This document provides an overview of compute, storage, networking, and operations features of VMware Cloud on AWS SDDC. It discusses the i3.metal and i3en.metal host types, vSAN configuration and storage options, elastic DRS and automated host replacement. Key highlights include up to 48 cores and 48TB of raw storage per i3en host, encryption at rest using AWS KMS, and ability to scale clusters automatically based on utilization.

1. Confidential │ ©2021 VMware, Inc.
SDDC Features and
Operations
VMC on AWS SDDC
November 2021

2. Confidential │ ©2021 VMware, Inc. 2
Agenda Compute Features
Storage Features
Networking & Security Features
Basic Operations
Visibility & Troubleshooting

3. Confidential │ ©2021 VMware, Inc. 3
Compute Features
VMC on AWS SDDC

4. Confidential │ ©2021 VMware, Inc. 4
AWS Bare-metal Host Instance Types
Typical Use Case General purpose Clusters Storage bound clusters
Suitable for
Workloads with high transaction rates
• Databases used in OLTP
• High-speed analytics
Workloads with high storage capacity needs and high transaction rates. E.g.,
• NoSQL Databases
• Distributed File Systems
• Data Warehouse with high random I/O
Compute
CPU Type Intel® Xeon® Broadwell Intel® Xeon® Cascade Lake
CPU Cores 36 Cores @ 2.3Ghz 48 Cores @ 2.5Ghz
Hyperthreading enabled by default
Memory
RAM 512 GiB 768 GiB
Storage
Type vSAN with Local NVMe Flash
Compression and Deduplication enabled
vSAN with Local NVMe SSD (checksum only)
Compression enabled and Deduplication disabled
Capacity Tier 10.3 TiB (raw storage capacity) ~45 TiB (raw storage capacity)
Network
Physical Speed 25 Gbps 25 Gbps w native encryption at NIC-level for east-west traffic
For identifying the right host types for specific scenarios, please use the VMware Cloud on AWS Sizer
i3.metal
vSAN
…
i3en.metal
vSAN
…

5. Confidential │ ©2021 VMware, Inc. 5
VMware Cloud on AWS running on i3en.metal instances powered by 2nd Generation Intel® Xeon® Scalable processors, include new
capabilities that provide an enhanced solution for disaster recovery and migrating application to the cloud.
 Intel® Mesh architecture optimizes data sharing and memory access between all vCPUs to fully take advantage of the 1.5x more
RAM and 4.3x more raw storage capacity (as compared to i3) while delivering consistent, low latencies.
 VMware vSphere® vMotion® allows live migration of VMs from one Intel host to another with zero downtime
 I3en instances deliver 4x the raw storage capacity at roughly half the cost per GB of storage per host compared to previous
offerings, making them ideal for disaster recovery and other storage-demanding use cases.
 Double orders per minute on scaled up i3.en instances running SQL Server: https://www.vmware.com/techpapers/2020/sqlserver-
vmconaws-i3en-perf.html
 Double the Oracle database operations per minute in a scale out scenario: https://www.vmware.com/techpapers/2020/oracle-vmc-aws-
i3en-perf.html
I3en
Instance Type

6. Confidential │ ©2021 VMware, Inc. 6
• Increased deployment flexibility
• Specify just the number of CPU
cores you need per host (applied
cluster wide)
• Reduce costs for running
mission-critical applications
licensed per-core
Custom CPU Core Counts
Regular Cluster “Custom” Cluster
…
…

7. Confidential │ ©2021 VMware, Inc. 7
Further broadens access of the service and reduces minimum cluster size
requirement for persistent environments
Supports:
• Storage policies: RAID-1 and FTT 1
• EDRS Default Storage Scale-Out Policy only
• Easy scale up from 2 to 3 hosts using add host functionality
• VMware Site Recovery
• Horizon 7 VDI workloads
• Offered with production SLA
2-host cluster with i3 & i3en.metal
33% lower cost of getting started with
production i3.metal single-AZ VMware
Cloud on AWS
environments
i3.metal Production Cluster Minimum
Minimum Sized production environment

8. Confidential │ ©2021 VMware, Inc. 8
Stretched Cluster Support
eDRS Default Storage, Performance, Cost, and Rapid Scale-Out
Policies
Available in all regions
Custom CPU Count feature available
Scale-up and Scale-down (down to 3 hosts)
3+ Hosts – i3 and i3en
Stretched Cluster support
eDRS Default Storage Policy
Available in all regions
2-Host i3 Secondary Clusters support custom CPU Core count of
16 & 36
2-Host i3en Secondary Clusters support custom cores of
16,24,30,36,48
Scale-up only
2-Host SDDC
Integrated AI acceleration for inference w/ Intel® Deep
Learning Boost (with hardware platform v17
Differences
2-Host vs 3+ Host SDDC

9. Confidential │ ©2021 VMware, Inc. 9
vSphere Availability Configuration
Availability: Enabled
Host Monitoring: Enabled
Admission Control Policy:
Percentage Based
Host Failures to Tolerate: 1
VM & App Monitoring: Enabled
Host Isolation Response: Power off
& Restart VMs
vSphere/vSAN Cluster
…
Mgmt Resource Pool Customer Resource Pool
Mgmt Datastore Customer Datastore
VMware Ops
(Automation, Support)
Customer Administrator (Cloud
Admin)

10. Confidential │ ©2021 VMware, Inc. 10
vSphere DRS Configuration
DRS: Enabled
Migration threshold: 3
DPM: Disabled
Resource Pools created to isolate
MGMT from customer VMs
Affinity Rules via Compute Policy
vSphere/vSAN Cluster
…
Mgmt Resource Pool Customer Resource Pool
Mgmt Datastore Customer Datastore
VMware Ops
(Automation, Support)
Customer Administrator (Cloud
Admin)

11. Confidential │ ©2021 VMware, Inc. 11
Associate VMs to or away from a
specific host group within a VMware
Cloud on AWS SDDC cluster
Group VMs together or spread across
multiple hosts preventing a single host
loss from causing an application
outage
Prevent vMotion that is triggered by
DRS, except during host maintenance
mode
Implement desired state VM placement constraints
Compute Policies
VM-Host, VM-VM
Affinity
VM-Host, VM-VM
Anti-Affinity
Disable DRS vMotion
Workload B
Workload A Workload B
Workload A Workload A

12. Confidential │ ©2021 VMware, Inc. 12
Stretched Clusters for VMware Cloud on AWS
Allows developers to focus on business capabilities while infrastructure takes care of application
availability
AWS Availability
Zone A
AWS Availability
Zone B
… …
vSphere HA/DRS span across AZ
NSX logical networks
Stretched Clusters
… …
vSAN stretched cluster
VMware Cloud on AWS SDDC
AWS Region
• Building on intrinsic vSphere HA as well as
automated host failure remediation
• Zero RPO high availability across AZs
• Built-in infrastructure layer – no necessity
to architect in the application
• Stretched cluster with common logical
networks with vSphere HA/DRS enabled
• Synchronous replication between AZs for
mission-critical applications
• If one AZ goes down, it is simply treated as
a vSphere HA event and VM is restarted in
the other AZ
• 6 Host Minimum (3-3-1) for 99.99
• 2 Host Minimum (1-1-1) with 99.9

13. Confidential │ ©2021 VMware, Inc. 13
Entry Scale Stretched Clusters
AZ resiliency built into the
infrastructure layer no need to
rearchitect existing applications
New deployments only
99.9% Availability SLA
I3.metal and i3en.metal
Primary and secondary clusters
2-host stretched Clusters (1-1-1)
Stretched Cluster
Stretched Network
AWS Region
Availability Zone Availability Zone
VMware Cloud on AWS SDDC
Availability Zone

14. Confidential │ ©2021 VMware, Inc. 14
Cluster Stretched Cluster
VMware cloud on AWS production offerings
What Problem Are You Trying to Solve?
Restricted to a single AZ within a region Restricted to a single region
availability
guarantee
99.9% Availability
guarantee
6 or more hosts *
99.99%
Ideal for customers and workloads: Ideal for customers and workloads:
Business Critical
Workloads
Balance risk with cost Abstract
infrastructure
Volatility
Suitable for most
workloads

15. Confidential │ ©2021 VMware, Inc. 15
VMware cloud on AWS production offerings
What Problem Are You Trying to Solve?
AWS Region
Availability Zone 1 Availability Zone 2
Workload
Management
Cluster Stretched Cluster
vSphere/vSAN Cluster
AWS Global Infrastructure
AWS Region
Availability Zone Availability Zone
AWS Global Infrastructure
vSphere/vSAN Cluster
Workload
Management
vm vm vm vm vmdk vmdk vmdk vm vm
vm vm

16. Confidential │ ©2021 VMware, Inc. 16
CPU
Memory
Storage
vSAN Cluster
vSphere/vSAN Cluster
Expand the Cloud SDDC automatically as needed
1. Any resource above threshold.
2. Add Host.
3. All resources below threshold.
4. Remove Host.
Sleeps for 30min after two
successive scale events.
Elastic DRS Integration

17. Confidential │ ©2021 VMware, Inc. 17
CPU
Memory
Storage
Expand the Cloud SDDC Automatically as Needed
 Automatic scale based on utilization
 Enabled at the cluster level
 Monitoring interval every 5 minutes
 Scales up when ANY resource crosses pre-
defined threshold
 Scales down when ALL resources
consistently remain below thresholds
 Multiple policies to meet needs
Elastic DRS integration
Sleeps after two successive scale operations
vSphere/vSAN Cluster

18. Confidential │ ©2021 VMware, Inc. 18
Enabled by default
Adds host only when storage
utilization exceeds threshold.
Scale-In is a manual process
Policy
Thresholds
Elastic DRS Policies
Storage Scale-Out
Resource High Low
CPU 0% 0%
Memory 0% 0%
Storage 70% 0%

19. Confidential │ ©2021 VMware, Inc. 19
Avoid performance slowdowns as
demand spikes
Adds hosts more quickly
Removes hosts more slowly
Policy
Thresholds
Elastic DRS Policies
Optimize for Best Performance
Resource High Low
CPU 90% 50%
Memory 80% 50%
Storage 70% 20%

20. Confidential │ ©2021 VMware, Inc. 20
Keep hosts counts to a practical
minimum
Adds hosts more slowly
Removes hosts more quickly
Policy
Thresholds
Elastic DRS Policies
Optimize for Lowest Cost
Resource High Low
CPU 90% 60%
Memory 80% 60%
Storage 70% 20%

21. Confidential │ ©2021 VMware, Inc. 21
Perfect for DR or VDI scaling
Adds 4 hosts in parallel for CPU, RAM
Adds 1 host for storage
Scale-In is a manual process
Policy
Thresholds
Elastic DRS Policies
Optimize for Rapid Scale-Out
Resource High Low
CPU 80% 0%
Memory 80% 0%
Storage 70% 0%

22. Confidential │ ©2021 VMware, Inc. 22
vSAN Cluster
vSphere/vSAN Cluster
Automated Replacement of Failed Host
Problem identified
Add host
Data rebuilt / resynced
Problem host removed
Host failure remediation
Customer Datastore
Mgmt Datastore

23. Confidential │ ©2021 VMware, Inc. 23
Cloud SDDC
VMware Cloud on AWS
Customer Org
SDDC 1
Cluster 1 Cluster 2
Cluster 20
SDDC 2
• Two SDDCs per Org*
• 20 vSphere Clusters per SDDC
• 2 – 16 hosts per vSphere Cluster
• Cluster 1 contains Management VMs
• vCenter Server
• NSX-T
• HCX
• Site Recovery
http://vmwa.re/vmc-configmax
*soft limit
Cluster 1 Cluster 2
Cluster 20

24. Confidential │ ©2021 VMware, Inc. 24
vCenter flexible permission control
Create custom roles
Flexible permission model for
vCenter Server
Create personalized role
profiles organically or from
existing roles
Freely assign these roles to
users and groups
Assign custom roles globally or
for specific vCenter objects
Simple point and click
assignment of permission
attributes

25. Confidential │ ©2021 VMware, Inc. 25
Storage Features
VMC on AWS SDDC

26. Confidential │ ©2021 VMware, Inc. 26
Built-in integration with AWS Key Management System for vSAN encryption
Compliance Ready Data-at-Rest Encryption
Cloud Admin key
management
Fully integrated with the AWS
KMS
FIPS 140-2 Validated
AWS KMS

27. Confidential │ ©2021 VMware, Inc. 27
i3.metal
EBS boot volume
Eight 1.74TB self-encrypting
NVMe devices
2 Disk Groups
Deduplication Enabled
Compression Enabled
10 TB raw capacity per host
vSAN Configuration
Amazon EC2 i3.metal
VMware Cloud on AWS SDDC
Caching tier
Capacity tier
Workload Datastore
Mgmt Datastore
Amazon EC2 i3.metal Amazon EC2 i3.metal
vm vm vm vm vm vm vm

28. Confidential │ ©2021 VMware, Inc. 28
Amazon EC2
i3en.metal
Amazon EC2
i3en.metal
Amazon EC2
i3en.metal
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
1.7 TB
i3en.metal
EBS Boot Volume
Eight 7.5TB self-encrypting NVMe
devices
32 NVMe Namespaces
4 Disk Groups
Deduplication Disabled
Compression Enabled
48.4 TB raw capacity per host
vSAN configuration
VMware Cloud on AWS SDDC
Caching tier
Capacity tier
Caching tier
Capacity tier
Workload Datastore
Mgmt Datastore
vm vm vm vm vm vm vm

29. Confidential │ ©2021 VMware, Inc. 29
Raid-1 (Mirroring) Raid-5/6 (Erasure Coding)
i3.metal Usable Capacity per Node
Assuming site disaster tolerance of none
7
3.5 2.4
14
7
4.7
0
3
6
9
12
15
18
No data
redundancy
1 Failure 2 Failure
TB
Raw Usable
5.3 4.7
10.6
9.4
0
3
6
9
12
15
18
Raid-5 Raid-6
TB
Raw Usable
Usable assumes x2 Dedup and Compression savings are an average actual savings will vary

30. Confidential │ ©2021 VMware, Inc. 30
Raid-1 (Mirroring) Raid-5/6 (Erasure Coding)
i3en.metal Usable Capacity per Node
Assuming site disaster tolerance of none
32.6
16.3
10.9
0
10
20
30
40
No data redundancy 1 Failure 2 Failure
TB
24.6
21.8
0
10
20
30
40
Raid-5 Raid-6
TB

31. Confidential │ ©2021 VMware, Inc. 31
Leave it to VMware
Service manages
default policy
When cluster is scaled-out
or scaled-in, default policy
is automatically adjusted based on
new host count
Override with custom policies
Automated policy management to ensure SLA eligibility
vSAN STORAGE POLICY
1 Failure
RAID-1 Mirroring
5 hosts
SLA Eligible
SLA Eligible
Auto-Update default
policy
2 Failure
RAID-6 Erasure Coding
6 hosts

32. Confidential │ ©2021 VMware, Inc. 32
Deliver Performance and Protection Based on Application Needs
Define storage protection and
performance outcomes
Assign policy to:
• Many VMs
• Single VM
• VMDK of VM
• VMDKs for container persistent
volumes
Managed in vCenter
Simple and scalable
Granular storage policy-based management (SPBM)
Storage Policy Definition
Failures to Tolerate
Number of disk
stripes per object
IOPS Limits
Value
1 Failure – RAID-5
(Erasure Coding)
None – Standard
Cluster
1000
Policy Rules
Site Disaster
Tolerance
1
Kubernetes
Storage Classes
VMware Cloud on AWS

33. Confidential │ ©2021 VMware, Inc. 33
21
75
113
151
49
174
261
348
0
50
100
150
200
250
300
350
3-Node 8-Node 12-Node 16-Node
TB
i3.metal i3en.metal
Right Sized for a Global Market
Usable standard cluster capacity
VMC on AWS Sizer
 https://vmc.vmware.com/si
zer/quick-sizing
Dedup and Compression savings are an average actual savings will vary

34. Confidential │ ©2021 VMware, Inc. 34
Logical vSAN Separation
Multiple Logical (Namespace) Datastore Support

35. 35
Confidential │ ©2020 VMware, Inc.
Networking and Security
Features

36. Confidential │ ©2021 VMware, Inc. 36
Networking Inside the Software Defined Data Center (SDDC)
Provide numerous connectivity options
into the SDDC
Provides scalable and easy to consume
networking inside the SDDC
Powered by VMware NSX-T
• Simplified Interface
• API access available
6+ years of SDN experience
Key features from on-premises
brought to the cloud
• Networking
• Security

37. Confidential │ ©2021 VMware, Inc. 37
Segments Inside the SDDC

38. Confidential │ ©2021 VMware, Inc. 38
Intrinsic Security
Gateway Firewall (N/S Security)
Multiple layers of native security
within the SDDC
Two levels of firewalling
• Gateway (perimeter) firewalls
• One for management
• One for compute
• Distributed firewalling

39. Confidential │ ©2021 VMware, Inc. 39
Micro-Segmentation
Distributed Firewall (E/W Security)
MGW
CGW
Edge
SDDC
NSX
</>
vCenter
Laser focused security policy
• Stateful
• Whitelist permitted traffic only
on ports required
• Implicit deny any
• Minimizes attack surface
• Use non-traditional attributes
to define policy
• Tags instead of IPs

40. Confidential │ ©2021 VMware, Inc. 40
Distributed IDS/ IPS
VMware NSX Advanced Firewall for VMware Cloud on AWS
Introducing Advanced Distributed Security features as an Add-on
L7 Distributed
Firewall
Identity Firewall
Active Directory based User
ID Filtering
Layer 7 AppID Profiles and
Distributed FQDN Filtering
Integrated with NSX Threat
Intelligence Cloud

41. Confidential │ ©2021 VMware, Inc. 41
East-West Protection for workloads
Detect attempts at exploiting
vulnerabilities in applications
Distributed traffic inspection scales
linearly with workloads
Context based threat detection
Integrated with NSX Threat
Intelligence Cloud Service
Deep Packet Inspection for Layer 7
Application
Built-in Application IDs for common
enterprise applications
FQDN based access control –per
VM
Reduce the attack surface to
intended application/ protocols
Per User/ session application access
control
DFW based enforcement at the
source
AD/ LDAP integration to
automatically curate access to
applications
Value Prop
Key Benefits for VMC Customers
NSX Distributed IDS/IPS
NSX DFW with L7 AppID and
Distributed FQDN Filtering
NSX Identity Firewall

42. Confidential │ ©2021 VMware, Inc. 42
L3 VPN
Basic connectivity Options
VMotion works exclusively on
Intel-powered instances

43. Confidential │ ©2021 VMware, Inc. 43
L2 VPN
Basic connectivity Options

44. Confidential │ ©2021 VMware, Inc. 44
VMware Cloud on AWS Feature Availability
Feature classification
Features are classified according to the following phase:
Available
Feature now available for use by applicable customers. May not
be available in all AWS regions
Preview
Feature released in preview to gather feedback. May not be
available to all applicable customers or in all AWS regions
Developing
Feature in active development and testing
Planned
Feature under consideration or planning for future
development
The information in this presentation is for informational
purposes only and may not be incorporated into any
contract. There is no commitment or obligation that items in
‘Preview’, ‘’Developing’, and ‘Planned’, will become ‘Available’.
For the latest information and feature status,
please see:
• Release Notes
https://docs.vmware.com/en/VMware-Cloud-on-AWS/0/rn/vmc-on-
aws-relnotes.html
• FAQs
https://cloud.vmware.com/vmc-aws/faq
• Roadmap
https://cloud.vmware.com/vmc-aws/roadmap

45. 45
Confidential │ ©2020 VMware, Inc.
Basic Operations

46. Confidential │ ©2021 VMware, Inc. 46
Adding Users to your Organization
RBAC
The Active Users view displays a list of all users currently in the
organization. To invite additional users to the organization,
click ADD USERS.
You must be an organization owner to invite additional users to
your organization.

47. Confidential │ ©2021 VMware, Inc. 47
Multifactor authentication (MFA) is a security enhancement that requires you to present two pieces of evidence (your
credentials) when you log in:
 Something that you know, such as your password.
 Something that you have, such as an application that generates a one-time passcode.
 You can secure your cloud account with MFA:
 Download an authentication application to your mobile device. This step creates a virtual MFA device.
 The application generates a six-digit authentication code that is compatible with the time-based, one-time
password standard.
 To log in to cloud services, use the code generated by the application, with your VMware ID and password.
Multifactor Authentication

48. Confidential │ ©2021 VMware, Inc. 48
To configure your VMware Cloud services account with MFA:
1. Log in to VMware Cloud services with your
Username and Password.
2. Click User and select My Account.
3. Click the Security tab.
4. Click ACTIVATE MFA DEVICE
5.Enter the Password for the Username.
6.Use the selected authentication application to scan the
QR code displayed or manually enter a secret key.
Wait for the application to generate two consecutive
passcodes.
7.Enter each passcode in turn.
8.Click ACTIVATE.
A list of 10 recovery codes appears.
Configuring VMware Cloud Services with MFA

49. Confidential │ ©2021 VMware, Inc. 49
Template uploads
Importing corporate templates and ISOs
Manual or Scripted Import
through vCenter
Content Library Subscription Content Onboarding Assistant

50. Confidential │ ©2021 VMware, Inc. 50
Storing images and scripts for provisioning
Content Library
vSphere content libraries have several functions:
 Provide storage, versioning, and synchronization of
files across sites and vCenter Server instances.
 Provide simple and effective management for
templates, vApps, OVF files, ISO images, and scripts.
 vSphere content libraries include powerful publish
and subscribe features to replicate content.
Content libraries are stored on vSphere datastores or
local vCenter Server file systems.

51. Confidential │ ©2021 VMware, Inc. 51
The Content Onboarding Assistant:
1. Checks the connectivity between the client and on-premises vCenter Server and
VMware Cloud on AWS.
2. Scans vCenter Server inventory to find templates (VMTX).
3. Scans given datastores and folders for any files.
4. Creates a published content library in the on-premises vCenter Server.
5. Copies-selected vCenter Server templates.
6. Imports all the content from a given folder into the content library.
7. Creates a subscribed content library in the VMware Cloud on AWS SDDC.
8. Synchronizes all content from Step 6.
Content onboarding Assistant
Transferring content
•Download the VMware Cloud on
AWS Content Onboarding Assistant
at My VMware.
•A VPN connection between the on-
premises and VMware Cloud on
AWS SDDCs is required.

52. Confidential │ ©2021 VMware, Inc. 52
Creating VMs in a VMware Cloud on AWS SDDC follows the same process as creating them on-premises. However,
there are permission restrictions that limit the placement of VMs in the SDDC:
 VMs cannot reside on the management VMs or in Discovered virtual machine folders.
 VMs cannot use the Mgmt-ResourcePool.
 VMs cannot reside on the vsanDatastore.
There are several ways to create a VM :
 Upload an ISO image, VMTX template, OVA template, or OVF template directly to WorkloadDatastore in the SDDC.
 Use an ISO image or OVF template from a content library.
 Deploy an OVF or OVA template from your client VM or from a URL.
 Use a VMtX template imported into the SDDC by the Content Onboarding Assistant.
To install an OS, you cannot attach a client-side ISO image to a VM.
Creating Virtual Machines

53. Confidential │ ©2021 VMware, Inc. 53
VMware Cloud on AWS does not support some VM configurations:
 Bus sharing configurations
 DirectPath I/O
 Flash Read Cache
 ISOs mounted using the client device when a CD/DVD drive is used
 Multi-writer and Changed Block Tracking (CBT)
 NVIDIA GRID vGPU
 Parallel ports
 Raw Device Mapping (RDM)
 USB device passthrough
VM Configuration Considerations

54. Confidential │ ©2021 VMware, Inc. 54
Visibility & Troubleshooting
vRLI and vROPs Introduction

55. Confidential │ ©2021 VMware, Inc. 55
vRealize Log Insight Cloud for VMware Cloud on AWS
Tools for Better Visibility
vRealize Log Insight Cloud
(Audit Logs)
• Increased Security – Monitor VMware Cloud on AWS
deployments for potential security breaches or internal
misuses of infrastructure
• Demonstrate Compliance – Comply with regulations and
federal laws for auditing requirements
• Detailed Insight – Gain visibility into activities in VMware
Cloud on AWS deployment, including which users
performed what actions and when
• vRealize Log Insight Cloud’s Audit Log Collection is a
Core Service for VMware Cloud on AWS Customers

56. Confidential │ ©2021 VMware, Inc. 56
vRealize Log Insight Cloud
Logging for VMware Cloud on AWS – Organization Level
• Logs events that specific to the customer’s VMC on
AWS Org
• Not exportable or forwarded to external syslog

57. Confidential │ ©2021 VMware, Inc. 57
vRealize Log Insight Cloud
Logging for the VMC per SDDC
• Logs from the SDDC are automatically forwarded to vRealize Log Insight Cloud
• vCenter events
• ESXi
• VSAN
• NSX Managers
• NSX Edges
• Not all events are available in Log Insight Cloud for users
• ALL events are available to GSS

58. Confidential │ ©2021 VMware, Inc. 58
Gateway Firewall
Firewall Logging in VMware Cloud on AWS
• Configuration of logging can be done per-rule by clicking the gear icon to the right of the rule
Gateway Rule
• Default CGW and MGW Drop Rules cannot have logging enabled
• Default VTI Rule can be configured for logging

59. Confidential │ ©2021 VMware, Inc. 59
DFW Operations
DFW Logging
• DFW Rule logging configured on a per-rule basis
• Logs sent to vRealize Log Insight Cloud
• Capability to define a Log Label per rule
• Helpful for quick search/operations

60. Confidential │ ©2021 VMware, Inc. 60
Traceflow
Topology map - Enhanced Troubleshooting available in NSX Manager UI
Capabilities
• Inspect the path of a packet from
source to destination in the SDDC
• Get visibility for external
communication over VMware
Transit Connect
Ease in troubleshooting any
networking issues quickly

61. Confidential │ ©2021 VMware, Inc. 61
Persona- and
App-centric
Business insights
for curated use cases
Unified
configuration
history
Global search across
vRealize services
In-context switching to
vRealize for deep dives
VMware vRealize Cloud Management: Project Ensemble
Unifying vRealize Cloud Management

62. Confidential │ ©2021 VMware, Inc. 62
VMware Cloud on AWS
vRealize Operations Cloud
OOTB vSphere Dashboards
Near real-time monitoring for vSphere
APM Integration
vRealize Operations Management Pack for Horizon
Packets Per Second metrics for monitoring
virtual machine network usage
Enhanced NSX-T network relationships and metrics
Rate based pricing for chargeback
Automatic Kubernetes cluster discovery
Enhanced HCX Management Pack to monitor HCX infrastructure

63. Confidential │ ©2021 VMware, Inc. 63
Network Aware Troubleshooting in vRealize Operations
• For known objects in vROps &
vRNI, vRNI events will synced as
vROps alerts and they will be
available in Trouble shooting
workbench.
• For unknown objects and user
defined events, vROps will show an
alert under “vRNI-Alerts”.
• SSO and Launch in Context
between vROps and vRNI for
seamless transitioning.
vRealize Network Insight Networking Alerts in vROps

64. Confidential │ ©2021 VMware, Inc. 64
Troubleshooting and monitoring the VMware Cloud on AWS T0 gateways is critical for large volume
networks on VMC on AWS.
vRNI 6.1+ and VMC v1.12+ supports these metrics for DX, Cross VPC and Public interfaces.
• Rx & Tx Total Bytes
• Rx & Tx Total Packets
• Rx & Tx Dropped Packets
Find them on:
• VMC SDDC Dashboard
• NSX T0 Dashboard (VRF vmc) & Specific interfaces
• VMC NSX Policy Manager Dashboard
New T0 Gateway Dashboard & Metrics
VMware Cloud on AWS
Use them for:
• Troubleshooting
• Proactive monitoring & capacity
planning by setting thresholds

65. Confidential │ ©2021 VMware, Inc. 65
VRF 'vmc' Dashboard VMC SDDC Dashboard
VMware Cloud on AWS
New T0 Gateway Dashboard & Metrics

66. Confidential │ ©2021 VMware, Inc. 66
VMC Router Interface Dashboard VMC NSX Policy Manager Dashboard
VMware Cloud on AWS
New T0 Gateway Dashboard & Metrics

67. Confidential │ ©2021 VMware, Inc. 67
LAB
Lab 2: Working with your VMC on AWS SDDC
1. Create 2 Logical networks
(Photo App & Desktops)
2. Enable external access to vCenter
3. Create a Content library
4. Create VM Customization Specifications
5. Deploy 3 virtual Machines
(2 Photo App, 1 Windows 10 VM)
6. Create a Micro-segmentation
rule for the Photo App VMs
7. View SDDC Audit & Event
Logs
SDDC
Edge
CGW
MGW
Connected VPC
NSX
</> HCX
vCenter
Desktop-Net
Demo-Net

68. Thank You
Confidential │ ©2021 VMware, Inc.

69. Confidential │ ©2021 VMware, Inc. 69
2-host cluster with i3en.metal
• Available globally where VMware Cloud on AWS i3en.metal instances are
available
• x4 usable capacity compared to i3.metal
• Storage policies: RAID-1 and FTT 1
• EDRS Default Storage Scale-Out Policy
• Easily scale up as needed
• Unlimited 24/7 VMware Global Support Services as well as 24/5 live chat
support
Entry scale for storage dense workloads
vSphere/ vSAN
Mgmt Customer Datastore
vSphere/ vSAN
Customer Datastore
Primary Cluster
Secondary Clusters with
Custom Core support