VMware Cloud on AWS provides a VMware software-defined data center delivered as a service on AWS infrastructure. It allows customers to run applications using VMware technologies like vSphere, vSAN and NSX in AWS without having to manage underlying hardware. Key features include dynamic capacity, software-defined data center capabilities, and integration with AWS services. The document discusses the architecture, account structure, connectivity options, use cases and resources for VMware Cloud on AWS.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Aarthi Raju
Partner Solutions Architect, Amazon Web Services
VMware Cloud on AWS – Technical
Deep Dive

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Common challenges with hybrid cloud adoption
Incongruent
Networks
Operational
Inconsistency
Learn New
Skillsets & Tools
Multiple Control &
Monitoring
Mechanisms
Multiple Virtual
Machine Formats

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
On-Demand, VMware Software Defined
Datacenter Delivered as a Cloud Service
ESXi
NSX
vSphere
vSAN
Latest Software
vCSA, ESXi, NSX, vSAN, Managed by VMware
Dynamic Capacity
DRS/HA Compute Cluster (Intel x86)
VSAN Storage Cluster (NVMe Flash)
NSX Network Virtualization (ENA)
Software Defined Data Center
AWS Global Infrastructure

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
Compute
• Bare Metal
• I3.16XL Equivalent
• 36 Cores/72 vCPUs
• 512GiB Memory
• 15TiB* NVMe All-Flash
Storage
• 25Gb ENAESXi
NSX
vSphere
vSAN
Software Defined Data Center
Hypervisor
• ESXi
• 4 to 32 Host Cluster
• Maintained by VMware
• No SSH/Root
• No VIBs/Plugins
Storage
• vSAN
• Aggregate Instance
Storage
• All Flash
(Capacity/Cache)
• No EBS/EFS
• VM Storage Policies
Network and Security
• NSX
• Logical Networks
• North/South
Firewalling
• Compute/Management
Gateways
• IPSec Termination
• NAT
vSphere
• VMware Managed
• Delegated Permissions
• Hybrid Linked Mode

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
ESXi
NSX
vSphere
VSAN
Software Defined Data Center
ESXi
vSphere vCentervCenter
Customer
Data Center
AWS Global Infrastructure

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS - Account Structure
VMware Cloud
SDDC account
• Is owned, operated, and paid
• Private to VMware Cloud SDDC
• Full access to the
• A new AWS account to run SDDC resources
• Is owned, operated, and paid directly by VMware
• Is single tenant for all SDDC resources

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting started
vmc.vmware.com
Create a new SDDC
• SDDC Name
• Specify AWS account
• Management network CIDR
• Number of Hosts (4 to 32)
• AWS Region (Oregon, Virginia,
London)
VMware Cloud on AWS Console
• my.vmware.com credentials
• Organizations
• Identity and Access Management

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connecting to an AWS Account
IAM
Cross Account
Role
AWS
Managed Policy
Customer-Owned
AWS Account
CloudFormation
Template
VMware Cloud on AWS
SDDC Account Customer
IAM UserVMware Cloud
Management Services
vmc.vmware.com

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Accessing VMware Cloud on AWS
• Hybrid Linked-Mode
• Logical network configuration
• Virtual machine administration
• VM storage policies
• Add and remove ESXi hosts
• Console user and role management
• Firewall configuration
• EIP and NAT configuration
• VPN connectivity
vmc.vmware.com
vSphere H5
Web Client

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS: Overlay
VMware Cloud on
AWS SDDC Account
NSX
VCSA
NSX
MGR
Management Gateway
(MGW)
Compute Gateway
(CGW)
VM VM
Management Customer Workloads

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer AWS account connectivity
VMware Cloud on
AWS SDDC Account
Host-1
Host-2
Host-3
Host-4
CGW
Customer Owned
AWS Account
VPC Subnet 1 VPC Subnet 2
VM
Customer
Workloads
Amazon
Redshift
Logical Network
Route Table

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid connectivity pattern
Customer
Datacenters
VMware
Cloud SDDC
Customer
Owned AWS
Account VPC ENIs for Compute Gateway
L2VPN
IPSec VPN
Direct Connect
IPSec VPN
Direct Connect

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On-Premises connectivity
Customer Data Center
Compute Clusters
VM
vSphere
VM
Management
vSphere
NSX
MGR
CGW
VM
Management
Logical Network 1
VM
MGW
IGW
Internet
Direct
Connect
VMK
VMware Cloud on
AWS SDDC
VGW

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-region
172.29.1.0/24
MS
SQL
MS
SQL
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account
Customer
AWS Account
Amazon
Redshift
Customer
AWS Account
172.28.1.0/24
US-WEST-2 CA-CENTRAL-1
App1
App1
IPSec
VPN

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting workloads with native AWS services
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account
Customer
AWS Account
ALBIGW
IP Target Group
• 172.31.1.100
• 172.31.1.101
WAF
Visitor
ENIShield
CloudFront
Route 53

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Backup and File Storage
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account Customer
AWS Account
Amazon S3
VPC Endpoint
ENI
Amazon EFS

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware
Cloud ENI
Customer Data
Center
IGW
DMZ-Out(Public)
VPC S3
Endpoint
Amazon
CloudWatch
AWS
CloudTrail
Amazon
S3
ESXi ESXi ESXi ESXi
Resource Pool
DMZ-In
(Private)
App(Private)
DMZ-Out
(Public)
IGW
Compute
Gateway
Compute
Gateway
Management
Gateway
OS
RWP
OS
DB2
OS
APP2
OS
DB1
OS
APP1
VMware Cloud on AWS - Base Topology
AWS Region Services
Amazon EC2
AZ A AZ B AZ C
VMware Cloud VPC AWS Customer VPC
Reverse Web Proxy

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS – Sample Hybrid Architecture
VMware Cloud VPC
ESXi
Amazon EC2
ESXi ESXi ESXi
Resource Pool
RDS
Aurora
(shared)
AWS Customer VPC
AZ A AZ B AZ C
OS
DB1
Customer Data
Center
Route53
SSL Encrypted
Traffic
OS
APP2
OS
APP1
OS
RWP
DMZ-Out(Public)
DMZ-In
(Private)
App(Private)
DMZ-Out
(Public) ACM
ELB
NFS S3-backed
Cluster File System
Reverse Web Proxy &
Application Load-
Balancer
OS
APP2
OS
APP2
OS
VMware
Cloud ENI
IGWIGW
Compute
Gateway
Compute
Gateway
Management
Gateway
VPC S3
Endpoint
Amazon
CloudWatch
AWS
CloudTrail
Amazon
S3
AWS Region Services
OS
DB2
Reverse Web Proxy

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer Use-cases
Data Center Extension
Footprint Expansion
On-demand Capacity
Test/Dev
Expand
Maintain
Disaster Recovery
Protect Additional
Workloads
DR Data Center
Replacement
Add or Modernize DR
Solutions
Primary Secondary

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DR as a service with Site Recovery Manager
OVERVIEW OF GOALS

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Migrations
Application Specific
Data Center Wide
Infrastructure Refresh
Consolidate Migrate
Customer Use-cases
Data Center Extension
Footprint Expansion
On-demand Capacity
Test/Dev
Expand
Maintain
Disaster Recovery
Protect Additional
Workloads
DR Data Center
Replacement
Add or Modernize DR
Solutions
Primary Secondary

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Let us vMotion

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Expanding support by 3rd party technology partners
Data Protection
Storage
…
Data Services
Direct Connect
Networking
Key Management
…
Security
…
TCO Assessment
Cloud Migration
…
Cloud Planning
DevOps
…

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS Resources
VMware Cloud Home:
https://cloud.vmware.com/vmc-aws/
https://aws.amazon.com/vmware/
VMware Cloud Blog:
https://blog.cloud.vmware.com
YouTube Channel:
https://www.bit.ly/vmwarecloudyoutube

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!