vcf

Part 24 – Before You Deploy the Supervisor Cluster: Head Office vs Branch Office Domains

By Ash Thomas #

Before you hit “Enable Workload Management” and deploy the Supervisor Cluster, it helps to understand one thing clearly as people tend to overcomplicate this, so here’s the simple version — with an example that makes it click immediately.

Management Domain = Head Office

The Management Domain is basically the head office of your company.

It’s where all the decision-making systems live.

Think of this as the central hub. It runs the core services (vCenter, NSX, SDDC Manager) and sets the policies. Just like a head office, it’s where strategy and control live. The head office sets policies, manages the environment, and gives instructions. But it doesn’t deal with customers or day-to-day operations.

Same idea in VCF: The Management Domain controls everything, but doesn’t run your workloads or Kubernetes.

Workload Domain = Branch Office

A Workload Domain is like a branch office.

These are the places where the actual business happens.

Each workload domain hosts applications, VMs, or Kubernetes clusters. Like branch offices, they operate under the rules set by the head office but focus on execution

It has:

  • Its own staff (vCenter + ESXi cluster)
  • Its own building (compute + storage)
  • Its own wiring (NSX Edge nodes, Tier-0, Tier-1)
  • Its own daily operations (VMs, Kubernetes, apps)

Each branch office can run independently. If one branch goes down, head office still exists.
If head office updates a policy, all branches follow.

That’s exactly how VCF domains work.

So lets just branch it out to the NSX and see

Head office (Management Domain): NSX Manager

It defines rules and networking structure.

Branch office (Workload Domain): NSX Edge Nodes

They handle the actual traffic, routing, load balancing, and Kubernetes networking.

So the brains stay in head office, and the real “work” happens in each branch.

The Management Domain controls and manages the Workload Domains. Workload Domains don’t share routing, segments, or traffic with each other. Each one runs independently, just like separate branch offices.

Why this matters before enabling the Supervisor Cluster

When you deploy the Supervisor Cluster:

  • It only uses the Edge nodes in the Workload Domain
  • It only uses the Tier-0/Tier-1 in that WLD
  • It only uses kube networks, segments, and IPs in that WLD

The Management Domain is just the head office giving instructions.

So your mental model should be:

Management Domain = Head Office (control-plane)
Workload Domain = Branch Office (data-plane + workloads)

(Visited 20 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply