AWS Partner Network (APN) Blog

Diving Deep on the Foundational Blocks of VMware Cloud on AWS

By Aarthi Raju, Partner Solutions Architect at AWS

VMware Cloud on AWS_blue

VMware Cloud on AWS enables customers to extend their on-premises data centers and easily migrate application workloads without having to convert machine image formats or undergo a re-platforming process.

Customers no longer have to over-provision hardware resources to accommodate for host failures. Instead, you can increase utilization of the cluster resources as host failure replacement takes minutes, not days or weeks. You can also take advantage of instant on-demand capacity to meet temporary, seasonal, or unplanned demand by dynamically adding hosts to the cluster.

With the recent VMware launch of Disaster Recovery as a Service (DRaaS) with VMware Site Recovery, customers can accelerate time-to-protection, simplify disaster recovery operations, and reduce the expense of maintaining additional physical data centers.

VMware Cloud on AWS enables customers to run the VMware Software Defined Data Center (SDDC) stack, which includes vSphere, vSAN, NSX, and vCenter directly on bare-metal AWS infrastructure while maintaining the elasticity and security that customers demand. Customers can use their existing VMware skills while taking full advantage of running VMware workloads in the cloud.

In this post, we dive deeper into the foundational blocks that make up this service.

VMware Cloud on AWS Architecture

Figure 1 – Overview of the foundational blocks of VMware Cloud on AWS.


An SDDC cluster can contain up to 10 vSphere clusters ranging in size from 4 to 32 hosts. Each host is configured with 512GB of memory and contains dual CPU sockets that are populated by a custom-built Intel Xeon Processor E5-2686 v4 CPU package. Each of these hosts contains 18 cores per socket (36 cores total with 72 threads per host) for a cluster core count of 144. Users can add or remove hosts with a simple click of a button or through an API call.


The primary storage for the SDDC cluster is backed by VMware’s vSAN (Virtual SAN) in an all-flash configuration. Each ESXi host comes with NVMe flash storage. A minimal 4 ESXi host cluster running vSAN provides approximately 21 TB usable storage, with all virtual machines protected against a single host failure (FTT=1). Data encryption at rest is built-in, without any user intervention. Users can leverage VMware’s SPBM (Storage Policy Based Management) VM storage policies at individual vdisk level.


VMware NSX is the network virtualization platform that enables customers to create a multi-tier virtual network. It allows customers to de-couple the network functions from the physical devices. In VMware Cloud on AWS, customers can use NSX to create their own logical networks. For every cluster, there are two logical networks by default–one for the management workloads and one for compute workloads.

Communication between logical networks is achieved using gateways. The Management Gateway (MGW) utilizes VMware NSX Edge to enable users to connect to the vCenter Server instance. Customers can configure firewall rules, create IPSEC VPN and DNS for the management gateway. The Customer Gateway (CGW) utilizes a NSX Edge instance and a distributed logical router (DLR) to enable ingress and egress of VM network traffic.


The gateways discussed also enable connectivity from the SDDC cluster to on-premises environments. An IPSEC layer 3 VPN can be set up to securely connect the on-premise vCenter server with the management components running in the cloud SDDC cluster that enables capability such as hybrid linked mode for unified management. A separate layer 3 IPSEC VPN is set up to create connectivity between the on-premises workloads and VMs running in the cloud SDDC cluster.

Customers can also leverage their existing AWS Direct Connect connection with VMware Cloud on AWS. This can be done by creating a hosted private Virtual Interface (VIF) for VMware Cloud on AWS. Currently, VMkernel traffic (ESX Management and vMotion) is carried over the private VIF. For all other traffic (management appliance traffic and workload VM traffic), customers can use the VPN connection already established.

High Availability

VMware vSphere High Availability (HA) provides high availability for VMs by leveraging hosts and resources of a cluster to reserve capacity. This way, workloads can failover in case of host failures. In the event of a failure, VMs on failed hosts are restarted on alternative hosts. VMware takes responsibility and will perform host failure remediation.

Hybrid Linked Mode (HLM)

A single pane of glass to view and manage on-premises as well as cloud environments is provided through vCenter Hybrid Linked Mode (HLM). This allows you to link the VMware Cloud on AWS vCenter to your on-premises vCenter to provide a hybrid management interface across cloud and on-premises resources. To take advantage of this feature, users need to be running vSphere 6.5 or later versions.

Additional Resources

VMware Cloud on AWS is delivered, sold, and supported by VMware as an on-demand, elastically-scalable cloud service that removes barriers to cloud migration and cloud portability, increases IT efficiency, and opens up new opportunities to leverage a hybrid cloud environment. The service is currently available in the AWS US West (Oregon), US East (N. Virginia), and London Regions.

For additional resources and to get started:

If you have any questions, please feel free to reach out to your AWS Account Manager or Partner Development Manager, and they can help direct you to the right AWS resources. You can also email us at and we will route your questions to the appropriate individuals.

Connect with VMware-1

VMware – APN Partner Spotlight

VMware is an APN Advanced Technology Partner. Its software spans compute, cloud, networking, security, digital workspace, and streamlines the journey for organizations to become digital businesses.

Contact VMware | Solution Overview

*Already worked with VMware? Rate this Partner

*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.