VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.
2. What to expect from the session
• Why hybrid IT?
• Product overview of VMware Cloud on AWS
• Technical overview – review key enabling technologies
• Technical drilldown – how this thing works
• Illustrated use cases for an integrated VMware/AWS ecosystem
3. Revisiting the NIST cloud deployment models…
Private cloud
The cloud
infrastructure:
• Is operated solely for
an organization.
• May be managed by
the organizations or
a third party and…
• May exist on-
premises or off-
premises.
Community cloud
The cloud
infrastructure:
• Is shared by several
organizations and
supports a specific
community that has
shared concerns
(e.g., mission,
security
requirements, policy,
and compliance
considerations).
• May be managed by
the organizations or
a third party and…
• May exist on-
premises or off-
premises.
Public cloud
The cloud
infrastructure:
• Is made available to
the general public or
a large industry
group and…
• Is owned by an
organization selling
cloud services.
Hybrid cloud
The cloud
infrastructure:
• Is a composition of
two or more clouds
(private, community,
or public) that remain
unique entities, but
are bound together
by standardized or
proprietary
technology that
enables data and
application portability
(e.g., cloud bursting
for load balancing
between clouds).
The NIST Definition of Cloud Computing
Authors: Peter Mell and Tim Grance - Version 15, 10-7-09
https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf
4. What do customers really want for hybrid IT?
Run workloads
on-premises
Run workloads in
the cloud
Tight integration
between on-
premises and the
cloud
Without buying
new hardware
5. VMware Cloud on AWS removes these barriers and enables faster hybrid cloud adoption
Common challenges with hybrid cloud adoption
Incongruent
networks
Operational
inconsistency
Need to learn new
skill sets & tools
Multiple
monitoring &
control
mechanisms
Multiple virtual
machine formats
7. VMware Cloud on AWS: Overview
vRealize Suite, PowerCLI
VMware Cloud on AWS
AWS Global InfrastructureCustomer data center
Management
(vCenter Server)
vCenter Server
Single pane of glass and API across on-premises and cloud
Access to all AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
IAMAmazon
Redshift
…
…
…
…
AWS CloudFormation, AWS CLI, SDK
AWS Global Infrastructure
Technical Preview
9. AWS Global Infrastructure
VMware Cloud on AWS: AWS integration
Access to all native AWS services
Amazon
EC2
Amazon
S3
Amazon
RDS
AWS Direct
Connect
IAMAWS IoT
…
…
…
…
VMware Cloud on AWS
Technical Preview
10. VMware Cloud on AWS: Ops and support
The fully configured VMware Cloud software
stack will be provisioned, operated, and
maintained directly by VMware.
Overview
Provisioning
• Automated account creation and
environment provisioning by using the API
• Automated interconnection created between
VMware and AWS customer accounts
Operations
• Support provided by VMware directly
• AWS infrastructure (for VMware Cloud on
AWS) support managed by VMware
• Ongoing infrastructure monitoring
Maintenance
• Ongoing stack maintenance managed
directly by VMware
• Upgrade implementation and execution
Technical Preview
11. Common scenarios and use cases
There are multiple reasons and scenarios for why a VMware or AWS customer would
consider VMware Cloud on AWS.
Scenario 1:
Maintain and expand
ExpandMaintain
Geo expansion
Disaster recovery, backup, and
continuity of operations
Scenario 2:
Consolidate and migrate
MigrateConsolidate
Data center consolidation
Application migration
Scenario 3:
Workload flexibility
Prod, dev, test, lab, and training
Burst capacity
Flex as needed
Technical Preview
12. VMware Cloud on AWS: Account structure
• VMware Cloud VPC account
- A new AWS solution account is created for each customer
- Is owned, operated, and paid directly by VMware
- Each solution account is single tenant for all ESXi hosts
- Solution account is linked to a VMware Master-Payor account
• AWS customer VPC account
- Is owned, operated, and paid directly by the customer
- A VMware Cloud elastic network interface is automatically deployed into the customer
VPC with customer consent
- Has full access to the entire catalog of native AWS services within the AWS Region of
deployment
Technical Preview
13. VMware Cloud on AWS: Access model
• VMware Cloud on AWS is delivered “as a service” with the following
operational model:
- AWS manages the physical resources
- VMware manages the hypervisor and management components (includes monitoring,
patching, upgrades, etc.)
- Customers manage their VMs (and networks)
• Customer access is via vCenter and VMware Cloud on AWS portal with
some restrictions:
- No root ESXi access
- No vSphere Distributed Switch (VDS) configuration access
- No direct management of VM/NSX Edge access
Technical Preview
14. VMware Cloud on AWS: Simplified mode
• Auto-deploy and provision the VMware Cloud on
AWS infrastructure resources via predefined
workflows
• Setup of initial networks and admin access granted
to vCenter
• Deploy a prescriptive network topology
• Establish predefined VPN connectivity
• Provide inbound access to workload VMs
• Control firewall access to workload VMs
• Consume pre-created VMware Cloud on AWS
network services
• Deploy workload VMs
• Attach workload VMs to networks
• Create new networks
• Manage IP addressing for workload VMs
vSphere (H5)
Web Client
VI Admin
Cloud
Admin
VMware Cloud
on AWS Web
Portal
Technical Preview
22. Existing customer environment
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Deploy a bespoke NSX Edge appliance into
your existing vSphere environment to extend
the VMware Cloud on AWS environment to your
premises.
Technical Preview
Bespoke
NSX Edge
23. Provision VMware Cloud on AWS (SDDC) VPC
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
The full VMware Cloud on AWS
stack will be auto-provisioned
and configured at launch into a
single-tenant AWS account
(owned and operated by
VMware).
VMware Cloud VPC
Technical Preview
IGW
Bespoke
NSX Edge
MGW
&
CGW
24. Provision or designate a target customer-owned VPC
Customer Data Center
Customer VPC
VPC subnet VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
A customer-owned AWS account
is created and/or assigned to
interoperate with the VMware
Cloud on AWS VPC.
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet
25. ESXi
Connect data center to SDDC VPC (via L3VPN)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
VMware Cloud VPC
Amazon EC2
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
Internet
MGW
&
CGW
Private SDDC connectivity is
established from the customer
data center to the SDDC VPC via
an L3VPN
26. Connect data center to customer VPC (AWS Direct Connect)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Technical Preview
IGW
Router
Customer
GW
Bespoke
NSX Edge
Internet
MGW
&
CGW
Private connectivity is established
from the customer data center to the
customer-owned VPC for non-
SDDC traffic via AWS Direct
Connect
27. Internet
Connect data center to SDDC VPC (via Direct Connect)
Customer Data Center
vSphere Environment
Non-vSphere Environment
ESXi
Customer VPC
VPC subnet VPC subnet
AWS Direct
Connect
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
(Advanced option) Create a secondary transit
path for a separate VLAN (using hosted private
or public VIFs*) from the customer data center
to the SDDC VPC traffic.
Compute, vMotion, and Cluster
ManagementHosted
Private
VIF(s) or
VPN over
Public VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
* Requires L3VPN connectivity over AWS Direct Connect to MGW and CGW
28. Connect VMware Cloud VPC and customer VPC
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
vSphere Environment
Non-vSphere Environment
ESXi
VMware Cloud VPC
ESXi
Amazon EC2
Connect the VMware
Cloud VPC and the
customer VPC using a
private VMware Cloud ENI.
Private
VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet
29. Deploy and consume native AWS services
Customer VPC VMware Cloud VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
ESXi
Amazon EC2
Public
VIF
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Private
VIF
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGW
Internet
31. Operating in the hybrid ecosystem: Examples
• Use vMotion to migrate a virtual machine from a customer data
center to VMware Cloud on AWS
• Copy an object from a virtual machine in VMware Cloud to an
Amazon S3 bucket
• Connect a virtual machine in VMware Cloud to an Amazon Redshift
cluster
• Connect web server hosted on a virtual machine in VMware Cloud
using public Internet access
Technical Preview
32. Operating in the hybrid ecosystem: vMotion
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
vMotion from site to VMware Cloud
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGWPublic
VIF
Internet
33. Operating in the hybrid ecosystem: Amazon S3
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Copy an
object from
virtual
machine to
S3Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
CGWPublic
VIF
Internet
34. Operating in the hybrid ecosystem: Amazon Redshift
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect
virtual
machine to
Amazon
RedshiftRegional AWS Services
AWS
Lambda
Amazon
S3
CloudFront Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW
&
CGWPublic
VIF
Internet
35. Operating in the hybrid ecosystem: VM internet access
Customer VPC
Customer Data Center
AWS Direct
Connect
VMware Cloud
ENI
VPC subnet VPC subnet
VPC subnet
Private Managed
AWS ServicesCustomer Instances
vSphere Environment
Non-vSphere Environment
ESXi
Private
VIF
VMware Cloud VPC
ESXi
Amazon EC2
Connect to a
virtual
machine
from the
internet
Assign
Elastic IP
Configure
NAT/FW
Regional AWS Services
AWS
Lambda
Amazon
S3
Amazon
CloudFront
Etc.
Technical Preview
IGW
Router
Customer
GW
Customer
GW
Bespoke
NSX Edge
MGW &
CGWPublic
VIF
Internet
36. Security and governance
• Customers maintain access security control of the VMware Cloud ENI using
standard AWS security practices (security groups, NACL, flow logs, and so
on)
• vMotion traffic is encrypted
• VM-level encryption
• Audit-quality logging
• Fully managed offering delivered by VMware
• VMware manages the infrastructure patching and upgrades of the VMware
Cloud environment
Technical Preview
46. Consumption model
Technical Preview
Consumption-based billing
• On-demand / hourly model
• 1 or 3-year reserved
model*
Compelling TCO
• Attractive TCO vs.
traditional on-premises
• Comparable vs. native
cloud, depending on
consolidation ratio
Loyalty discounts
• Leverage existing
investments with VMware
• Purchase VMware Cloud
on AWS at a lower rate
47. Stay up to date!
http://aws.amazon.com/vmware
Quarterly newsletter