VMware Cloud on AWS enables you to migrate existing workloads to the AWS Cloud quickly by using tools you are already familiar with. VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based solution. Sold and operated by VMware, the solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. This session uses practical, real-world customer deployment examples to dive deep on hybrid cloud network connectivity, data protection best practices, and AWS native service integrations.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Aarthi Raju
Partner Solutions Architect, Amazon Web Services
SRV320
VMware Cloud on AWS – Technical
Deep Dive
Zack Milem
Cloud Solutions Architect, Trend Micro

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Common challenges with hybrid cloud adoption
Incongruent
networks
Operational
inconsistency
Learn new skill
sets & tools
Multiple control &
monitoring
mechanisms
Multiple virtual
machine (VM)
formats

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
On-demand, VMware software-defined
data center delivered as a cloud service
ESXi
NSX
vSphere
vSAN
Latest Software
vCSA, ESXi, NSX, vSAN, Managed by
VMware
Dynamic Capacity
DRS/HA compute cluster (Intel x86)
VSAN storage cluster (NVMe Flash)
NSX network virtualization (ENA)
Software-defined data center
AWS Global Infrastructure

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
Compute
• Bare Metal
• I3.16XL Equivalent
• 36 Cores/72 vCPUs
• 512 GiB Memory15TiB*
• NVMe All-Flash Storage
• 25 Gb ENA
ESXi
NSX
vSphere
vSAN
Software-defined data center
Hypervisor
• ESXi
• 4–32 Host Cluster
• Maintained by VMware
• No SSH/Root
• No VIBs/Plugins
Storage
• VSAN
• Aggregate Instance
Storage
• All Flash
(Capacity/Cache)
• No EBS/EFS
• VM Storage Policies
Network and Security
• NSX
• Logical Networks
• North/South Firewalling
• Compute/Management
Gateways
• IPsec Termination
• NAT
vSphere
• VMware Managed
• Delegated Permissions
• Hybrid Linked Mode

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
ESXi
NSX
vSphere
vSAN
Software-defined data center
ESXi
vSphere vCentervCenter
Customer
data center
AWS Global Infrastructure

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting started
vmc.vmware.com
Create a new SDDC
• SDDC name
• Specify AWS account
• Management network CIDR
• Number of hosts (4 to 32)
• AWS Region (Oregon, Virginia,
London)
VMware Cloud on AWS Console
• my.vmware.com credentials
• Organizations
• Identity and Access Management

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connecting to an AWS Account
IAM
cross account
role
AWS
managed policy
Customer-owned
AWS account
AWS CloudFormation
template
VMware Cloud on AWS
SDDC account Customer
IAM userVMware cloud
management services
vmc.vmware.com

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Accessing VMware Cloud on AWS
• Hybrid Linked-Mode
• Logical network configuration
• Virtual machine administration
• VM storage policies
• Add and remove ESXi hosts
• Console user and role management
• Firewall configuration
• EIP and NAT configuration
• VPN connectivity
vmc.vmware.com
vSphere H5
Web Client

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS: Overlay
VMware Cloud on
AWS SDDC account
NSX
VCSA
NSX
MGR
Management Gateway
(MGW)
Compute Gateway
(CGW)
VM VM
Management Customer workloads

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer AWS account connectivity
VMware Cloud on AWS
SDDC account
Host-1
Host-2
Host-3
Host-4
CGW
Customer-owned
AWS account
VPC subnet 1 VPC subnet 2
VM
Customer
workloads
Amazon
Redshift
Logical network
Route table

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid connectivity pattern
Customer
data centers
VMware
Cloud SDDC
Customer-
owned AWS
account VPC ENIs for Compute Gateway
L2VPN
IPsec VPN
AWS Direct Connect
IPsec VPN
AWS Direct Connect

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On-premises connectivity
Customer Data
Center
Compute Clusters
VM
vSphere
VM
Management
vSphere
NSX
MGR
CGW
VM
Management
Logical Network 1
VM
MGW
IGW
Internet
Direct
Connect
VMK
VMware Cloud on
AWS SDDC
VGW

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-region
172.29.1.0/24
MS
SQL
MS
SQL
CGW
Logical network
172.31.1.0/24
VMware Cloud on AWS
SDDC account
Customer
AWS account
Amazon
Redshift
Customer
AWS account
172.28.1.0/24
US-WEST-2 CA-CENTRAL-1
App1
App1
IPsec
VPN

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud migrations
Application-specific
Data center-wide
Infrastructure refresh
Consolidate Migrate
Customer use cases

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Running SQL Server on VMware Cloud on AWS
Driver VM Driver VM
SQL Server
Database VM
SQL Server
Database VM
OLTP Benchmark Users
(Hundreds Simulated)
4-nodeVMware Cloud on AWS
SDDC Cluster

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SQL Server Performance Results

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Let us vMotion

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud migrations
Application-specific
Data center-wide
Infrastructure refresh
Disaster recovery
Protect additional
workloads
DR data center
replacement
Add or modernize DR
solutions
Consolidate Migrate Primary Secondary
Customer use cases

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DR as-a-service with Site Recovery
Manager
Overview of goals

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data center extension
Footprint expansion
On-demand capacity
Test/Dev
Cloud migrations
Application-specific
Data center-wide
Infrastructure refresh
Disaster recovery
Protect additional
workloads
DR data center
replacement
Add or modernize DR
solutions
Expand
MaintainConsolidate Migrate Primary Secondary
Customer use cases

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Who is Trend Micro?
• Thirty years of innovation
• Information security company
• Global customer base
• >6,000 employees in over 50
countries
• Development and data centers
around the world

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
We are just like any other company

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key challenges & considerations
• Making the journey to the cloud
• Resource constraints
• Skills and efforts to re-architect
• User demand for IT capacity and timely delivery
• Unified view and security across data center and public clouds

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Previous configuration
Americas-East
Compute clusters
VM
vSphere
VM
Internet
Europe
Compute clusters
VM
vSphere
VM
Compute clusters
VM
vSphere
VM
Americas-West
vRealize
automation

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
With VMware Cloud on AWS expansion
Americas-East
Compute clusters
VM
vSphere
VM
Europe
Compute clusters
VM
vSphere
VM
Compute Clusters
VM
vSphere
VM
Americas-West
vRealize
automation
VMware Cloud on
AWS SDDC
NSX
MG
R
CGW
VM
Management
Logical network 1
VM
MGW
Internet
gateway

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Advantages we have found
• Ability to use employee core competencies of VMware knowledge
• Much quicker to extend current application pools than to do full cloud
migration
• By having on-demand workloads extending, we have become free to work
on other projects
• Consistent central management and security across data center and multi-
cloud environments (VMware and AWS tools + Trend partnership)

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lessons we have learned
• Time to launch SDDC is similar to building out an application stack
• The first time we launched, we needed to learn the complexities of
NSX VPN service
• Preparing ahead of time by reading the documentation and using
VMware support as needed makes it an easy process

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Expanding support by third-party technology partners
Data Protection
Storage
…
Data Services
Direct Connect
Networking
Key Management
…
Security
…
TCO Assessment
Cloud Migration
…
Cloud Planning
DevOps
…

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS resources
VMware cloud home:
https://cloud.vmware.com/vmc-aws/
https://aws.amazon.com/vmware/
VMware cloud blog:
https://blog.cloud.vmware.com
YouTube channel:
https://www.bit.ly/vmwarecloudyoutube
Trend Micro:
https://www.trendmicro.com/vmware/cloud

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session survey in
the summit mobile app.

32. Submit session feedback
1. Tap the Schedule icon. 2. Select the session
you attended.
3. Tap Session
Evaluation to submit your
feedback.

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!