Welcome back!

So you read the last post on getting started with VMware Cloud on AWS as a vSphere admin, and you’re itching to get started? That’s great! In this post I’m going to walk you through the VMware Cloud on AWS first steps. We’ll setup the Customer VPC and then deploy your VMware Cloud on AWS SDDC.

Setting up the Customer VPC

First things first, we need to define some boundaries. If you’re wanting to connect anything in your VMware Cloud on AWS SDDC to the native Amazon Web Services (AWS) like S3 then you need to define your AWS Virtual Private Cloud (VPC). The VPC is a construct that details how your AWS resources communicate with each other, as well as how your AWS services are billed. If you don’t already have an AWS account then let’s get one of those setup by heading to https://aws.amazon.com/.

Let’s launch the VPC Wizard and get started.

Setting Up The Networks

The VPC is essentially an empty container though, so let’s create some sub-networks in there. Here, we create a subnet and map it to an Availability Zone. An AZ is a subset of AWS datacenters within a specific region, which can be thought of as a fault domain. If you need to build fault tolerance into your workloads you need to think about AZ placement. Thankfully VMware Cloud On AWS supports stretching your clusters across AZs, so you can build that in with no issues! Here we browse to Subnets>Create Subnet. Note that this needs to be a subnet of the network range you specified when creating the VPC!

We’re going to create 3 subnets for this deployment, one for each of 3 of the 4 AZs in the US-WEST-2 AWS region.

Next we need to setup an Internet Gateway in order that these services can be accessed from the internet. To do this, we browse to Internet Gateways>Create Internet Gateway. This is super simple: we just need to give it a name and hit Create.

Once created, click Attach>Attach to VPC and select the VPC created at the beginning.

This is completed one you hit Attach.

Connectivity to Native AWS Services

This next section is only required if we want to grant our SDDC access to native AWS services. Our first task is to create an Endpoint. Endpoints allow data to flow between your SDDC and AWS services without crossing the internet. This is super important, because you want to send data across that 25Gbps interconnect for performance reasons, but also any data that exits (egresses) your AWS VPC over the internet is chargeable, and we want to minimise costs. Browse to Endpoints>Create Endpoint.

Here we’re going to connect our VPC to S3 in US-WEST-2 through this endpoint, so select Find Service By Name and type S3 then check the radio button. S3 is Amazon’s object storage product, and can be used to store vast amounts of any kind of data within it’s buckets. It is ideal for log storage, for example.

We need to associate this endpoint with our VPC – as I mentioned, the VPC is the logical container for everything AWS.

We then associate it with the route table that was created automatically when we created the VPC. Check the Route Table box, then hit Create Endpoint and this section is done, too.

Speaking of route tables, let’s take a look there. Click Route Tables on the left side of your console. We can see here that we have one route table (though we could create more). Hit Subnet Associations in the lower part of the main console, then click Edit Subnet Associations. We’re going to associate all 3 of our subnets with this route table so that the above Endpoint applies to all 3 of them select all, then click Save.

Routing Between Networks

We now want to setup some routing between our subnets – select Route Tables>Edit Routes.

We can see that we have the default subnetwork that was created for our VPC in step one (172.20.0.0/16), and also the route table that we created to contain our 3 subnetworks. I want these subnets to be able to get to the internet, so let’s add a default route to allow access via the Internet Gateway. Hit Add Route, then specify the destination of 0.0.0.0/0 and for a Target select Internet Gateway. Once we select the IGW we’ll see it replaced with the AWS UUID for that IGW.

Save Routes and you’re done! You’ve created a VPC, some subnets, an Endpoint, an Internet Gateway and plugged it all together!

Deploying the VMware Cloud on AWS SDDC

So that’s the tough stuff out of the way: you’re here to get up and running with a VMware Cloud on AWS SDDC, right? Let’s get started by hitting https://cloud.vmware.com and creating an account. Once you have this done, sign in and select VMware Cloud on AWS as the service.

This link takes you to the page that details how you can subscribe to VMware Cloud on AWS. Let’s get started by hitting Create SDDC.

We’re going to be deploying on AWS, into US-WEST-2 (the same region as our VPC). We can deploy either a single host for PoC purposes or Multi-Host for production workloads. We can also specify to stretch this across multiple availability zones using a Stretched Cluster. Give the SDDC a name, then select the number of hosts – note that as we increase the number of hosts we see a linear scaling of capacity for both storage and compute (but this also increases the cost – we’ll cover scaling out in a later blog post). Hit next.

This next screen shows that we’ve completed this part of the wizard, we’ll tie this into our AWS account.

AWS CloudFormation

Behind the scenes we use AWS CloudFormation to bring up the SDDC, but you don’t need to know too much about this – just that it’s an AWS technology that allows you to specify infrastructure as code, and then deploy that infrastructure. Open the AWS Console with CloudFormation Template.

This page shows us that we’re using CloudFormation, and that this will create Identity & Access Management resources. IAM is how AWS defines user accounts and permissions models. Once this is done we can close the AWS console and go back to the VMware Cloud on AWS console. Hit Next and we can see that we’ve successfully connected our VMware Cloud on AWS account with our AWS account. Let’s click Next and see what else we need to do…

Connectivity to the Customer VPC

Ok, so we now need to specify our VPC and subnet to connect our customer VPC to the VMware Cloud on AWS SDDC. Select these, paying attention to the note about deploying your AWS workloads into the same AZ as your SDDC in order to avoid cross AZ charges. Traffic within an AZ is free, but traffic outside of an AZ is chargeable.

Once you’ve selected the relevant VPC and subnet the next step is to define the management subnet. This is where vCenter Server, NSX Manager and your ESXi hosts will be deployed.

Click next and you’re almost there! I know that you’re excited to get started with you VMware Cloud on AWS SDDC, but the final step is to acknowledge that when you do this you will incur costs. I repeat: this will incur costs!

Once you’re happy with this click Deploy SDDC. Sit back for a few minutes while CloudFormation brings up your VMware Cloud on AWS SDDC.

And there you have it: your very own VMware Cloud on AWS SDDC! I’m conscious that there’s a whole ton of information in this post, so let’s take a break at this point. Join us next time, where I’ll be stepping you through the various network connectivity options. We’ll discuss how to connect to your on-premises environment and seamlessly migrate workloads back and forth.

Summary

As we’ve previously discussed, VMware Cloud on AWS can be a great fit for a number of use cases. We’re going to be walking you through everything that you need to get up and running in this blog series. If you would like to learn more, then sign up for the VMware Cloud on AWS Hands-on-Lab.  To go even further, consider getting started with a single node environment and use the VMware Cloud on AWS Evaluation Guide to get the most out of your testing.