MODERN INFRASTRUCTURE VMWARE CLOUD WITH ON AWStm Transforming Applications and Operations with a ‘Next-Gen’ Cloud Strategy Martin Hosken fm.indd 1 12-02-2021 21:12:54 Copyright © 2021 by Martin Hosken Technical Reviewers: Elena Krasteva, Senior Cloud Solutions Architect – VMware Cloud on AWS All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means without written permission from the author. Version 2.0 [January 2021] ISBN 978-1-5272-8512-5 Warning & Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The authors, VMware Press, VMware, and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book. The opinions expressed in this book belong to the author and are not necessarily those of VMware. VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com. Copyright 2019 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. and its subsidiaries in the United States and/ or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. fm.indd 2 12-02-2021 21:12:55 Table of Contents About the Author ................................................................................................... vii Foreword ................................................................................................................... ix Preface ...................................................................................................................... xi Chapter 1: Introduction to VMware Cloud on AWS .............................1 Chapter 2: Application Modernization in a Multi-cloud World ..........5 Challenges of a Multi-cloud Strategy ...................................................................5 Hybrid Cloud – What Does It Mean to Your Organization? ............................9 Benefits of the Homogeneous Approach ..........................................................11 Hybrid Cloud with Native Public Cloud ...............................................................12 Chapter 3: VMware Cloud on AWS Overview ...................................13 Data Center Modernization with Hybrid Cloud .................................................15 VMware Cloud on AWS Architecture ..................................................................17 Administrative Accounts and Organizations ......................................................18 Organizations .........................................................................................................................18 Master Organization .............................................................................................................19 VMware SDDC AWS Account and VPC ........................................................................20 Chapter 4: VMware Cloud SDDC Platform .........................................23 Compute Architecture ............................................................................................24 Host Compute Options and Configuration ....................................................................24 Management Components and Management Resource Pool .................................26 Large SDDC Configuration ................................................................................................28 Edge Scale-Out .....................................................................................................................28 DRS and vSphere HA Cluster Configuration .................................................................28 Compute Policies..................................................................................................................29 Simple Cluster Configuration and Flexible Resource Management ........................30 Automated Scalable Infrastructure with Elastic DRS ..................................................30 Rapid Scale-out with Elastic DRS ......................................................................................31 Enterprise Class Scale and Resource Management ....................................................32 Custom CPU Core Counts ..................................................................................................33 Default and Stretched Cluster Configuration ...............................................................34 iii fm.indd 3 12-02-2021 21:12:55 iv Table of Contents Consuming a One-node SDDC .........................................................................................37 Consuming a Two-node Cluster Configuration ............................................................37 Storage Architecture ...............................................................................................39 vSAN per Host Configuration (i3p.16XL.metal Instance) ...........................................39 vSAN Policy Automated Adjustment ..............................................................................42 vSAN Per Host Configuration (i3en.metal Instance) ...................................................43 NVMe Namespaces .............................................................................................................43 Deduplication and Compression ......................................................................................45 Calculating Usable Capacity ..............................................................................................45 Storage and Stretched Clusters .......................................................................................46 Maintaining Slack Space and Storage Auto Scale-up ................................................46 External Storage with VMware Managed Service Providers (MSP) .......................47 Network Architecture .............................................................................................47 Core VPC Networking .........................................................................................................49 The NSX Overlay ..................................................................................................................50 Firewall Overview ..................................................................................................................51 Distributed Firewall (Microsegmentation) ......................................................................51 Securing Connectivity .........................................................................................................52 Internet Uplink .......................................................................................................................52 AWS VPC Uplink ..................................................................................................................52 IPSec VPN ..............................................................................................................................54 Layer 2 VPN ..........................................................................................................................55 Direct Connect Uplink .........................................................................................................59 Direct Connect – Public VIF...............................................................................................59 Direct Connect – Private VIF ..............................................................................................61 Direct Connect with VPN as Standby ..............................................................................61 Networking Best Practices .................................................................................................61 IP Space Management and Administration ...................................................................63 DHCP and DNS Services ....................................................................................................63 VMware Cloud and AWS Native Service Integration .................................................65 The VPC Cross-Link Interconnect ....................................................................................65 Multi-AWS VPC Architecture ............................................................................................68 Transit VPC ............................................................................................................................68 VMware Transit Connect (VMware Managed Transit Gateway) .............................69 SDDC Groups .........................................................................................................................71 AWS Data Transfer Costs ..................................................................................................73 VMware NSX Advanced Load Balancer ........................................................................73 VMware SD-WAN for Hybrid Cloud ................................................................................77 Chapter 5: The Case for Data Center Modernization .......................79 Addressing Data Center Pain Points ...................................................................79 Ensuring Availability, Disaster Recovery, and Data Protection ......................81 AWS Regional Availability ......................................................................................83 AWS GovCloud .........................................................................................................84 Support Model ..........................................................................................................84 Service-level Agreement (SLA) ............................................................................85 VMware Cloud on AWS Data Protection ...........................................................86 Summary ....................................................................................................................88 fm.indd 4 12-02-2021 21:12:56 Table of Contents v Chapter 6: Planning for Application Migration with HCX .................89 Migration Planning ..................................................................................................90 Introduction to HCX ..................................................................................................91 HCX Component Overview ....................................................................................92 Migration Methodology ..........................................................................................93 Live Migration (Long-Distance vMotion) ........................................................................94 HCX-Assisted vMotion ........................................................................................................94 Bulk Migration .......................................................................................................................95 Replication-assisted vMotion (RAV) ................................................................................96 Cloud-to-Cloud .....................................................................................................................98 HCX for Hybrid Network Extension .....................................................................98 HCX for Disaster Recovery ....................................................................................99 Chapter 7: B usiness and Technical Drivers for VMware Cloud on AWS ....................................................101 Aligning Business and Technical Priorities .......................................................101 Business Use Cases: ..............................................................................................102 Technical Use Cases: .............................................................................................106 Data Center Evacuation and Consolidation ....................................................107 Modern Application Support ................................................................................110 Cloud-Native Infrastructure with VMware Tanzu Kubernetes Grid .......................112 Disaster Recovery ...................................................................................................114 VMware Site Recovery ......................................................................................................114 VMware Cloud Disaster Recovery ..................................................................................117 Building a Combined Disaster Recovery Solution ......................................................119 Infrastructure as Code ...........................................................................................119 Terraform .............................................................................................................................122 vRealize Automation Cloud .............................................................................................123 AWS Service Integration ......................................................................................125 Virtual Desktop Infrastructure ............................................................................125 Cloud Director Service for Managed Service Providers ..............................127 Chapter 8: Hybrid Cloud Reality .........................................................131 Defining Hybrid Cloud ............................................................................................132 Understanding Cloud Impact on Business ........................................................133 Foundational Cost Shift .....................................................................................................133 Increased Agility and Elastic Scalability ........................................................................134 Making the Hybrid Cloud Real .............................................................................134 Lift-and-Shift .........................................................................................................................134 Hybrid Application Integration ........................................................................................135 Disaster Recovery to Cloud ..............................................................................................138 Chapter 9: Operational Readiness ....................................................140 Simple and Consistent Operations ....................................................................140 vCenter Linking for SDDC Groups .....................................................................143 fm.indd 5 12-02-2021 21:12:56 vi Table of Contents Performance, Scalability, and Reliability ...........................................................144 Operational Changes and Governance ............................................................145 Security and Compliance .....................................................................................147 Transforming Operations for VMware Cloud on AWS .................................150 Operational Team Impact ................................................................................................150 Service Management Process .........................................................................................151 Service Management Tasks ............................................................................................153 Security Responsibilities ...................................................................................................153 Operational Monitoring .....................................................................................................155 VMware Cloud Marketplace ................................................................................157 Chapter 10: VMware Hyperscaler Partners .......................................158 Partner Solutions ...............................................................................................................158 Azure VMware Solution ...................................................................................................159 Chapter 11: Final Thoughts .............................................................. 166 Additional Resources ....................................................................... 168 Moving Your Organization into the Hybrid Cloud ........................ 169 fm.indd 6 12-02-2021 21:12:57 About the Author Martin Hosken As the Worldwide Chief Technologist for Cloud Services at VMware, Martin works at the evolution of VMware Cloud Services, the intersection where IT Architecture, Solution Architecture, and Software Development meet. His primary focus is on cutting-edge solutions in today’s complex cloud market and on helping cus- tomers and partners prepare to make the most of the opportunities presented by emerging technology and software development practices. Martin is part of the VMware Office of the CTO, Global Field team, a double VMware Certified Design Expert (VCDX Number 117) in Data Center Virtualization and Cloud Management and Automation, an established vExpert, and is the author of four books, doz- ens of papers, blogs, and articles based on VMware and other technologies. Follow Martin on Twitter: @hoskenm vii fm.indd 7 12-02-2021 21:12:57 fm.indd 8 12-02-2021 21:12:57 Foreword Lately, I’ve been talking to a lot of VMware customers about their digital transformation efforts. Those dis- cussions invariably end up on the topic of application modernization. Customers want to get the benefits of both cloud infrastructure and cloud-native archi- tecture to enable their applications to drive greater business impact. In fact, it’s this drive toward appli- cation modernization that causes businesses to end up with a multi-cloud strategy, as different apps dictate different cloud platforms. Regardless of the cloud though, I often see customers falling into the trap of believing that the fastest way to realize these benefits is to make all the changes at once – moving to cloud and refactoring the application to a cloud-native architecture. Yet I frequently hear from customers that this is more challenging than they initially expected, it takes longer than they antic- ipated, or they’re just not successful. VMware offers a fundamentally different app modernization strategy, one that is natively multi-cloud. Through our unique approach using VMware Cloud Foundation as consistent infrastructure on-premises and in the cloud, we help customers to separate out the various changes they’re looking to make with their applications. Specifically, VMware Cloud on Amazon Web Services (AWS) (built on VMware Cloud Foundation!) allows them to migrate to cloud and then modernize to a new architecture. The “migrate then mod- ernize” strategy is, perhaps counterintuitively, actually the fastest path to cloud. I say “perhaps counterintuitively” because this “two-step” process is faster than the “one-step” process described above. Let me explain how. Traditionally, in a cloud migration, both the application code and applica- tion’s operations need to be modified to support the new cloud environment. These two have to happen in lockstep or the app won’t run well in the cloud. But, as just mentioned, evolving the application’s code is challenging and time-consuming. The power of VMware Cloud on AWS is that it enables applications to be migrated without modification to the application code or its operational model. Same app, same ops tools, same ops team, just now in the cloud! This goes back to the common VMware Cloud Foundation platform available ix fm.indd 9 12-02-2021 21:12:57