© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Paul Bockelman, AWS Principal Solutions Architect (WWPS)

Oren Root, VMware Senior Product Line Manager

August 14, 2017

VMware and AWS Together—VMware

Cloud on AWS

What to expect from the session

• Why hybrid IT?

• Product overview of VMware Cloud on AWS

• Technical overview – review key enabling technologies

• Technical drilldown – how this thing works

• Illustrated use cases for an integrated VMware/AWS ecosystem

Revisiting the NIST cloud deployment models…

Private cloud

The cloud

infrastructure:

• Is operated solely for

an organization.

• May be managed by

the organizations or

a third party and…

• May exist on-

premises or off-

premises.

Community cloud

The cloud

infrastructure:

• Is shared by several

organizations and

supports a specific

community that has

shared concerns

(e.g., mission,

security

requirements, policy,

and compliance

considerations).

• May be managed by

the organizations or

a third party and…

• May exist on-

premises or off-

premises.

Public cloud

The cloud

infrastructure:

• Is made available to

the general public or

a large industry

group and…

• Is owned by an

organization selling

cloud services.

Hybrid cloud

The cloud

infrastructure:

• Is a composition of

two or more clouds

(private, community,

or public) that remain

unique entities, but

are bound together

by standardized or

proprietary

technology that

enables data and

application portability

(e.g., cloud bursting

for load balancing

between clouds).

The NIST Definition of Cloud Computing

Authors: Peter Mell and Tim Grance - Version 15, 10-7-09

https://www.nist.gov/sites/default/files/documents/itl/cloud/cloud-def-v15.pdf

What do customers really want for hybrid IT?

Run workloads on-premises

Run workloads in the cloud

Tight integration between on-

premises and the cloud

Without buying new hardware

VMware Cloud on AWS removes these barriers and enables faster hybrid cloud adoption

Common challenges with hybrid cloud adoption

Incongruent networks

Operational inconsistency

Need to learn new skill sets & tools

Multiple monitoring &

control mechanisms

Multiple virtual machine formats

Product overview

VMware Cloud on AWS: Overview

vRealize Suite, PowerCLI

VMware Cloud on AWS

AWS Global InfrastructureCustomer data center

Management

(vCenter Server)

vCenter ServerSingle pane of glass and API across on-premises and cloud

Access to all AWS services

Amazon

EC2

Amazon

S3

Amazon

RDS

AWS Direct

ConnectIAMAmazon

Redshift

…

…

…

…

AWS CloudFormation, AWS CLI, SDK

AWS Global Infrastructure

Technical Preview

VMware Cloud on AWS: AWS view

VMware

operated,

supported, and

maintained

… Fully configured VMware software stack running

on state-of-the-art infrastructure provisioned on-

demand in minutes

Latest software

• VCSA, ESXi, NSX, VSAN, H5 client

Dynamic capacity

• DRS/HA compute cluster (Intel x86)

• VSAN storage cluster (SSD)

• NSX network virtualization (10 Gbps+)

Flexible topology

• Standalone cloud cluster

• Hybrid connectivity to on-premises

• Cloud-to-cloud connectivity

Overview

…

…

…

ESXi

ESXi

ESXi

…ESXi

…ESXi

…ESXi

VMware Cloud on AWS

Single-tenant (dedicated) bare-metal

Amazon EC2 hardware

vCenter

Server

Technical Preview

Gateway

NSX

Manager

AWS Global Infrastructure

VMware Cloud on AWS: AWS integration

Access to all native AWS services

Amazon

EC2

Amazon

S3

Amazon

RDS

AWS Direct

ConnectIAMAWS IoT

…

…

…

…

VMware Cloud on AWS

Technical Preview

VMware Cloud on AWS: Ops and support

The fully configured VMware Cloud software

stack will be provisioned, operated, and

maintained directly by VMware.

Overview

Provisioning

• Automated account creation and

environment provisioning by using the API

• Automated interconnection created between

VMware and AWS customer accounts

Operations

• Support provided by VMware directly

• AWS infrastructure (for VMware Cloud on

AWS) support managed by VMware

• Ongoing infrastructure monitoring

Maintenance

• Ongoing stack maintenance managed

directly by VMware

• Upgrade implementation and execution

Technical Preview

Common scenarios and use cases

There are multiple reasons and scenarios for why a VMware or AWS customer would

consider VMware Cloud on AWS.

Scenario 1:

Maintain and expand

ExpandMaintain

Geo expansion

Disaster recovery, backup, and

continuity of operations

Scenario 2:

Consolidate and migrate

MigrateConsolidate

Data center consolidation

Application migration

Scenario 3:

Workload flexibility

Prod, dev, test, lab, and training

Burst capacity

Flex as needed

Technical Preview

VMware Cloud on AWS: Account structure

• VMware Cloud VPC account- A new AWS solution account is created for each customer

- Is owned, operated, and paid directly by VMware

- Each solution account is single tenant for all ESXi hosts

- Solution account is linked to a VMware Master-Payor account

• AWS customer VPC account - Is owned, operated, and paid directly by the customer

- A VMware Cloud elastic network interface is automatically deployed into the customer

VPC with customer consent

- Has full access to the entire catalog of native AWS services within the AWS Region of

deployment

Technical Preview

VMware Cloud on AWS: Access model

• VMware Cloud on AWS is delivered “as a service” with the following

operational model:- AWS manages the physical resources

- VMware manages the hypervisor and management components (includes monitoring,

patching, upgrades, etc.)

- Customers manage their VMs (and networks)

• Customer access is via vCenter and VMware Cloud on AWS portal with

some restrictions:- No root ESXi access

- No vSphere Distributed Switch (VDS) configuration access

- No direct management of VM/NSX Edge access

Technical Preview

VMware Cloud on AWS: Simplified mode

• Auto-deploy and provision the VMware Cloud on

AWS infrastructure resources via predefined

workflows

• Setup of initial networks and admin access granted

to vCenter

• Deploy a prescriptive network topology

• Establish predefined VPN connectivity

• Provide inbound access to workload VMs

• Control firewall access to workload VMs

• Consume pre-created VMware Cloud on AWS

network services

• Deploy workload VMs

• Attach workload VMs to networks

• Create new networks

• Manage IP addressing for workload VMsvSphere (H5)

Web Client

VI Admin

Cloud

Admin

VMware Cloud

on AWS Web

Portal

Technical Preview

Technical overview

Compute: vSphere on bare metal

Compute

- 36 PCPUs (72 vCPUs)

- 512 GB RAM

- Dedicated host

vSphere features

- vSphere HA

- vMotion

- DRS

- Elastic DRS

Storage

- ESXi boot-from-EBS

- 14 TB NVMe-backed local

raw storage

Networking

- 10 Gbps+

- VMware Cloud ENI

vSphere

Amazon EC2Based on the I3 Instance family

Technical Preview

• Industry-leading private

storage virtualization

platform

• Flash SSD on bare-metal

hosts

• Fully featured

QoS – IOPS Limits

Storage Policy-Based

Management

Erasure coding

Storage capabilities

Storage: VSAN

Disk group 1 Disk group 2

Write buffer

Capacity

tier

ESXi-01 VSAN

VSAN

Technical Preview

Networking: NSX

Network virtualization platform for VMware

• Industry-leading private SDDC network virtualization platform

• 10 Gbps+ NICs on bare metal

• Fully featured advanced networking and security services

- Switching (logical layer2 networks over layer3 routing domains)

- Routing

- Firewalling

- Load balancing

- VPN

NSX

Technical Preview

Overlay Network

VM1

192.168.1.10 192.168.1.11

VXLAN 5001

VM2VM3

10.1.50.10 10.1.50.11

VM4

VXLAN 5002

10.1.50.1192.168.1.1 10.1.50.1192.168.1.1

Overlay Network

Underlay Network

10.20.30.40 10.20.30.41VTEP VTEP

VMware ESXi VMware ESXi

Creating an SDDC {Demo}

Technical drilldown

Existing customer environment

Customer Data Center

vSphere Environment

Non-vSphere Environment

ESXi

Deploy a bespoke NSX Edge appliance into

your existing vSphere environment to extend

the VMware Cloud on AWS environment to your

premises.

Technical Preview

Bespoke

NSX Edge

Provision VMware Cloud on AWS (SDDC) VPC

Customer Data Center

vSphere Environment

Non-vSphere Environment

ESXi

ESXi

Amazon EC2

The full VMware Cloud on AWS

stack will be auto-provisioned

and configured at launch into a

single-tenant AWS account

(owned and operated by

VMware).

VMware Cloud VPC

Technical Preview

IGW

Bespoke

NSX Edge

MGW

&

CGW

Provision or designate a target customer-owned VPC

Customer Data Center

Customer VPC

VPC subnet VPC subnet

vSphere Environment

Non-vSphere Environment

ESXi

VMware Cloud VPC

ESXi

Amazon EC2

A customer-owned AWS account

is created and/or assigned to

interoperate with the VMware

Cloud on AWS VPC.

Technical Preview

IGW

Router

Customer

GW

Bespoke

NSX Edge

MGW

&

CGW

Internet

ESXi

Connect data center to SDDC VPC (via L3VPN)

Customer Data Center

vSphere Environment

Non-vSphere Environment

ESXi

Customer VPC

VPC subnet VPC subnet

VMware Cloud VPC

Amazon EC2

Technical Preview

IGW

Router

Customer

GW

Bespoke

NSX Edge

Internet

MGW

&

CGW

Private SDDC connectivity is

established from the customer

data center to the SDDC VPC via

an L3VPN

Connect data center to customer VPC (AWS Direct Connect)

Customer Data Center

vSphere Environment

Non-vSphere Environment

ESXi

Customer VPC

VPC subnet VPC subnet

AWS Direct

Connect

Private

VIF

VMware Cloud VPC

ESXi

Amazon EC2

Technical Preview

IGW

Router

Customer

GW

Bespoke

NSX Edge

Internet

MGW

&

CGW

Private connectivity is established

from the customer data center to the

customer-owned VPC for non-

SDDC traffic via AWS Direct

Connect

Internet

Connect data center to SDDC VPC (via Direct Connect)

Customer Data Center

vSphere Environment

Non-vSphere Environment

ESXi

Customer VPC

VPC subnet VPC subnet

AWS Direct

Connect

Private

VIF

VMware Cloud VPC

ESXi

Amazon EC2

(Advanced option) Create a secondary transit

path for a separate VLAN (using hosted private

or public VIFs*) from the customer data center

to the SDDC VPC traffic.

Compute, vMotion, and Cluster

ManagementHosted

Private

VIF(s) or

VPN over

Public VIF

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

MGW

&

CGW

* Requires L3VPN connectivity over AWS Direct Connect to MGW and CGW

Connect VMware Cloud VPC and customer VPC

Customer VPC

Customer Data Center

AWS Direct

Connect

VMware Cloud

ENI

VPC subnet VPC subnet

VPC subnet

vSphere Environment

Non-vSphere Environment

ESXi

VMware Cloud VPC

ESXi

Amazon EC2

Connect the VMware

Cloud VPC and the

customer VPC using a

private VMware Cloud ENI.

Private

VIF

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

MGW

&

CGW

Internet

Deploy and consume native AWS services

Customer VPC VMware Cloud VPC

Customer Data Center

AWS Direct

Connect

VMware Cloud

ENI

VPC subnet VPC subnet

VPC subnet

Private Managed

AWS ServicesCustomer Instances

vSphere Environment

Non-vSphere Environment

ESXi

ESXi

Amazon EC2

Public

VIF

Regional AWS Services

AWS

Lambda

Amazon

S3

Amazon

CloudFront

Etc.

Private

VIF

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

MGW

&

CGW

Internet

Illustrated use cases

Operating in the hybrid ecosystem: Examples

• Use vMotion to migrate a virtual machine from a customer data

center to VMware Cloud on AWS

• Copy an object from a virtual machine in VMware Cloud to an

Amazon S3 bucket

• Connect a virtual machine in VMware Cloud to an Amazon Redshift

cluster

• Connect web server hosted on a virtual machine in VMware Cloud

using public Internet access

Technical Preview

Operating in the hybrid ecosystem: vMotion

Customer VPC

Customer Data Center

AWS Direct

Connect

VMware Cloud

ENI

VPC subnet VPC subnet

VPC subnet

Private Managed

AWS ServicesCustomer Instances

vSphere Environment

Non-vSphere Environment

ESXi

Private

VIF

VMware Cloud VPC

ESXi

Amazon EC2

vMotion from site to VMware Cloud

Regional AWS Services

AWS

Lambda

Amazon

S3

Amazon

CloudFront

Etc.

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

MGW

&

CGWPublic

VIF

Internet

Operating in the hybrid ecosystem: Amazon S3

Customer VPC

Customer Data Center

AWS Direct

Connect

VMware Cloud

ENI

VPC subnet VPC subnet

VPC subnet

Private Managed

AWS ServicesCustomer Instances

vSphere Environment

Non-vSphere Environment

ESXi

Private

VIF

VMware Cloud VPC

ESXi

Amazon EC2

Copy an

object from

virtual

machine to

S3 Regional AWS Services

AWS

Lambda

Amazon

S3

Amazon

CloudFront

Etc.

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

CGWPublic

VIF

Internet

Operating in the hybrid ecosystem: Amazon Redshift

Customer VPC

Customer Data Center

AWS Direct

Connect

VMware Cloud

ENI

VPC subnet VPC subnet

VPC subnet

Private Managed

AWS ServicesCustomer Instances

vSphere Environment

Non-vSphere Environment

ESXi

Private

VIF

VMware Cloud VPC

ESXi

Amazon EC2

Connect

virtual

machine to

Amazon

Redshift Regional AWS Services

AWS

Lambda

Amazon

S3

CloudFront Etc.

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

MGW

&

CGWPublic

VIF

Internet

Operating in the hybrid ecosystem: VM internet access

Customer VPC

Customer Data Center

AWS Direct

Connect

VMware Cloud

ENI

VPC subnet VPC subnet

VPC subnet

Private Managed

AWS ServicesCustomer Instances

vSphere Environment

Non-vSphere Environment

ESXi

Private

VIF

VMware Cloud VPC

ESXi

Amazon EC2

Connect to a

virtual

machine

from the

internet

Assign

Elastic IP

Configure

NAT/FW

Regional AWS Services

AWS

Lambda

Amazon

S3

Amazon

CloudFront

Etc.

Technical Preview

IGW

Router

Customer

GW

Customer

GW

Bespoke

NSX Edge

MGW &

CGWPublic

VIF

Internet

Security and governance

• Customers maintain access security control of the VMware Cloud ENI using

standard AWS security practices (security groups, NACL, flow logs, and so

on)

• vMotion traffic is encrypted

• VM-level encryption

• Audit-quality logging

• Fully managed offering delivered by VMware

• VMware manages the infrastructure patching and upgrades of the VMware

Cloud environment

Technical Preview

{Demo} Connect to a VMware Cloud

on AWS VM from the internet

{Demo} Integrating AWS IoT with

VMware Cloud on AWS APIs

Integrating VMware Cloud on AWS with a dash button

Single click: Add a new host to the SDDC cluster

+1

VMware Cloud VPC

Long click: Remove a host from the SDDC cluster

-1

VMware Cloud VPC

Additional information

Consumption model

Technical Preview

Consumption-based billing

• On-demand / hourly model

• 1 or 3-year reserved model*

Compelling TCO

• Attractive TCO vs. traditional on-premises

• Comparable vs. native cloud, depending on consolidation ratio

Loyalty discounts

• Leverage existing investments with VMware

• Purchase VMware Cloud on AWS at a lower rate

Stay up to date!

http://aws.amazon.com/vmware

Quarterly newsletter

Thank you!