Cloud Migration Technical VMware Cloud on AWS

VMware Cloud on AWS continues to deliver capabilities for scale, management and protection of enterprise workloads

VMware Cloud on AWS delivers a seamlessly integrated hybrid cloud service that extends on-premises vSphere environments to a VMware SDDC running on Amazon EC2 elastic, bare-metal infrastructure that is fully integrated as part of AWS. This service fulfils the needs of our customers across cloud migration, data center extension, disaster recovery and next-generation applications.

In our March What’s New Blog Post, we spoke about expanding to three additional regions across the globe, external storage through Faction and VMware Network Insight integration with VMware Cloud on AWS.

In our usual style, let’s jump right in and look at what’s new – this is going to be a long blog post, so be prepared ☺

Scale and manage your enterprise workloads with VMware Cloud on AWS

Customers want a cloud service that can support the demands of a broad range of enterprise workloads as they implement their cloud strategy. The infrastructure supporting these workloads needs to have the scale, performance, and availability to meet the most stringent demands. Furthermore, customers need the confidence that they are making the cost-effective choice in terms of TCO and that their workloads and infrastructure are supported should they ever need assistance.

What’s new:

Accelerated global expansion

VMware Cloud on AWS is now available in additional AWS Regions, namely AWS Asia Pacific (Mumbai), AWS Asia Pacific (Seoul) and AWS South America (Sao Paolo), further improving scalability and reach for our global and regional customers. For regional availability and specific restrictions, please review the release notes.

This brings the availability of the VMware Cloud on AWS service to 16 AWS Regions – 7 in the Americas (including GovCloud (US), 4 in EMEA and 5 in Asia Pacific. VMware also announced in May that customers in Taiwan can use VMware Cloud on AWS from currently available regions.

In May, we also announced that VMware and AWS expanded their partnership and AWS is now able to resell VMware Cloud on AWS – giving customers more choice and flexibility. Read more about this announcement here.

New AWS bare-metal instance type with Elastic vSAN

For customers with high-storage, capacity-intensive environments, VMware Cloud on AWS now offers SDDCs that enable VMware Elastic vSAN, running on the new Amazon EC2 R5.metal instances to reduce overall costs. Elastic vSAN utilizes high-performance, low latency Amazon Elastic Block Store (Amazon EBS) storage. It combines the enterprise-grade storage capabilities of VMware vSAN with automated provisioning and management of Amazon EBS volumes. Elastic vSAN is currently offered in five different storage capacity points. The minimum capacity per host is 15TiB and the maximum capacity per host is 35TiB in increments of 5TiB. Elastic vSAN is best suited for workloads with high storage capacity requirements and low to moderate performance requirements. Examples are data warehouses with modest performance requirements where storage capacity consumption grows at a much faster rate than compute capacity needs. Please refer to VMware Cloud on AWS Sizer Tool to find the right solution for your needs. Customers can also utilize stretched clusters configured with Elastic vSAN.

For more information about Elastic vSAN, read Glenn Sizemore’s blog post here. Availability will vary based on regions and you are advised to contact your VMware or Amazon sales team for availability in your region.

Automated cluster scale up when storage capacity threshold is reached

Proactive action is taken by Elastic DRS by adding a host when critical capacity thresholds are reached to prevent SDDC outage. Elastic DRS will automatically add a host when storage capacity in a cluster reaches a certain threshold – refer to the VMware Cloud on AWS Service Level Agreement to understand the slack space requirements. Customers are advised to monitor their SDDCs and ensure that they utilize no more than 70 per cent of their capacity as best practice. For more details, read Jeremiah Megie’s blog post here.

Networking enhancements with NSX-T for improved resiliency in connectivity, VPN tunnel throughput and flexibility in IP Address management

This month’s enhancements include:

Direct Connect with VPN as Standby: Support for IPSeC VPN tunnels as a standby for AWS Direct Connect for higher resiliency in connectivity between on-premises and VMware Cloud on AWS. For more information, read Nico Vibert’s post here.

ECMP with Route Based IPSec VPN: Support for multiple VPN tunnels using ECMP (equal cost multi-pathing) for higher throughput. ECMP enables customers to scale the bandwidth across multiple links. With this release, multiple Route Based IPSEC VPN tunnels can be used with ECMP to provide additional bandwidth and connectivity resiliency to on-premises environments, AWS Virtual Private Clouds (VPC), and to AWS Transit Gateways (TGW).

DHCP Relay: Support for DHCP Relay enabling customer-owned DHCP servers for more flexible IP Address Management (IPAM) and easier integration into enterprise IT architectures. DHCP Relay can be configured within VMware Cloud on AWS so DHCP requests can be forwarded to an external/third party DHCP server. Customers can use the native NSX DHCP capabilities in VMware Cloud on AWS or use DHCP Relay to leverage an advanced external/3rd party DHCP server

Read more about all the NSX enhancements for VMware Cloud on AWS here.

Additional Compute Policies

Compute policies provide a higher level of abstraction beyond cluster rules to capture customer intent at an SDDC level rather than at a cluster level. A compute policy consists of a capability and one or more vSphere tags. vSphere tags identify the vCenter objects to which a policy applies, whereas the capability describes the intended behavior for the objects identified by these tags. In this release, we are introducing two new compute policies for reducing overhead and avoiding resource contentions.

  • VM-VM affinity: Specifies which VMs should run on the same ESXi host, typically used to keep network latency to a minimum. For example, by keeping both the front-end and back-end servers of an application on the same host, internal application network traffic remains inside the virtual switch, reducing latency and decreasing load on physical network links and components.
  • VM-Host Anti Affinity: Specifies VMs that should not run on specific ESXi hosts. This is useful to avoid running general purpose VMs on hosts that are running mission-critical or specifically licensed applications to avoid resource contentions.

SDDC Updates and Maintenance Visibility

We also introduced the Maintenance tab in the VMware Cloud on AWS console – with this tab, you will be able to see all the upcoming SDDC maintenance information for your convenience. For more information, read Roman Konarev’s blog post.

Enhancements in Stretched Clusters for VMware Cloud on AWS

Stretched clusters for VMware Cloud on AWS enable zero RPO high availability for mission-critical applications. This key capability allows customers to failover workloads with zero RPO within clusters spanning two AWS Availability Zones, leveraging vSphere HA. With this capability, customers can deploy a single SDDC across two AZs. It allows developers to focus on core application requirements and capabilities, instead of infrastructure availability.

New enhancements include:

Multiple stretched clusters in a single SDDC: Enables customers to deploy multiple clusters that span two AWS Availability Zones within a particular SDDC.
Custom CPU Core Counts in a stretched cluster deployment: Enables customers to deploy a stretched cluster with a lower number of physical cores per host. Allows reduction of licensing costs for enterprise applications licensed on a per physical core basis.

Secure and protect your applications on VMware Cloud on AWS

Customers are always looking for ways to optimize security and management of their infrastructure. VMware Cloud on AWS provides a robust and hardened cloud infrastructure with rich security features built-in. From an operations standpoint, VMware protects the information systems used to deliver VMware Cloud on AWS. The service is also monitored for security events involving the underlying servers, storage, networks and information systems used in the delivery of this service. Further, VMware performs routine vulnerability scans to surface critical risk areas and addresses them in a timely manner. Security configurations and operational procedures have been audited resulting in VMware Cloud on AWS obtaining industry certifications, such as SOC and ISO. In addition, customers want assurance that their workloads are protected. Should anything happen, be it a hardware failure or a natural disaster, customers want to quickly recover their environment and continue with business operations.

What’s new:

Flexible vCenter permissions model

Leverage a more flexible permissions model with vCenter Server for VMware Cloud on AWS, allowing cloud admins to create custom roles and assign permissions to users and groups. These permissions can be assigned to users and groups globally or for specific vCenter objects.

That brings us to the end of the updates this time around. Stay tuned for more.


To view the latest status of features for VMware Cloud on AWS, visit:


For other information related to VMware Cloud on AWS, here are some more learning resources for you: