VMware Cloud on AWS Connection Options

Happy New Year!!! This is going to be an exciting year for VMware Cloud on AWS and I wanted to kick off 2018 by highlighting the way in which you are going to connect into and out of VMware Cloud on AWS.

First of all, VMware Cloud on AWS is optimized (VMware Cloud Foundation) to run on dedicated, elastic bare metal infrastructure at a very high level inside Amazon’s data centers. For security purposes, the VMware Cloud on AWS SDCC is bifurcated to the components that manage the SDDC itself such as ESXi, VSAN, NSX, and vCenter.

Here’s a simple explanation of how you can setup the connectivity framework.

The first thing you need to setup is a connection to the management components of the SDDC.  You will first need to create a Management VPN and choose a set range of IP addresses that will be used by management components such as the ESXi hosts and vCenter. This range will be in the form of a simple CIDR block. We recommend using a /20 CIDR block for management purposes. After you connect the management portion of the SDDC, you will then need to setup an IPSec VPN between your on-prem data center and management components. This VPN can be setup over the Internet or AWS Direct Connect (DirectX). After this connection is established, you can then build firewall rules on the VMware Cloud on AWS Console. With these rules you can control access to the  vCenter from your on-prem data center.

VMCMgtVPN

There is an optional connection you can setup if you need access to your vCenter Server directly from the Internet. A public IP is automatically provided during the provisioning process. It is important to note that all access to this IP is restricted. To provide access, you will need to configure firewall rules in the VMware Cloud on AWS console to allow this direct type of Internet access.

PublicAccess

The second VPN you will need to setup is between your compute workloads and your on-premise data center. Several logical networks are required to provide the IP addresses for the workloads you plan on migrating or build in VMware Cloud on AWS. This VPN secures these workloads and allows them to connect back to your on-prem data center. This can be an IPSec VPN or L2VPN. The L2VPN advantage is that you can stretch a single L3 IP space from on-prem to the cloud and is also required for live migrations. This VPN can go over the Internet or AWS DirectX. You can again create firewall rules as needed to access on-prem workloads.

ComputeVPN

The next connection is between your SDDC workloads and your Amazon VPC. This is automatically configured and built during the SDDC provisioning process. Once you select the Amazon VPC subnet that will be associated with your VMware Cloud on AWS SDDC an elastic network interface (ENI) will be created allowing traffic to flow between both environments.  In order to control security, you will need to configure AWS IAM policies as well as firewall rules on the VMware Cloud on AWS side to allow access between both. Lastly, you will likely need to give direct public internet access to some of your SDDC workloads. To make these accessible to the Internet, you will need to leverage AWS elastic IPs along with NAT and firewall configurations to allow this type of access.

ENI

That’s it! Now you are ready to leverage your SDDC on VMware Cloud on AWS!

Also, here’s a video that covers the content discussed above.

-SL

Advertisements

If You Build It, Will They Come?

Some of you may remember the movie Field of Dreams where Kevin Costner’s character Ray Kinsella hears the phrase “if you build it, they will come.” Ray interprets this to mean he needs to plow under a portion of his corn field to build a baseball field and risk the economic and emotional stability of the family he loves dearly. The ending of the movie is open to interpretation but we assume Ray and his family lived happily ever after even if seemed like a crazy idea to everyone else.

With all the industry buzz around Cloud, many customers believe that if they build a Cloud solution (on or off premises) people will adapt and use it. This could not be further from the truth. Those of you wanting to disrupt the status quo need to first ask the question “what problem am I trying to solve”? Without specific use cases, you can end up wasting hundreds of thousands of dollars building a solution that no one will use. Once you have determined the problem(s) you would like to solve and fully understand what the goal is, you can then begin looking at solutions.  Without a true problem to solve and full understanding of the cloud solution of choice, you risk building a cloud solution with no customers.

This past week VMware Staff Solution Architect Sudhir Balasubramanian authored a blog covering Oracle RAC on VMware on AWS.  One of the  most compelling things around VMware Cloud on AWS is the fact that it’s underlying architecture is built on vSphere, VSAN, and NSX. This makes moving  Business Critical Application  workloads to a public cloud easier.

Welcome to Street 2 Clouds!

As we discussed what we wanted to accomplish with this website, we discovered we are very passionate about what we do. We like to see customers SUCCEED! Our roles place us very close to customers who have already adopted virtualization as a core platform and are now moving forward into the new world of cloud computing. By definition, cloud computing is an information technology paradigm, a model for enabling ubiquitous access to shared pools of configurable resources (such as computer networks, servers, storage, applications and services), which can be rapidly provisioned with minimal management effort, over the Internet or on premises. While cloud computing is a simple concept, the implementation of such is anything but easy. Technology is great, but it’s people and processes that make the magic happen. Our goal is to bring our “street” experience as consultants and customer advocates and help you all become even more “cloud” ready. Come back often as we will be updating content frequently.

-SL