VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Paul Bockelman, AWS Principal Solutions Architect
(WWPS)
April 18, 2017
VMware and AWS Together
VMware Cloud on AWS
ENT307

2. What to expect from the session
• Why hybrid IT?
• Product overview of VMware Cloud on AWS
• Technical overview – review key enabling technologies
• Technical drilldown - how this thing works
• Illustrated use cases for an integrated VMware/AWS ecosystem

3. Revisiting the NIST Cloud deployment models…
Private cloud
The cloud infrastructure
is:
• operated solely for
an organization.
• It may be managed
by the organization
or a third party and…
• may exist on-
premises or off-
premises.
Community cloud
The cloud infrastructure
is:
• shared by several
organizations and
supports a specific
community that has
shared concerns
(e.g., mission,
security
requirements, policy,
and compliance
considerations).
• It may be managed
by the organizations
or a third party and…
• may exist on-
premises or off-
premises.
Public cloud
The cloud infrastructure
is:
• made available to
the general public or
a large industry
group and…
• is owned by an
organization selling
cloud services.
Hybrid cloud
The cloud infrastructure
is:
• a composition of two
or more clouds
(private, community,
or public) that remain
unique entities but
are bound together
by standardized or
proprietary
technology that
enables data and
application portability
(e.g., cloud bursting
for load balancing
between clouds).
The NIST Definition of Cloud Computing
Authors: Peter Mell and Tim Grance - Version 15, 10-7-09
https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf

4. What do customers really want for hybrid IT?
Run workloads
on-premises
Run workloads in
the cloud
Tight integration
between on-
premises and the
cloud
Without buying
new hardware

5. VMware Cloud on AWS removes these barriers and enables faster hybrid cloud adoption
Common challenges with hybrid cloud adoption
Incongruent
Networks
Operational
Inconsistency
Need to Learn
New Skillsets &
Tools
Multiple
Monitoring &
Control
Mechanisms
Multiple Virtual
Machine Formats

6. Product overview

7. VMware Cloud on AWS: Overview
vRealize Suite, PowerCLI
VMware Cloud on AWS
AWS Global InfrastructureCustomer data center
Management
(vCenter Server)
vCenter Server
Single pane of glass and API across on-premises and cloud
Access to all AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
AWS IAMAmazon
Redshift
…
…
…
…
AWS CloudFormation, CLI, SDK
AWS Global Infrastructure
Technical Preview

8. VMware Cloud on AWS: AWS view
VMware
operated,
supported, and
maintained
Gateway … Fully configured VMware software stack running
on state-of-the-art infrastructure provisioned on-
demand in minutes
Latest software
• VCSA, ESXi, NSX, VSAN, H5 client
Dynamic capacity
• DRS/HA compute cluster (Intel x86)
• VSAN storage cluster (SSD)
• NSX network virtualization (10 Gbps+)
Flexible topology
• Standalone cloud cluster
• Hybrid connectivity to on-premises
• Cloud-to-cloud connectivity
Overview
NSX
Manager
…
…
…
ESXi
ESXi
ESXi
…ESXi
…ESXi
…ESXi
VMware Cloud on AWS
Single tenant (dedicated) bare metal
Amazon EC2 hardware
vCenter
Server
Technical Preview

9. AWS Global Infrastructure
VMware Cloud on AWS: AWS integration
Access to all native AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
IAMAWS IoT
…
…
…
…
VMware Cloud on AWS
Technical Preview

10. VMware Cloud on AWS: Ops and Support
The fully configured VMware Cloud software
stack will be provisioned, operated, and
maintained directly by VMware.
Overview
Provisioning
• Automated account creation and
environment provisioning by using the API
• Automated interconnection created between
VMware and AWS customer accounts
Operations
• Support provided by VMware directly
• AWS infrastructure (for VMC) support
managed by VMware
• Ongoing infrastructure monitoring
Maintenance
• Ongoing stack maintenance managed
directly by VMware
• Upgrade implementation and execution
Technical Preview

11. Common scenarios and use cases
There are multiple reasons and/or scenarios for why a VMware and/or AWS customer
would consider VMware Cloud on AWS.
Scenario 1:
Maintain and expand
ExpandMaintain
Geo expansion
Disaster recovery, backup, and
continuity of operations
Scenario 2:
Consolidate and migrate
MigrateConsolidate
Data center consolidation
Application migration
Scenario 3:
Workload flexibility
Prod, dev, test, lab, and training
Burst capacity
Flex as needed
Technical Preview

12. VMware Cloud on AWS: Account Structure
• VMware Cloud VPC account
- A new AWS solution account is created for each customer
- Is owned, operated, and paid directly by VMware
- Each solution account is single tenant for all ESXi hosts
- Solution account is linked to a VMware Master-Payor account
• AWS customer VPC account
- Is owned, operated, and paid directly by the customer
- VMware Cloud endpoints are automatically deployed into the customer VPC with
customer consent
- Has full access to VMware Cloud endpoints within the VPC
- Has full access to the entire catalog of native AWS services within the AWS Region of
deployment
Technical Preview

13. VMware Cloud on AWS: Access model
• VMC is delivered ‘As a Service’ with the following operational model:
- AWS manages the physical resources
- VMware manages the hypervisor and management components (includes monitoring,
patching, upgrades, etc.)
- Customer manages their VMs (and networks)
• Customer access is via vCenter and VMC portal with some restrictions
- No root ESXi access
- No vSphere Distributed Switch (VDS) configuration access
- No direct management of VM/NSX Edge access
Technical Preview

14. VMware Cloud on AWS: Simplified mode
• Auto-deploy and provision the VMC infrastructure
resources via predefined VMC Portal workflows
• Setup of initial networks and admin access granted
to vCenter
• Deploy a prescriptive network topology
• Establish pre-defined VPN connectivity
• Provide inbound access to workload VMs
• Control Firewall access to workload VMs
• Consume pre-created VMC network services
• Deploy workload VMs
• Attach workload VMs to networks
• Create new networks
• Manage IP addressing for workload VMs
vSphere (H5)
Web Client
VI Admin
Cloud
Networking
Admin
VMC Web Portal
Technical Preview

15. VMware Cloud on AWS: Advanced mode
• Provision network and security for Custom Data
Center(s)
• Define and establish VPN connectivity with on
premise location(s)
• Define Security Groups and Policies for workload
VMs
• Add, modify, and/or delete network topologies
• Advanced NSX use cases: Distributed firewall(s),
load balancing, routing, etc.
• Deploy workload VMs
• Attach workload VMs to networks created by
NSX admins
• Create new networks
• Manage IP addressing for workload VMs
vSphere (H5)
Web Client
and/or
vSphere API
VI Admin /
Cloud Admin
NSX Manager
via Full NSX UI
Networking
Admin
Technical Preview

16. Technical overview

17. Compute: vSphere on “bare-metal”
Compute
- 36 PCPUs (72 vCPUs)
- 512GB RAM
- 8 x 2TB NVMe local SSD
- Dedicated Host
vSphere Features
- vSphere HA
- vMotion
- DRS
- Elastic DRS
Storage
- ESXi boot-from-EBS
- 16TB NVMe-backed local
raw storage
Networking
- 10 Gbps+
- VMware Cloud Private
Endpoints
vSphere
Amazon EC2
Based on the I3 Instance family
Technical Preview

18. • Industry leading private
storage virtualization
platform
• Flash SSD on bare-metal
hosts
• Fully featured
 Deduplication
 Compression
 Erasure coding
Storage Capabilities
Storage: VSAN
Disk Group 1 Disk Group 2
Write buffer
Capacity
Tier
ESXi-01 VSAN
VSAN
Technical Preview

19. Networking: NSX
Network Virtualization Platform for VMware
• Industry leading private SDDC network virtualization platform
• 10 Gbps+ NICs on bare-metal
• Fully featured advanced networking and security services
- Switching (logical layer2 networks over layer3 routing domains)
- Routing
- Firewalling
- Load balancing
- VPN
NSX
Technical Preview

20. Technical drilldown

21. Existing customer environment
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Deploy a standalone NSX Edge appliance into
your existing vSphere environment to extend
the VMware Cloud on AWS environment to your
premises.
VMware
Endpoints
Technical Preview

22. Provision VMware Cloud VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
The full VMware Cloud on AWS
stack will be auto-provisioned
and configured at launch into a
single tenant AWS account
(owned and operated by
VMware).
VMware
Endpoints
VMware Cloud VPC
Technical Preview

23. Provision or designate a target customer-owned VPC
Customer Data Center
Customer VPC
VPC subnet VPC subnet
vSphere Environment
VMware
Endpoints
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
A customer-owned AWS account
is created and/or assigned to
interoperate with the VMware
Cloud on AWS VPC.
Technical Preview

24. Connect data center to customer-owned VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Private connectivity is
established from the customer
data center to the customer–
owned VPC (multiple options)
VMware
Endpoints
Technical Preview

25. Connect data center to VMware-owned VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Create a secondary transit path for a separate
VLAN (and Hosted Private VIFs) from the
customer data center to the VMware Cloud on
AWS VPC for vMotion and cluster
management traffic
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Technical Preview

26. Link VMware Cloud VPC and customer VPC
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
Endpoints
VPC subnet VPC subnet
VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
Link the VMware Cloud
VPC and the Customer
VPC using private VPC
endpoints
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Private
VIF
Technical Preview

27. Deploy and consume native AWS services
Customer VPC VMware Cloud VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
Endpoints
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
Internet
Public VIF
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc…
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Private
VIF
Technical Preview

28. Illustrated use cases

29. Operating in the hybrid ecosystem: Examples
• Use X-vMotion to migrate a virtual machine from a customer data
center to VMware Cloud on AWS
• Copy an object from a virtual machine in VMware Cloud to an
Amazon S3 bucket
• Connect a virtual machine in VMware Cloud to an Amazon Redshift
cluster
• Connect web server hosted on a virtual machine in VMware Cloud
using public Internet access
Technical Preview

30. Operating in the hybrid ecosystem: X-vMotion
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
Endpoints
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Internet
Private
VIF
Public VIF
VMware Cloud VPC
ESXi
Amazon EC2
vMotion from site to VMware Cloud
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc…
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Technical Preview

31. Operating in the hybrid ecosystem: Amazon S3
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
Endpoints
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Internet
Private
VIF
Public VIF
VMware Cloud VPC
ESXi
Amazon EC2
Copy an
object from
virtual
machine to
S3Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc…
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Technical Preview

32. Operating in the hybrid ecosystem: Amazon Redshift
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
Endpoints
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Internet
Private
VIF
Public VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect
virtual
machine to
Amazon
RedshiftRegional AWS Services
AWS
Lambda
Amazon
S3
CloudFront Etc…
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Technical Preview

33. Operating in the hybrid ecosystem: VM internet access
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
Endpoints
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Internet
Private
VIF
Public VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect to a
virtual
machine
from the
Internet
Assign
Elastic IP
Configure
NAT
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc…
VMware
Endpoints
vMotion and Cluster Management
Hosted
Private
VIF(s)
Technical Preview

34. Security and governance
• VMware Cloud transit endpoints rest within the customer-owned VPC
• Customers maintain access security control of the transit path using
standard AWS security practices (security groups, NACL, flow logs, and so
on)
• vMotion traffic is encrypted (new in 6.5)
• VM-level encryption (new in 6.5)
• Audit-quality logging (new in 6.5)
• Fully managed offering delivered by VMware
• VMware manages the infrastructure patching and upgrades of the VMware
Cloud environment
Technical Preview

35. Additional information

36. Stay up to Date!
http://aws.amazon.com/vmware
Quarterly Newsletter

37. Thank you!