Reference

Workbook Cell Mapping

Maps intake-doc question IDs (A1, B7, …) to the section and field label inside the official VCF 9.1 Planning and Preparation Workbook. We don’t pin to spreadsheet coordinates (P6 style) because Broadcom shifts rows between workbook revisions — field labels are stable, coordinates are not.

Workbook reference: reference/vcf-9.1-planning-and-preparation-workbook.xlsx v1.9.1.001 (revision shown in sheet VCF & VVF Planning, cell P5). When Broadcom ships a new revision, replace the file under reference/ and re-validate this mapping against the new sheet/field labels in the same commit.

How the downstream tooling reads the workbook (named ranges)

VCF.JSONGenerator (see README Related tools) turns a filled workbook into VCF deployment JSON by reading the workbook’s defined names (named ranges) — not cells or labels. Concretely it collects:

  • every named range prefixed input* — the value fields (FQDN, IP, VLAN, CIDR, password, name, …). The pinned 9.1 workbook has ~2,338 of these.
  • every named range suffixed *chosen — the dropdown selections (deployment model, sizes, include/exclude, …). ~465 in 9.1.

Names are structured by area — input_mgmt_*, input_wld_*, input_cluster_*, input_flt_*, input_xreg_*, etc. (biggest sets: WLD ~1188, mgmt ~428, cluster ~218, fleet ~190). Named ranges move with their cell, so they survive Broadcom’s row shifts — which is why they’re the stable reference if you script against the workbook: populate these input_* / *_chosen named ranges and VCF.JSONGenerator consumes them directly.

Intake → named range (management domain) — first cut

Maps each management-domain intake ID to the workbook named range(s) it populates. {a,b} = brace expansion of a name family; per-AZ names show az1 and gain an az2 twin (on Configure Management Domain) when A13 = stretched. First cut — validate before wiring a generator. Sources: the module’s input* / *chosen read logic + a full defined-names export of the pinned 9.1 workbook.

IntakeNamed range(s)
A1vcf_version_chosen
A2mgmt_domain_deployment_type_chosen
A3mgmt_domain_chosen
A4sizing_vcf_deployment_model_chosen
A5sizing_vcf_deployment_size_chosen (drives mgmt_{set,vcenter,nsxt,vcfops}_appliance_size_chosen)
A6mgmt_domain_existing_{vcenter,nsx_manager,vcf_operations}_chosen
A7mgmt_principal_storage_chosen
A8mgmt_cl01_vsan_data_in_transit_chosen
A9mgmt_cl01_vsan_ftt_chosen
A10mgmt_nsx_overlay_transit_gateway_chosen
A11mgmt_dual_stack_networking_chosen
A12mgmt_vcf_management_network_chosen
A13mgmt_stretched_cluster_chosen
A14— implicit (which input_mgmt_az1_host{1..16}_* are filled)
A15— implicit (which input_wld* / cluster blocks are filled; see the Deploy Workload Domain / Deploy Cluster sheets)
A16mgmt_ceip_status_chosen
A17mgmt_domain_ops_automation_later_chosen, mgmt_domain_vcf_automation_later_chosen
B1input_mgmt_az1_mgmt_{vlan,mtu,gateway_cidr}
B2input_mgmt_az1_mgmt_vm_{vlan,mtu,gateway_cidr}
B3input_mgmt_az1_vcf_mgmt_{vlan,mtu,gateway_cidr}
B4input_flt_vcfms_node_pool_{start,end}_ip
B5input_flt_auto_node_pool_{start,end}_ip
B6input_mgmt_az1_vmotion_{vlan,mtu,gateway_cidr,pool_start_ip,pool_end_ip}
B7input_mgmt_az1_vsan_{vlan,mtu,gateway_cidr,pool_start_ip,pool_end_ip}
B8input_mgmt_az1_host_overlay_{vlan,mtu,gateway_cidr,pool_start_ip,pool_end_ip}; mgmt_host_overlay_addressing_chosen
B9input_mgmt_az1_edge_overlay_{vlan,mtu,cidr,gateway_ip,mask,pool_start_ip,pool_end_ip}
B10input_mgmt_az1_uplink01_{vlan,mtu,cidr,gateway_ip}, input_mgmt_az1_en{1,2}_uplink01_interface_cidr, input_mgmt_az1_tor1_peer_{ip,asn}
B11input_mgmt_az1_uplink02_{vlan,mtu,cidr,gateway_ip}, input_mgmt_az1_en{1,2}_uplink02_interface_cidr, input_mgmt_az1_tor2_peer_{ip,asn}
B12input_mgmt_en_asn
B13input_mgmt_az1_tor{1,2}_peer_asn
B14input_mgmt_az1_tor{1,2}_peer_bgp_password
B15mgmt_en0{1,2}_bfd_chosen
B16— (no named range; route policy is out of the JSON)
B17— (no named range; only the addressing-mode *chosen)
B18input_sftp_server{,_port,_protocol,_backup_dir,_passphrase,_sshfingerprint}
B19mgmt_internet_proxy{,_type,_auth}_chosen, input_mgmt_internet_proxy_{address,port,email,password}
B20input_mgmt_az1_dtgw_{vlan,gateway_cidr}
B22— (no named range; extra Tier-0 BGP neighbor)
C1/C2input_region_ad_parent_{fqdn,netbios}, input_region_ad_child_{fqdn,netbios}
C3— no mgmt range; DC FQDNs only for the Identity Broker Day-N component: input_flt_vidb_{primary,secondary}_domain_controller{,_port}
C5input_child_svc_vsphere_ad_{user,password}, input_child_svc_nsx_ad_{user,password}
C6input_gg_vcf_{admins,operators,viewers}_group (+ input_gg_{vc,nsx}_*_group)
C7input_region_dns{1,2}_ip
C8input_parent_dns_zone
C10input_region_ntp{1,2}_server
D1mgmt_signed_certs_chosen
D2input_certificate_authority_{fqdn,name}, input_ca_administrator_{username,password}
D3input_ca_{country,state,locality,organization,organization_unit,email_address,algorithm,key_size}
D4input_ca_template_name
D5/D6— no named range (SAN auto-derived from FQDNs; validity not captured)
E1input_vcf_instance_name
E2input_mgmt_sddc_domain
E3input_mgmt_az1_host{1..16}_{fqdn,mgmt_ip}
E4input_esxi_root_password
E6input_mgmt_vc_{fqdn,ip}
E7input_flt_def_sddc_mgr_fqdn; sddc_mgr_{fqdn,ip}
E8input_mgmt_nsxt_vip_{fqdn,ip}, input_mgmt_nsxt_mgr{a,b,c}_{fqdn,ip}
E9input_xreg_vrops_node{a,b,c}_{fqdn,ip}, input_xreg_vrops_virtual_{fqdn,ip}
E10input_xreg_vra_virtual_{fqdn,ip}, input_flt_auto_sr_fqdn
E11input_mgmt_az1_en{1,2}_{fqdn,mgmt_cidr}
E12input_mgmt_datacenter, input_mgmt_cl01_cluster, input_mgmt_cl01_vds0{1,2,3}_name, input_mgmt_cl01_az1_{mgmt,mgmt_vm,vcf_mgmt,vmotion,vsan}_pg
E14input_flt_lc_{fqdn,ip} (License), input_flt_vidb_vip_{fqdn,ip} + input_flt_ic_{fqdn,ip} (Identity Broker / Cloud Proxy), input_flt_sr_{fqdn,ip}
F2input_flt_def_administrator_vsphere_local_password
F3input_vcenter_root_password
F4sddc_mgr_{vcf,root,admin_local}_password
F5— no named range (only NSX Edge passwords exist, F8; mgmt NSX Manager appliance passwords not captured)
F6input_xreg_vrops_{admin,root}_password
F7input_xreg_vra_admin_password
F8input_mgmt_nsxt_en_{admin,root}_password
F10input_sftp_server_passphrase

Validated. Resolved: C8input_parent_dns_zone; D1D4 → the input_ca_* / input_certificate_authority_* block on Configure Management Domain. Confirmed absent (no named range): C3 DC FQDNs (only the Identity Broker Day-N input_flt_vidb_* fields exist), D5/D6 (cert SAN auto-derives from the FQDNs; validity not captured), F5 mgmt NSX Manager appliance passwords (only Edge input_mgmt_nsxt_en_*), B16 (route policy), B17 (DHCP scope), B22 (extra BGP neighbor). Day-2 (B21/E15) live on the Deploy Fleet Management Day-N sheet — the network fields there are input_xreg_* / input_flt_auto_*; the placement/method Select Option cells are not named ranges. Some passwords live on Value Reference Tables (sddc_mgr_*), not an input_* name.

Intake → named range (workload domain, section H) — first cut

The input_wld_* set is a single workload domain (not per-WLD-numbered) and mirrors the mgmt-domain layout (input_wld_az1_*, az2, cl01, nsxt, supvr, …). Fill it per WLD — repeat the block for each. Same conventions as above (az1/brace notation; az2 twins when stretched). First cut — validate before wiring a generator.

IntakeNamed range(s)
H1input_wld_sddc_domain (name); deployment type — no distinct *chosen found (see the Deploy Workload Domain sheet)
H2input_wld_vc_{fqdn,ip}, input_wld_sso_domain_name
H3shared vs new wld_bf_nsx_existing_chosen; size wld_nsxt_appliance_size_chosen; nodes input_wld_nsxt_mgr{a,b,c}_{fqdn,ip}; VIP input_wld_nsxt_vip_{fqdn,ip}
H4connectivity wld_cl01_nsxt_deployent_type_chosen; Distributed: input_wld_az1_dtgw_{vlan,gateway_cidr}, VNAs input_wld_vna{a,b}_{fqdn,ip,cidr}
H5enable wld_supervisor_chosen; input_wld_supvr_{name,api_server_fqdn,ip_address_range,nsx_project,vpc_connectivity_profile,cp_storage_policy,mgmt_dns_server,mgmt_ntp_server}
H6wld_principal_storage_chosen, wld_cl01_vsan_ftt_chosen, wld_cl01_vsan_dedupe_compression_chosen, input_wld_cl01_vsan_datastore
H7input_wld_cl01_cluster, input_wld_cl01_image_name, input_wld_az1_host{1..16}_{fqdn,mgmt_ip}
H8input_wld_az1_{mgmt,vmotion,vsan}_{vlan,mtu,gateway_cidr,pool_start_ip,pool_end_ip}
H9input_wld_cl01_vds0{1,2,3}_name; wld_cl01_vds_profile_chosen
H10input_wld_az1_host_overlay_{vlan,mtu,cidr,gateway_ip,pool_start_ip,pool_end_ip,uplink_profile_name}
H11wld_stretched_cluster_chosen; per-AZ twins input_wld_az2_*; witness input_wld_witness_{fqdn,ip,cluster,dns1_ip,dns2_ip}
H12input_wld_bf_vc_root_password, input_wld_administrator_vsphere_local_password, input_wld_esx_root_password, input_wld_bf_nsxt_{admin,audit,root}_password, input_wld_nsxt_en_{admin,root}_password

Not mapped (out of scope for a core WLD): optional-solution prefixes — input_srm_* / input_wld_vrms_* (Site Recovery / DR), input_ccm_* (Cross-Cloud Mobility), input_cbr_* (Cloud-Based Ransomware), input_k8s_* / input_vvs_* — populate only if those solutions are in use.

Sheet: VCF & VVF Planning

IntakeSheet sectionField label
A1VersionVMware Cloud Foundation
A2Deployment TypeOperation to be performed
A3Deployment TypeInstance to perform operation on

Sheet: Management Domain Sizing

IntakeSheet sectionField label
A5Scale OptionsSize
A4Scale OptionsDeployment model

Sheet: Deploy Management Domain

IntakeSheet sectionField label
G1Depot SettingsDepot Type
G4Depot SettingsOffline Depot - Hostname / Port
G2Depot SettingsDownload Service ID
G3Depot SettingsActivation Code
G5Depot SettingsEnable Proxy Server / Proxy FQDN / Port / Auth
A6Existing ComponentsI have an existing VCF Operations / vCenter / Auto
A4Scale OptionsDeployment model
A5Scale OptionsSize
A12Network OptionsVM mgmt network / VCF mgmt network
A11Network OptionsDual stack networking
A10Network Options — VPC GatewayTransit Gateway type
A7Storage OptionsStorage Option
A8Storage OptionsActivate vSAN Data-in-Transit encryption
A9Storage OptionsFailures to Tolerate
E1General InformationVCF Instance Name
E2General InformationManagement domain name
A16General InformationEnable CEIP
C8DNSDefault hostname DNS suffix
C7DNSServer #1 / Server #2
C10NTPServer #1 / Server #2
E4HostsESX Root Password
E3HostsHost #1..N FQDN
B1Networks — ESX ManagementVLAN ID / MTU / IPv4 gateway (CIDR)
B2Networks — VM ManagementVLAN ID / MTU / IPv4 gateway (CIDR)
B3Networks — VCF ManagementVLAN ID / MTU / IPv4 gateway (CIDR)
B4VCF Management Services IP RangeIPv4 address Range From / To
B5VCF Automation IP RangeIPv4 address Range From / To
B6vMotion NetworkVLAN / MTU / Gateway / Range From / To
B7vSAN NetworkVLAN / MTU / Gateway / Range From / To
B8Host Overlay NetworkVLAN ID / Gateway CIDR / IP Assignment (TEP): IP Pool (recommended) or DHCP / IP address Range From / To
B20VPC Gateway ConnectivityVLAN ID / Gateway CIDR IPv4 Address (Distributed only)
E6vCenterFQDN / IP
E7SDDC ManagerFQDN / IP
E8NSX ManagerVIP FQDN / VIP IP / Node 1..3 FQDN+IP
E9VCF OperationsPrimary / Replica / Data node FQDN; Load Balancer FQDN (optional)
E10VCF AutomationVCF Automation FQDN; VCF services runtime FQDN
E14VCF Management servicesCloud Proxy / License Server / Identity Broker / VCF services runtime FQDN
F1–F7PasswordsPer appliance

Sheet: Configure Management Domain

IntakeSheet sectionField label
C1–C2Identity SourcesDomain name / type
C3Identity SourcesDomain controller FQDN(s)
C4Identity Sources— (no workbook field — LDAPS reachability is a prerequisite check; see prerequisites.md)
C5Identity SourcesBind user / password
C6Identity SourcesAdmin / operator / viewer groups
D1–D6Certificate AuthorityCA settings, template, CSR method
B9NSX — Edge OverlayVLAN / MTU / Gateway / IP range
B10–B11NSX — Edge UplinksUplink-01 / Uplink-02 VLAN, IPs, peers
B12–B14NSX — BGPEdge AS / Peer AS / MD5 password
B15NSX — BGPBFD
B16NSX — BGPAdvertised / received routes
B22NSX — BGP (optional)No dedicated cell — additional Tier-0 uplink / BGP neighbor for public peering, configured in NSX post-bringup; plan in 01-network-dns-plan.md §B
E11NSX — EdgesEdge node 1 / 2 FQDN + IP
F8NSX — Edgesadmin / audit / root passwords
F9Identity SourcesSSO bind password
F10BackupsBackup encryption passphrase
B18BackupsSFTP host / port / account / path

Sheet: Deploy Workload Domain

IntakeSheet sectionField label
H1General InformationWorkload Domain Name / Deployment Type
H2vCentervCenter FQDN / SSO Domain Name
H3NSX Manager AppliancesAppliance 1–3 FQDN + IP / Cluster FQDN + Cluster IP
H4Configure Network ConnectivityCentralized / Distributed; VLAN / Gateway CIDR / Virtual Network Appliance 1–2 FQDN
H5vSphere SupervisorSupervisor Name / Service CIDR / Control Plane IP Range
H6StorageStorage Selection / Enable vSAN ESA / Storage Policy
H12Workload Domain PasswordsvCenter SSO + root; NSX admin / audit

Sheet: Deploy Cluster

Repeat per additional cluster. New VLANs/subnets per cluster come from 01-network-dns-plan.md.

IntakeSheet sectionField label
H7General / Host SelectionCluster Name / Image / Host FQDNs
H8Create Network PoolESX Mgmt / vMotion / vSAN / vSAN Storage Client networks (VLAN / MTU / Gateway / range)
H9Distributed SwitchPrimary / Secondary / Tertiary vDS name / MTU / uplinks / LAG
H10Transport Zones / Transport Node ProfileHost Overlay TEP VLAN / Static IP Pool CIDR + range / Uplink Profile
H11Stretched ClusterWitness host + VMkernel; AZ2 host networks; fault-domain mapping (see 03-multi-az-prep.md)

Sheet: Deploy Fleet Management Day-N

Fleet components deployed after bring-up (Day-2 / Day-N). Planned in 05-day2-deployments.md; the table below maps its decisions to this sheet. Also covers extra Ops / Automation nodes and federation driven by the platform roadmap (intake A15), captured in a follow-up session.

IDSheet field / tableField label
A17Fleet Components Deployment — Select OptionDeploy scope (Exclude / Deploy VCF Operations and Automation / Deploy VCF Automation) + Identity Broker + per-component Include/Exclude
E15Fleet Components Deployment — Select OptionNetwork placement (Shared / Dedicated Management Network / NSX Overlay Segment / NSX VLAN Segment) + deploy method; Installation Type (New / Import 8.x appliance)
B21localRegionNetwork / xRegionNetworknetworkName / subnetMask / gateway; ipPool #1–5; Cluster Cidr (default 198.18.0.0/15)
E10VCF Automation DeploymentVCF Automation FQDN; VCF services runtime FQDN; Node Prefix; IP addresses
E9VCF Operations DeploymentPrimary / Replica / Data node FQDN + IP; Load Balancer FQDN + IP; appliance size
E14Cloud Proxy / License Server / Identity BrokerFQDN + IP per appliance; Identity Broker provider + user/group provisioning
Deploy Log managementLog Management FQDN; node size; replica count; cluster VIP (sheet section label; a legacy “Deploy VCF Operations for Logs” TechDocs-link cell also remains on the sheet)
Deploy VCF Operations for NetworksPlatform + Collector node VM name / IP; deployment size; dual-stack
E16— (the workbook has no Avi input fields — only sizing rows in Management Domain Sizing; capture the controller nodes / VIP in the Step 1 plan + prerequisites.md)
F11— (Avi controller admin / VCF Ops admin passwords — password manager only; no workbook field)