VMware Cloud on AWS helps customers rapidly provision Software Defined Data Centers (SDDC) with just a few clicks, giving them the power of their own public cloud, combined with their current on-premises private cloud. To leverage all the flexibility of your VMware Cloud on AWS you need to ensure connectivity exists between all the involved components, including your on-premises datacenter, your Amazon VPC, the internet and your newly deployed SDDC.
This blog discusses the connectivity options available to connect all of these elements. With the associated videos, we will provide a basic overview of the VPNs used by the SDDC, guidance on configuring the gateways and networks that will be used throughout the SDDC deployment, explain setting up your firewall rules, and other considerations when managing and maintaining VMware Cloud on AWS connectivity.
For control and security purposes, the SDDC is bifurcated into management and compute components (e.g. your workloads).
The management components of the SDDC, such as vCenter, vSAN and NSX, are accessed over a Management Gateway (MGW). The MGW is an NSX Edge Security gateway that provides network connectivity for the vCenter Server and NSX Manager running in the SDDC. The compute components, which are your actual workload virtual machines, connect over a Compute Gateway (CGW). The CGW utilizes a separate NSX Edge instance and Distributed Logical Router (DLR) to enable ingress and egress of workload VM network traffic.
To provide access to both gateways in a secure manner, connections must be established between your on-premises and the MGW and CGW in the SDDC. This takes the form of two (2) VPN connections. To further control the flow over these VPN connections you can configure firewall rules, inbound NAT, DNS, and the public IP addresses of your gateways.
You will also need to provide connectivity between your SDDC, the internet and your current Amazon VPC. This connectivity is provided in different forms in VMware Cloud on AWS and will utilize Elastic Network Interface, public IPs, logical networks, NAT and firewall rules to provide you complete control over the access.
The video entitled Understanding Connectivity Options provides a simple overview of the connectivity of your new SDDC and is a great way to understand the available options.
In a second, related video, Preparing for your VMware on AWS Cloud Connectivity, we review the information you’ll need to collect to get everything connected and configured securely.
This is just a portion of the work you should undertake when preparing for a VMware Cloud on AWS deployment. For more details on this and other topics please read the Preparing for VMware Cloud on AWS white paper. By following the guidance in this technical document you will be ready to use your VMware Cloud on AWS the day you deploy it.