VMware Cloud on AWS

What’s New in VMware Cloud on AWS- Jul 2022

With ~5 years in the market, VMware Cloud on AWS has been helping customers in accelerating their cloud transformation journey. Customers across different industries and different geographies have been using this service for variety of use cases such as cloud migration, data center extension from on-premises environment to cloud, disaster recovery, application modernization and virtual desktop infrastructure in the cloud. And as mentioned in this IDC paper, they were able to see a huge impact in terms of lowered TCO, faster migration, lower operational costs and improved ROI.

Based on customer demands, every quarter we try to bring some new features and capabilities into the service. So let’s see what’s new at this time around:

Enhancements in pricing, promotions and subscription options:

  • Extension of price promotions for VMware Cloud on AWS: Due to high demand from customers, VMware is extending the 2 pricing promotions for VMware Cloud on AWS as mentioned below:
    • 15% List Price reduction on i3.metalThis promotion is extended through Aug 31, 2022.
    • Low cost starter pricing for 2 &3 i3.metal and i3en.metal hosts: This promotion is extended through Feb 1, 2023.

Please check out this blog to learn more about these promotions.

  • VMware Cloud on AWS Flexible subscription for i3en.metal instance type: In Jul 2021, we introduced a new subscription offering for i3.metal instance type- VMware Cloud on AWS Flexible subscription in which we provide customers greater flexibility to exchange their flexible subscription to fit their changing business needs. Now we are announcing VMware Cloud on AWS Flexible subscription for i3en.metal instance type as well. Learn more

Feature details: By purchasing a flexible subscription, customers are entitled to terminate their existing flexible term subscription (1-year or 3-year commitment) early and utilize the value remaining for a purchase of a new 1-year or 3-year subscription. Please note: To avail this flexibility, customers must purchase new flexible 1-year or 3-year term commitments, paid upfront. They cannot change previously purchased non-flexible 1-year or 3-year term commitments.Some of the examples of flexible subscription exchange use cases are:

1.     Instance type: Customers can purchase a new term commitment for new instance type. This is specifically useful if customers would like to use existing subscription funds for a different use case where different instance type is more optimal.

2.     AWS Region: Customers can purchase a new term commitment for a different AWS region. This is specifically useful for the customers if they would like to utilize existing subscription funds for scaling IT infrastructure in new region as per their business needs such as footprint expansion in new regions, regional business growth etc.

Please note: The flexible subscription option for i3en.metal instance type is available for purchase through VMware direct route to market and VMware partners for the time being. The flexible subscription option for i3.metal instance type is available for purchase through VMware direct, AWS Resell and VMware Partners route to market. The flexible subscription option is available for 1-year or 3-year term commitments only and not for on-demand option.

Enhancements to enterprise workload support:

  • Expanding regional availability: Availability in AWS Asia Pacific (Hong Kong): VMware Cloud on AWS will now be available in AWS Asia Pacific (Hong Kong), further improving reach for our global and regional customers. With this new regional availability, this service will now be available across 21 AWS regions globally.
  • Application modernization with VMware Cloud on AWS: With VMware Cloud on AWS, customers can start their modernization journey while minimizing disruption to their business. They can migrate their applications to the cloud while minimizing downtime. Once in the cloud, they can start transforming these applications by using modern frameworks such as Kubernetes, enriching them with native cloud services and automating the underlying infrastructure operations with DevOps/advanced operations tools. 
    • Tanzu services UI enhancements: With the latest enhancement, now VMware Cloud on AWS customers with 3+ hosts in a single Availability Zone (AZ) will have access to the “Activate Tanzu Kubernetes Grid” option from the dropdown of their SDDC under ‘Actions’ menu in VMware Cloud Console. Once enabled, VMware Cloud administrators can create vSphere namespaces to allocate capacity and set limits on their vSphere clusters for hosting Tanzu Kubernetes Clusters (TKCs). The namespaces and TKCs deployed as part of Tanzu services are backed by automatically provisioned network segments provided by VMware NSX, simplifying the deployment and management of networks through in-house automation routines.
    • Kubernetes 1.22 support for supervisor clusters: Now, SDDC version 1.19+ adds the support of Kubernetes 1.22 and drops the support for Kubernetes 1.19. The supported versions of Kubernetes in this release are 1.22, 1.21, and 1.20. Supervisor Clusters running on Kubernetes version 1.19 will be auto-upgraded to version 1.20 to ensure that all your Supervisor Clusters are running on the supported versions of Kubernetes.
  • Windows 11 support on VMware Cloud on AWS with vTPM & Key Providers: In order to install/upgrade to Windows 11 VMs, as per the Windows 11 installation requirements specified by Microsoft, customers are required to add virtual Trusted Platform Module (vTPM) device to the VMs. With this feature, VMware Cloud on AWS with SDDC 1.19+ provides support for vTPM using vSphere Native Key Provider (NKP), thus providing enhanced security for Windows 11 workloads. vTPM is fully compatible with TPM 2.0, supported by Windows and Linux Guest OSes. You can add a vTPM device to a VM using the VM Edit settings menu option. NKP generates keys using a key-derivation-key in the NKP config and keys are pushed to all hosts. So now, customers will be able to install/upgrade to Windows 11 workloads in a seamless manner.
  • Singapore Multi-Tier Cloud Security Standard (MTCS) compliance: The Singapore Multi-Tier Cloud Security Standard (MTCS) is a three-tier security framework describing the cloud computing security practices and controls for public cloud users and public cloud service providers. VMware Cloud on AWS has achieved the MTCS certification at Level 3 enabling Singapore government agencies to migrate workloads to VMware Cloud on AWS.’

Enhancements in compute, networking, availability, and resiliency, customer experience:

  • Enhancements to VMware Cloud Disaster Recovery: As a recap, VMware Cloud Disaster Recovery offers on-demand disaster recovery to IT administrators responsible for IT infrastructure and services resiliency, delivered as an easy-to-use SaaS solution with cloud economics. It combines cost-efficient cloud storage with simple SaaS-based management for IT resiliency at scale, through simple testing and orchestration of failover and failback plans. New enhancements for VMware Cloud DR include:
    • Protect 6000 VMs per source vCenter: Previously, customers were able to protect environments with up to 2500 VMs by replicating those VMs to a single AWS region in a VMware Cloud organization. But for larger environments with more than 2500 VMs, they had to split number of VMs across multiple VMware Cloud DR file systems and had to carve out their production vCenter into several vCenter instances. With this enhancement, customers will be able to protect larger environments by replicating up to 6000 VMs in single protected vCenter across multiple target SCFS instances managed by a single orchestrator in a single AWS region, thus reducing the complexity in protecting larger environments and further reducing their DR costs.
    • Event log export to vRealize Log insight Cloud: With this capability, customers will be able to programmatically export in real-time all events in the event log to vRealize Log insight Cloud. The list of events includes user actions, replication/recovery events, audit events as well as health status notifications for any of the VCDR components that might impact the customer’s ability to protect and recover their workloads. vRealize Log Insight Cloud will help customers with centralized log management, deep operational visibility, and intelligent analytics and it will convert the raw log data into actionable insights that can help customers address both security and operational issues.
    • Alerts and notifications for SLA status: VMware Cloud DR will now provide DR admins the information if there are events that might impact their DR SLAs such as RPO and RTO, thus providing customers provide better experience and improved usability and operational resiliency. This feature will provide alerts about the protection SLA that includes alerts for SCFS connectivity/health issues, delayed replications or replication failures, overlaps in membership criteria of any Protection Group, insufficient retention for ransomware recoverability, % of VMs across all protected sites are not covered by any PG etc. It will also provide information about recoverability SLA that includes alerts for compliance check failures across any DR Plan, issues with API token, Recovery SDDC health issues etc.
    • Global VM to Protection Group mapping export: With this enhancement, a DR admin will be able to export a single file from a VMware Cloud DR UI to map VMs to corresponding Protection Groups. This will give customers clarity on what workloads they have configured for protection and if there are issues with overlapping Protection Groups.
    • Increased visibility into VM snapshots: This enhancement allows users to track incremental logical bytes transmitted since the start of the snapshot and the change rate at which the VM data has varied since the previous snapshot.
    • Centralized management: With this enhancement, All DR operations can be managed from a single Global DR Console.
    • G-Cloud Compliance: VMware Cloud DR has now achieved G-Cloud compliance for United Kingdom.

  • Enhancements to VMware Site Recovery: VMware Site Recovery™ for VMware Cloud on AWS simplifies traditional disaster recovery and delivers a high-performance service. The service automates workload recovery in a DR event between on-premises data centers and VMware Cloud on AWS, as well as between different instances of VMware Cloud on AWS. Built on top of enterprise-grade DR tools (VMware Site Recovery Manager, vSphere Replication) and global cloud infrastructure (AWS), the service provides an end-to-end disaster recovery solution that is quick to deploy and leverages existing know-how. New enhancements include:
    • Expanding regional availability: VMware Site Recovery will continue to expand its regional coverage by delivering availability in AWS Asia Pacific (HongKong). This will bring the availability of VMware Site Recovery to 21 Global AWS Regions.
  • VM Service Backup Restore: Starting VMware Cloud on AWS SDDC version 1.19+, VMware now supports backup and restore for VM Service VMs in VMware Cloud on AWS and on-premises vSphere environment via a comprehensive and fully documented workflow that supports Veeam and other backup vendors based on vSphere Storage APIs for Data Protection (VADP), ensuring the general availability of VM Service on VMware Cloud on AWS with a complete data protection solution.
  • Enhancements in networking:
    • Low-latency ENA driver update for i3en.metal hosts: With this networking enhancement, AWS ENA driver for i3en.metal hosts will be updated so that Low Latency Queue(LLQ) is always enabled by default for VMware Cloud on AWS SDDC version 1.19+. With LLQ enabled, the descriptors and packet headers are posted directly to device memory, eliminating the latency involved with the ENA PCI (Peripheral Component Interconnect) device fetching headers and descriptors from driver memory space. This will optimize the tail latency, thus possibly improving responsiveness of applications running on VMware Cloud on AWS
    • Live Traffic Analysis: Live Traffic Analysis (LTA) is now enabled in VMware Cloud on AWS.  LTA provides helpful insight about tracing live traffic and bi-directional packet tracing. Traffic analysis monitors live traffic at a source or between source and destination along with the packet capture. You can identify bad flows between the source and the destination.  Live Traffic Analysis is supported on segments inside a single SDDC.
    • NSX Manager Standalone UI Access: This feature adds further enhancements to the Standalone NSX Manager UI feature introduced in 1.16. The following capabilities are enabled as part of this feature. 
      • Ability to configure whether the “Open NSX Manager” button defaults to Public URL or Private URL access
      • Ability to use API to retrieve and change this setting
    • VPN Enhancements:
      • FIPS 140-2 Validated Cryptographic Modules Refresh:
        • NSX utilizes several FIPS 140-2 cryptographic modules to perform various networking functions in FIPS compliant mode.  FIPS validated modules are eventually sunset when the module reaches it expiry date or NIST/CMVP
          chooses to no longer re-validate certain module(s).  When FIPS 140-2 cryptographic modules are sunset, vendors must replace those modules as necessary to maintain the FIPS validation of their platforms.
        • The FIPS 140-2 cryptographic modules leveraged in release 1.18 (VMware’s VPN Crypto Module version 1.0) have been sunset.
        • This release introduces (VMware’s VPN Crypto Module version 2.0) to maintain FIPs 140-2 Validation
      • NAT Support for Policy-Based VPNs on Tier-1 Gateways:
        • VPNs terminated on Tier-1 gateways can now support NAT rules that will allow 2 remote sites that share the same CIDR to use the same VPN
    • VMware NSX Advanced Firewall for VMware Cloud on AWS Add On Enhancements:
      • These features require subscription of NSX Advanced Firewall Add-On to an SDDC.
      • Enhanced L7 Application IDs for Distributed Firewall (DFW): More that 700+ additional App IDs have been added to identify & filter a more comprehensive number of Layer-7 applications.  The User Interface has also been improved, so that Cloud Admins can now filter Application IDs by description, category and risk while creating or editing a DFW Context Profile.
      • Selective-Sync for Identity Firewall via API & UI: NSX Identity Firewall (IDFW) Active Directory (AD) configuration now supports selectively adding OUs and users. A Cloud Admin can now choose to register an entire AD (Active Directory) domain to be used by IDFW (Identity Firewall),
        or can choose to synchronize a smaller subset of a large domain to prevent reaching AD sync limitations.
    • DHCP UI enhancement: This enhancement is targeted to have intuitive workflow and seamless user experience to the Cloud Admin for configuring DHCP. DHCP statistics for Gateway DHCP and Segment DHCP are exposed to help monitor DHCP messages.

  • Enhancements in customer experience:
    • SDDC Upgrades as per customer requests: With this enhancement, VMware will publish the VMware Cloud on AWS SDDC upgrade schedule ahead of time in ‘Maintenance’ tab on VMware Cloud console. The cloud admins will be able to either accept the upcoming upgrade or request for rescheduling the upgrade as per their business priorities directly through the console. This will streamline the upgrade request process and will provide customers more flexibility and ease in terms of scheduling the upgrades.

Enhancements to commerce experience: 

VMware and AWS are constantly looking at ways to improve the experience of our joint customers. One key aspect of this is the commerce experience for customers that are purchasing the VMware Cloud on AWS service and associated value-added VMware solutions through AWS or its partner network. New enhancements planned in this area include:

  • 2Tier SKU-based transactional motion: Introducing a new transactional motion for channel partners, wherein there is no need to purchase SPP credits upfront, allowing distributors and resellers to be directly involved in providing value to their end customers. Distributors registered with VMware Partner Network will now be able to purchase the 1-year or 3-year prepaid subscription for VMware Cloud on AWS hosts by using SKUs from the VMware Channel price book, for a specific reseller/end customer combination on behalf of a designated reseller and customer who can immediately start consuming the service. The distributors will work with VMware sales teams to complete the purchase on behalf of the reseller/customer combination. This new transactional motion provides a better experience to the resellers by providing them visibility and control of their customer’s commerce activities in subscription term purchases. And with this capability, customers can start their hybrid cloud journey at a much lower starting cost by engaging their reseller and distributor without needing a significant upfront SPP credit investment.

Enhancements to advanced cloud management:

  • VMware vRealize Automation Cloud: It provides self-service IaaS consumption with governance for VMware Cloud on AWS. With vRealize Automation Cloud, customers can reduce the complexity of their IT environment, streamline IT processes and deliver a DevOps-ready automation platform. New enhancements include:
    • Quick vRealize Automation Cloud trial setup for VMware Cloud on AWS: Getting started with automating VMware Cloud on AWS workloads via vRealize Automation Cloud just became several steps simpler! With this enhancement, the requirement to setup and manage a cloud proxy for VMware Cloud on AWS has been removed and, as a result, the time and complexity to start automating workloads on VMware Cloud on AWS with vRealize Automation Cloud has been significantly reduced.
    • Custom naming for VMware Cloud on AWS: Naming proliferation and inconsistency can quickly make a cloud environment unmanageable. vRealize Automation Cloud custom naming capability brings naming rules and templates that can apply at one project or across multiple projects to make cloud administration a lot more straightforward.
    • Multi-level approvals for VMware Cloud on AWS: With cloud governance being one of the biggest concerns for cloud operators the need for multi-level approval policies is very common. With multi-level approvals, vRealize Automation Cloud allows for review by different users and/or departments. A common example could be approval by a compliance reviewer and a FinOps operator.
    • vRealize Automation Cloud Add-On activation through VMware Cloud Console: Customers are now able to activate vRealize Automation Cloud for VMware Cloud on AWS SDDCs more easily through the VMware Cloud console. This capability reduces the time it takes existing vRealize Automation customers to start provisioning workloads on new SDDC by allowing them to quickly add VMware Cloud on AWS cloud accounts. This activation will initiate a 45-day free trial with full vRealize Automation Cloud feature set with the option to purchase a subscription at any point during the trial. This trial can be activated from any VMware Cloud on AWS SDDC by navigating to the SDDC’s Add-Ons tab. After completion of the setup, VMware Cloud on AWS cloud account along with additional default configuration is added to vRealize Automation Cloud console allowing customers to start using the product quickly.
  • vRealize Network Insight (SaaS) enhancements for VMware Cloud on AWS customers: vRealize® Network InsightTM Universal and vRealize® Network InsightTM Cloud is a solution for end-to-end network visibility, troubleshooting, and analytics that enables application discovery to enable migrations, optimizes network performance with troubleshooting capabilities, and manages the scaling of VMware Cloud on AWS deployments. New enhancements include:
    • Auto-deployment of proxy and collector to allow easier onboarding of vRealize Network Insight in VMware Cloud on AWS environments.
    • VMware HCX integration for topology troubleshooting and monitoring visibility. This new capability will give visibility of HCX entities like appliances, manager, tunnels, and sites. Alerts related to the HCX entities and metrics on packet issues will be visible.
  • VMware vRealize Log Insight Cloud delivers centralized log management, deep operational visibility, and intelligent analytics across your VMware SDDC software stack running in VMware Cloud on AWS. New enhancements include:
    • New packaging and subscription: Introducing additional purchase options for vRealize Log Insight Cloud that include, index storage (high-performance query ability for day-to-day centralized logging) and non-index storage (lower cost storage to meet long-term data retention requirements (up to 7 years). Details here

To view the latest status of features and release updates for VMware Cloud on AWS, visit: https://www.vmware.com/products/vmc-on-aws.html. And refer to the release notes VMware Cloud on AWS release notes.

The following capabilities are available today: Extension of price promotions for VMware Cloud on AWS, Flexible subscription for i3en.metal instance type, Tanzu services UI enhancements, Kubernetes 1.22 support for supervisor clusters, Windows 11 support on VMware Cloud on AWS with vTPM & Key Providers, Singapore MTCS Compliance, VM Service Backup Restore, Enhancements in networking, 2Tier SKU-based transactional motion, vRealize Automation Cloud enhancements, vRealize Network Insight Cloud enhancements, vRealize Log Insight Cloud enhancements

The following capabilities/offerings are expected to be available in VMware’s Q2’Fiscal Year 2023: Availability in AWS Asia Pacific (Hong Kong), Enhancements to VMware Cloud Disaster Recovery, Enhancements to VMware Site Recovery, SDDC Upgrades as per customer requests, Support SSO between VMware Cloud console and cloud vCenter


For more information related to VMware Cloud on AWS, here are some more learning resources for you: