VMware Cloud Well-Architected Framework - Deploying VMware Cloud Infrastructure for VMware Cloud on AWS
Deploying VMware Cloud on AWS
There are many considerations and high-level logical decisions to be made before you can deploy the VMware Cloud on AWS solution. You must be thoroughly familiar with the decisions that must be made from the information provided in the planning stage, as they will affect the choices you must make.
For example, if geographic availability of migrated applications is important, a business decision may have been made to implement stretched clusters to satisfy that constraint. The following highlights other important actions that must be considered prior to deployment.
- Complete profile for Fund User/Owner in my.vmware.com account.
- Identify or create a customer-owned AWS account. This is required as a means of providing the SDDC with access to AWS services.
- Review CloudFormation Template used for account linking. This may be required depending on the security policies of your organization. Details of this template may be found in the official user guide.
- Identify AWS region for SDDC deployment.
- Identify or create VPC within above region which is to be used for SDDC cross-linking.
- Identify or create a dedicated subnet in the desired availability zone within the VPC. This is for SDDC Cross-Account ENIs. Dedicated /26 minimum.
- Identify SDDC Management IP subnet. A /23 scales to 27 hosts, /20 scales to 251 hosts. This subnet is exclusively for management and may not be carved up or otherwise used by compute workloads.
- Identify SDDC Compute network IP address range(s). This is for network segments in the compute network, minimum /30, maximum /22 per segment. This is not required to deploy the SDDC but is required in order to deploy workloads.
- Identify strategy for integrating custom DNS servers with the SDDC. SDDC uses public DNS by default. This step is needed if your workloads need name resolution for IP address space which is private to your organization.
- Identify strategy for connectivity to the SDDC (IPSec VPN, Direct Connect, etc.)
- Determine minimum network security policies to permit administrative access to the SDDC
Deployment of a VMware Cloud on AWS SDDC may be performed one of two ways:
- Traditional deployment via the Cloud Service Portal interface - this is the most commonly used option for initial service onboarding as the user interface provides input choices with examples, recommendations, and allows you to view the options when there is a specific selection to be made. This can be helpful when familiarity with the service boundaries and requirements are needed.
- API Deployment - For customers that deploy VMware Cloud on AWS services on a regular and/or high scale pace, VMware Cloud on AWS SDDC's and associated functions can be called via API's. This allows scripted deployment and configuration of SDDC's rapidly without user interface interaction and can be a desired method when repeatedly deploying SDDC's or making common configuration changes quickly.