VMware Cloud on AWS helps customers leverage existing infrastructure investments while providing the scalability, agility, and security of AWS. In this session, learn about the technical details of VMware Cloud on AWS as well as design considerations for integrating your VMware Cloud on AWS software-defined data centers (SDDCs) with native AWS services or your on-premises data centers, or both. We also cover the connectivity options available and dive deep on the networking architecture.

1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Andy Reedy
Partner Solutions Architecture, Amazon Web Services
VMware Cloud on AWS
Technical Deep Dive
SRV341

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Common challenges with hybrid cloud adoption
Incongruent
networks
Operational
inconsistency
Learn new skill sets
& tools
Multiple control &
monitoring
mechanisms
Multiple virtual
machine formats

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
On-demand, VMware software-defined data
center delivered as a cloud service
ESXi
NSX
vSphere
vSAN
Latest software
vCSA, ESXi, NSX, vSAN, managed by VMware
Dynamic capacity
DRS/HA Compute Cluster (Intel x86)
VSAN Storage Cluster (NVMe Flash)
NSX Network Virtualization (ENA)
Software-defined data center
AWS Global Infrastructure

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
Compute
• Bare Metal
• I3.16XL Equivalent
• 36 Cores/72 vCPUs
• 512GiB Memory
• 15TiB* NVMe All-Flash
Storage
• 25Gb ENAESXi
NSX
vSphere
vSAN
Hypervisor
• ESXi
• 4 to 32 Host Cluster
• Maintained by VMware
• No SSH/Root
• No VIBs/Plugins
Storage
• vSAN
• Aggregate Instance Storage
• All Flash (Capacity/Cache)
• No EBS/EFS
• VM Storage Policies
Network and Security
• NSX
• Logical Networks
• North/South Firewalling
• Compute/Management
Gateways
• IPSec Termination
• NAT
vSphere
• VMware Managed
• Delegated Permissions
• Hybrid Linked Mode
Software-defined data center

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is VMware Cloud on AWS
ESXi
NSX
vSphere
VSAN
ESXi
vSphere vCentervCenter
Customer
data center
AWS Global Infrastructure
Software-defined data center (SDDC)

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS – Account structure
VMware Cloud
SDDC account
• Is owned, operated, and paid
• Private to VMware Cloud SDDC
• Full access to the
• A new AWS account to run SDDC resources
• Is owned, operated, and paid directly by VMware
• Is single tenant for all SDDC resources

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting started
vmc.vmware.com
Create a new SDDC
• SDDC name
• Specify AWS account
• Management network CIDR
• Number of hosts (4 to 32)
• AWS Region (Oregon, Virginia, London)
VMware Cloud on
AWS Management Console
• my.vmware.com credentials
• Organizations
• IAM

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Connecting to an AWS account
IAM
cross account
role
AWS
managed policy
Customer-owned
AWS account
AWS
CloudFormation
template
VMware Cloud on AWS
SDDC account Customer
IAM userVMware Cloud
Management Services
vmc.vmware.com

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Accessing VMware Cloud on AWS
• Hybrid linked mode
• Logical network configuration
• Virtual machine administration
• VM storage policies
• Add and remove ESXi hosts
• Console user and role management
• Firewall configuration
• Elastic IP address and NAT configuration
• VPN connectivity
vmc.vmware.com
vSphere H5
web client

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS: Overlay
VMware Cloud on AWS
SDDC account
NSX
VCSA
NSXM
GR
Management gateway
(MGW)
Compute gateway
(CGW)
VM VM
Management Customer workloads

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer AWS account connectivity
VMware Cloud on AWS
SDDC account
Host-1
Host-2
Host-3
Host-4
CGW
Customer-owned
AWS account
VPC subnet 1 VPC subnet 2
VM
Customer
workloads
Amazon
Redshift
Logical network
Route table

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid connectivity pattern
Customer
data centers
VMware
Cloud SDDC
Customer
owned AWS
account VPC ENIs for Compute Gateway
L2VPN
IPsec VPN
Direct Connect
IPsec VPN
Direct Connect

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On-premises connectivity
Customer data center
Compute clusters
VM
vSphere
VM
Management
vSphere
NSXM
GR
CGW
VM
Management
Logical Network 1
VM
MGW
IGW
Internet
Direct
Connect
VMK
VMware Cloud on AWS
SDDC
VGW

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-region
172.29.1.0/24
MS
SQL
MS
SQL
CGW
Logical network
172.31.1.0/24
VMware Cloud on AWS
SDDC account
Customer
AWS account
Amazon
Redshift
Customer
AWS account
172.28.1.0/24
US-WEST-2 CA-CENTRAL-1
App1
App1
IPsec
VPN

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Protecting workloads with native AWS services
172.29.1.0/24
VM VM
CGW
Logical network
172.31.1.0/24
VMware Cloud on AWS
SDDC account
Customer
AWS account
ALBIGW
IP target group
• 172.31.1.100
• 172.31.1.101
WAF
Visitor
ENIAWS
Shield
Amazon
CloudFront
Amazon
Route 53

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Backup and file storage
172.29.1.0/24
VM VM
CGW
Logical network
172.31.1.0/24
VMware Cloud on AWS
SDDC account Customer
AWS account
Amazon S3
VPC endpoint
ENI
Amazon EFS

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware
Cloud ENI
Customer Data
Center
IGW
DMZ-Out(Public)
VPC S3
Endpoint
Amazon
CloudWatch
AWS
CloudTrail
Amazon S3
ESXi ESXi ESXi ESXi
Resource pool
DMZ-In
(Private)
App(Private)
DMZ-Out
(Public)
IGW
Compute
Gateway
Compute
Gateway
Management
Gateway
OS
RWP
OS
DB2
OS
APP2
OS
DB1
OS
APP1
VMware Cloud on AWS – Base topology
AWS Region Services
Amazon EC2
AZ A AZ B AZ C
VMware Cloud VPC AWS Customer VPC
Reverse Web Proxy

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS – Sample hybrid architecture
VMware Cloud VPC
ESXi
Amazon EC2
ESXi ESXi ESXi
Resource pool
RDS Aurora
(shared)
AWS Customer VPC
AZ A AZ B AZ C
OS
DB1
Customer Data
Center
Route 53
SSL Encrypted
Traffic
OS
APP2
OS
APP1
OS
RWP
DMZ-Out(Public)
DMZ-In
(Private)
App(Private)
DMZ-Out
(Public) ACM
ELB
NFS S3-backed Cluster
File System
Reverse Web Proxy &
Application Load
Balancer
OS
APP2
OS
APP2
OS
VMware
Cloud ENI
IGWIGW
Compute
Gateway
Compute
Gateway
Management
Gateway
VPC S3
Endpoint
Amazon
CloudWatch
AWS
CloudTrail
Amazon S3
AWS Region Services
OS
DB2
Reverse Web Proxy

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer use cases
Data center extension
Footprint expansion
On-demand capacity
Test/dev
Expand
Maintain
Disaster recovery
Protect additional workloads
DR data center replacement
Add or modernize DR
solutions
Primary Secondary

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
DR as a service with Site Recovery Manager
Overview of goals

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud migrations
Application specific
Data center wide
Infrastructure refresh
Consolidate Migrate
Customer use cases
Data center extension
Footprint expansion
On-demand capacity
Test/dev
Expand
Maintain
Disaster recovery
Protect additional workloads
DR data center replacement
Add or modernize DR
solutions
Primary Secondary

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Expanding support by third-party technology partners
Data Protection
Storage
…
Data Services
Direct Connect
Networking
Key Management
…
Security
…
TCO Assessment
Cloud Migration
…
Cloud Planning
DevOps
…

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VMware Cloud on AWS resources
VMware Cloud home:
https://cloud.vmware.com/vmc-aws/
https://aws.amazon.com/vmware/
VMware Cloud blog: https://blog.cloud.vmware.com
YouTube channel:
https://www.bit.ly/vmwarecloudyoutube

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Submit session feedback
1. Tap the Schedule icon.
2. Select the session you attended.
3. Tap Session Evaluation to submit
your feedback.

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!