Abstract:
The purpose of this document is to assist Customers during a Proof-of-Concept (PoC) to deploy and consume services within an VMware Cloud on AWS environment. Since PoC’s are associated with a predetermined time, the intent is to provide explanations with screenshots and brief videos as well as with references to public documents from both Amazon Web Services (AWS) and VMware.
Why VMware Cloud on AWS?
One of the primary “value-adds” of VMware Cloud on AWS is the ability to leverage On-Premises services (i.e. vMotion, Site Recovery Manager, L3VPN, L2VPN, etc.) within a Public Cloud offering for Operational Consistency while accessing the range of service offerings from Native AWS (i.e. EC2, RDS, Lamba).
Cloud Migration Considerations
Cloud Migration Using Load Balancing to Mitigate Migration Risk
Why Consider Load Balancing for Cloud Migrations? – This architecture discussion provides a “Low Risk” overview when migrating to the cloud by using Load Balancers both On-Premises (NSX-v, NSX-T, and 3rd-Party) and in the Cloud (Native AWS).
Cloud Migration Using Load Balancing (Demonstration)
Why Consider Load Balancing for Cloud Migrations? – This architecture discussion provides a “Low Risk” demonstration regarding the migration to the cloud by using Load Balancers both On-Premises (NSX-v, NSX-T, and 3rd-Party) and in the Cloud (Native AWS).
Cloud Migration Using vMotion
Just as a person would migrate VM’s between two physical datacenters, VMware Cloud on AWS allows the same operational approach by using vMotion to migrate between On-Premises and the cloud where VMware Cloud on AWS becomes the second datacenter.
Cloud Migration using Hybrid Cloud Extension (HCX)
The concept behind Hybrid Cloud Extension (HCX) is to allow the migrations of VM’s from anywhere-to-anywhere. This could be from vSphere-to-vSphere, vSphere-to-Cloud Director (formerly vCloud Director), or in this example, vSphere-to-VMware Cloud on AWS.
Below are Hybrid Cloud Extension (HCX) references related to what is supported and/or required within the On-Premises environment (checklist) as well as associated firewall ports to be allowed.
Hybrid Migration with VMware HCX – Checklist
Hybrid Cloud Extension (HCX) Firewall Ports (https://ports.vmware.com)
Hybrid Linked Mode (HLM)
Hybrid Linked Mode Configuration
Within an On-Premises environment, if a person wanted to “link” two separate vCenter instances from two different physical datacenters into a common User Interface (UI), a service called “Enhanced Linked Mode” (ELM) would be used. With VMware Cloud on AWS, a similar service named “Hybrid Linked Mode” (HLM) is used to link the vCenter instance On-Premises to the vCenter instance in VMware Cloud on AWS into a common UI.
Hybrid Linked Mode Validation
Prior to deploying “Hybrid Linked Mode” (HLM), a certain number of ports need to be available from a firewall perspective as well as a certain number of services need to be reachable (i.e. Active Directory, vCenter, DNS, etc.) between On-Premises and VMware Cloud on AWS. These ports/services are able to be verified via the VMware Cloud Console in the “Troubleshooting” section.
Reference Architectures
Hybrid Services for Operational Consistency
How can Hybrid Services be “Striped” between Clouds for Operational Consistency? – The following has been authored based on Customer/Partner Workshops, Proof-of-Concepts, and Architecture/Design reviews:
VMware Cloud on AWS – Hybrid Services for Operational Consistency (Public)
Common Architecture Questions:
Do I need to have NSX-v or NSX-T On-Premises in order to stretch Layer 2 networks into VMware Cloud on AWS? No. The two options would be to (1.) Use the Hybrid Cloud Extension service which is a part of the VMware Cloud on AWS offering to automatically stretch the Layer 2 segments or (2.) Manually deploy an NSX-T Standalone Edge which is deployed as an OVF within your vCenter environment.
Is there a way to have a common logging repository? Yes. At the moment, it is possible to forward the AWS CloudTrail logging information to Log Intelligence/Log Insight Cloud as well as to forward the Log Intelligence/Log Insight Cloud logging information to Log Insight On-Premises.
Where should I place my Active Directory (AD) service? It depends on the requirements. The solution would work with an AD service On-Premises even if the connection between On-Premises and VMware Cloud on AWS goes down although, we have had Customers that consider it unsecure to cache login information for VM’s so, it has led to deploying an AD service in the cloud. If we take that requirement a step further and the Customer was considering a managed AD service, the recommendation would be to use AWS’ Active Directory service (fully managed).
Where would I be able to locate additional Reference Architectures? – Our team recently published a number of Reference Architectures related to VMware Cloud on AWS on the following external location:
VMware Cloud on AWS – Reference Architectures
Multi-Availability Zones for Stretched SDDC’s
How is a “Stretched” SDDC deployed across multiple AWS Availability Zones to address High Availability? – The following has been authored based on Customer/Partner Workshops, Proof-of-Concepts, and Architecture/Design reviews:
VMware Cloud on AWS – Multi-Availability Zones for Stretched SDDC’s
Common Architecture Questions:
What is the Associated Cost of the AWS Inter-AZ Traffic related to Storage I/O when the SDDC is Stretched? This topic has been updated as of December 2019 where the Inter-AZ pricing has been reduced in order to mitigate the need to forecast Storage I/O estimates when designing this solution.
Do the Layer 2 segments with the SDDC get stretched between the AWS Availability Zones? Yes. Since the SDDC is stretched across the multiple AZ’s as a part of the managed service, this is automatically done. From the top-down, the Customer would consume the solution as a single environment and would be unaware of the underlying AWS AZ constructs for High Availability.
Would I be able to place VM’s within the SDDC in both AWS Availability Zones? Yes. Because it is a single SDDC being consumed, the managed service would place VM’s based on current resources on a per-node basis and would be independent of the underlying AZ’s.
Can I provision Active/Active Elastic Network Interfaces (ENI) in each AWS Availability Zone? At the moment, the solution supports an “Active” ENI in one AZ and an “Inactive” ENI in the other AZ. This simplifies the predicability of there VM traffic flows and also avoids asymmetric routing. If there is a need to reach an AWS EC2 instance in the AZ where the “Inactive” ENI is connected, the solution relies on the AWS Virtual Private Cloud (VPC) Router between the two AZ’s.
Where would I be able to locate additional Reference Architectures? – Our team recently published a number of Reference Architectures related to VMware Cloud on AWS on the following external location:
VMware Cloud on AWS – Reference Architectures
Licensing Topics
Licensing Microsoft Products (Windows Service and MS-SQL Server)
Based on a number of requests from Customers/Partners, the following VMware-external blog has been written by Oleg Ulyanov regarding the licensing announcement from Microsoft on October 1st, 2019:
This is related to the changes to the Microsoft licensing term for products deployed on dedicated hosted cloud services.
Technical References
Data Protection Compatibility Guide (3rd-Party/ISV)
There are a number of 3rd-Party/ISV Partners that have validated their Storage and Data Protection solutions for VMware Cloud on AWS and these results are published on the following VMware-external location:
The VMware Compatibility Guide includes information related to all VMware platforms (i.e ESXi, Cloud Director) including VMware Cloud on AWS. Within the first “Supported Releases” column (left), choose the latest “VMware Cloud on AWS x.y” Release, the 3rd-Party/ISV “Partner Name” in the second column, and then, the “Solution Type” in the third column. Once this is completed, click on the “Update and View Results” button which update the “Search Results” at the bottom of the page. This will provide the relevant information related to the 3rd-Party/ISV solution sersion, KB articles, and supported releases.
VMware Cloud Services Status Page
As a part of the VMware Cloud on AWS solution, VMware posts the status of the current services running in the cloud environment (i.e. DRaaS status, HCX status, Networking status, etc) via the following location:
VMware Cloud Services Status Page:
https://status.vmware-services.io/
The VMware Cloud Service Status Page updates are provided as well in the VMware Cloud on AWS Console to the Customer/Partner at the top of the screen in case there are services being impacted:
Release Notes for VMware Cloud on AWS
If there is a need to understand what is currently supported or what has been supported in previous releases for VMware Cloud on AWS, the primary document to reference is the associated Release Notes. This tends to be overlooked although, these Release Note provide a good chronological order of the multiple features and services that have been released over the past several years.
VMware Cloud on AWS Release Notes (with Chronological Information):
https://docs.vmware.com/en/VMware-Cloud-on-AWS/0/rn/vmc-on-aws-relnotes.html
Service Level Agreement (SLA)
Regarding the topic of the Service Level Agreement (SLA) for VMware Cloud on AWS, the official information is provided on the VMware-external website and is based on both Single AZ / Unstretched SDDC Cluster deployments as well as Multi-AZ / Stretched SDDC Cluster deployments.
Service Level Agreement (SLA) for VMware Cloud on AWS:
If there is a need to enhance the mentioned SLA percentages, one option would be to enable Disaster Recovery to an On-Premises location or to another SDDC location.
Customer/Partner References
Tieto (Finland) – Sign Service
How do VMware Partners consume VMware Cloud on AWS? – Tieto is a VMware Partner in Finland who consumes VMware Cloud on AWS themselves in order to develop a “Born in the Cloud” document signing service (“Tieto Signing Hub”) on VMware Cloud on AWS as a part of their portfolio offering to Customers.
SVA (Germany) – Hybrid Cloud Whitepaper
How do you setup a Hybrid Cloud successfully? – SVA (System Vertrieb Alexander GmbH) is a VMware Partner based in Germany that has been focused on VMware Cloud on AWS architectures and has published the following whitepaper related to Hybrid Cloud (October 2018):
VMware on AWS: So Gelingt der Einstieg in die Hybrid Cloud (German)
VMware on AWS: Setting Up a Hybrid Cloud Successfully (English)
ITQ (Netherlands) – NSX-T Lightboard Discussion
How is NSX-T constructed for VMware Cloud on AWS? – ITQ is a VMware Partner based in the Netherlands who provides consulting design services on VMware Cloud on AWS. In this Lightboard session, the ITQ team provides insight to the NSX-T networking contructs within VMware Cloud on AWS and the connectivity to Native AWS as well to the On-Premises environment.