More Related Content Similar to ARC402_Architectural Patterns and Best Practices with VMware Cloud on AWS (20) More from Amazon Web Services (20) ARC402_Architectural Patterns and Best Practices with VMware Cloud on AWS1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Architectural Patterns and Best
Practices with VMware Cloud on AWS
Andy Reedy, AWS Partner Solutions Architecture
N o v e m b e r 3 0 , 2 0 1 7
A R C 4 0 2
2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is VMware Cloud on AWS
On-Demand, VMware Software Defined
Datacenter Delivered as a Cloud Service
ESXi
NSX
vSphere
VSAN
Latest Software
VCSA, ESXi, NSX, VSAN, Managed by VMware
Dynamic Capacity
DRS/HA Compute Cluster (Intel x86)
VSAN Storage Cluster (NVMe Flash)
NSX Network Virtualization (ENA)
Software Defined Data Center
3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is VMware Cloud on AWS
Compute
• Bare Metal
• I3.16XL Equivalent
• 36 Cores/72 vCPUs
• 512GiB Memory15TiB*
• NVMe All-Flash Storage
• 25Gb ENA
ESXi
NSX
vSphere
VSAN
Software Defined Data Center
Hypervisor
• ESXi
• 4 to 32 Host Cluster
• Maintained by VMware
• No SSH/Root
• No VIBs/Plugins
Storage
• VSAN
• Aggregate Instance
Storage
• All Flash
(Capacity/Cache)
• No EBS/EFS
• VM Storage Policies
Network and Security
• NSX
• Logical Networks
• North/South Firewalling
• Compute/Management
Gateways
• IPSec Termination
• NAT
vSphere
• VMware Managed
• Delegated Permissions
• Hybrid Linked Mode
4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is VMware Cloud on AWS
ESXi
NSX
vSphere
VSAN
Software Defined Data Center
ESXi
vSphere vCentervCenter
Customer
Data Center
5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Account structure
6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Common use cases
Data center
expansion
Maintain
Consolidation
Migrate
Consolidate
Workload flexibility
Expand
7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting started
vmc.vmware.com
Create a new SDDC
• SDDC Name
• Number of Hosts (4 to 32)
• AWS Region (Oregon, Virginia)
VMware Cloud on AWS Console
• my.vmware.com credentials
• Organizations
• Identity and Access Management
8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connecting to an AWS account
IAM
Cross Account
Role
AWS
Managed Policy
Customer-Owned
AWS Account
CloudFormation
Template
VMware Cloud on AWS
SDDC Account Customer
IAM UserVMware Cloud
Management Services
vmc.vmware.com
9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Accessing VMware Cloud on AWS
• Hybrid Linked-Mode
• Logical network configuration
• Virtual machine administration
• VM storage policies
• Add and remove ESXi hosts
• Console user and role management
• Firewall configuration
• EIP and NAT configuration
• VPN connectivity
vmc.vmware.com
vSphere H5
Web Client
10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Underlay and overlay networks
172.31.1.0/24
Logical Network 1
192.168.1.0/24
Logical Network 2
192.168.2.0/24
VM
1
VM
2
Logical Network 1
192.168.1.0/24
Logical Network 2
192.168.2.0/24
VM
3
VM
4
.10 .11
MAC IP VXLANUDP MAC IP PAYLOAD
SRC: 172.31.1.10
DST: 172.31.1.11
SRC: 192.168.1.50
DST: 192.168.1.51
.50 .51
Underlay Overlay
11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS: Underlay
VMware Cloud on
AWS SDDC Account
NSX
VPC Subnet – x.x.x.x/yy VPC Subnet – x.x.x.x/yy VPC Subnet – x.x.x.x/yy
Management VXLAN Storage
12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS: Overlay
VMware Cloud on
AWS SDDC Account
NSX
VCSA
NSX
MGR
Management Gateway
(MGW)
Compute Gateway
(CGW)
VM VM
Management Customer Workloads
13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compute Gateway
CGW
Logical
Networks
Connected
AWS
Account
Internet
• North/South Firewall
• NAT
• IPSec VPN Termination
• AWS Account Connectivity
14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer AWS account connectivity
VMware Cloud on
AWS SDDC Account
Host-1
Host-2
Host-3
Host-4
CGW
Customer Owned
AWS Account
VPC Subnet 1 VPC Subnet 2
VM
Customer
Workloads
Amazon
Redshift
Logical Network
Route Table
15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
On-premises connectivity
Customer Data Center
Compute Clusters
VM
vSphere
VM
Management
vSphere
NSX
MGR
CGW
VM
Management
Logical Network 1
VM
MGW
IGW
Internet
Direct
Connect
VMK
VMware Cloud on
AWS SDDC
VGW
16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices and considerations
Global IP Address Plan
• On-Premises Data Centers
• Logical Networks
• Management Networks /23 to /16
• AWS Accounts and VPCs—Multiple Regions
• Additional SDDCs
17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices and considerations
SDDC to AWS connectivity
• One-to-One SDDC to AWS VPC
• Subnet/AZ placement—cost optimization
18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices and considerations
Plan for Workload Mobility
• Connectivity between VPC CIDR and on-premises
environments
• L2 versus L3 VPN
• Direct Connect
• Backups
19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid connectivity
Customer
Datacenters
VMware
Cloud SDDC
Customer-
Owned AWS
Account VPC ENIs for Compute Gateway
L2VPN
IPSec VPN x2
Direct Connect*
IPSec VPN
Direct Connect
20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-region
172.29.1.0/24
MS
SQL
MS
SQL
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account
Customer
AWS Account
Amazon
Redshift
Customer
AWS Account
172.28.1.0/24
US-WEST-2 CA-CENTRAL-1
App1
App1
IPSec
VPN
21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use with ALB
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account
Customer
AWS Account
ALBIGW
IP Target Group
• 172.31.1.100
• 172.31.1.101
WAF
Visitor
ENI
22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Storage
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account Customer
AWS Account
Amazon S3
VPC Endpoint
ENI
Amazon EFS
23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DNS
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud on AWS
SDDC Account
Customer Owned
AWS Account
VPC Subnet 1 VPC Subnet 2
Simple AD
Amazon
Route 53
ENI
Private
Hosted Zone
VPC DNS
24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices and considerations
Security, visibility, and operational auditing
• Two firewall control points: Security Group and NSX CGW
• Enable VPC Flow Logs
• Enable AWS CloudTrail
25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Best practices and considerations
Treat this as a cloud service
• Evaluate your consolidation ratios and utilization tolerance
• Leverage elasticity — this is not colocation!
Automation
• VMware Cloud on AWS API
• vSphere
• AWS
26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Other considerations
• Logical Networks — Multicast
• ESXi hosts are dedicated — Windows licensing
• Any vSphere supported operating system
• Host oversubscription
• Custom VM geometry — 1vCPU x 64 GB RAM
27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Wrap-up
• Wholistic address planning
• Account, VPC, and AZ placement considerations
• Plan for workload mobility
• Treat this as a cloud service
• Automate all-the-things!
28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Next Steps
• VMware Cloud on AWS Hands-on-labs (HOL)
• ARC322 - AWS Native Services Integration
• ENT303 - VMware Cloud on AWS Technical Deep Dive
• ENT204 - Unique Integrations Between VMware & AWS
29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!
Pl ease compl ete the survey.