Recent updates
-
L07 - SDDC Migration with HCX - Configure HCX Connect & Service Mesh
Updated onArticleVMware Cloud on AWS provides a reliable, elastic, and highly scalable solution for customers who want to extend their workloads into the cloud.
However, when it comes to migration or bi-directional workload mobility, software and network incompatibilities between on-premises and cloud environments can complicate your migration process.
VMware Hybrid Cloud Extension (HCX) helps overcome those challenges by building an abstraction layer on top of existing site-specific implementations, allowing you to extend their networks and environments to the cloud seamlessly without the need for extensive reconfiguration and upgrades.
Here are some key benefits of HCX:
- Ability to migrate workloads across different versions of vSphere (6.0 or later).
- WAN optimization, compression, and de-duplication enable high throughput for faster migrations.
- Network extension enables stretching layer 2 networks between on-premises and VMware Cloud on AWS without the need for complex network reconfiguration. Virtual machines (VM) can be moved between on-premises and cloud environments with no need the change or re-assign IP addresses.
HCX is a software-as-a-service (SaaS) offering, available at no extra cost for VMware Cloud on AWS customers.
The HCX solution is built out of several component services, each supporting a specific function within the overall solution.
- HCX Enterprise Manager: System management component on the on-premises side, which is always deployed as a “source.”
- HCX Cloud Manager: System management component on the cloud side and is always deployed as “destination.”
- HCX-IX Interconnect Appliance: Provides replication and vMotion-based migration capabilities.
- HCX WAN Optimization Service: Provides improved network performance by using techniques such as de-duplication and compression to help speed up migrations.
- HCX Network Extension Service: Provides layer 2 extension capabilities, enabling VMs to migrate between on-premises and cloud without the need to re-IP.
RETIRED CONTENT Day 3
-
Lab 06 - Inter-SDDC and Native VPC Connectivity
Updated onArticleAn SDDC deployment group uses VMware Transit Connect to provide high-bandwidth, low-latency connections between SDDCs in the group and other VPCs in the same region. You can also add a Direct Connect Gateway (DXGW) to provide centralized connectivity to your on-premises SDDCs.
An SDDC deployment group (SDDC Group) is a logical entity designed to simplify the management of your organization's VMware Cloud on AWS resources at scale. Collecting SDDCs into an SDDC Group provides several benefits to an organization with multiple SDDCs whose workloads need a high-bandwidth, low-latency connection to each other. All network traffic between group members travels over a VMware Transit Connect network. Routing between compute networks of all SDDCs in a group is managed automatically by VMware Transit Connect as subnets are added and deleted. You control network traffic among group member workloads with compute gateway firewall rules.
RETIRED CONTENT Day 2
-
L07 - SDDC Migration with HCX (Part 2)
Updated onArticleVMware Cloud on AWS provides a reliable, elastic, and highly scalable solution for customers who want to extend their workloads into the cloud.
However, when it comes to migration or bi-directional workload mobility, software and network incompatibilities between on-premises and cloud environments can complicate your migration process.
VMware Hybrid Cloud Extension (HCX) helps overcome those challenges by building an abstraction layer on top of existing site-specific implementations, allowing you to extend their networks and environments to the cloud seamlessly without the need for extensive reconfiguration and upgrades.
Here are some key benefits of HCX:
- Ability to migrate workloads across different versions of vSphere (6.0 or later).
- WAN optimization, compression, and de-duplication enable high throughput for faster migrations.
- Network extension enables stretching layer 2 networks between on-premises and VMware Cloud on AWS without the need for complex network reconfiguration. Virtual machines (VM) can be moved between on-premises and cloud environments with no need the change or re-assign IP addresses.
HCX is a software-as-a-service (SaaS) offering, available at no extra cost for VMware Cloud on AWS customers.
The HCX solution is built out of several component services, each supporting a specific function within the overall solution.
- HCX Enterprise Manager: System management component on the on-premises side, which is always deployed as a “source.”
- HCX Cloud Manager: System management component on the cloud side and is always deployed as “destination.”
- HCX-IX Interconnect Appliance: Provides replication and vMotion-based migration capabilities.
- HCX WAN Optimization Service: Provides improved network performance by using techniques such as de-duplication and compression to help speed up migrations.
- HCX Network Extension Service: Provides layer 2 extension capabilities, enabling VMs to migrate between on-premises and cloud without the need to re-IP.
VMC on AWS Labs Day 3
-
L07 - SDDC Migration with HCX - Configure HCX Connect & Service Mesh
Updated onArticleVMware Cloud on AWS provides a reliable, elastic, and highly scalable solution for customers who want to extend their workloads into the cloud.
However, when it comes to migration or bi-directional workload mobility, software and network incompatibilities between on-premises and cloud environments can complicate your migration process.
VMware Hybrid Cloud Extension (HCX) helps overcome those challenges by building an abstraction layer on top of existing site-specific implementations, allowing you to extend their networks and environments to the cloud seamlessly without the need for extensive reconfiguration and upgrades.
Here are some key benefits of HCX:
- Ability to migrate workloads across different versions of vSphere (6.0 or later).
- WAN optimization, compression, and de-duplication enable high throughput for faster migrations.
- Network extension enables stretching layer 2 networks between on-premises and VMware Cloud on AWS without the need for complex network reconfiguration. Virtual machines (VM) can be moved between on-premises and cloud environments with no need the change or re-assign IP addresses.
HCX is a software-as-a-service (SaaS) offering, available at no extra cost for VMware Cloud on AWS customers.
The HCX solution is built out of several component services, each supporting a specific function within the overall solution.
- HCX Enterprise Manager: System management component on the on-premises side, which is always deployed as a “source.”
- HCX Cloud Manager: System management component on the cloud side and is always deployed as “destination.”
- HCX-IX Interconnect Appliance: Provides replication and vMotion-based migration capabilities.
- HCX WAN Optimization Service: Provides improved network performance by using techniques such as de-duplication and compression to help speed up migrations.
- HCX Network Extension Service: Provides layer 2 extension capabilities, enabling VMs to migrate between on-premises and cloud without the need to re-IP.
VMC on AWS Labs Day 3
-
Lab 05 - L7 Security - L7 FW, FQDN Filtering & IDPS
Updated onArticleVMware Cloud on AWS provides VMware’s enterprise-class SDDC software on AWS cloud. It includes a robust set of networking and security capabilities that enable customers to run production applications in the cloud. Every SDDC is provisioned with the Gateway Firewall to protect the perimeter of the SDDC, and the Distributed Firewall to secure lateral communication across workloads inside the SDDC. Powered by the proven security capabilities of VMware NSX-T, Gateway and Distributed Firewall provide enterprise-class Layer 4 security for applications in VMware Cloud on AWS:
- Gateway Firewall enables customers to selectively allow and deny traffic from and to applications deployed in the SDDC. It also controls access to management infrastructure, such as vCenter and NSX manager
- Distributed Firewall is built into the hypervisor and automatically scales across every host in the SDDC. Enabling micro-segmentation at the workload level, Distributed Firewall policies migrate with the VM when they move from host to host in the SDDC.
NSX Advanced Firewall features take the network security capabilities of VMware Cloud on AWS SDDC to the next level, allowing customers to define security policies at Layer 7 and enabling deep packet inspection across all vNICs within the SDDC.
RETIRED CONTENT Day 2
-
Lab 04 - On-Premises integration with VMC on AWS
Updated onArticleVMware Cloud on AWS enables customers to have a hybrid cloud platform by running their VMware workloads in the cloud while having seamless connectivity to on-premises and Amazon Web Services (AWS) native services.
Customers can use their existing AWS Direct Connect (DX) or Virtual Private Network (VPN) solutions to connect to their VMware Software-Defined Data Center (SDDC) clusters.
VMware Cloud on AWS uses NSX to control access to this network as part of the SDDC management model, and limits access to only remote traffic required to support features like cross-cluster vMotion. On top of the underlay, NSX builds overlay networks for logical VMware connectivity. Each SDDC has two types of overlay networks:
- Appliance Subnet is used to provide connectivity to SDDC management components like vCenter. This network is created during cluster provisioning with a carved-out network range from the Infrastructure or Management subnet. Customers can optionally specify the network range of the Management subnet during cluster creation for the purpose of avoiding conflicts with other networks that will need to connect to the SDDC. Access to this network is controlled by the NSX Management Gateway (MGW) through firewall rules and IPsec tunnels.
- One or more customer-managed logical networks for VM traffic. Those can be either routed locally within the cluster or stretched from remote on-premises clusters with a remote gateway for L3 routing. Access to this network is controlled by the NSX Compute Gateway (CGW) through firewall rules and IPsec capabilities to enable customers to connect securely to their remote workloads and the Internet.
RETIRED CONTENT Day 2
-
Lab 06 - Inter-SDDC and Native VPC Connectivity
Updated onArticleAn SDDC deployment group uses VMware Transit Connect to provide high-bandwidth, low-latency connections between SDDCs in the group and other VPCs in the same region. You can also add a Direct Connect Gateway (DXGW) to provide centralized connectivity to your on-premises SDDCs.
An SDDC deployment group (SDDC Group) is a logical entity designed to simplify the management of your organization's VMware Cloud on AWS resources at scale. Collecting SDDCs into an SDDC Group provides several benefits to an organization with multiple SDDCs whose workloads need a high-bandwidth, low-latency connection to each other. All network traffic between group members travels over a VMware Transit Connect network. Routing between compute networks of all SDDCs in a group is managed automatically by VMware Transit Connect as subnets are added and deleted. You control network traffic among group member workloads with compute gateway firewall rules.
VMC on AWS Labs Day 2
-
Lab 03 - SDDC Networking & Native AWS Integration
Updated onArticleOne of the most compelling reasons to adopt VMware Cloud on AWS is to integrate your existing systems which sit in your VMware Cloud environment, with application platforms that reside in your AWS Virtual Private Cloud (VPC) environment. The integration which VMware and AWS have created allows for these services to communicate, for free, across a private network address space for services such as EC2 instances, which connect into subnets within a native AWS VPC, or with platform services that have the ability to connect to a VPC Endpoint, such as S3 Storage.
RETIRED CONTENT Day 1
-
Lab 05 - L7 Security - L7 FW, FQDN Filtering & IDPS
Updated onArticleVMware Cloud on AWS provides VMware’s enterprise-class SDDC software on AWS cloud. It includes a robust set of networking and security capabilities that enable customers to run production applications in the cloud. Every SDDC is provisioned with the Gateway Firewall to protect the perimeter of the SDDC, and the Distributed Firewall to secure lateral communication across workloads inside the SDDC. Powered by the proven security capabilities of VMware NSX-T, Gateway and Distributed Firewall provide enterprise-class Layer 4 security for applications in VMware Cloud on AWS:
- Gateway Firewall enables customers to selectively allow and deny traffic from and to applications deployed in the SDDC. It also controls access to management infrastructure, such as vCenter and NSX manager
- Distributed Firewall is built into the hypervisor and automatically scales across every host in the SDDC. Enabling micro-segmentation at the workload level, Distributed Firewall policies migrate with the VM when they move from host to host in the SDDC.
NSX Advanced Firewall features take the network security capabilities of VMware Cloud on AWS SDDC to the next level, allowing customers to define security policies at Layer 7 and enabling deep packet inspection across all vNICs within the SDDC.
VMC on AWS Labs Day 2
-
Lab 04 - On-Premises integration with VMC on AWS
Updated onArticleVMware Cloud on AWS enables customers to have a hybrid cloud platform by running their VMware workloads in the cloud while having seamless connectivity to on-premises and Amazon Web Services (AWS) native services.
Customers can use their existing AWS Direct Connect (DX) or Virtual Private Network (VPN) solutions to connect to their VMware Software-Defined Data Center (SDDC) clusters.
VMware Cloud on AWS uses NSX to control access to this network as part of the SDDC management model, and limits access to only remote traffic required to support features like cross-cluster vMotion. On top of the underlay, NSX builds overlay networks for logical VMware connectivity. Each SDDC has two types of overlay networks:
- Appliance Subnet is used to provide connectivity to SDDC management components like vCenter. This network is created during cluster provisioning with a carved-out network range from the Infrastructure or Management subnet. Customers can optionally specify the network range of the Management subnet during cluster creation for the purpose of avoiding conflicts with other networks that will need to connect to the SDDC. Access to this network is controlled by the NSX Management Gateway (MGW) through firewall rules and IPsec tunnels.
- One or more customer-managed logical networks for VM traffic. Those can be either routed locally within the cluster or stretched from remote on-premises clusters with a remote gateway for L3 routing. Access to this network is controlled by the NSX Compute Gateway (CGW) through firewall rules and IPsec capabilities to enable customers to connect securely to their remote workloads and the Internet.
VMC on AWS Labs Day 2