VMware Cloud on AWS Blueprint E-Book

VMware Cloud on AWS Blueprint

Design, automate, and migrate VMware workloads on AWS global infrastructure

Oleg Ulyanov

Michael Schwartzman

Harsha Sanku

VMware Cloud on AWS Blueprint

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Surbhi Suman

Book Project Manager: Neil DMello

Senior Editor: Athikho Sapuni Rishana

Technical Editor: Rajat Sharma

Copy Editor: Safis Editing

Proofreader: Safis Editing

Indexer: Tejal Daruwale Soni

Production Designer: Gokul Raj S.T

Senior DevRel Marketing Coordinator: Linda Pearlson

DevRel Marketing Coordinator: Rohan Dobhal

First published: February 2024

Production reference: 1010224

Published by

Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK

ISBN 978-1-80323-819-7

www.packtpub.com

To the VMware community,

It is with heartfelt gratitude and deep appreciation that we would like to extend our sincerest dedication to this vibrant and dynamic community, which includes VMware customers, partners, VMware Certified Professionals, VMware communities and User Groups, VMware Technology Alliance Partners, developers, consultants, solution architects, training and education providers, and VMware evangelists and enthusiasts.

Our collective commitment to pushing the boundaries of virtualization technology and fostering innovation has truly made a lasting impact over two decades. As we navigate the ever-evolving landscape of virtualization, your contributions continue to be the cornerstone of our success. The challenges we face and the solutions we forge together not only strengthen our individual expertise but also contribute to the growth of the entire VMware ecosystem.

Additionally, heartfelt appreciation extends to the visionary leadership at VMware and AWS for their unwavering commitment to excellence in bringing VMware Cloud on AWS to fruition. The collaboration between these two industry leaders has not only redefined the possibilities of cloud computing but also set a benchmark for seamless integration and innovation. The combined strategic vision and collaborative spirit have empowered customers to transcend traditional boundaries, unlocking a new era of flexibility, efficiency, and agility in the cloud.

Let us continue to inspire, support, and elevate each other as we embark on this journey of perpetual learning and innovation. The success of the VMware community is a testament to the power of collaboration, and we are honored to be part of this extraordinary journey.

With unwavering dedication,

The authors, Oleg Ulyanov, Michael Schwartzman, and Harsha Sanku

Contributors

About the authors

Oleg Ulyanov is a staff cloud architect with more than 15 years of experience. He is a subject matter expert in VMware hybrid cloud, cloud migration, networking, and storage. He has experience as a VMware professional services architect, helping customers achieve their technical and business goals through IT transformation and migrating to VMware hybrid clouds. He holds various industry certificates, including VMware VCP, VCAP6/7-DCV, SNIA, and Microsoft.

Michael Schwartzman, a senior Azure application innovation specialist at Microsoft, has over a decade of experience in cloud infrastructure, cloud security, and hybrid cloud solutions. Prior to his current role, Michael served as a lead cloud solution architect specializing in VMware Cloud on AWS. He has played a pivotal role in assisting global ISVs with the development and sale of SaaS solutions on Azure. Additionally, Michael’s broad expertise encompasses support for both digital-native and traditional enterprises, including the optimization of their cloud systems. His dedication to remaining at the forefront of the rapidly evolving tech landscape has established him as a go-to expert for businesses seeking to leverage cutting-edge cloud technology.

Harsha Sanku is a senior solutions architect at AWS, specializing in AWS hybrid cloud and edge computing services. His proficiency extends to cloud infrastructure, encompassing networking and security. Over the past four years, he has excelled as a VMware Cloud on AWS specialist. Harsha has a strong background in designing and implementing data center infrastructure and private clouds, with a particular focus on VMware technologies. In his current role at AWS, he collaborates with customers to migrate and modernize their hybrid cloud infrastructure, ensuring they remain competitive in the ever-evolving business and IT landscape.

About the reviewers

Daniel Jonathan Valik is an industry expert and author in the cloud and software industry, living in the US. He has been in leadership positions for product management, engineering, and as a strategy adviser over the past 23 years. Currently leading Webex data analytics and AI at Cisco Systems, he has also worked in other global roles for Microsoft, Amazon, VMware, and Huawei in the infrastructure, platform, and communication services spaces.

He has a double master’s degree in change and strategic management from the University of Westminster, UK, and the University of Austria and is the author of several technical and business-related books.

Dan Frith has 25 years of IT infrastructure experience across the government, managed services, and integrator sectors. For the last 20 years, he has been working with various data center technologies specifically focused on cloud, storage, data protection, and virtualization. He is a recipient of the vExpert awards from 2013 to 2023. His areas of expertise and key strengths are storage, data protection, virtualization, hyper-converged infrastructure, and hybrid cloud solutions.

In his spare time, he runs a blog on data center technologies and helps with the Brisbane VMware User Group. He currently works as a cloud infrastructure architect, helping customers effectively leverage VMware Cloud on AWS and other VMware Cloud solutions.

Table of Contents

Preface

Part 1: VMware Cloud on AWS Foundations and VMware HCX as a Migration Tool

1

Foundation of VMware Cloud on AWS

Introduction to VMware Cloud on AWS

Introduction to cloud deployment models

Hybrid cloud challenges

Describing the challenges of the hybrid cloud

Understanding VMware Cloud on AWS use cases

Data center extension

Cloud migration

Next-generation apps

Disaster recovery

Understanding the VMware Cloud on AWS high-level architecture

Tanzu Kubernetes with VMware Cloud on AWS

SDDC cluster design

Elastic Distributed Resource Scheduler

Understanding Cloud Service Platform and VMware Cloud Console

Cloud Service Platform and VMware Cloud Console

VMware Cloud console

VMware vCenter Server

Restrictive access model

Demystifying vSAN and host storage architecture

VMware vSAN overview

Summary

2

Exploring Networking, Security, and AWS Integrations

Exploring VMware NSX

A VMware NSX overview

VMware NSX architecture

Understanding the network architecture of the VMware Cloud on AWS SDDC

AWS networking

External connectivity options

Connected VPC

Understanding hybrid connectivity options

Layer 2 VPNs

Complimentary networking services

Understanding connectivity to the AWS cloud

VMware Transit Connect

vTGW routing tables

vTGW firewalling

Connectivity best practices

Unsupported flow

Transit VPCs/security VPCs

TGW connectivity over VPN

Exploring NSX and AWS security architecture and capabilities

AWS security groups

Security

GW firewalls

Learning NSX micro-segmentation

The benefits of micro-segmentation architecture

Understanding NSX Distributed Firewall

Discovering the NSX Advanced Firewall Add-On

IPS/IDS

Layer 7 app IDs

FQDN filtering

Identity Firewall

Summary

3

Exploring VMware Cloud on AWS-Integrated Services

VMware HCX

An HCX component overview

Migration types

HCX for hybrid network extension

HCX for disaster recovery

VMware Site Recovery service

VMware Cloud Disaster Recovery (VCDR) service

The VMware Aria Operations for Logs service

VMware Cloud with Tanzu services

Tanzu Kubernetes networking

Tanzu Kubernetes Storage

TMC Essentials

Packaging

Summary

Part 2: Configuration, Maintenance, and Troubleshooting on VMware Cloud on AWS

4

Getting Started with VMware Cloud on AWS SDDC

Creating a VMware Organization

Reserved Instances subscription creation

VMware Cloud on AWS SDDC provisioning wizard

Configuring the connected VPC

AWS VPC and networking prerequisites

Finalizing the SDDC creation

Enabling access to vCenter Server

Managing the vCenter FQDN

RBAC and identity management on vCenter and CSP

RBAC and identity management on CSP

Application deployment example

Summary

5

Configuring vCenter, vSAN, and VMware Cloud Console

Managing VMware Cloud on AWS

SDDC console overview

Compute capacity management

Managing compute capacity with Elastic DRS

Microsoft licensing

vSAN storage policies

Management Storage Policies

Storage capacity monitoring

Compute Policies

Contacting VMware for support assistance

Maintenance model

Summary

6

Understanding Networking and Security Configurations

VMware Cloud on AWS NSX configuration overview

Managing SDDC networking

Network segments

Multiple Tier-1 Gateways

Internet NAT

Route aggregation

DHCP

Domain Name System (DNS)

Virtual private network

Route-based VPNs

Policy-based VPN

Layer 2 VPN

Multiple Tier-1 Gateway VPNs

Connected VPC

Direct Connect

Transit Connect

NSX security basic configuration

Management Gateway firewall

Compute Gateway firewall rules

NSX day two operations

IPFIX

Port mirroring

NSX Micro-Segmentation

Summary

7

Exploring Integrated Services Configuration

Configuring the NSX Advanced Firewall service

The VMware HCX service

Deploying and activating the HCX service

Configuring an HCX Layer 2 network extension

Migrating a workload with HCX

VMware Aria Operations for Logs

The Tanzu Kubernetes Grid managed service

Summary

8

Building Applications and Managing Operations

Application integration with native AWS services

Networking between SDDC and native AWS services

Integrating Amazon ELB with VMware Cloud on AWS

Integrating Amazon Simple Storage Service

Integrating Amazon EFS

Integrating Amazon FSx for Windows File Server

Integrating AWS Directory Service

VMware Cloud on AWS operations and monitoring

VMware Cloud on AWS integrated services

VMware Aria Operations (formerly vRealize Operations)

VMware Aria Operations for Logs (formerly vRealize Log Insight)

VMware Aria Operations for Networks (formerly vRealize Network Insight)

VMware Cloud on AWS troubleshooting

SDDC upgrades and maintenance

Summary

9

Infrastructure as Code with VMware Cloud

Introduction to the VMware Cloud APIs

Cloud Services Platform APIs

VMware Cloud on AWS API

SDDC APIs (vSphere API)

Generating CSP API tokens

Consuming Console APIs via the Developer Center

NSX-T Data Center REST API

Leveraging Terraform for VMware Cloud on AWS

Leveraging PowerCLI for VMware Cloud on AWS

vSphere Automation SDKs

Summary

10

VMware Cloud on AWS Outposts

What is VMware Cloud on AWS Outposts?

Capabilities

Use cases

Benefits of VMC on AWS Outposts

How does VMC on AWS Outposts work?

VMware Cloud on AWS Outposts rack

Underlying network connectivity

Physical connectivity

Service link BGP connectivity

Local gateway BGP connectivity

Service link infrastructure subnet

Network readiness checklist

AWS Outposts connectivity to AWS Region

Public connectivity

Private connectivity

Service link disconnection

VMC on AWS Outposts configuration

Scalability

Multi-rack network connectivity

VMC on AWS Outposts support

Summary

Part 3: Leveraging Design Considerations and Best Practices

11

Knowing the Best Practices, FAQs, and Common Pitfalls

Best practices

Design and architecture

Migration

Workload optimization

Day 2 operations

Contract documentation

Avoiding common pitfalls

Compute

Storage

Networking

FAQ

Summary

12

Appendix: Preflight before Onboarding

Purchasing and onboarding

Purchasing and funding

Consumption options

Accessing and configuring the VMware Cloud Console

SDDC deployment

Hybrid cloud configuration

Next steps

Index

Other Books You May Enjoy

Preface

In the ever-evolving landscape of cloud computing, the journey from traditional on-premises environments to the agility of the cloud demands careful planning and strategic execution. Whether you are orchestrating a meticulous data center evacuation or navigating the intricacies of migrating vSphere workloads to VMware Cloud on AWS, this book serves as your comprehensive guide. Our aim is to equip you with the insights and knowledge needed to ensure a seamless onboarding process. We delve into every aspect, covering architecture, network intricacies, security measures, disaster recovery, AWS integrations, best practices, and preflight checklists. This book is designed to empower you with the understanding necessary to make informed decisions and execute successful transitions.

Offering an in-depth exploration of hybrid cloud challenges and presenting solutions specific to VMware Cloud on AWS, this book is an indispensable asset for individuals at all experience levels, from beginners to seasoned practitioners. It equips you with the tools to unleash the complete capabilities of VMware Cloud on AWS.

Who this book is for

The book is intended for cloud and solutions architects, DevOps engineers, site reliability engineers (SREs), system and network admins, and cloud engineers with experience in on-premises VMware or AWS administration, facilitating the seamless integration of VMware Cloud technologies. A prior understanding of cloud computing, virtualization principles, VMware vSphere administration, vSAN, and NSX, along with AWS cloud basics will be helpful.

What this book covers

Chapter 1, Foundation of VMware Cloud on AWS, provides an introduction to VMware Cloud on AWS and addresses hybrid cloud challenges. In addition, you will identify various use cases, and understand the high-level architecture of VMware Cloud on AWS. You will learn how to navigate around the VMware vCenter, VMware Cloud Services Platform (CSP), and the VMware Cloud Console. Finally, you will understand VMware vSAN, which is the primary storage technology used for VMware Cloud on AWS.

Chapter 2, Exploring Networking, Security, and AWS Integrations, covers networking and security aspects of VMware NSX architecture in VMware Cloud on AWS, including the firewall architecture, Compute Gateway (CGW), Management Gateway (MGW), understanding the concept of micro-segmentation, IPS/IDS, Layer 7 firewall, and native AWS integrations architectures through VMware Managed Transit Gateway (vTGW).

Chapter 3, Understanding VMware Cloud on AWS Integrated Services, covers the large ecosystem of VMware Cloud on AWS integrated services that helps organizations migrate workloads using VMware Hybrid Cloud Extension (HCX), protect workloads for disaster recovery using VMware Cloud Disaster Recovery (VCDR) and VMware Site Recovery (VSR), and enable advanced logging with VMware Aria Operations for Logs to Container-as-a-Service (CaaS) services with Tanzu Services. You will understand the basic capabilities and design choices when planning, along with learning about implementing and operating all the integrated add-ons.

Chapter 4, Getting Started with Your First VMware Cloud on AWS SDDC, helps you navigate through the process of deploying a new VMware Cloud on AWS Software-Defined Data Center (SDDC) including creating a VMware Cloud organization, running the SDDC deployment wizard, and configuring Role-Based Access Control (RBAC) to access vCenter using identity management on the VMware CSP.

Chapter 5, Configuring vCenter, vSAN, and VMC Console, focuses on how to manage an SDDC, VM storage policies, compute policies, and the Elastic Distributed Resource Scheduler (EDRS) mechanism for automatically scaling the cluster based on resource usage through the VMware Cloud Console. You will learn how to manage VMware Cloud on AWS, vSAN storage policies, and compute policies, and how to engage with VMware for support and maintenance issues.

Chapter 6, Understanding Networking and Security Configurations, covers the basics of SDDC networking and security functionality, including NSX micro-segmentation, and networking and security configurations that are essential parts of day two operations. Configurations include SDDC networking, NSX micro-segmentation, connected VPC, AWS Direct Connect, VMware Transit Connect, IPFIX, and port mirroring.

Chapter 7, Exploring Integrated Services Configuration, focuses on the intricacies involved in configuring integrated services. These services encompass the NSX advanced security service, which offers layer 7 firewall and IPS/IDS security features. Additionally, you will explore VMware HCX, VMware Aria Operation for Logs, and Tanzu Kubernetes Grid Service. By delving into these topics, you will acquire the essential knowledge required for day-to-day operations.

Chapter 8, Building Applications and Managing Operations, covers how workloads that have been migrated can be modernized by leveraging native AWS services. Additionally, it covers operations and monitoring specifically for VMware Cloud on AWS, as well as details about maintenance and SDDC upgrades.

Chapter 9, Deploying Infrastructure as Code with VMware Cloud, explores using Infrastructure as Code (IaC) for provisioning and managing IT infrastructure and equips you with the knowledge and skills needed to facilitate seamless automation and management of your virtual infrastructure. Key topics covered in this chapter include an introduction to VMware Cloud APIs, insights into the CSP API, guidance on consuming the Console API through the developer center, and an exploration of the NSX-T Data Center REST API.

Chapter 10, Identifying Low-Latency Workloads to Run on VMware Cloud on AWS Outposts, discusses how to address low latency, local data processing, and data sovereignty requirements for workloads that need to stay on-premises or at the edge and run vSphere workloads locally while benefiting from the features of the VMware Cloud platform using VMware Cloud on AWS Outposts. The chapter covers architecture, physical connectivity, components, service link connectivity options, scalability, and available configurations, along with the support model.

Chapter 11, Knowing the Best Practices, FAQs, and Common Pitfalls, addresses the challenges of integrating a new service such as VMware Cloud on AWS. It emphasizes the importance of various factors to ensure the success of the project. The key focus is on facilitating a smooth adoption process including best practices, recognizing and avoiding common pitfalls, and providing valuable answers for Frequently Asked Questions (FAQs) that equip you with essential knowledge to enhance the efficiency and success of the adoption process for VMware Cloud on AWS within your enterprise infrastructure.

Chapter 12, Appendix – Preflight Checklist before Onboarding, focuses on critical configuration elements necessary for deploying the SDDC and configuring a hybrid cloud environment. It serves as a comprehensive guide to key setup considerations. The chapter anticipates and addresses the need for a thorough understanding of essential configurations before proceeding with the purchase and onboarding process. It acts as a valuable resource for those of you seeking a consolidated overview of the configuration prerequisites for a successful deployment and integration of the SDDC in a hybrid cloud environment.

To get the most out of this book

This book assumes that you possess strong foundational knowledge of VMware technologies, including vSphere, vSAN, NSX-T, and vCenter. It is designed for individuals who already have a comprehensive understanding of these core VMware components, enabling you to delve into more advanced concepts and practical implementations related to VMware Cloud on AWS. Familiarity with virtualization, software-defined networking, storage management, and centralized infrastructure administration will enhance your ability to grasp the nuanced discussions and effectively apply the knowledge shared throughout the book. While foundational VMware expertise is presumed, this book aims to further enrich your skills and knowledge, providing valuable insights into the integration and optimization of VMware technologies within the context of the AWS cloud environment.

Software/hardware covered in the book

Operating system requirements

VMware vSphere CLI

VMware vCenter Server

Windows

VMware Cloud on AWS API

SDDC API (vSphere API)

NSX-T Data Center REST API

VMware vSphere/ESXi

VMware vSAN

VMware NSX-T

Windows

Terraform for VMC on AWS

PowerCLI for VMware Cloud on AWS

vSphere Automation SDKs

Windows

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Mount the downloaded WebStorm-10*.dmg disk image file as another disk in your system.”

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Select System info from the Administration panel.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read VMware Cloud on AWS Blueprint, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/978-1-80323-819-7

Part 1:VMware Cloud on AWS Foundations and VMware HCX as a Migration Tool

Part 1 serves as an introductory guide to VMware Cloud on AWS, and highlights the challenges associated with hybrid cloud environments. It explores various use cases catered to by VMware Cloud on AWS and delves into its high-level architecture. Additionally, it covers hybrid and public cloud challenges, addressing components such as vCenter, VMware vSAN, and NSX-T networking, and security features such as micro-segmentation, IPS/IDS, a Layer 7 firewall, and VMware-Managed Transit Gateway (vTGW). Furthermore, it highlights integrated services that enable various use cases, such as HCX for migration, disaster recovery, advanced logging, and container services with Tanzu. It also covers the Cloud Service Platform and VMware Cloud Console.

This part consists of the following chapters:

1

Foundation of VMware Cloud on AWS

This chapter provides an introduction to VMware Cloud on AWS, hybrid cloud challenges, and how VMware Cloud on AWS solves them. In addition, you will learn about the different use cases that VMware Cloud on AWS addresses and its architecture principles.

This chapter covers the following topics:

Introduction to VMware Cloud on AWS

VMware Cloud on AWS is a product jointly engineered by VMware and AWS enabling customers to run proven, enterprise-grade VMware software-defined data centers (SDDCs) on top of bare metal AWS hardware. VMware Cloud on AWS enables enterprise IT and operations teams to continue to add value to their business in the AWS cloud while maximizing their VMware investments, without the need to buy new hardware. This offering enables customers to quickly and confidently scale capacity up or down, without change or friction, for any workload with access to native cloud services.

Understanding VMware Cloud on AWS is not possible without knowing the broad range of capabilities of the AWS cloud (https://aws.amazon.com/resources/analyst-reports/gartner-mq-cips-2021/). VMware Cloud on AWS helps customers design their environments using different cloud models, facilitating connections between on-premises deployments and public clouds

AWS was officially launched in 2006 and has grown rapidly to become one of the world’s largest cloud providers. AWS operates in over 25 geographic regions worldwide, with plans to expand to more regions. This means that users can deploy their applications and services in locations closest to their customers, improving performance and reducing latency. AWS provides over 175 fully featured services for computing, storage, databases, analytics, machine learning, Internet of Things (IoT), security, and more.

AWS is used by millions of customers worldwide, including start-ups, large enterprises, and government organizations

One of the key benefits of the AWS cloud is its flexibility and scalability. Users can quickly and easily provision the needed resources and only pay for what they use.

The AWS cloud also offers a range of deployment options, including private, public, and hybrid cloud models. This allows users to tailor their cloud environment to their specific needs, depending on security requirements, compliance regulations, and performance goals.

VMware Cloud on AWS is a jointly engineered and fully managed service that brings VMware’s enterprise-grade SDDC software and Amazon Elastic Compute Cloud (EC2) bare-metal instances running on the AWS Global Infrastructure. This integration enables customers to seamlessly migrate their workloads to VMware Cloud on AWS without re-platforming their virtual machines (https://aws.amazon.com/resources/analyst-reports/gartner-mq-cips-2021/).

Introduction to cloud deployment models

Companies can choose from different models to deploy cloud services. The deployment model will be driven by the application requirements, business use cases, and existing IT investments. The following section describes the different approaches.

Public cloud

Cloud computing delivers IT services with flexible pay-as-you-go pricing and consumption models. Customers can access as many resources as they need, often immediately. Charges are only applicable to resources that have been used or reserved. Customers can consume fully managed services that encompass computing, storage, networks, databases, containers, application platforms, functions and much more.

An application can be created directly in the cloud, known as a cloud-native application, or migrated from an existing on-premises infrastructure to take advantage of the public cloud benefits through a modernization process. Customers break the application’s monolith architecture into microservices, also known as refactoring.

Private cloud or on-premises

The private cloud approach is the deployment of resources on-premises, using physical facilities, hardware, virtualization infrastructure, and automation software dedicated to an organization in most cases.

Usually, customers will own the facilities and physical IT hardware in their on-premises environment. Private clouds are often used to meet compliance with data governance regulations or to leverage investment into existing IT infrastructure.

Customers who were not born in the cloud have a significant part of their workloads running in their on-premises infrastructure. VMware is a leader in the on-premises SDDC with its VMware Cloud Foundation (VCF) software stack and vSphere’s virtualization solution.

Hybrid cloud

A hybrid cloud is an IT architecture and an operational deployment model that enables customers to leverage public and private clouds. A hybrid cloud enables delivering applications and connecting infrastructure with common orchestration and management tools between on-premises and public cloud providers.

Processes and workloads established for on-premises need to be integrated with the workloads and processes in the public cloud to ensure unified management of data, applications, and their associated governance, life cycle management, and security policies.

Hybrid cloud solution core principles

The following are the hybrid cloud solution core principles:

Different approaches to the hybrid cloud

Public cloud providers have solutions bringing their native centralized data center services to run in their customer’s on-premise environments – for example, Google with its Anthos solution for Kubernetes workloads, AWS with Outposts and Amazon EKS Anywhere for Kubernetes workloads, and Microsoft with Azure Stack and Azure Arc.

VMware’s approach is to extend existing VMware on-premises infrastructure to the cloud rather than building new infrastructure in customer data centers that implement point solutions of the different hyperscales.

It can help organizations benefit from hybridity with public clouds without rethinking their application delivery and security model, governance, policies, or procedures.

Multi-cloud

Multi-cloud is an operational model that combines more than one public cloud and potentially a private cloud. Many customers rely on multiple public cloud providers. Often, this adoption of multi-cloud is developed bottom-up in organizations, where different business units and development teams procure their cloud services without IT knowledge or guidance, or through a merger and acquisition process where two organization operational teams need to converge after adopting different cloud strategies.

For instance, using the Google App Engine for Platform as a Service (PaaS) services and AWS for EC2 with Lambda for Infrastructure as a Service (IaaS) and Function as a Service (FaaS) services, while, at the same time, running a third private cloud with VMware on-premises.

Note

Workloads are not portable between public cloud providers by default, and vendor lock-in concerns customers.

The VMware hybrid cloud stack can run on major public cloud providers, not only AWS. It enables customers to migrate their IaaS workloads between different public clouds and their private cloud without public cloud vendor lock-in.

Hybrid cloud challenges

Customers trying to naively implement a hybrid cloud strategy encounter challenges in the five pillars of operational inconsistencies, different skill sets and tools, disparate management tools and security controls, inconsistent application service-level agreements (SLAs), and incompatible machine formats. Without making proper adjustments to those pillars, customers may encounter decreased agility and an increase in cost and risk.

The following figure summarizes those pillars:

Figure 1.1 – Five challenges of implementing a hybrid cloud strategy

Now, let’s explore those challenges in further detail in the following section.

Describing the challenges of the hybrid cloud

Cloud infrastructures have become more attractive to organizations driven by business transformation initiatives. The cloud improves agility with faster testing and development cycles and reduces costs and risks. Organizations are migrating to the cloud for those reasons.

While providing positive business values, many challenges arise when moving from on-premises to the public cloud. Many customers don’t realize the changes they need to go through to properly take advantage of the public cloud’s benefits. A cloud strategy that addresses the hybrid cloud challenges needs to consider people, processes, and technology.

Operational inconsistency

The tools and procedures that operation teams are leveraging to manage the life cycle of their applications and workloads on-premises are different from the public cloud.

For example, application and infrastructure monitoring and observability tools, automation, management, and CI/CD tools for deploying applications need to be repurposed from vSphere-based APIs/SDKs to AWS APIs and native monitoring services such as CloudTrail, CloudWatch, and adopting infrastructure as code with tools such as HashiCorp’s Terraform.

Disparate security controls

Expanding on operational inconsistency, customers achieve security and compliance through existing security procedures and tools. Adaptation ranges from how users consume authentication, identity access management, network security controls – such as firewalls, intrusion prevention systems (IPSs), and web application firewalls (WAFs) – and application-level protection, monitoring, and logging for Security Operation Center (SOC) environments.

Skill sets and certifications

IT personnel managing VMware-based infrastructure require an investment in recertification and retraining to operate workloads in the public cloud. Skilled IT and DevOps personnel are in short supply in the market.

Inconsistent application SLAs

Migrating workloads in a high-availability architecture while providing production-grade SLAs requires application-level architecture adjustments to enjoy the resiliency of public cloud services. For instance, migrating a virtual machine to an EC2 service in the cloud doesn’t make it highly available. On-premises resiliency mechanisms such as vSphere High Availability (HA) and Distributed Resource Scheduler (DRS) are unavailable on an EC2 service without making architecture adjustments.

Incompatible machine formats

Migration requires a manual conversion for each virtual machine, which includes the hypervisor format, operating system disks, and networking IP address configurations. This process takes into account unsupported configurations in the cloud, especially for legacy end-of-life and 32-bit operating systems. Additionally, the format conversion problem creates a vendor lock-in challenge.

Customers not considering those challenges in advance may experience a decrease in the developer’s agility instead of an increase, an increase in the risk of the project instead of a decrease, and an increase in costs instead of a decrease.

VMware Cloud on AWS was designed to address all of those challenges of the hybrid cloud deployment model.

Understanding VMware Cloud on AWS use cases

This section will describe the most common use cases of hybrid cloud with VMware Cloud on AWS.

The use cases that we’ll explore in this section are data center extension, next-generation application modernization, cloud migrations, and disaster recovery.

The following figure summarizes the four use cases:

Figure 1.2 – The use cases of VMware Cloud on AWS

Let’s describe each of the use cases in further detail in the following section.

Data center extension

Customers look to integrate their existing data center infrastructure into the public cloud. They want to enjoy the benefits offered by the public cloud without being affected by the hybrid cloud challenges described in earlier sections – for instance, when the on-premises environment fails to deliver IT capacity on time to meet business needs. Limited capacity can be because of a lack of physical space, supply chain issues, or a need for a temporary workload.

With VMware Cloud on AWS, a consistent infrastructure between vSphere environments in the data center and the vSphere SDDC that VMware manages in the AWS cloud enables customers to move applications to the AWS cloud or back seamlessly.

VMware Aria is a cloud management platform that allows customers to manage VMware Cloud on AWS as an extension to an existing customer data center. Workload types that are quick wins are testing/development and virtual desktop infrastructure (VDI) environments. Kubernetes workloads running on-premises can migrate into the VMware Cloud on AWS with the Tanzu portfolio integration.

Cloud migration

Cloud migration, also known as re-platforming or lift-and-shift in AWS terms or relocating in VMware Cloud on AWS terms, involves migrating existing brownfield applications to the public cloud from on-premises with minimal to no adjustments to the application code or VM format.

Business driver customers may have an expiring lease on a data center colocation facility, a management decision to evacuate an existing data center because of a cloud-first approach, or a hardware refresh because of end-of-life. An additional use case is mergers and acquisitions, where one company needs to absorb the IT infrastructure of the acquired company, as well as consolidate branch sites and data centers by migrating applications from the on-premises data center to the public cloud to reduce the total cost of ownership.

VMware Cloud on AWS is the fastest way for customers to migrate VMware vSphere-based workloads to the cloud because they can relocate their workloads in a way that is faster than a standard lift and shift. Consistent infrastructure is delivered using the same VMware on-premises stack leveraging vSphere as the hypervisor. Customers use this on-premises and the cloud enables the migration of workloads without lift-and-shift adjustments or refactoring their applications.

Next-generation apps

Customers looking to go through a development process of refactoring, such as breaking up a monolith application into a microservice architecture, can do this integrally on the platform leveraging the Tanzu portfolio, which is included in VMware Cloud on AWS.

VMware Cloud on AWS provides high bandwidth and low latency connectivity to native services that AWS offers. This integration provides a consistent and easy way for virtual machines and containers to access AWS services. These innovative AWS services can be seamlessly integrated with customers’ applications to enable incremental refactoring and modernization enhancements.

Disaster recovery

The VMware Disaster Recovery as a Service (DRaaS) service is available with the VMware Cloud on AWS offering. It enables customers to recover and protect applications without needing to maintain an on-premises secondary or a third DR site. VMware delivers and manages it as a service. IT teams manage their cloud-based resources using familiar VMware tools without learning new skills or performing a lift-and-shift migration.

Customers using on-premises traditional DR build a secondary site with a replica of the production site. They need to prioritize which workloads will be protected because of costs. The operations of the secondary DR site are associated with complexity because of manual processes and siloed IT solutions.

DRaaS with VMware Cloud on AWS can reduce secondary site costs, simplify DR operations, and help customers meet or improve their recovery time objective (RTO) and recovery point objective (RPO). VMware Cloud Disaster Recovery (VCDR) and VMware Site Recovery Service (VSR), powered by VMware Site Recovery Manager (SRM), are offered as part of the DRaaS service with VMware Cloud on AWS.

Understanding the VMware Cloud on AWS high-level architecture

This section will describe the high-level architecture of the main components that comprise VMware Cloud on AWS.

VMware Cloud on AWS is integrated into VMware’s Cloud Services Platform (CSP). The VMware Cloud Services Provider (CSP) console allows customers to manage their organization’s billing and identity, and grant access to VMware Cloud services. You can leverage the VMware Cloud Tech Zone Getting Started resource (https://vmc.techzone.vmware.com/getting-started-vmware-cloud-aws) to get familiar with the process of setting up an organization and configuring access in the CSP console.

The VMware CSP console allows you to manage VMware Cloud on AWS. You will use VMware CSP console to deploy VMware Cloud on AWS. Once the service is deployed, you leverage VMware CSP console to manage the SDDC.

The following figure shows the high-level design of the VMware Cloud on AWS architecture, showing both a VMware Cloud customer organization running the VMware Cloud services alongside an AWS-native organization running AWS services:

Figure 1.3 – High-level architecture of VMware Cloud on AWS

Now, let us switch to the Tanzu Kubernetes service available with VMware Cloud on AWS.

Tanzu Kubernetes with VMware Cloud on AWS

VMware Cloud on AWS includes VMware Tanzu Kubernetes Grid as a service. VMware currently offers several Tanzu Kubernetes Grid (TKG) flavors for running Kubernetes:

VMware Tanzu Mission Control (TMC) is a SaaS offering for multi-cloud Kubernetes cluster management and can be accessed through VMware CSP console. It provides the following:

The following figure presents a high-level architecture of services available between the on-premises and the VMware Cloud solution in order to provide hybrid operations:

Figure 1.4 – Hybrid operation components connecting on-premises to VMware Cloud

SDDC cluster design

A VMware Cloud on AWS SDDC includes compute (vSphere), storage (vSAN), and networking (NSX) resources grouped together into one or more clusters managed by a single VMware vCenter Server instance.

Host types

VMware Cloud on AWS runs on dedicated bare-metal Amazon EC2 instances. When deploying an SDDC, VMware ESXi software is deployed directly to the physical host without nested virtualization. In contrast to the pricing structure for other Amazon EC2 instances running on AWS Nitro System (which generally follows a pay-per-usage model per running EC2 instance), the pricing model for VMware Cloud on AWS is priced for the entire bare-metal instance, regardless of the number of virtual machines running on it.

Multiple host types are available for you when designing an SDDC. Each host has different data storage or performance specifications. Depending on the workload and use case, customers can mix multiple host types within different clusters of an SDDC to provide better performance and economics, as depicted in the following figure:

Figure 1.5 – VMware Cloud SDDC with two clusters, one each of i3.metal and i3en.metal host types

At the time of writing this book (2023), three different host types can be used to provision an SDDC.

i3.metal

The i3.metal type is VMware Cloud on AWS’s first host type. I3 hosts are ideal for general-purpose workloads. This host instance type may be used in any cluster, including single-, two-, or three-node clusters and stretched cluster deployments. The i3.metal host specification can be found in the following table:

Figure 1.6 – i3.metal host specification

This instance type has a dual-socket Intel Broadwell CPU, with 36 cores per host.

As in all hosts in the VMware Cloud on AWS service, it boots from an attached 12 GB EBS volume.

The host vSAN configuration is comprised of eight 1.74 TB disks, and two disks per disk group are allocated for the caching tier and are not counted as part of the raw capacity pool.

It is important to note that hyperthreading is disabled on this instance type and that both deduplication and compression are enabled on the vSAN storage side. As VMware moves toward consuming new host types, it’s anticipated that use cases for i3.metal will become rare.

i3en.metal

The i3en hosts are designed to support data-intensive workloads. They can be used for storage-heavy or general-purpose workload requirements that cannot be met by the standard i3.metal instance. It makes economic sense in storage-heavy clusters because of the significantly higher storage capacity as compared to the i3.metal host: it has four times as much raw storage space at a lower price per GB.

This host instance type may be used in stretched cluster deployments and regular cluster deployments (two-node and above).

The i3en.metal host specification can be found in the following table:

Figure 1.7 – i3en.metal host specification

The i3en.metal type comes with hyperthreading enabled by default, to provide 96 cores and 768 GB of memory.

The host vSAN configuration is comprised of eight 7.5 TB physical disks, using NVMe namespaces. Each physical disk is broken up into 4 virtual disk namespaces, creating a total of 32 NVMe namespaces. Four namespaces per host are allocated for the caching tier and are not counted as raw capacity.

This host type offers a significantly larger disk, with more RAM and CPU cores. Additionally, there is network traffic encryption on the NIC level, and only compression is enabled on the vSAN storage side; deduplicationis disabled.

Note

VMware on AWS customer-facing vSAN storage information is provided in TiB units and not in TB units. This may cause confusion when performing storage sizing.

i4i.metal

VMware and AWS announced the availability of a brand new instance type in September 2022 – i4i.metal. With this new hardware platform, customers can now benefit from the latest Intel CPU architecture (Ice Lake), increased memory size and speed, and twice as much storage capacity compared to i3. The host specification can be found in the following table:

Figure 1.8 – i4i.metal host specification

Based on a recent performance study (https://blogs.vmware.com/performance/2022/11/sql-performance-vmware-cloud-on-aws-i3-i3en-i4i.html) using a Microsoft SQL Server workload, i4i outperforms i3.metal on a magnitude of 3x.

In the next section, we will evaluate how the VMware Cloud on AWS SDDC is mapped to AWS Availability Zones.

AWS Availability Zones

The following figure describes the relationship between a Region and Availability Zones in AWS:

Figure 1.9 – Architecture of a Region and Availability Zones

Each AWS Region is made up of multiple Availability Zones. These are data centers that are physically isolated. High-speed and low-latency connections connect Availability Zones within the same Region. Availability Zones are placed differently in floodplains, equipped with uninterruptible power supplies and on-site backup generators.

If available, they can be connected to different power grids or utility companies. Each Availability Zone has redundant connections to multiple ISPs. By default, an SDDC is deployed on a single Availability Zone.

The following figure describes the essential building blocks of VMware Cloud on AWS SDDC clusters, which are, in turn, built from compute hosts:

Figure 1.10 – Architecture of a VMware Cloud on AWS SDDC, with clusters and hosts

A cluster is built from a minimum of two hosts and can have a host added or removed at will from the VMware Cloud on AWS SDDC console.

Cluster types and sizes

VMware Cloud on AWS supports many different types of clusters. They can accommodate various use cases from Proof of Concept (PoC) to business-critical applications. There are three types of standard clusters (single availability zone) in an SDDC.

Single-host SDDC

A cluster refers to a compute pool of multiple hosts; a single-host SDDC is an exception to that rule, as it provides a fully functional SDDC with VMware vSAN, NSX, and vSphere on a single host instead of multiple hosts. This option allows customers to experiment with VMware Cloud on AWS for a low price.

Information

Customers need to know that single-host SDDC clusters can’t be patched or software updated within their 60-day lifespan. These clusters cease automatically after 60 days. All virtual machines and data are deleted. VMware doesn’t back up the data, and in the case of host failure, there will be data loss.

An SLA does not cover single-host SDDCs, and they should not be used for production purposes. Customers can choose to convert a single-host SDDC into a 2-host SDDC cluster at any time during their 60-day operational period. Once converted, the 2-host SDDC cluster will be ready for production workloads. All the data will be migrated to both hosts on the 2-host SDDC cluster.

VMware will manage the multi-host production cluster and keep it up to date with the latest software updates and security patches. This can be the path from PoC to production.

Two-host SDDC clusters

The 2-host SDDC cluster allows for a fully redundant data replica suitable for entry-level production use cases. This deployment is good for customers beginning their public cloud journey. It is also suitable for DR pilot light deployments that are part of VCDR services, which will be covered later in the book.

The 2-host SDDDC cluster has no time restrictions and is SLA-eligible. VMware will patch and upgrade all the hosts in the SDDC Clusters with zero downtime similar to how a multi-host SDDC cluster running production workloads is patched or updated.

The two-host cluster leverages a virtual EC2 m5.2xlarge instance as a vSAN witness to store and update the witness metadata; it allows for resiliency in case of a hardware failure in any one of the hosts. When scaling up to three hosts, the metadata witness is terminated. On the contrary, the metadata witness instance is recreated when scaled down from three hosts.

Note