LHC2384BE VMware Cloud on AWS A Technical Deep Dive · PDF fileVMware Cloud on AWS – A Technical Deep Dive ... on AWS VPN VMworld 2017 Content: ... LHC2013BU –NSX and VMware Cloud

LHC2384BE

#VMworld #LHC2384BE

VMware Cloud on AWS –A Technical Deep Dive

Ray Budavari – @rbudavariFrank Denneman - @frankdenneman

VMworld 2017 Content: Not fo

r publication or distri

bution

• Ray Budavari

Senior Staff Technical Product Manager

Networking and Security Business Unit

• Frank Denneman

Senior Staff Architect

Cloud Platform Business Unit

Speaker Introduction

2

Who



bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

3



bution

Session Agenda

1 Why VMware Cloud on AWS

2 Compute and Storage

3 Networking and Security

4 Q&A

4



bution

Why VMware Cloud on AWS ?

5

Leading compute, storage and

network virtualization capabilities

Support for a broad range of

workloads

De-facto standard for the

enterprise DC

Flexible consumption economics

Broadest set of cloud services

Global scale and reach

Jointly engineered solution delivers the best of VMware and AWS for customers



bution

VMware Cloud on AWS – service overview

6

AWS Global Infrastructure

VMware Cloud™ on AWS

AWS Global InfrastructureCustomer Data

Center

vSphere vSAN NSX

Operational

ManagementNative AWS

Services

vRealize Suite, ISV ecosystem

vCentervCenter

• VMware SDDC running on AWS bare metal

• Sold, operated and supported by VMware

• Support for all VM types

• On-demand capacity & flexible consumption

• Operational consistency with on-premises

SDDC

• Workload portability and hybrid operations

• Global AWS footprint, reach, availability

• Direct access to native AWS services

Service Highlights

STRATEGY AND VISION



bution

Leverage AWS Global Footprint

7

3

US west

Oregon (3)

N. California (3)

2

3

AWS

GovCloud (2)

US east

N. Virginia (5)

Ohio (3)

3

2

5

Canada (2)

3

South America

São Paulo (3)

Europe

Ireland (3)

Frankfurt (2)

London (2)

23

2

2

Asia Pacific

Singapore (2)

Sydney (3)

Tokyo (3)

Seoul (2)

Mumbai (2)

2

22 3

3

2*

* *

New region

Paris, Ningxia, Stockholm*# Region and number of

availability zones

STRATEGY AND VISION



bution

Infrastructure Overview



bution

Consume Cloud Resources



bution

What workload can you run in

Cloud?VMworld 2017 Content: N

ot for publicatio

n or distribution

Host Compute Configuration in Detail

12

▪ Dual socket CPU host configuration

▪ Intel Xeon E5-2686 v4

▪ 18 Cores per socket at 2.3 GHz

▪ 72 Logical processors per host

▪ Hyper-Threading enabled

▪ 82.8 GHz per host

▪ 512 GB memory per host

▪ Manufacturer: Amazon



bution

Initial Availability Compute Cluster Configuration

576144

81922048

TO

TO

CORES

GB

CORES

GB

16 NODE CLUSTER4 NODE CLUSTER



bution

vSphere DRS Configuration

▪ DRS Enabled

▪ Migration threshold = 3

▪ DPM = Disabled

▪ Resource Pools created to isolate

MGMT from Customer VMs

▪ Affinity Rules available in Future

Release

Customer Administrator(Cloud Admin)

VMware

vSAN Cluster

Managed by VMware

Managed by Customer

VC NSX … VM VM VMVM VM



bution

vSphere DRS Configuration



bution

Coupling AWS Elasticity with

vSphere Infrastructure softwareVMworld 2017 Content: N

ot for publicatio

n or distribution

Technical Preview



bution

Automatic Cluster Configuration

vSAN Cluster

HOST IS ADDED1. AUTOMATIC NETWORK CONFIGURATION2. 3.

vSAN Cluster

Management Network

vMotion Network

vSAN Network

VXLAN Network

vSAN Cluster

vSAN DATASTORE CAPACITY INCREASE



bution

Elastic DRS Integration

vSAN Cluster

CPU

Memory

Storage

vSAN Cluster

CPU

Memory

Storage

vSAN Cluster

CPU

Memory

Storage

CLUSTER OPERATING WITHIN TARGET THRESHOLDS1.

THRESHOLD EXCEEDEDPROVISION ADDITIONAL HOST2.

CLUSTER RETURNS TO TARGET THRESHOLD3.



bution

Automated Cluster Remediation

HOST FAILS, OR PROBLEM IDENTIFIED

NEW HOST ADDED TO CLUSTER.DATA FROM PROBLEM HOST REBUILT, AND/OR MIGRATED

PREVIOUS HOST EVACUATED FROM CLUSTER, FULLY REPLACED BY NEW HOST

1.

2.

3.

vSAN Cluster

vSAN Cluster

vSAN ClusterVMworld 2017 Content: Not fo


bution

HA Cluster Configuration

▪ Host failure remediation is the responsibility of VMware.

▪ As HA settings impact consolidation ratio, the following settings are used to provide

excellent service while minimizing overhead:

▪ Host Monitoring Enabled

▪ Admission Control Policy: Percentage Based

▪ Host Failures Tolerate: 1

▪ VM & App Monitoring Enabled

▪ Host Isolation Response: Power off and Restart VMs



bution

Cluster Configuration at Initial Availability


AWS Region

vSphereVSAN NSX

vS

phere

Clu

ste

r

VM VM VM

SDDC

VM

MGMT VMs

Availability Zone

VM

VM

VM

Availability Zone

▪ Restricted to one AWS Region and AZ

▪ Automatically detects failed hardware

▪ Auto remediation HA allows automatic

recovery from HA events

▪ Provision new host and eject failed node

without customer interventionVMworld 2017 Content: Not fo


bution

Cluster Configuration in Future Release


AWS Region

vS

phere

Clu

ste

r

VM VM VMVM

SDDC

Availability ZoneVM

VM

VMAvailability Zone

vSAN Cluster

▪ Multi AZ availability (Active-Active)

▪ vSAN stretched across multiple AZs

▪ Synchronous write replication across AZs

▪ RPO = 0, RTO = HA Restart

▪ Per-VM Storage Policy

▪ First time infrastructure level AZ resilience! No

need for refactoring traditional applicationsVMworld 2017 Content: N

ot for publicatio

n or distribution

Storage Configuration



bution

Initial Availability vSAN Host & Cluster Configuration

12832

16040

TO

TO

NVMe DEVICES

TB RAW CAPACITY

NVMe DEVICES

TB RAW CAPACITY

16 NODE CLUSTER4 NODE CLUSTER



bution

ESXi HostESXi Host

ESXi Host

vSAN Architecture

ESXi Host (x4)

vSAN Disk Group vSAN Disk Group

vSAN Node Configuration

▪ 2 Disk Groups

▪ 2 devices write-caching tier (3.4 TB)

▪ 6 devices capacity tier (10.2 TB)

Storage Policy Configuration

▪ Health Service is enabled *

▪ RAID 1, 5 and 6 available *

▪ vSAN Encryption is disabled at Initial

Availability

* User configurable policy settings



bution

Networking and Security Configuration



bution

NSX ENABLES ALL NETWORKING IN VMC

28

NSX Services

Logicalswitching

Logicalrouting

Firewallingand security

EC2 &VPC Networking

VMware NSX



bution

NSX in VMware Cloud on AWS – Introduction

▪ All VM networking in VMware Cloud on AWS is provided by NSX

▪ vSphere and NSX have been optimized to work in AWS environment

▪ Delivered using an ‘as a service’ cloud model



bution

AWS Networks are Used to Provide External Connectivity

▪ VPC Networking

▪ Services as a Transport

▪ Enables VMkernel networking

▪ Internet Gateway

▪ Enables N-S connectivity

▪ All services are provided by NSX

▪ Customer VPC Access

▪ Optimized access from VMC to connected VPCs

▪ AWS Direct Connect (Future Release)

▪ Dedicated, high performance connection to on-premises



bution

Simplified mode consumption – Initial Availability

• Auto-deploy and provision the VMC infrastructure

resources via predefined VMC Portal workflows

• Setup of initial networks and admin access granted

to vCenter

• Deploy a prescriptive network topology

• Establish predefined VPN connectivity

• Provide inbound access to workload VMs

• Control firewall access to workload VMs

• Consume pre-created VMC network services

• Deploy workload VMs

• Attach workload VMs to networks

• Create new networks

• Manage IP addressing for workload VMs

Cloud

Networking

Admin

VMC Web Console

VI Admin

vSphere

Web Client

VMware Cloud on AWS

vSAN NSXvSphere

vCenter



bution

Advanced mode consumption – Future Release

• Provision network and security for custom data

centers

• Define and establish VPN connectivity with on-

premises locations

• Define security groups and policies for workload

VMs

• Add, modify, or delete network topologies

• Advanced NSX use cases: Distributed firewalls, load

balancing, routing, etc.

• Deploy workload VMs

• Attach workload VMs to networks created by

NSX admins

• Manage IP addressing for workload VMs

Networking

Admin

NSX Manager

Full NSX UI

VI Admin /

Cloud Admin

vSphere Web Client

vSphere API

VMware Cloud on AWS

vSAN NSXvSphere

vCenter



bution

DLR

Default 192.168.1.0/24

Compute GW

(NAT, FW, VPN, DHCP, DNS)

AWS Network

Internet GW

VMware Cloud on AWS – Default Networking Topology

External Traffic

VMware Cloud on AWS

Networking (NSX)Workloads on

logical networks

Management Infrastructure

Management GW

(NAT, FW, VPN)

Custom 10.1.2.0/24Custom 10.1.1.0/24 Custom 10.1.3.0/24

33

Blue = N-S

Red = E-W

VMC SDDC



bution

L3 VPN Hybrid Cloud Connectivity

On-PremGateway

Existing VMs and Management on-premises

VPN Connectivity using NSX ESG(Route selected networks or all traffic

to on-premises over VPN tunnel)

Customer DC

Software Defined Data Center (SDDC)

On-Prem Management

On-Prem

Workloads

Management

Network

Management GW

(NAT, FW, VPN)

VMware Cloud

on AWS

Compute GW

(NAT, FW, VPN, DHCP)

172.16.10.0/24192.168.1.0/24

DLR

Management Traffic

Compute Traffic

InternetInternet GW

IPSec VPN – L3 - Compute



bution

L3 VPN Connectivity Details

35

• VMware Cloud on AWS leverages NSX Edge for VPN

• Provides choice of remote gateway:

• Validation with all common VPN devices

• Joint whitepapers will be published with VMware Partners

Internet / WAN

VMC on AWS

VPN



bution

Optimized connectivity to Native AWS services

Compute Gateway

EC2 Instances, Private AWS services

or VPC Endpoints in customers existing VPCs

Direct Connectivity from VMC to Customer VPCs(without VPC Peering)

Customer VPC

Optimized Traffic Flow

AWS Networking

Provider Network

VMware Cloud

on AWS

VPC Endpoints

VPC subnets

Amazon

S3 Distributed Router

VNI 5001

VNI 5000

DLR

EC2 Instances

36

ENI fromCustomer VPC

VPC route

table

NSX route

table

Software Defined Data Center (SDDC)

Internet GWInternet GW

East-WestConnection

192.168.0.0

192.168.1.0

192.168.2.0

172.16.0.0

172.16.1.0

172.16.2.0



bution

VMC and AWS Services

▪ VMware Cloud on AWS provides access to native AWSservices

▪ Connected VPC access

▪ Provides higher bandwidth connectivity to selected AWS Services

▪ Requires an existing customer VPC

▪ Optimized access to EC2 instances and S3 are supportedat Initial Availability

▪ Additional services will be added in future releases

▪ Public Access to AWS Services is also available via the Internet

▪ Provides a base level of capability

▪ High Performance as VMC runs on the same AWS infrastructure

▪ Bandwidth limits for IGW apply

37

Access to AWS Services

Amazon

EC2

Amazon

S3

Amazon

RDS

AWS Direct

Connect

AWS IAMAWS IoT

…

…

…

…

LHC2013BU – NSX and VMware Cloud on AWS: Deep Dive

LHC2105BE – NSX and VMware Cloud on AWS: The Path to Hybrid Cloud



bution

▪ NSX is front and center in VMware Cloud on AWS Console

▪ Network Dashboard provides a view of NSX components and connectivity

VMware Cloud on AWS – Networking User Experience

38



bution

Simplified mode provides basic networking and security functionality


39

– Firewall – VPN – Logical Networks

– NAT – Public IPs



bution


▪ Logical Networks are managed within vCenter Server

▪ Uses a new HTML5 plugin specifically for VMware Cloud on AWS

▪ Enables the following:

▪ Create & DeleteNSX Logical Switches

▪ Provide a Default Gateway

▪ Optionally enable DHCP

▪ All remaining steps are automated



bution

Summary/Q&A

41



bution

VMware Cloud on AWS and NSX – Summary

• VMware Cloud on AWS is a major initiative for VMware

• VMC is designed to support all of VMware’s existing customers

• Extends key SDDC capabilities to Public Cloud:

– Centralized Management

– Enterprise grade Security

– Consistent operational model

– Cross-VC vMotion for VM Mobility

– DR/Multi-Site as a Service

– Compatibility with Automation tools

42



bution

• Ray Budavari – @rbudavari

• Frank Denneman - @frankdenneman



bution



bution

Questions



bution

Documents

LHC2384BE VMware Cloud on AWS A Technical Deep Dive · PDF fileVMware Cloud on AWS – A Technical Deep Dive ... on AWS VPN VMworld 2017 Content: ... LHC2013BU –NSX and VMware Cloud