VMware Explore US 2023 is here and as always, VMware Cloud on AWS is also getting a fair number of updates. While all updates are important, there are so many of them that I can’t do them justice in a blog post. So, in this one, I will only talk about some of my picks that you should definitely take notice of.
VMware Cloud on AWS: Advanced
This is an important one! The product in its original offering is well-known and has offered the well-trusted VMware SDDC software – offered on top of bare-metal EC2 instances, controlled by vCenter. To migrate workloads to the platform, HCX is also bundled with the offering.
But with VMware Cloud on AWS, VMware is making the deal even sweeter! VMware is announcing the VMware Cloud on AWS: Advanced, which is effectively the same bundle that you’ve known + Aria Services + Advanced Networking and Security products bundled at no extra cost!
If you look at the components shown in blue text on the right, they represent the additional products that will be bundled with the product at no extra cost – when it becomes available generally.
Please note that these will be available on new SDDC deployments and will only be offered on the i3en.metal and i4i,metal instances only.
Enterprise Networking and Security Capabilities
There is a bunch of included networking and security capabilities that customers will get once VMware Cloud on AWS: Advanced becomes available too.
Context-Aware microsegmentation isolates and protects applications by providing granular security policies, specific to each application. This is invaluable as in case of a security breach, the effects of it are limited.
As the name suggests, distributed FQDN Filtering granular control over FQDN-based firewall rules which also integrates with DNS-based threat intelligence mechanisms and that protection follows the VM wherever it goes.
User Identity-based Firewall does exactly what it says on the tin! Using it, admins can define user-centric access control policies which can be used in conjunction with a zero-trust security deployment.
NSX+ Policy Management, which should become available with the SDDC version 1.24 release, simplifies security policy management by providing consistent network controls across the board, regardless of the location of that cloud.
NSX+
As mentioned above, NSX+ should become available with VMware Cloud on AWS with the SDDC version 1.24 release. Once it does, it will offer its services as a (Software as a Service) deployment and will provide 5 “as-a-service” services:
- Policy Management
- Application Visibility
- Network Detection & Response
- ALB Controller
- HCX+ Workload Mobility
Policy Management allows customers to define and deploy consistent security and network policies across all locations.
Application Visibility provides network flow recommendations for applications so that more efficient and accurate application mappings can be created. Essentially, it allows you to create a zero-trust micro-segmentation environment so that all unexpected traffic can be dropped, thereby improving the security posture.
Network Detection & Response provides the capability to triage and block/isolate incoming threats in your environment
ALB Controller capability allows the AVI controllers to be deployed and run from the cloud, and finally,
HCX Workload Mobility service allows organisations to migrate virtual machines between whichever cloud deployment they might have.
All of these services will be available as SaaS under the NSX+ umbrella and organisations will be able to subscribe to them as per their needs.
vSAN Express Storage Architecture
This is another one that I’ve been eagerly waiting for. We all know about the storage efficiency and performance benefits that ESA brings to vSAN but so far, it hasn’t made it to the VMware Cloud on AWS SDDC.
Well, that’s about to change! It is set to be made available on greenfield deployments later this year. With the better compression algorithm and performance enhancements, vSAN with ESA on VMware Cloud on AWS will enable even more performance-orientated workload use cases to be run on it.
Please note that vSAN ESA will only be available on i4i.metal nodes only.
VPC Peering Support for Amazon FSx on NetApp ONTAP External Storage
As designs and customer requirements evolved since the introduction of VMware Cloud on AWS, external storage options have become available and are now an essential part of an SDDC design, due to the cost-efficiencies they bring with them.
Amazon FSx on NetApp ONTAP is a flexible, scalable, and performant storage option for VMware Cloud on AWS that adds external storage to an SDDC in the form of NFS datastores and it’s available in multi and single-availability zone configurations.
Until now, the only supported connectivity option for this service was to go through a VMware Transit Gateway. While it worked well from connectivity and performance points of view, in cases where there’s a lot of data flowing between the two VPCs, egress data charges could potentially build up very quickly. In such cases, it could cause significant cost swings unexpectedly – which can be a major concern for organizations.
Enter the VPC Peering Connectivity option! It allows a direct connection between the two VPCs to allow traffic to pass without the need to traverse the Transit Gateway. The NFS Datastore connection bypasses NSX and is directly between ESXi and the NFS Storage.
If you’re thinking about adding Amazon FSx on NetApp ONTAP as external storage in the near future or already have it deployed, please have a look at my separate post on the topic: VMware Cloud on AWS: VPC Peering Enables Cost-Efficient External Storage – for more details and some considerations. It will have a significant positive impact on the overall cost of your external storage charges.
As I said at the beginning, this post does not cover the entire list of new announcements for VMware Cloud on AWS at VMware Explore but these are my picks that I think are the most important from my point of view. Please keep an eye on all the various blogs and VMware websites for all the announcements throughout this week.
Leave A Comment