This opening post will give an overview and demo of VMware Cloud on AWS. VMware Cloud on AWS provides on-demand, scaleable cloud environments based on existing vSphere Software-Defined Data Centre (SDDC) products. VMware and AWS have worked together to optimise running vSphere, vSAN and NSX, directly on dedicated, elastic, bare-metal AWS infrastructure without the need for nested virtualization. A SDDC cloud can be deployed in a few hours and then capacity scaled up and down within minutes; either manually or automatically using elastic DRS.
There are a number of benefits and use cases for extending on-premise data centres to the cloud with VMware Cloud on AWS:
- VMware maintains software updates, emergency software patches, and auto-remediation of hardware failures
- Increasing capacity in the cloud is generally quicker, easier, and sometimes more cost effective than increasing physical capacity in the data centre
- Scale capacity to protect services when met with temporary or unplanned demand
- Improve business continuity by using the cloud for Disaster Recovery (DR) with Site Recovery
- Consistent operating environments allows for simplified cloud migrations with minimal re-training for system administrators
- Transfer your existing operating system and third party licensing to the cloud and make use of existing support contracts with VMware
- Expand into additional geographical locations without needing to provision new data centres
Update 18/01/2019 – see also VMware Cloud on AWS Deployment Planning. As with all cloud services functionality and limitations are constantly changing, I have updated some of this content but make sure you review the links below for the most up to date information.
The following links contain enough reading to plan your VMware Cloud on AWS implementation and cloud migration strategy, the points below should also be enough to get you started.
- At the time of writing up to 2 SDDC’s can be deployed per organisation (soft limit), each SDDC supporting up to 20 vSphere clusters and each cluster up to 16 physical nodes.
- The standard i3 bare metal instance currently offers 2 sockets, 36 cores, 512 GiB RAM, 10.7 TB vSAN storage, a 16-node cluster provides 32 sockets, 576 cores, 8192 GiB RAM, 171.2 TB.
- New R5 bare metal instances are deployed with 2.5 GHz Intel Platinum 8000 series (Skylake-SP) processors; 2 sockets, 48 cores, 768 GiB RAM and AWS Elastic Block Storage (EBS) backed capacity scaling up to 105 TB for 3-node resources and 560 TB for 16-node resources. For up to date configuration maximums see Configuration Maximums for VMware Cloud on AWS.
- Each ESXi host is connected to an Amazon Virtual Private Cloud (VPC) through Elastic Networking Interfaces (ENI’s), which supports throughput up to 25 Gbps
- Hybrid Cloud Extension allows stretched subnets between on-premise and cloud data centres for live migration of virtual machines
- Hybrid Linked Mode allows administrators to connect vCenter Server running in VMware Cloud on AWS to an on-premises vCenter server to view both cloud and on-premises resources from a single interface
- VMware Cloud on AWS complies with ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, HIPAA, and GDPR, find the full list of compliance certification here
- VMware Cloud on AWS is managed from a web-based console or RESTful API
- At the time of writing VMware Cloud on AWS is available in the AWS Europe (Frankfurt and London), AWS US East (N. Virginia) and AWS US West (Oregon) Regions
- Basic pricing before discount can be calculated here
The demo below creates a SDDC in the cloud for lab purposes. Before deploying your own environment you should review all the above linked documentation and do your own research to plan your cloud strategy as well as the following:
- Identify or create an AWS account and ensure that all technical personnel have access to the account
- Identify a VPC and subnet by cross-linking the AWS account to the SDDC
- Allocate IP ranges for the SDDC, and determine a DNS strategy
- Identify the authentication model for the SDDC
- Plan connectivity to the SDDC
- Develop a network security policy for the SDDC
Browse to the VMware Cloud Services portal (https://console.cloud.vmware.com) and login using your VMware ID. At the time of writing to access VMware Cloud on AWS you need to be invited or you can register for a 30 day single host trial here.
Select VMware Cloud on AWS. If you have not used the service before you will be prompted to create a new organisation. Enter a name for your new organisation and accept the terms of service, click Continue.
Add a credit card to be billed if you use the service.
After you have created the organisation and added payment information you will be sent to the VMware Cloud on AWS dashboard. The first step is to create our SDDC in the cloud, click Create SDDC.
Billing: annual subscriptions are listed under the Subscriptions tab, you can see other billing information from the drop-down menu next to your organisation name: select Organisation Settings, View Organisation. From here you have services, identity and access management, billing and subscriptions, and support options.
Select a region and deployment model for the SDDC, enter a name and the number of hosts if you are not using the single host deployment. Click Next.
Follow the instructions to connect an AWS account and assign the relevant capabilities.
Once the connection is successfully established click Next.
Select the VPC and subnet to use then click Next.
Specify a private subnet range for the management subnet or leave blank to use default addressing. As mentioned above ensure you have planned accordingly and are not using any ranges that will conflict with other networks you may connect in the future. Click Deploy SDDC.
The SDDC will now be deployed, it takes around 2 hours to provision the ESXi hosts and all management components.
Once the deployment is complete the dashboard will show the new SDDC and assigned resources. Click View Details (you can toggle the web portal theme using the Dark/Light options in the top right hand corner).
From either the SDDC Summary tab or back on the SDDC dashboard you can seamlessly add additional hosts or clusters at any time.
If needed the chat bubble in the bottom right hand corner of the screen will take you through to support.
The Network tab shows the network topology and is where you can configure firewall rules, NAT rules, VPN, Direct Connect, etc.
To access the vCenter Server through the vSphere client the port needs opening, a VPN can also be used. Under Management Gateway select Firewall Rules, click Add Rule. Configure the rule to allow access to the vCenter on port 443 and click Save.
Click Open vCenter from either the Summary or Network tab, if access is in place you are given the firstname.lastname@example.org credentials to open vCenter. Active Directory can also be configured as an identity source later on.
Once you are logged into the vSphere client you will see the familiar vSphere layout.
It is also possible to see your on-premise vCenter Server(s) in the same pane of glass using Hybrid Linked Mode, click here for more information.
Back in the VMware Cloud on AWS portal the Add Ons tab features Site Recovery and Hybrid Cloud Extension for protecting and migrating workloads to your SDDC in the cloud.
You can delete a SDDC from the Actions drop-down menu in either the SDDC Summary tab or the SDDC dashboard. Once a SDDC is deleted all workloads, data, and interfaces are destroyed and any public IP addresses released.