VMware Transit Connect Enhancements

VMware Cloud on AWS introduced SDDC Groups and VMware Transit Connect last year  – a construct to organize SDDCs along with high bandwidth connectivity for SDDCs in a Group. Transit Connect also provides a simple and scalable solution to connect to AWS VPCs and on-premises data centers over Direct Connect Gateway. Together, they enable customers to expand their deployments while laying the foundation for new features such as vCenter Linking.

SDDC Group Connectivity to Transit VPC

VMware Cloud on AWS now supports Transit VPC connectivity using VMware Transit Connect. Transit Connect now provides the capability for SDDC Group customers to configure static routes on VMware Transit Connect attachment pointing to an AWS VPC. With this, customers can steer SDDC Group network traffic to any destination address over the VPC attachment.

Figure 1. SDDC Group Connectivity to Security VPC

Key use cases for SDDC Group Connectivity to Transit VPC are:

  1. Use Case – Transit VPC for security inspection: The most common use case, this is the popular design building on a Transit VPC to aggregate SDDC egress traffic for security inspection before connecting to the internet. Instead of establishing separate VPNs from each SDDC to the Transit VPC, customers can centralize connectivity using Transit Connect to simplify their design. Once established, the SDDC Group connectivity scales linearly with the addition of new SDDCs or even network segments to a member SDDC in a Group.
Figure 2. SDDC Group connectivity to Transit VPC

2. Use Case – Transit VPC to connect to AWS Resources: SDDC Group connectivity to Transit VPC also eases operation for customers with a large number of AWS VPCs. Instead of manually configuring tens or even hundreds of VPCs individually to the SDDC Group, customers can simply configure a central Transit VPC that in turn connects to other VPCs or an AWS Transit Gateway in the same region. As depicted in the diagram above, the Transit VPC resides in the native AWS account, and is not managed by VMware. Customers must configure a return route to the SDDC Group destinations in order for network traffic to flow bidirectionally. The SDDC Group Connectivity to Transit VPC is available for all SDDC Groups (compatible for SDDC version 1.12 and above). Customers can utilize the SDDC Group tab for VPC Connectivity to configure static route to an attached VPC.

SDDC Group Connectivity to External TGW (across regions)

VMware Cloud on AWS also introduces a VMware Transit Connect enhancement to enable customers to connect an external AWS Transit Gateway (TGW) to the SDDC Group. Customers can attach a TGW in their AWS account to VMware Transit Connect across regions. Customers with multi-region SDDC Groups can select specific regions for peering. Customers can also configure a static route per external TGW attachment.

This feature enables customers to simplify connectivity to AWS resources in different regions. It becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above). Customers can utilize the SDDC Group tab for TGW Connectivity to configure static route to an attached TGW.

Figure 3. SDDC Group connectivity to External TGW (across regions)

SDDC Group Connectivity across regions

SDDC Groups can now be expanded across regions. Customers can select SDDCs in multiple  regions for an SDDC Group, while benefitting from automatic VMware Transit Connect based connectivity. VMware Transit Connect scales across regions, providing high bandwidth, low latency connectivity for all SDDCs in the Group. This eliminates the overhead of provisioning and managing connectivity in large deployments.

This feature ensures any-to-any connectivity between multiple SDDCs across regions, as well as AWS VPCs and on-prem data centers. Customers can attach their AWS VPCs to Transit Connect in the same region, to ensure access to AWS resources. They can also create an attachment from Transit Connect in any region to their AWS Direct Connect Gateway, to ensure access to on-prem resources. Customers retain control over connectivity to their VMC, AWS and on-prem environments in each region. Transit Connect permits traffic from external VPC, TGW or on-prem data centers to VMC SDDCs but not between external endpoints. This feature is available to SDDCs version 1.15 and above.

Key use cases for SDDC Group Connectivity across regions are:

Use Case – Disaster Recovery across regions

Figure 4. SDDC Group connectivity across regions

VMware Transit Connect – Real-time Metering and Visibility

VMware Cloud on AWS customers can view their Transit Connect billing data in real-time. Transit connect usage data will now be available on the VMC console, updated daily. Bill data will be visible on the VMC console in the relevant bill period and monthly cycle. Customers can manage their Transit connect usage and spending with real-time visibility.


To learn more about VMware Cloud on AWS Networking and Security, please check out the resources below: