© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Transform your Business with
VMWare Cloud on AWS
AWS Solution Architect, James Chiang( )

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Agenda
1. Why we need hybrid cloud?
2. Building Blocks VMware Cloud on AWS
3. Let’s Get Onboarded to VMware Cloud on AWS
4. VMware Cloud on AWS Connectivity
5. AWS Connectivity and Integration
6. Enterprise Example

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cloud Solution and Architect
--

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customers want a hybrid cloud strategy
83% 60% 65%
of workloads are virtualized
Today(IDC)
of large enterprise run VM
In the public cloud (IDC)
Of organization have a
Hybrid cloud strategy
Today (IDC*)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What Do Customers Want in Hybrid?
Run workloads
on-premises
Run workloads
on the cloud
Tight
integration
Without buying
new hardware
$

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Challenges
Incongruent
Networks
Operational
Inconsistency
Learn New
Skillsets & Tools
Multiple Control &
Monitoring
Mechanisms
Multiple Virtual
Machine Formats

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Why VMware Cloud on AWS ?
ü Leading private compute, storage, and
network virtualization capabilities
ü Support for broad range of workloads
ü De facto standard for the on-premises
enterprise
ü Global scale and reach
ü Flexible consumption economics
ü Broadest set of cloud services
ü Elastic infrastructure on demand
Uniting the leaders in private and public cloud services
+

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS: Overview
vRealize Suite, PowerCLI
VMware Cloud on AWS
AWS Global InfrastructureCustomer data center
Management
(vCenter Server)
AWS Global Infrastructure
vCenter Server
Single pane of glass and API across on-premises and cloud
Access to all AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
Amazon
Redshift
…
…
…
…
AWS CloudFormation, AWS CLI, AWS SDK
Amazon
DynamoDB

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS: Access Model
• VMware Cloud on AWS is delivered “as a service” with the following
operational model:
AWS manages the physical resources
VMware manages the hypervisor and management components
Customers manage their VMs
• Customer access is via vCenter and VMware Cloud on AWS portal with
some restrictions:
No root ESXi access
No vSphere Distributed Switch (VDS) configuration access
No direct management of VM/NSX Edge access

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building Blocks – VMware Cloud on AWS

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compute: vSphere on “bare-metal”
Compute
36 pCPUs (72 vCPUs)
512GB RAM
8 x 2TB NVMe local SSD
Dedicated Host
vSphere Features
vSphere HA
vMotion
DRS
Elastic DRS
Storage
ESXi boot-from-EBS
16TB NVMe-backed local raw
storage
Networking
25 Gbps
VMware Cloud ENI
Amazon EC2
Based on the I3 Instance family

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VCenter Console

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automatic Cluster Configuration
vSAN Cluster
1.HOST IS ADDED
AUTOMATIC NETWORK
CONFIGURATION2.
vSAN Cluster
Management Network
vMotion Network
vSAN Network
VXLAN Network
vSAN Cluster
3.vSAN DATASTORE
CAPACITY INCREASE

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Elastic DRS Integration
vSAN Cluster vSAN Cluster
CPU
Memory
Storage
vSAN Cluster
CLUSTER OPERATING WITHIN
TARGET THRESHOLDS1.
CPU
Memory
Storage
THRESHOLD EXCEEDED
PROVISION ADDITIONALHOST2.
CLUSTER RETURNS TO
TARGET THRESHOLD3.
CPU
Memory
Storage

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automated Cluster Remediation
HOST FAILS, OR
PROBLEM IDENTIFIED
NEW HOST ADDED TO CLUSTER.
DATAFROM PROBLEM HOST
REBUILT, AND/OR MIGRATED
PREVIOUS HOST EVACUATED
FROM CLUSTER, FULLY
REPLACED BY NEW HOST
1.
2.
3.
vSAN Cluster
vSAN Cluster
vSAN Cluster

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Storage: VSAN
• Industry leading private
storage virtualization
platform
• Flash SSD on bare-metal
hosts
• Fully featured
ü Deduplication
ü Compression
ü Erasure coding
Storage Capabilities
Disk Group 1 Disk Group 2
Write buffer
Capacity
Tier
ESXi-01 VSAN

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Network Virtualization Platform for VMware
• Industry leading private SDDC network virtualization platform
• 25 Gbps NICs on bare-metal
• Fully featured advanced networking and security services
Switching (logical layer2 networks over layer3 routing domains)
Routing
Firewalling
Load balancing
VPN Overlay Network
VM1
192.168.1.10 192.168.1.11
VXLAN 5001
VM2VM3
10.1.50.10 10.1.50.11
VM4
VXLAN 5002
10.1.50.1192.168.1.1 10.1.50.1192.168.1.1
Overlay Network
Underlay Network
10.20.30.40 10.20.30.41VTEP VTEP
VMware ESXi VMware ESXi
Networking: NSX

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Let’s Get Onboarded to
VMware Cloud on AWS

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Account Structure
Is owned, operated, and paid directly by the customer
Private connectivity to VMware Cloud SDDC
Full access to the native AWS services
A new AWS account to run
Is owned, operated, and
for all
AWS customer
owned account

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Simplified mode consumption – Initial Availability
• Auto-deploy and provision the VMC infrastructure
resources via predefined VMC Portal workflows
• Setup of initial networks and admin access granted
to vCenter
• Deploy a prescriptive network topology
• Establish predefined VPN connectivity
• Provide inbound access to workload VMs
• Control firewall access to workload VMs
Cloud
Networking
Admin
VMC Web Console
VI Admin
• Consume pre-created VMC network services
• Deploy workload VMs
• Attach workload VMs to networks
• Create new networks
• Manage IP addressing for workload VMs
vSphere
Web Client
VMware Cloud onAWS
vSAN NSXvSphere
vCenter
vmc.vmware.com

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connection Workflow to Customer AWS Account
user
template
role
AWS Managed Policy
A ‘cross-account’
role is created and
VMW is granted
access to assume
this role using STSAWS
CloudFormation

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DLR
Default 192.168.1.0/24
Compute GW
(NAT, FW, VPN, DHCP, DNS)
Internet GW
VMware Cloud on AWS – Default Networking Topology
AWS Network
External Traffic
VMware Cloud onAWS
Networking (NSX)Workloads on
logical networks
Management Infrastructure
ManagementGW
(NAT, FW, VPN)
Custom 10.1.2.0/24Custom 10.1.1.0/24 Custom 10.1.3.0/24
33
Blue = N-S
Red = E-W
VMC SDDC

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hybrid connectivity pattern
Customer
Datacenters
VMware
Cloud SDDC
Customer
OwnedAWS
Account VPC ENIs for Compute Gateway
L2VPN
IPSec VPN
Direct Connect
IPSec VPN
Direct Connect

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DEMO

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS Connectivity

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Networks are Used to Provide External Connectivity
§ VPC Networking
§ Services as a Transport
§ Enables VMkernel networking
§ Internet Gateway
§ Enables N-S connectivity
§ All services are provided by NSX
§ Customer VPCAccess
§ Optimized access from VMC to connected VPCs
§ AWS Direct Connect
§ Dedicated, high performance connection to on-premises

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Provisioning VMware Cloud on AWS
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
VMware Cloud on AWS
MGW & CGW

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Establish Your L3VPN
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
VMware Cloud on AWS
MGW & CGW
L3 IPSEC VPN

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Establish Connectivity to Your VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
VMware Cloud on AWS
MGW & CGW
Amazon EC2
Customer AWS Account
VPC subnet
VPC subnet VPC subnet
AWS
Direct
Connect
Private VIF
L3 IPSEC VPN
elastic
network
interface

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS ENIs
§ ENIs created to enable optimized connectivity

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Demo

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Integration Example

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Integration
AWS Global Infrastructure
Access to all native AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
IAMAWS IoT
…
…
…
…
VMware Cloud on AWS

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connecting to Amazon EC2
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
VMware Cloud on AWS
MGW & CGW
Amazon EC2
Customer AWS Account
VPC subnet
VPC subnet VPC subnet
AWS
Direct
Connect
Private VIF
L3 IPSEC VPN
elastic
network
interface

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Demo

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connecting to Amazon S3
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
VMware Cloud on AWS
MGW & CGW
Amazon EC2
Customer AWS Account
VPC subnet
VPC subnet VPC subnet
AWS
Direct
Connect
Private VIF
L3 IPSEC VPN
elastic
network
interface
Amazon S3
IGW

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Connecting to Amazon S3 using Endpoints
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
VMware Cloud on AWS
MGW & CGW
Amazon EC2
Customer AWS Account
VPC subnet
VPC subnet VPC subnet
AWS
Direct
Connect
Private VIF
L3 IPSEC VPN
elastic
network
interface
VPC Endpoint

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi- region
MS
SQL
MS
SQL
CGW
Logical Network
172.31.1.0/24
VMware Cloud onAWS
SDDC Account
Customer
AWSAccount
Amazon
Redshift
172.29.1.0/24
Customer
AWSAccount
172.28.1.0/24
US-WEST-2 CA-CENTRAL-1
App1
App1
IPSec
VPN

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protecting workloads with native AWS services
172.29.1.0/24
VM VM
CGW
Logical Network
172.31.1.0/24
VMware Cloud onAWS
SDDC Account
Customer
AWSAccount
ALBIGW
IP Target Group
• 172.31.1.100
• 172.31.1.101
WAF
Visitor
ENIShield
Route 53
CloudFront

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VMware Cloud on AWS – Sample Hybrid Architecture
ESXi ESXi ESXi ESXi
Resource Pool
RDS
Aurora
(shared)
O S
DB1
Customer Data
Center
Route53
SSL Encrypted
Traffic
APP2
O S
APP1
O S
RWP
O S
DMZ-Out(Public)
DMZ-In
(Private)
App(Private)
DMZ-Out
(Public)
ACM
ELB
NFS S3-backed
Cluster FileSystem
APP2
O S
APP2
O S
VMware
Cloud ENI
IGWIGW
Compute
Gateway
Compute
Gateway
Management
Gateway
VPC S3
Endpoint
AWS
CloudTrail
Amazon
S3
O S
DB2
Reverse Web Proxy &
Application Load-
Balancer
Amazon
CloudWatchAZ A AZ B AZ C
Amazon EC2
VMware Cloud VPC AWS CustomerVPC AWS RegionServices
© 2018, Amazon Web
Services, Inc. or its affiliates.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Enterprise Workload

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Customer Use Cases
Cloud Migrations
Application Specific
Data Center Wide
Infrastructure Refresh
Consolidate Migrate
Data Center Extension
Footprint Expansion
On-demand Capacity
Test/Dev
Expand
Maintain
Disaster Recovery
Protect Additional
Workloads
DR Data Center
Replacement
Add or Modernize DR
Solutions
Primary Secondary

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Site Recovery Manager – Backup / Recovery
Customer Data Center VMware Cloud on AWS
MGW & CGW
L2 Stretch or
L3 IPSEC VPN
IGW
VMware vSphere
vSphere Replication
(VR)
vSphere
Replication (VR)
Site Recovery
Manager (SRM)
Site Recovery
Manager (SRM)
VMware vSphere
VM
VM
VM VM
VM VM
VM
VM
VM VM
VM VM
Site A (Primary) Site B (Recovery)

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Working on Disaster Recovery Service to
VMware Cloud on AWS
Disaster Recovery to VMware Cloud
1~~~~~~~~
2~~~~~~
3~~~~~~~~
4~~~~~~~
Overview of Goals
• Deliver as a service
• Build on VMware’s established
disaster recovery solutions
• Provide application-centric DR
runbook automation
• Remove need for dedicated DR
datacenter
• Integrate deeply with the
VMware Cloud on AWS services
VM
VM
VM VM
VM
VM
VM
VM
VM
VM
VM
VM VM
VM
VM
VM
VM
VM
vSphere VMware Cloud

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Working on Flexible SRM Pairing
Motivation
• Decouple on-premises upgrade
from VMC on AWS upgrades
Overview of Goals
• Loosening version
dependencies across vCenter,
SRM & VR, releases
vSphere / vSAN vSphere / vSAN
VMVM
vCenter vCenter
SRM SRMVR VR
VM
VMVMVM
VMVMVM
VMVMVM
Versioned APIs Allow Multi-Release Compatibility

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Snowball + vMotion
ESX ESX
vMotion
vCenter Server vCenter ServerOrder Snowball1
Copy & ship Snowball
Data Transfer to S3
Data Transfer to SDDC
2
4
3
Cross VC vMotion5
L2 vMotion Network
L3 VM Network
Hybrid Linked Mode
Amazon S3Snowball

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Available Region
OREGON VIRGINIA
LONDON
And more regions to follow……
Fankfurt
Sydney

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pricing
On-Demand
(Hourly)
1 Year
Reserved
3 Year Reserved
List Price (per host) $8.3681/hr $51,987/yr $109,366/3 year
Effective Hourly** $8.3681/hr $5.9346/hr $4.1616/hr
Savings over On-Demand 30% 50%
(Hybrid Loyalty Discount = 10% vSphere, 10% vSAN, 10% NSX up to 25% not shown
above)
https://cloud.vmware.com/vmc-aws/pricing

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank You