VMWare Cloud on AWS

What is VMware cloud on AWS?

VMware Cloud on AWS integrates VMware’s compute, storage, and network virtualization products (VMware vSphere, VMware vSAN, and VMware NSX) along with VMware vCenter Server management, optimized to run on dedicated, elastic, bare-metal AWS infrastructure.
VMware Cloud on AWS infrastructure runs on dedicated, single tenant hosts provided by AWS in a single account. Each host is equivalent to an Amazon EC2 I3.metal instance (2 sockets with 18 cores per socket, 512 GiB RAM, and 15.2 TB Raw SSD storage)

VMWare on AWS Account structure

Account Connectivity

What is an ENI?

An elastic network interface is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes:

A primary private IPv4 address from the IPv4 address range of your VPC
One or more secondary private IPv4 addresses from the IPv4 address range of your VPC
One Elastic IP address (IPv4) per private IPv4 address
One public IPv4 address
One or more IPv6 addresses
One or more security groups
A MAC address
A source/destination check flag
A description

How are ENIs used?

Management Network – You can create a dual-homed environment for your web, application, and database servers. The instance’s first ENI would be attached to a public subnet, routing 0.0.0.0/0 (all traffic) to the VPC’s Internet Gateway. The instance’s second ENI would be attached to a private subnet, with 0.0.0.0 routed to the VPN Gateway connected to your corporate network. You would use the private network for SSH access, management, logging, and so forth.
MAC-Based Licensing – If you are running commercial software that is tied to a particular MAC address, you can license it against the MAC address of the ENI. Later, if you need to change instances or instance types, you can launch a replacement instance with the same ENI and MAC address.
Low-Budget High Availability – Attach an ENI to an instance; if the instance dies launch another one and attach the ENI to it. Traffic flow will resume within a few seconds

Can we attach multiple ENIs to an instance?

Yes.

The number of ENIs that can be attached to an instance depends on the instance type.

SDDC Network topology

SDDC Network Architecture

ESXi Networking

VPC Crosslink

Stretched Cluster

NSX Overlay network

Connectivity options for SDDC

Connectivity to Customer Connected VPC

How does the edge router connect to ENI?

VMware creates Elastic Network Interfaces (ENIs) in the customer vpc subnet chosen by customer
These ENIs are directly attached to the ESXi hosts in the VMware SDDC account.
Which ENI is used by the router?
- Of all the attached ENIs, only one of them is in use. The NSX edge Router (also called T0 Router) lives on a single ESXi host, and this decides the ENI that’s in active state. This ENI allows for connectivity between the SDDC cluster and customer VPC.
What happens if the ESX that is hosting the edge router fails?
- In the event of a host failure, VMware vMotions the Compute Gateway to a new host and the customer route table is updated to point to the new active ENI

Connectivity to other customer vpcs

1:1 VPN tunnels between the NSX T0 edge router and the different VPCs using the AWS-managed VPN offering
Transit gateway