VMware Cloud on AWS GovCloud

What’s New in VMware Cloud on AWS GovCloud(US)- Aug 2023

Updated on 27th Sep, 2023

VMware Cloud on AWS GovCloud (US) is a jointly engineered secure, scalable, on-demand cloud service that brings VMware’s Software-Defined Data Center software to the AWS GovCloud (US) regions. It is delivered, operated, supported by VMware.  

As we approach the middle of the year, it’s already time for yet another edition of our annual conference, VMware Explore and this time around we’re going to the city of lights, Las Vegas! 

It’s also the time to showcase all the exciting new capabilities that we’re releasing for our public sector customers for VMware Cloud on AWS GovCloud (US). Not only do these capabilities meet the stringent security requirements as needed by the public sector organizations but helps them implement an effective hybrid cloud strategy while making an impact at work every day.  

For example, last quarter we released VMware Site Recovery – cloud-to-cloud  that allows public sector customers to deploy both active and failover sites as VMware Cloud on AWS GovCloud (US) SDDCs. Additionally, VMware HCX achieved FedRAMP validation through the Joint Authorization Board (JAB), allowing public sector customers to migrate applications and workloads to and from VMware Cloud on AWS GovCloud (US) SDDCs with minimal or no downtime.   

With the latest release this quarter, I’d like to share more new features and capabilities we delivered in VMware’s Fiscal Q3 2024: 

  • Single Host SDDC: The new Single Host SDDC offering provides a low-cost entry point for customers to jump-start their hybrid cloud experience and prove the value of VMware Cloud on AWS GovCloud (US).  A Single Host SDDC lasts for up to 60 days, but customers can choose to scale up to a minimum of 2 hosts to retain workloads and data. The Single Host SDDC starter configuration is appropriate for test and development, or proof of concept use cases. A Single host SDDC can be non-disruptively scaled up to a 2-host SDDC. This process adds resiliency and full SLA support allowing the SDDC to exist beyond 60 days. 
  • Introducing the Amazon EC2 i4i.metal instance for VMware Cloud on AWS GovCloud (US): Announcing availability of a new Amazon EC2 instance type – i4i.metal for VMware Cloud on AWS GovCloud (US). This new instance is powered by 3rd generation Intel® Xeon® Ice Lake processor and offers more compute, memory, local storage, and networking speed. Compared to its previous generation, it delivers superior value in migrating and operating both memory-bound and general-purpose workloads. It offers:   
    • More storage: 30TiB of raw local NVMe flash storage (~2 times compared to i3.metal)   
    • More processing power: 128 vCPUs (~2 times compared to i3.metal)  
    • More memory: 1,024 GiB (~2 times compared to i3.metal)  
    • More networking speed: up to 75 Gbps (~3 times as compared to i3.metal)   
    • Host to host encryption by default  

This instance type can be used for general purpose workloads, database workloads like transactional databases (MySQL, Oracle DB, and Microsoft SQL Server), NoSQL databases (MongoDB, Couchbase, Aerospike, Redis), VDI workloads, Mission/Business critical workloads* and Real time applications* etc.(*Based on future capabilities).  Learn more about i4i.metal instance type in this blog

With SDDC version 1.20v8, customers can now deploy new SDDC(s) on the latest instance: i4i.metal.  

The i4i.metal instance type will be available in VMware Cloud on AWS GovCloud (US-East) and VMware Cloud on AWS GovCloud (US-West) regions.  

  • Windows 11 Support on VMware Cloud on AWS GovCloud (US) with vTPM & Key Providers: In order to install/upgrade to Windows 11 VMs, as per the Windows 11 installation requirements specified by Microsoft, customers are required to add virtual Trusted Platform Module (vTPM) device to the VMs. With this feature, VMware Cloud on AWS GovCloud (US) with SDDC 1.20 provides support for vTPM using vSphere Native Key Provider (NKP), thus providing enhanced security for Windows 11 workloads. vTPM is fully compatible with TPM 2.0, supported by Windows and Linux Guest OSes. You can add a vTPM device to a VM using the VM Edit settings menu option. NKP generates keys using a key-derivation-key in the NKP config and keys are pushed to all hosts. So now, customers will be able to install/upgrade to Windows 11 workloads in a seamless manner. Please note that VMware Native Key Provider is not authorized for FedRAMP or DoD Impact Level (IL) authorizations. 
  • Introduction of vSphere 8.0 and VMware NSX 4.0.: With VMware Cloud on AWS GovCloud (US) SDDC version 1.20+, all SDDCs will be deployed with vSphere 8.0 version which will have a new look and feel for vSphere client along with some new features.  

This release of VMware Cloud on AWS GovCloud (US) also introduces NSX 4.0.0. This new release will provide many features for enhanced security and networking functionality in VMware Cloud on AWS GovCloud (US). 

  • Filtering Default CGW Prefixes: This feature introduces the ability to filter out prefixes of segments connected to the default CGW. When the route filtering feature is enabled on Intranet (DX/TGW) or Services (Connected VPC) endpoints, prefixes behind the default CGW will not be advertised. 
  • Shared Prefix Lists for SDDC Groups: This feature simplifies the operations for network administrators to allow automated updates of networks added or removed from the SDDC Group and centrally maintaining the prefix list. It provides the ability to create shared prefix lists that can be shared with customer AWS accounts. Using the Shared prefix lists in the AWS VPC and TGW route tables will automatically update the external VPC and TGW route tables with SDDC subnet routes. The shared prefix lists can also be used in AWS Security Groups. Any SDDC subnet changes will be automatically reflected in the VPC route table, TGW route table and in Security Groups. 
  • Live Traffic Analysis: Live Traffic Analysis (LTA) is now enabled in VMware Cloud on AWS GovCloud (US).  LTA provides helpful insight about tracing live traffic and bi-directional packet tracing. Traffic analysis monitors live traffic at a source or between source and destination along with the packet capture. You can identify bad flows between the source and the destination. Live Traffic Analysis is supported on segments inside a single SDDC. 
  • NAT Support for Policy-Based VPNs on Tier-1: VPNs terminated on Tier-1 gateways can now support NAT rules that will allow 2 remote sites that share the same CIDR to use the same VPN. 
  • DHCP UI Enhancements: This enhancement is targeted to have intuitive workflow and seamless user experience to the Cloud Admin for configuring DHCP. DHCP statistics for Gateway DHCP and Segment DHCP are exposed to help monitor DHCP messages. 

Availability 

To view the latest status of features and release updates for VMware Cloud on AWS, visit: https://www.vmware.com/products/vmc-on-aws/govcloud.html.  

The following capabilities are available today: Support for key capabilities like availability of i4i.metal instance type, Windows 11 Support on VMware Cloud on AWS with vTPM & Key Providers, Introduction of vSphere 8.0 and VMware NSX 4.0, Filtering Default CGW Prefixes, Shared Prefix Lists for SDDC Groups, Live Traffic Analysis, VPN Enhancements, NAT Support for Policy-Based VPNs on Tier-1, DHCP UI Enhancement 

Learn More 

For more information about VMware Cloud on AWS GovCloud (US), pricing, and to get started please visit https://www.vmware.com/products/vmc-on-aws/govcloud.html or contact your VMware or AWS sales team. 

Resources