VMware Cloud on AWS

What’s New in VMware Cloud on AWS: May 2023- Regional expansion, new compliance certifications, enhancements in compute, storage networking and DR capabilities and more

VMware Cloud on AWS provides customers the fastest and least risky path to AWS cloud for their vSphere applications. Customers across different industries and different geographies have been using this hybrid cloud service to accelerate their cloud transformation initiatives. If you would like to check out some of the customer stories across variety of use cases to understand how they are using the service and what impact they saw after migrating to VMware Cloud on AWS, please check out the latest customer stories here. Also, please check out the infographic and solution brief to understand the key highlights of the service.

For VMware Cloud on AWS, every quarter, we release new features and capabilities that help customers in accelerating their migration initiatives and provide them better customer experience. Now, let’s look at some of the key capabilities that got released in VMware’s Fiscal Q1 FY24. If you would like to check out technical deep dive details about some of these latest features released, please check out this technical deep dive blog

Enhancements to enterprise workload support:

  • Expanding regional availability: Availability in AWS Middle East (Bahrain): VMware Cloud on AWS is now available in AWS Middle East (Bahrain), further improving reach for our global and regional customers. With this new regional availability, this service is now available across 23 AWS regions globally. Learn more
  • (Available) PCI Compliance Support- Regional expansion: PCI compliant SDDCs have been enabled now in all 21 VMware Cloud on AWS commercial regions (i.e. not available only in VMware Cloud on AWS GovCloud (US-East and US-West) regions).By being certified as PCI DSS compliant level 1 service provider, VMware has demonstrated that the VMware Cloud on AWS service operates PCI DSS compliant security measures and controls, thereby serving the needs of a broad range of customers and workloads that need to store, process, or transmit cardholder or sensitive authentication data. VMware Cloud on AWS PCI DSS compliant infrastructure enables customers to evacuate PCI in-scope systems from their data centers with simple deployment, configuration and management of PCI enabled SDDCs. The VMware Cloud on AWS PCI DSS compliant solution reduces the time, effort, cost and complexity associated with operating applications requiring PCI. Learn more
  • Germany C5 certification: VMware Cloud on AWS has achieved the German Cloud Computing Compliance Controls Catalogue (C5) certification. C5 is a cloud security certification prescribed by the German Federal Office of Information Security (BSI). The certification is based on some of the leading international standards such as ISO27001/17/18, AICPA SOC2, Cloud Security Alliance ANSSI Référentiel Secure Cloud 2.0, IDW and BSI IT-Grundschutz Catalogues.
  • Infrastructure and application modernization with VMware Cloud on AWS: With VMware Cloud on AWS, customers can start their modernization journey while minimizing disruption to their business. They can migrate their applications to the cloud while minimizing downtime. Once in the cloud, they can start transforming these applications by using modern frameworks such as Kubernetes, enriching them with native cloud services and automating the underlying infrastructure operations with DevOps/advanced operations tools. 
    • OAuth App Support for VMware Cloud Automation Tools: We are excited to announce that VMware Cloud on AWS Terraform Provider and the Python Automation Utility for VMware Cloud on AWS now support OAuth app authentication. With this new feature, automation engineers looking to automate their VMware Cloud on AWS deployments can manage secrets at the organizational level without having to be tied to individual developers’ API access tokens. OAuth apps act as entities in server-to-server interactions and can be used in multiple organizations. While only the user who created an API token can manage it, the owner of the OAuth app is the organization in which it was created, and it can be managed by users who are organization owners or organization members with a developer role. For API use that is not associated with an individual, such as automation solutions, it is best practice not to use an API token associated with an individual account. Doing so prevents potential access issues if that individual is unavailable when the token expires, changes roles, or leaves the organization, which can affect the services using that token. Instead, the Organization owner can create an OAuth App with an App ID and App Secret to provide access to the API. This Tech Zone article details the process of creating an OAuth app for VMC. Learn more
    • vSphere with Tanzu VM Service: Here are some enhancements to VM service for vSphere with Tanzu as below:
      • All hardware configuration options that are available for VMs running in vSphere today are now available to VM Service VMs on vSphere with Tanzu through the VM Class and can be configured via the standard vCenter CLI workflow.
      • Users can now configure vGPUs, custom- and multi-NIC, custom disks, and passthrough devices, and more in the VM Class, and DevOps users can self-service deploy and manage VMs with these configurations using a standard kubectl interface with VM Operator.

Enhancements in compute, networking and storage:

  • Enhancements in compute:
    • The Amazon EC2 I4i.metal instance – Expanding regional availability:  i4i.metal is now available in AWS Europe (Milan), AWS Europe (Stockholm), AWS Asia Pacific(Seoul), , AWS Asia Pacific (Mumbai), AWS Asia Pacific (Osaka) and AWS LATAM (Sao Paulo) regions making its availability across 19 regions globally out of 23 VMware Cloud on AWS regions. Learn more about i4i.metal instance type in this blog.
    • Cluster renaming support: Previously, when a customer created an SDDC or a vSphere cluster, they did not get any option to provide the name for the clusters in this SDDC. The cluster naming is pre-determined in the system while creating the cluster or deploying the SDDC. Now with this capability, customers will be able to set the name of the cluster during provisioning or at any point in time. This will provide additional convenience to the customers as they will be able to name the cluster as per their organizational naming strategy for better usage.
    • Elastic DRS enhancements: With these enhancements, customers will now be able to have more visibility, better control, and management of eDRS policies. The key enhancements include
      • Customer managed Elastic DRS policies: With this enhancement, now customers will be able to configure custom Elastic DRS policies as per their needs. The EDRS baseline policy will remain as is. But customers will be able to define customer eDRS policies with minimum hosts per cluster, maximum hosts per cluster, Rapid Scale: true/false, CPU scale-out/in threshold, Memory scale-out/in threshold, Storage scale-out/in threshold etc. which will give them lot of flexibility.Elastic DRS rapid scale-in enablement: When a customer configures Elastic DRS rapid scale-out, the scale-in throttle will be disabled.  The service will also remove as many hosts as possible in a single request.
      • UI enhancements: To simplify management and enhance the visibility of eDRS policies, customers can use a new separate Elasticity Tab in the SDDC Console. With this Tab, customers now have a single view over existing policies.

Learn more about Elastic DRS enhancements in this technical article and deep dive blog

  • Enhancements in storage:
    • Enhancements in VMware Cloud Flex Storage: VMware Cloud Flex Storage- a scalable, elastic, and natively integrated storage service for VMware Cloud on AWS that is fully managed by VMware and delivered with predictable cloud economics, is now Generally Available. Customers can scale storage without adding hosts, simplify operations with a solution that is easy to buy, use and manage, and benefit from a straightforward pay-as-you-go consumption model. Some of the new enhancements in this storage capability include:
      • Expanded regional availability: VMware Cloud Flex Storage is now available globally across 17 different regions in the Americas, Europe, Africa, and Asia Pacific. We have added support in 4 new AWS Asia Pacific regions- Mumbai, Sydney, Singapore, and Tokyo The current list of supported regions can be found here.
      • Expanded File Systems per Region: VMware Cloud Flex Storage now supports up to 6 file systems across up to 6 SDDCs per region (limit 1 VMware Cloud Flex Storage datastore per SDDC). Therefore, now customers can implement up to 2.4 petabytes of storage capacity per region. This significant storage capacity gives customers the flexibility to grow their VMware Cloud Flex Storage usage within a region, as their data needs grow. 
      • Compatibility improvements with VMware Cloud Disaster Recovery: VMware Cloud Disaster Recovery and VMware Cloud Flex Storage are now compatible. Customers who wish to protect their VMware workloads can do so with VMware Cloud Disaster Recovery while also scaling their storage capacity using VMware Cloud Flex Storage. Customers can have both services in the same organization as long as the deployments are in different regions. This capability provides customers the flexibility, peace of mind, and added power to do both critical tasks under one umbrella and through a trusted provider.
    • nConnect support to NFSv3: We continue expanding and enhancing the ability to leverage external NFS datastores natively with VMware Cloud on AWS SDDC. Previously, NFSv3 created a single TCP/IP connection from each host to each datastore. Now, nConnect support to NFSv3 will support two parallel sessions to each NFS datastores. With this enhancement, customers will now benefit from increased throughput (up to 1 GB/s) per host per datastore. Thus, this support of multiple connections will double the available throughput to each datastore. This feature is enabled by default for each new SDDC and supports both VMware Cloud Flex Storage and Integration with Amazon FSx for Netapp ONTAP.

You can learn more about the enhancements in VMware Cloud Flex Storage General Availability in this blog

  • Enhancements in networking:
    • IPv6 workload communication over Direct Connect and Transit Connect: VMware Cloud on AWS is introducing limited support for North-South networking traffic using IPv6. Selected customers can now utilize IPv6 for their workloads to communicate over Direct Connect and VMware Transit Connect. Customers can opt to enable Dual Stack (IPv4/IPv6) in their SDDC and deploy IPv6 VMs using private address space on custom Tier-1 Gateways. IPv6 enabled VMs can communicate over Direct Connect and VMware Transit Connect/ SDDC Groups to on-premises destinations or resources outside of the SDDC. Please work with you Customer Success or account teams to get access to this feature.
    • Certificate Based Authentication for VPN Configurations: Customers can now import and associate public and private Certificate Authority-signed certificates with VPN configurations. Customers will now be able to configure Certificate based authentication mechanism in addition to the pre-shared key method which currently exists. Compliance suite support has been added and this allows the selection of PRIME, FOUNDATION, CNSA, FIPS, Suite-B-GCM 128, Suite-B-GCM 256 profiles which will auto-populate the corresponding encryption, DH group, PFS settings which map to these profiles. Thus, now with this feature, customers are enabled to use either private or public certificates for VPN authentication.
    • Alarms Dashboard on NSX Manager UI: Alarms dashboard on NSX Manager UI on VMware Cloud Console gives customers the visibility to monitor, manage and troubleshoot alarms which are generated due to networking and security related system events. A generated alarm will auto-resolve if a customer takes remedial action to resolve the condition which triggered the alarm. Alarm definitions can be modified by SRE only, so please contact support in case of scenarios where changes might be required.
    • Route Filtering enhancements​: With this UI enhancement, customers who want to configure Route Filtering on the Intranet or Services uplinks, will have this capability under Global Configuration → Uplinks tab in ‘Networking and Security’ tab UI on VMware Cloud Console.  This will give a more intuitive configuration experience and closely associate the route filtering enable/disable experience with the corresponding uplink.

Learn more about all these networking enhancements in this deep-dive blog.

Enhancements in availability and resiliency:

  • Enhancements to VMware Site Recovery: VMware Site Recovery™ for VMware Cloud on AWS simplifies traditional disaster recovery and delivers a high-performance service. The service automates workload recovery in a DR event between on-premises data centers and VMware Cloud on AWS, as well as between different instances of VMware Cloud on AWS. Built on top of enterprise-grade DR tools (VMware Site Recovery Manager, vSphere Replication) and global cloud infrastructure (AWS), the service provides an end-to-end disaster recovery solution that is quick to deploy and leverages existing know-how. New enhancements include:
    • VMware Site Recovery with enhanced replication capability: These features will significantly improve the performance, scalability and functionally to meet the strategic needs of our enterprise customers. The key enhancements are:
    • 1 Minute RPO: With a change in replication architecture, VMware Site Recovery now supports RPOs (Recovery Point Objectives) as low as 1 minute.
    • Auto-scaling and Load Balancing: VMware Site Recovery now supports automated load balancing that automatically distributes replicated VMs across target site hosts. Additionally, VMware Site Recovery now automatically scales out recovery site resources as required to support the required replication capacity.
    • Expanding regional availability: VMware Site Recovery now supports the AWS Middle East (Bahrain) region. VMware Site Recovery is now available in 23 Global AWS Regions
    • Additional REST APIs for VMware Site Recovery: Customers will be able to use public RESTFUL APIs to monitor DR operations, set up protection and recover workloads using VMware Site Recovery. With a comprehensive set of APIs, customers will be able to build end to end automation to configure and manage DR at scale.

To learn more about these enhancements, please check out this blog

Enhancements in sizing, commerce, and pricing options:

  • VMware Cloud on AWS Free Trial: Now, customers will be able to test drive the service with the free trial of VMware Cloud on AWS. As part of this free trial, a customer can create one Single Host SDDC with i3.metal host for free during the 30-day trial period. During the trial period, there will be no costs for host usage, Elastic IP, data transfer, bandwidth cost between VMware Cloud and AWS, NSX Advanced Firewall, and Transit Gateway. You can sign up for the trial program here
  • India Local Commerce via AWS Resell: With this enhancement, customers based in India  can  purchase  VMware  Cloud  on  AWS  hosts  and  other  VMware Cloud services through AWS Resell route to market in a fully automated manner. With the enablement of VMware Cloud Automated onboarding via AWS, Indian customers and partners can now have access to all capabilities that are part of AWS Resell contract such as monthly payments, flex subscriptions, multiple sellers of record etc. Customers buying VMware Cloud on AWS through AWS reselling this product will now be able to enjoy all the financial benefits of purchasing directly from a local India entity which is recognized  by  India’s  state  and  local  governing  regulatory  bodies  as  a local commerce entity that sells AWS products and services. For more information, please reach out to AWS Sales teams
  • VMware Cloud Sizer Enhancements: With the release of VMware Cloud Sizer version 5.3, here are the key enhancements in the sizer:
    • VMware Cloud Sizer advanced workflow now supports sizing external storages- VMware Cloud Flex Storage, and Amazon FSx for NetApp ONTAP integration for VMware Cloud on AWS.Default sizing is set to vSAN and default External Storage option is set to VMware Cloud Flex Storage.Profile Settings now allow you to set the storage preference and select the preferred external storage.Sizer recommendations and reports are enhanced to show the attached external storage details.
    • The default fault tolerance ‘Auto’ mode always recommends SLA-specific managed storage policy recommendations.

For more information on VMware Cloud Sizer enhancements, please check out this page

  • Extension of i3en.metal pricing promotion: New VMware Cloud on AWS Promotions: Now, 20% List Price reduction on i3en.metal promotion has been extended till 4th October, 2023. Please check out this blog to learn more about VMware Cloud on AWS promotions.

Enhancements in customer experience:

  • Networking and Security dashboard view in VMware Cloud Console: This feature will provide a single-page view of SDDC networking and security status with links to NSX Manager network management functions. The page includes five sections: VPN, Direct Connect, Transit Connect, Management Gateway, Default Compute Gateway, and Cloud Provider. You can get a summary of your connectivity status, such as VPN being up or down, and key information regarding your networking setups. If you need to edit any information, you can use the direct links in the UI to access NSX Manager. This new update will provide better performance and faster page load. All SDDCs with version 1.22 or after will default to this new view. The legacy Networking & Security view is deprecated and will be removed in a feature release. Until then, you can temporarily revert to the legacy view by clicking on the legacy view button in the UI. Learn more about this new update.

Improvements in migration capabilities

  • VMware HCX Enhancements:
    • VMware HCX+ add-on: Introducing VMware HCX+ add-on for VMware Cloud on AWS- a fully managed workload migration and mobility service providing centralized management, orchestration and observability for migration, repatriation, and rebalancing initiatives across multi-cloud environments. With HCX+, customers will benefit from single pane of glass visibility into multi-site/multi-cloud connectivity and migration activities, helping them accelerate their large-scale workload migration projects seamlessly, securely and with minimal downtime. Learn more
    • VMware HCX 4.6 enhancements: With latest release of VMware HCX 4.6, lot of enhancements have been made to address new requirements from customers. Some of these key enhancements include:
      • Retry Canceled or Failed Migrations: VMware HCX 4.6 introduces the Retry option for failed or canceled migrations. You can select Retry from the Migration Management or Tracking screen. For more information, refer to Managing Failed or Canceled Migrations
      • HCX Support for IPv6 – Phase1: VMware HCX 4.6 brings migration support for IPv6 workload VMs with following guidelines. Please Note: Migrated IPv6 workload VMs can be able to communicate on-premises IPv6 GW over existing IPv4 network extended datapath
        • Dual Stack support for migration.Support for migration of both IPv4 and IPv6 workload VMs.
        • HCX Network Extension and Mobility Optimized Networking (MON) will not be supported for IPv6 GW.
    • Usability Enhancements
      • Force Cleanup for Multiple Failed or Canceled Migration: With this release, you can use Force Cleanup in cases where multiple migrations require clean-up for failed or cancelled migration processes that were not automatically cleaned up by the system. For more information, refer to Force Cleanup for a Failed or Canceled Migration.
      • Enhanced notification for Canceled Migrations: If a request to cancel a migration is made after the VM has been powered on at target, the source VM does not return to a powered-on state. This prevents duplicate active instances of a virtual machine on both the endpoints. The system now displays the message as “VM migrated as Cancelation was requested post VM Power-On at target” to notify customers that the migration completed despite the cancelation request.
      • VMware HCX Log Filtering Enhancements: From this release, Tunnel state logging has been improved to provide meaningful log entries, and the rate of log messages has been limited to avoid consumers from being overwhelmed. Additionally, Logging format has also been improved to conform to RFC-5424 syntax for HCX-IX and HCX-NE fleet appliances.
    • Interoperability with VMware NSX 4.1.0: With VMware HCX 4.6 release, all networking and migration features are compatible with vSphere environments running NSX 4.1.0.

For more details about features included in VMware HCX 4.6 version, please check out the release notes

To view the latest status of features and release updates for VMware Cloud on AWS, visit: https://www.vmware.com/products/vmc-on-aws.html. And refer to the release notes VMware Cloud on AWS release notes.

The following capabilities are available today: Regional expansion to AWS Middle East (Bahrain), PCI Compliance Support in 21 regions, Germany C5 compliance, App Modernization: OAuth App Support for VMware Cloud Automation Tools, vSphere with Tanzu VM Service, Compute enhancements: I4i.metal availability in Seoul, Sao Paulo, Mumbai, Osaka, Milan and Stockholm regions, cluster renaming support, EDRS enhancements: Customer managed Elastic DRS policies, Elastic DRS rapid scale-in enablement, VMware Site Recovery: VSR Replication enhancements: 1 min RPO, Protect 4000 VMs per SDDC, Load balancing scale out, REST APIs support, Regional support in AWS Middle East (Bahrain), Storage enhancements: nConnect support to NFSv3, VMware Cloud Flex Storage enhancements: regional expansion to 17 regions, expanded file systems support per region, compatibility improvements with VCDR, Networking enhancements: IPv6 workload communication over Direct Connect and Transit Connect, Certificate Based Authentication for VPN Configurations, Alarms Dashboard on NSX Manager UI, Route Filtering enhancements, Networking and Security dashboard in VMware Cloud Console, VMware HCX- New enhancements with version 4.6, HCX+ add-on, Commerce/Pricing enhancements: India Local Commerce support, Free Trial- Deploy one Single Host SDDC during the 30 days trial, i3en.metal 20% off promotion extension till 10/4/2023, VMC Sizer: New version 5.3 with some enhancements

If you would like to learn more about VMware Cloud on AWS, please check out the resources below:


For more information related to VMware Cloud on AWS, here are some more learning resources for you:

Disclaimer: VMware makes no guarantee that services announced in preview will become available at a future date. The information in this blog is for informational purposes only and may not be incorporated into any contract. This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.