VMware Cloud on AWS helps customers to leverage existing infrastructure investments while providing the scalability, agility, and security of AWS. In this session you will learn about the design considerations necessary for integrating your VMware Cloud on AWS Software-Defined Data Centers (SDDCs) with native AWS services and/or your on-premises data centers.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Haider Witwit
Sr. Solutions Architect, WWPS, Amazon Web Services
194344
Integrating with VMware Cloud on AWS

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key Takeaways for the Discussion Today
 Overview of VMware Cloud on AWS
 Technical Recap
 Connectivity Options
 Integration with Native AWS Services
 Demo

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Run workloads
on-premises
Run workloads
in the cloud
Tight integration
between
on-premises and
the cloud
Don’t have to buy
new hardware
What do customers really want for hybrid IT?

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Incongruent
networks
Operational
inconsistency
Learn new
skillsets & tools
Multiple control &
monitoring
mechanisms
Multiple virtual
machine formats
Common challenges with hybrid cloud adoption

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Leading compute, storage, &
network virtualization capabilities
Flexible consumption
economics
Support for broad
range of workloads
Broad set of
cloud services
De-facto standard
for the enterprise DC
De-facto standard
for the commercial cloud
v
v
Introducing VMware Cloud on AWS

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data Center Extension
Footprint Expansion
On-demand Capacity
Disaster Recovery
B
Cloud Migrations
Application Specific
Data Center Wide
Infrastructure Refresh
A
Next- Generation Apps
Application
Modernization
Next-Gen App Build Out
C
Expand
MaintainConsolidate Migrate Primary Secondary
Customer Decides and Places Workloads between On-Premises and AWS
VMware Cloud on AWS target use cases

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS global infrastructure
VMware Cloud on AWS
Customer
data center
AWS services
vCentervCenter
vSAN NSXvSphere
Hybrid
linked-mode
AWS
Lambda
Amazon
S3
Amazon
RDS
Amazon
Kinesis
Amazon
ML
Amazon
Redshift
Elastic
Network
Adapter
VMware vRealize Suite, PowerCLI AWS CloudFomration, CLI
On-Prem
VMware Cloud on AWS overview

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ESXi
NSX
vSphere
vSAN
Software Defined Data Center
Compute
• Bare Metal
• I3.16XL Equivalent
• 36 Cores/72 vCPUs
• 512GiB Memory
• 15TiB* NVMe All-Flash
Storage
• 25Gb ENA
Hypervisor
• ESXi
• 4 to 32 Host Cluster
• Maintained by VMware
• No SSH/Root
• No VIBs/Plugins
Storage
• vSAN
• Aggregate Instance
Storage
• All Flash
(Capacity/Cache)
• No EBS/EFS as shared
storage for hosts, but
VM’s can mount EFS
• VM Storage Policies
Network and Security
• NSX
• Logical Networks
• North/South Firewalling
• Compute/Management
Gateways
• IPSec Termination
• NAT
vSphere
• VMware Managed
• Delegated Permissions
• Hybrid Linked Mode
What is VMware Cloud on AWS?

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Account structure
VMware Cloud
SDDC account
Is owned, operated, and paid
Private to VMware Cloud SDDC
Full access to
A new AWS account to run
Owned, operated, and
for all

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CGW
ESXiESXiESXi
MGW
Management
vMotion
VMware vSphere Distributed Switch
vCenter
Infrastructure Subnet (Underlay) (Mgmt+vMotion)
Appliance Subnet
(Overlay)
ESXi
VMware Cloud VPC
Logical Net1 Logical Net2
Customer Owned
VPC
Subnet
XENI
Customer VPC VMware VPC
Amazon EC2
Bare Metal
Amazon EC2
Bare Metal
Amazon EC2
Bare Metal
Amazon EC2
Bare Metal
VPC
Subnet
VMware Software Defined Data Center (SDDC)

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting started
vmc.vmware.com
Create a New SDDC
• SDDC Name
• Specify AWS Account
• Management Network CIDR
• Number of Hosts (4 to 32)
• AWS Region (Oregon, Virginia,
London)
VMware Cloud on AWS Console
• my.vmware.com Credentials
• Organizations
• Identity and Access Management

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer
Data
Centers
VMware
Cloud SDDC
Customer-
Owned AWS
Account VPC ENIs for Compute Gateway
L2VPN
IPSec VPN x2
Direct Connect*
IPSec VPN
Direct Connect
Hybrid connectivity

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS SDDC Account
Host-1
Host-2
Host-3
Host-4
CGW
Customer Owned AWS Account
VPC Subnet 1 VPC Subnet 2
VM
Customer
Workloads
Amazon
Redshift*
Logical Network
Route Table
*example of AWS service with VPC access or private endpoint
EC2
X
SDDC to customer-connected VPC

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DLR
ESXi
VGW
Region A
SDDC
CGW
MGW
VMware ENI
VMware Cloud VPC
Connected VPC
Customer Managed
VPC1
VPC2
Region B
VPC3
VGW
VGW
Pros: Scalability
Cons: Limited logical
network
communications per
tunnel
SDDS to Many VPCs: Direct VPNs

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DLR
ESXi
VGW
Region A
SDDC
CGW
MGW
VMware ENI
VMware Cloud VPC
Connected VPC
Customer Managed
VPC1
VPC2
Region B
VPC3
VGW
VGW
EC2
VPN
Pros: Full logical
networks connectivity
Cons: Complexity,
VPN resiliency, cost
SDDS to Many VPCs: Transit VPC

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer
Data
Centers
VMware
Cloud SDDC
Customer-
Owned AWS
Account VPC ENIs for Compute Gateway
L2VPN
IPSec VPN x2
Direct Connect*
IPSec VPN
Direct Connect
Hybrid connectivity

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On-Premises
public endpoints
Customer
Router
AWS DX
Router
Region A
SDDC
VLAN 1
PRIV-VIF
VLAN 2
VLAN 3
Direct Connect
DLR
ESXi
CGW
MGW
VGW
VGW
Customer VPC
Direct Connect integration

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS DX
Router
On-Prem
DX Private VIF
L3 VPN
vMotion
Management
L2 VPN
Customer
Router
AWS Region
CGW
ESXi ESXi ESXi
VMware vSphere Distributed Switch
Management
vMotion Data
(VXLAN)
AWS Direct
Connect
ESXi*ESXi*ESXi*
MGW
Management
vMotion
VGW
VMware vSphere Distributed Switch
vMotion+Mgmt
over DX Private VIF
(Req#1)
MGW Management Edge Gateway
CGW Compute Edge Gateway
EC2 Amazon Elastic Compute Cloud
* Diagram does not represent number of ESXi hosts
vCenter
vCenter
VMware Cloud VPC
EC2* EC2* EC2*
Infrastructure (Underlay) (Mgmt+vMotion)
Appliance Subnet
(Overlay)
NSX
Edge
Meet vMotion requirement with DX

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Integration with Native AWS
Services

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway Endpoints
VPC Interface Endpoints
AWS services with VPC access mode

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway Endpoints
VPC Interface Endpoints
AWS services with VPC access mode

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWSCustomer AWS Account
Amazon S3
VPC Endpoint
ENI
IGW
Amazon S3

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway Endpoints
VPC Interface Endpoints
AWS services with VPC access mode

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CGW
ESXi
VMware Cloud VPC
ENI
Customer VPCVPC
VPC endpoint
network Interface
Instances
Service Consumer Consumer
NLB AWS
Directory
Services
AWS PrivateLink

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What does PrivateLink provide?
• AWS Services:
• Amazon CloudWatch Logs
• AWS CodeBuild
• Amazon EC2 API
• Elastic Load Balancing API
• AWS Key Management Service
• Amazon Kinesis Data Streams
• AWS Service Catalog
• Amazon SNS
• AWS Systems Manager
• Endpoint services hosted by other AWS accounts
• Supported AWS Marketplace partner services

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Resource Groups
• Insights Dashboard
• Inventory
• Automation
• Run Command
• Patch Manager
• Maintenance Window
• State Manager
• Parameter Store
For both EC2 and VMware VMs
AWS Systems Manager

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CGW
ESXi
VMware Cloud VPC
ENI
Customer VPCVPC
VPC endpoint
network Interface
Amazon EC2
Systems Manager
Consumer Consumer
NLB AWS
Directory
Services
Amazon Managed
Agent Agent
PrivateLink: AWS Services

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CGW
ESXi
VMware Cloud VPC
ENI
Customer VPCVPC
VPC endpoint
network Interface
Instances
Service
Provider
Consumer Consumer
NLB
1. Create NLB for the application
2. Create VPC endpoint service
3. Grant permissions for consumer
4. Consumer create endpoint interface
5. Activate the connection
1
2 3
4
5
PrivateLink: Customer endpoint services

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CGW
ESXi
VMware Cloud VPC
ENI
Customer VPCVPC
VPC endpoint
network Interface
Instances
AWS
Marketplace
Consumer Consumer
NLB
PrivateLink: AWS Marketplace products

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway Endpoints
VPC Interface Endpoints
AWS services with VPC access mode

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
• Amazon RDS
• Amazon Redshift
• AWS Lambda
• Amazon EFS
• Amazon WorkSpaces
• Amazon ECS
And others..
AWS Services with VPC access

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VM VM
CGW
VMware Cloud on AWSCustomer AWS Account
ENI
RDS
Logical Network
Amazon RDS

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway Endpoints
VPC Interface Endpoints
AWS services with VPC access mode

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account
Customer
AWS Account
ALBIGW
IP Target Group
• 172.31.1.100
• 172.31.1.101
WAF
Visitor
ENIShield
CloudFront
Route 53
Amazon ALB

35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CGW
ESXi
EC2
VMware Cloud VPC
Customer Managed
ENI
Connected VPC
WorkSpaces
Workspaces VPC
AWS Managed VMware Managed
eth1
eth0
user
PCoIP
(SSL)
AWS
Directory
Services
On-Prem
Internet
Data
AWS Direct Connect
Amazon Worspaces

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Demo Time

37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS - More Information
For product information, pricing, and more:
https://cloud.vmware.com/vmc-aws
To keep up to date on the VMware Cloud on AWS Roadmap:
https://cloud.vmware.com/vmc-aws/roadmap
Follow us on AWS:
https://aws.amazon.com/vmware/

38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session survey in
the Summit mobile app.

39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!