oracle Services Network, the internet throught a NAT gateway, or other resources in the VCN. See Configuring Networking Connectivity for an SDDC for information and instructions.
  • Modify resources or properties of your SDDC. For example, add ESXi hosts. See Managing Oracle Cloud VMware Solution SDDCs.
  • Create VMs in your SDDC or perform other VMware tasks. To do so, you can log into vCenter by using the vSphere Client link from the detail page of the SDDC.