VMware Cloud on AWS – Your Management Toolset

So you’ve setup your customer VPC in AWS, deployed your VMware Cloud on AWS SDDC into the cloud and configured the required connectivity to secure your management traffic, enable vMotion and extend your on-premises networks into the cloud. In this blogpost we’re going to be looking into the tools that you can use to manage your environment post-deploy. Let’s get started with VMware Cloud on AWS – Your Management Toolset.

VMware Cloud on AWS – Hybrid Linked Mode

As you may be aware, we’ve long provided the capability to link together vCenter Servers into what we call Linked Mode (also encompassing Enhanced Linked Mode and Embedded Linked Mode). This allows you as a vSphere Admin to manage multiple vCenter Servers from a single user interface, including sharing information regards licenses, tags & roles ., search globally through all vCenter inventories and drag and drop migrate VMs between vCenter Servers. While it’s entirely possible to manage your VMware Cloud on AWS SDDC on it’s own, connecting your on-premises SDDC up helps manage workloads in both on-premises and cloud SDDCs.

When deployed on-premises Linked Mode has a couple of requirements: firstly, all PSCs and vCenter Servers need to be in the same SSO domain. Secondly, all PSCs and vCenter Servers need to be running the same code version. When running VMware Cloud on AWS the cloud SDDC will normally be running newer code than the on-premises SDDC, so this prevents traditional linked mode being deployed. Hybrid Linked Mode solves both of these problems.

You have 2 methods available to configure Hybrid Linked Mode. The first is to deploy the Cloud Gateway virtual appliance into your on-premises datacenter and use this to establish the connection into your cloud SDDC. Once this is done you login to the Cloud Gateway in order to manage both on-premises and cloud environments. Alternatively you can login to the vSphere Client in the cloud SDDC and manage both your cloud and on-premises SDDC environment from there. A limitation of this second method is that you can link only one on-premises domain, this restriction does not apply to the Cloud Gateway method.

Deploy the Cloud Gateway

Let’s setup the Cloud Gateway appliance and enable Hybrid Linked Mode from there. First things first, we need to download the Cloud Gateway installer. Login to the VMware Cloud on AWS console. Select the Tools tab, then click the Download button in the right hand side vCenter Cloud Gateway column.

VMware Cloud on AWS - Your Management Toolset - Download Cloud Gateway


Download the Cloud Gateway ISO and mount it in your admin workstation. Browse to /ui-installer and then the relevant subfolder for your workstation. Here I’ll be running it from a Windows machine, so I’ll browse into the win32 subfolder, then launch installer.exe.

VMware Cloud on AWS - Your Management Toolset - Deploy Cloud Gateway

Click Get Started, then click Start in the Deploy vCenter Cloud Gateway column.

VMware Cloud on AWS - Your Management Toolset - Accept EULA

Read and accept accept the EULA and click Next.

VMware Cloud on AWS - Your Management Toolset - Configure Cloud Gateway

Step through the wizard specifying the deployment target and credentials, deployment folder and cluster, VM name and root password, datastore, network configuration, NTP and SSO server. If you are using Integrated Windows Authentication you can also select to join your Cloud Gateway to Active Directory.VMware Cloud on AWS - Your Management Toolset - Deploying Cloud Gateway

Click Finish, and you’ll be taken back to the Deployment screen, where you’ll see the deployment running. This will take a short while for the OVA to be deployed and configured, at which point we can move on. Stage 2 is where we configure Hybrid Linked Mode. Before you do this, we recommend that you validate the prerequisites which are detailed in the documentation.

VMware Cloud on AWS - Your Management Toolset - Stage 2 - Configure Hybrid Linked Mode

Configure Hybrid Linked Mode

Click Start under Stage 2. You’ll see a brief explanation of what HLM is, and a link to the prerequisite documentation that I linked above. Click Next.

VMware Cloud on AWS - Your Management Toolset - Configure Hybrid Linked Mode

Here we specify the management address of our vCenter Server in the cloud SDDC s well as the password for the cloudadmin@vmc.local account. To retrieve this, login to your VMware Cloud on AWS console and select your SDDC, then click Settings and expand the Default vCenter User Account field.

VMware Cloud on AWS - Your Management Toolset - Obtain Cloudadmin Password from VMware Cloud Console

Click on the clipboard icon to copy the password to your clipboard, then paste this into the configuration wizard.

VMware Cloud on AWS - Your Management Toolset - Select On-Premises Domain

For Identity Source select your on-premises AD domain that you wish to configure access for.


Specify the domain groups that you swish to grant access to manage your cloud SDDC to, then click Finish. After a few moments you should see that your SSO domains have been linked.

VMware Cloud on AWS - Your Management Toolset - SSO Domains Linked

VMware Cloud on AWS – Content Library

Content Library is a super cool feature that has been in vSphere for some time now. In case you’re not familiar it really helps to manage your content in a centralised location. If (like me!) you’ve had a sprawl of folders in various datastores across your environment with VM templates, virtual appliances and ISO files then this is for you! Content Library is a construct within vCenter, but you can publish a CL for consumption by other vCenter Server CLs. Choose to either synchronise all data immediately, or on demand when the content is required. This can be super helpful as it means you can use the same templates to deploy your workloads across both on-premises and cloud SDDCs. Consistency is key!

Let’s setup a new Content Library, subscribing to our existing CL. In your vSphere Client click Menu > Content Libraries.

VMware Cloud on AWS - Your Management Toolset - Content Library

Click the Add button to setup a new Content Library

VMware Cloud on AWS - Your Management Toolset - Add Content Library

Name your Content Library and ensure you select your cloud SDDC vCenter Server. Click Next.

VMware Cloud on AWS - Your Management Toolset - Setup Content Library

Note that in this case we’re subscribing to a Content Library that is backed by an AWS bucket. You can equally subscribe to your on-premises Content Library – paste the subscription URL into the Subscription URL field.

VMware Cloud on AWS - Your Management Toolset - Subscribe to Content Library

For more information on publishing a local Content library please see the documentation.

Select to either download all content immediately or only as required, then click Next.

VMware Cloud on AWS - Your Management Toolset - Select Datastore


Select the datastore that you wish to store your Content Library in, then click Next, then Finish. After a short period you’ll see your newly created Content Library.

VMware Cloud on AWS - Your Management Toolset - Content Library Subscribed

Click into your Content Library. You can see the content held within, broken down into VM Templates, OVF/OVA Templates and other files such as ISO files.

VMware Cloud on AWS - Your Management Toolset - Content Library Contents

From here you can right click a template and deploy a new VM from it. You can also force synchronisation with the publishing library if required.

VMware Cloud on AWS - Your Management Toolset - Deploy VM From Template

VMware Cloud on AWS – Accounts, Roles and Privileges

One important thing to consider when deploying into VMware Cloud on AWS is that this is a managed service. It’s VMware managed, so you don’t get root access to your VMware Cloud on AWS vCenter Server or ESXi hosts. Rather than spend too much time covering this here, I’d urge you to look at the VMware Cloud Blog where my colleague Jeremiah Megie explains in detail how this all plugs together, including the extra roles that you will see in your environment when leveraging Hybrid Linked Mode.

VMware vRealize Log Insight Cloud

VMware Cloud on AWS - Your Management Toolset - Log Intelligence

vRealize Log Insight Cloud is a complementary cloud service which can handle all of your SDDC (and other AWS) logging requirements. It can really help you to provide visibility into your infrastructure and extract value from unstructured logging data. If you’re familiar with vRealize Log Insight on-premises then you’re going to feel at home with the interface! A free 30 day trial is available, with further pricing information at

For more information about VMware Cloud Log Intelligence please see the cloud management blog.

I hope that you’re found this post useful! Join me next time, when I’ll be discussing policies and the importance of policy based management.


As we’ve previously discussed, VMware Cloud on AWS can be a great fit for a number of use cases. We’re going to be walking you through everything that you need to get up and running in this blog series. If you would like to learn more, then sign up for the VMware Cloud on AWS Hands-on-Lab.  To go even further, consider getting started with a single node environment and use the VMware Cloud on AWS Evaluation Guide to get the most out of your testing.