One of the advantages of hybrid cloud architectures is you can design end-to-end services without establishing a new physical location or a new target location for primary data center migration. Our reference architecture takes you through how to develop services with VMware Cloud on AWS as the second data center.
The VMware Cloud on AWS reference architecture highlights the value of maintaining the current consumption model through operational consistency between on-premises data centers and VMware Cloud on AWS, while leveraging innovative native AWS services to build a hybrid cloud solution. It details the end-to-end services that can be designed where VMware Cloud on AWS becomes a second Data Center versus building a new physical location or target location of a primary data center migration.
In the VMware Cloud on AWS reference architecture, we focus on a three-tier app” model (see diagram), which is the main discussion topic during architectural workshops, and the surrounding services to support a hybrid cloud solution.
An initial design topic is typically related to networking and security services between the on-premises data center and VMware Cloud on AWS, as well as between VMware Cloud on AWS and the Native AWS Virtual Private Cloud (VPC). VMware Cloud on AWS leverages the networking services from NSX-T, supporting route-based and policy-based Layer 3 VPNs (L3VPN/IPSec), Layer 2 VPNs (L2VPN) for IP addressing consistency, as well as North-South and East-West firewall functionality. These services can be deployed to an on-premises data center that currently has VMware’s NSX-v/NSX-T infrastructure, or a third-party networking and security service (e.g. Cisco, Juniper, Huawei, etc.). The network connectivity between VMware Cloud on AWS to the Native AWS VPC is supported by an AWS elastic network interface (ENI) that is integrated within the managed service.
From an operational perspective, VMware’s ‘Enhanced Linked Mode’ (ELM) has traditionally been used within the on-premises data center in order to present all the vCenters via a single user interface (UI). VMware Cloud on AWS supports the ‘Hybrid Linked Mode’ (HLM) service, following the same operational concept of presenting the vCenter instance within the cloud along with the vCenters on premises. In addition, ‘Content Library Services’ within the on-premises data center can also be leveraged by the vCenter within VMware Cloud on AWS for operational consistency.
The current infrastructure services (i.e. MS Active Directory/Domain Name Services) and operational services (i.e. vRealize Automation, Orchestration, Operations) being used within the on-premises data center can also manage VMware Cloud on AWS. A number of these services may be distributed to VMware Cloud on AWS in case of end-to-end disconnection, or could be supported natively on a fully managed AWS platform (i.e. AWS Active Directory, Route 53 for DNS). Traditional logging services are also supported natively in both VMware Cloud on AWS (i.e. Log Intelligence) and AWS (i.e. CloudTrail). Logging services, such as Log Insight, can forward information to logging instances on premises for troubleshooting and auditing purposes.
Looking to better understand VMware’s unique approach to multi-cloud architecture? Get the definitive guide here.
This solution also supports a full end-to-end technical support service between on-premises, VMware Cloud on AWS, and Native AWS (with AWS as the secondary support service), allowing further consistency in day-to-day operations.
For more information on VMware Cloud on AWS, please visit
Access the reference architecture here.
