Shared Responsibility Model Overview - VMware Cloud on AWS Outposts
Introduction
VMware Cloud on AWS Outposts brings VMware enterprise class software defined data center offering to on-premises datacenter and edge locations. VMware Cloud on AWS Outposts provide simple, secure and scalable infrastructure that removes the friction of day-to-day tasks with cloud-like ease of use for on-premises workloads. It offers consistency between on-premises and public cloud environments.
VMware Cloud on AWS Outposts has the following components:
- VMware Software Defined Data Center (“SDDC”) consisting of
- VMware vSphere® ESXi running on AWS EC2 bare-metal server
- VMware vCenter® Server Appliance
- VMware NSX® Data Center for vSphere to power networking for the service
- VMware vSAN™ aggregating host-based storage into a shared datastore
- VMware HCX to enable app mobility and infrastructure hybridity
- AWS-supplied hardware – AWS EC2 bare-metal server, switches, racks, UPS, etc.
- Customer self-service provisioning of SDDCs through VMware’s Cloud Portal
- SDDC maintenance, patching and upgrades, performed by VMware
- AWS hardware maintenance, patching and upgrades, performed by Amazon Web Services
- AWS-provided network to an AWS Region - used by VMware for remote management
Note: In addition to the above components, every rack also includes spare capacity, i.e., a spare host not configured as part of the running cluster. In the event of a hardware-related degradation, the spare node can be activated to replace an unhealthy host in the cluster. The impaired node can then be repaired remotely or swapped without affecting the application uptime.
Shared responsibility model
VMware Cloud on AWS Outposts implements a shared responsibility model that defines distinct roles and responsibilities of all three main parties involved in the offering: Customer, AWS, and VMware.
Customer responsibility
Customers are responsible for the deployment and ongoing configuration of their SDDC, virtual machines, and data that reside therein. In addition to determining the data center facilities (power, cooling, etc.), network, firewall and uplink connections, customers are responsible for managing virtual machines and using VMware Cloud on AWS Outposts user roles and permissions along with vCenter roles and permissions to apply the appropriate controls for users. In addition, customers are responsible for the physical facilities including their temperature control and security. Customers are responsible for providing reliable internet-facing access at a minimum of 100Mbps.
VMware responsibility
VMware is responsible for protecting the software and systems that make up the VMware Cloud on AWS Outposts service. This software infrastructure is composed of the compute, storage and networking software comprising the SDDC, along with the service consoles used to provision VMware Cloud on AWS Outposts.
Amazon Web Services responsibility
Amazon Web Services is responsible for providing and maintaining the physical infrastructure that includes rack, host hardware, networking gear and PDU.
SDDC inventory responsibility
The VMware Cloud on AWS Outposts Software Defined Data Center includes management inventory that is operated by VMware along with inventory that is operated by the customer. The diagram below color codes the SDDC inventory to help clarify the shared responsibility model with customer responsibilities represented in green and VMware responsibilities represented in blue.
Shared responsibility matrix
Details on the shared responsibility model employed by VMware Cloud on AWS Outposts can be found in the table below. You can see that a great deal of low-level operational work is handled by the VMware Cloud on AWS Outposts Site Reliability Engineering team, giving customers the ability to focus on workload and policy management.
Entity | Responsibility/Activity |
---|---|
Customer |
Deploying Outposts Rack
Deploying Software Defined Data Centers (SDDCs) Host Type (i3en.metal)
Management Network Range Configuring SDDC Network and Security (NSX)
Deploying Virtual Machines
Migrating Virtual Machines
Managing Virtual Machines
Managing Vulnerabilities
|
VMware |
SDDC Lifecyle
SDDC Health
SDDC Provisioning
Managing Vulnerabilities
Security and Encryption
|
AWS |
Physical Infrastructure
Compute / Network / Storage
|
References
For additional resources for VMware Cloud on AWS Outposts, please refer to the Service Description and documentation linked below.
Introduction VMware Cloud on AWS Outposts
VMware Cloud on AWS Outposts Launchpad