VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Paul Bockelman, AWS Principal Solutions Architect (WWPS)
Oren Root, VMware Senior Product Line Manager
August 14, 2017
VMware and AWS Together—VMware
Cloud on AWS

2. What to expect from the session
• Why hybrid IT?
• Product overview of VMware Cloud on AWS
• Technical overview – review key enabling technologies
• Technical drilldown – how this thing works
• Illustrated use cases for an integrated VMware/AWS ecosystem

3. Revisiting the NIST cloud deployment models…
Private cloud
The cloud
infrastructure:
• Is operated solely for
an organization.
• May be managed by
the organizations or
a third party and…
• May exist on-
premises or off-
premises.
Community cloud
The cloud
infrastructure:
• Is shared by several
organizations and
supports a specific
community that has
shared concerns
(e.g., mission,
security
requirements, policy,
and compliance
considerations).
• May be managed by
the organizations or
a third party and…
• May exist on-
premises or off-
premises.
Public cloud
The cloud
infrastructure:
• Is made available to
the general public or
a large industry
group and…
• Is owned by an
organization selling
cloud services.
Hybrid cloud
The cloud
infrastructure:
• Is a composition of
two or more clouds
(private, community,
or public) that remain
unique entities, but
are bound together
by standardized or
proprietary
technology that
enables data and
application portability
(e.g., cloud bursting
for load balancing
between clouds).
The NIST Definition of Cloud Computing
Authors: Peter Mell and Tim Grance - Version 15, 10-7-09
https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf

4. What do customers really want for hybrid IT?
Run workloads
on-premises
Run workloads in
the cloud
Tight integration
between on-
premises and the
cloud
Without buying
new hardware

5. VMware Cloud on AWS removes these barriers and enables faster hybrid cloud adoption
Common challenges with hybrid cloud adoption
Incongruent
networks
Operational
inconsistency
Need to learn new
skill sets & tools
Multiple
monitoring &
control
mechanisms
Multiple virtual
machine formats

6. Product overview

7. VMware Cloud on AWS: Overview
vRealize Suite, PowerCLI
VMware Cloud on AWS
AWS Global InfrastructureCustomer data center
Management
(vCenter Server)
vCenter Server
Single pane of glass and API across on-premises and cloud
Access to all AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
IAMAmazon
Redshift
…
…
…
…
AWS CloudFormation, AWS CLI, SDK
AWS Global Infrastructure
Technical Preview

8. VMware Cloud on AWS: AWS view
VMware
operated,
supported, and
maintained
… Fully configured VMware software stack running
on state-of-the-art infrastructure provisioned on-
demand in minutes
Latest software
• VCSA, ESXi, NSX, VSAN, H5 client
Dynamic capacity
• DRS/HA compute cluster (Intel x86)
• VSAN storage cluster (SSD)
• NSX network virtualization (10 Gbps+)
Flexible topology
• Standalone cloud cluster
• Hybrid connectivity to on-premises
• Cloud-to-cloud connectivity
Overview
…
…
…
ESXi
ESXi
ESXi
…ESXi
…ESXi
…ESXi
VMware Cloud on AWS
Single-tenant (dedicated) bare-metal
Amazon EC2 hardware
vCenter
Server
Technical Preview
Gateway
NSX
Manager

9. AWS Global Infrastructure
VMware Cloud on AWS: AWS integration
Access to all native AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
IAMAWS IoT
…
…
…
…
VMware Cloud on AWS
Technical Preview

10. VMware Cloud on AWS: Ops and support
The fully configured VMware Cloud software
stack will be provisioned, operated, and
maintained directly by VMware.
Overview
Provisioning
• Automated account creation and
environment provisioning by using the API
• Automated interconnection created between
VMware and AWS customer accounts
Operations
• Support provided by VMware directly
• AWS infrastructure (for VMware Cloud on
AWS) support managed by VMware
• Ongoing infrastructure monitoring
Maintenance
• Ongoing stack maintenance managed
directly by VMware
• Upgrade implementation and execution
Technical Preview

11. Common scenarios and use cases
There are multiple reasons and scenarios for why a VMware or AWS customer would
consider VMware Cloud on AWS.
Scenario 1:
Maintain and expand
ExpandMaintain
Geo expansion
Disaster recovery, backup, and
continuity of operations
Scenario 2:
Consolidate and migrate
MigrateConsolidate
Data center consolidation
Application migration
Scenario 3:
Workload flexibility
Prod, dev, test, lab, and training
Burst capacity
Flex as needed
Technical Preview

12. VMware Cloud on AWS: Account structure
• VMware Cloud VPC account
- A new AWS solution account is created for each customer
- Is owned, operated, and paid directly by VMware
- Each solution account is single tenant for all ESXi hosts
- Solution account is linked to a VMware Master-Payor account
• AWS customer VPC account
- Is owned, operated, and paid directly by the customer
- A VMware Cloud elastic network interface is automatically deployed into the customer
VPC with customer consent
- Has full access to the entire catalog of native AWS services within the AWS Region of
deployment
Technical Preview

13. VMware Cloud on AWS: Access model
• VMware Cloud on AWS is delivered “as a service” with the following
operational model:
- AWS manages the physical resources
- VMware manages the hypervisor and management components (includes monitoring,
patching, upgrades, etc.)
- Customers manage their VMs (and networks)
• Customer access is via vCenter and VMware Cloud on AWS portal with
some restrictions:
- No root ESXi access
- No vSphere Distributed Switch (VDS) configuration access
- No direct management of VM/NSX Edge access
Technical Preview

14. VMware Cloud on AWS: Simplified mode
• Auto-deploy and provision the VMware Cloud on
AWS infrastructure resources via predefined
workflows
• Setup of initial networks and admin access granted
to vCenter
• Deploy a prescriptive network topology
• Establish predefined VPN connectivity
• Provide inbound access to workload VMs
• Control firewall access to workload VMs
• Consume pre-created VMware Cloud on AWS
network services
• Deploy workload VMs
• Attach workload VMs to networks
• Create new networks
• Manage IP addressing for workload VMs
vSphere (H5)
Web Client
VI Admin
Cloud
Admin
VMware Cloud
on AWS Web
Portal
Technical Preview

15. Technical overview

16. Compute: vSphere on bare metal
Compute
- 36 PCPUs (72 vCPUs)
- 512 GB RAM
- Dedicated host
vSphere features
- vSphere HA
- vMotion
- DRS
- Elastic DRS
Storage
- ESXi boot-from-EBS
- 14 TB NVMe-backed local
raw storage
Networking
- 10 Gbps+
- VMware Cloud ENI
vSphere
Amazon EC2
Based on the I3 Instance family
Technical Preview

17. • Industry-leading private
storage virtualization
platform
• Flash SSD on bare-metal
hosts
• Fully featured
 QoS – IOPS Limits
 Storage Policy-Based
Management
 Erasure coding
Storage capabilities
Storage: VSAN
Disk group 1 Disk group 2
Write buffer
Capacity
tier
ESXi-01 VSAN
VSAN
Technical Preview

18. Networking: NSX
Network virtualization platform for VMware
• Industry-leading private SDDC network virtualization platform
• 10 Gbps+ NICs on bare metal
• Fully featured advanced networking and security services
- Switching (logical layer2 networks over layer3 routing domains)
- Routing
- Firewalling
- Load balancing
- VPN
NSX
Technical Preview
Overlay Network
VM1
192.168.1.10 192.168.1.11
VXLAN 5001
VM2VM3
10.1.50.10 10.1.50.11
VM4
VXLAN 5002
10.1.50.1192.168.1.1 10.1.50.1192.168.1.1
Overlay Network
Underlay Network
10.20.30.40 10.20.30.41VTEP VTEP
VMware ESXi VMware ESXi

19. Creating an SDDC {Demo}

21. Technical drilldown

22. Existing customer environment
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Deploy a bespoke NSX Edge appliance into
your existing vSphere environment to extend
the VMware Cloud on AWS environment to your
premises.
Technical Preview
Bespoke
NSX Edge

23. Provision VMware Cloud on AWS (SDDC) VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
The full VMware Cloud on AWS
stack will be auto-provisioned
and configured at launch into a
single-tenant AWS account
(owned and operated by
VMware).
VMware Cloud VPC
Technical Preview
IGW
Bespoke
NSX Edge
MGW
&
CGW

24. Provision or designate a target customer-owned VPC
Customer Data Center
Customer VPC
VPC subnet VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
A customer-owned AWS account
is created and/or assigned to
interoperate with the VMware
Cloud on AWS VPC.
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet

25. ESXi
Connect data center to SDDC VPC (via L3VPN)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
VMware Cloud VPC
Amazon EC2
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
Internet
MGW
&
CGW
Private SDDC connectivity is
established from the customer
data center to the SDDC VPC via
an L3VPN

26. Connect data center to customer VPC (AWS Direct Connect)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
Internet
MGW
&
CGW
Private connectivity is established
from the customer data center to the
customer-owned VPC for non-
SDDC traffic via AWS Direct
Connect

27. Internet
Connect data center to SDDC VPC (via Direct Connect)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
(Advanced option) Create a secondary transit
path for a separate VLAN (using hosted private
or public VIFs*) from the customer data center
to the SDDC VPC traffic.
Compute, vMotion, and Cluster
ManagementHosted
Private
VIF(s) or
VPN over
Public VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
* Requires L3VPN connectivity over AWS Direct Connect to MGW and CGW

28. Connect VMware Cloud VPC and customer VPC
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
Connect the VMware
Cloud VPC and the
customer VPC using a
private VMware Cloud ENI.
Private
VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet

29. Deploy and consume native AWS services
Customer VPC VMware Cloud VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
Public
VIF
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Private
VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet

30. Illustrated use cases

31. Operating in the hybrid ecosystem: Examples
• Use vMotion to migrate a virtual machine from a customer data
center to VMware Cloud on AWS
• Copy an object from a virtual machine in VMware Cloud to an
Amazon S3 bucket
• Connect a virtual machine in VMware Cloud to an Amazon Redshift
cluster
• Connect web server hosted on a virtual machine in VMware Cloud
using public Internet access
Technical Preview

32. Operating in the hybrid ecosystem: vMotion
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
vMotion from site to VMware Cloud
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGWPublic
VIF
Internet

33. Operating in the hybrid ecosystem: Amazon S3
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Copy an
object from
virtual
machine to
S3Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
CGWPublic
VIF
Internet

34. Operating in the hybrid ecosystem: Amazon Redshift
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect
virtual
machine to
Amazon
RedshiftRegional AWS Services
AWS
Lambda
Amazon
S3
CloudFront Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGWPublic
VIF
Internet

35. Operating in the hybrid ecosystem: VM internet access
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect to a
virtual
machine
from the
internet
Assign
Elastic IP
Configure
NAT/FW
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW &
CGWPublic
VIF
Internet

36. Security and governance
• Customers maintain access security control of the VMware Cloud ENI using
standard AWS security practices (security groups, NACL, flow logs, and so
on)
• vMotion traffic is encrypted
• VM-level encryption
• Audit-quality logging
• Fully managed offering delivered by VMware
• VMware manages the infrastructure patching and upgrades of the VMware
Cloud environment
Technical Preview

37. {Demo} Connect to a VMware Cloud
on AWS VM from the internet

39. {Demo} Integrating AWS IoT with
VMware Cloud on AWS APIs

40. Integrating VMware Cloud on AWS with a dash button

41. Single click: Add a new host to the SDDC cluster
+1
VMware Cloud VPC

43. Long click: Remove a host from the SDDC cluster
-1
VMware Cloud VPC

45. Additional information

46. Consumption model
Technical Preview
Consumption-based billing
• On-demand / hourly model
• 1 or 3-year reserved
model*
Compelling TCO
• Attractive TCO vs.
traditional on-premises
• Comparable vs. native
cloud, depending on
consolidation ratio
Loyalty discounts
• Leverage existing
investments with VMware
• Purchase VMware Cloud
on AWS at a lower rate

47. Stay up to date!
http://aws.amazon.com/vmware
Quarterly newsletter

48. Thank you!