Tag Archives: VMC

Configuring Amazon S3 Access from VMware Cloud on AWS through an S3 Endpoint

When looking at how to configure networking for interactions between a VMware Cloud on AWS SDDC and an Amazon VPC there is a little bit to grasp in terms of what needs to be done to achieve traffic flow between the SDDC and the rest of the world.

As an example, by default if you want to connect to S3 the default configuration is to go through the Amazon ENI (Elastic Network Interface) which means that unless configured correctly, connectively to Amazon S3 will fail. Brian Gaff has a really good series of posts on Networking and Security Groups when working on VMware Cloud on AWS and are worth a read to get a deeper understanding of VMC to AWS networking.

There is a way to change this behaviour to make connectivity to Amazon S3 connect via the SDDCs Internet Gateway. This is done through the VMware Cloud Portal by going to the Networking section of the relevant SDDC.

Doing this, while easy enough means that you loose a lot of the benefits that passing traffic through the ENI provides. That is a high-bandwidth, low latency connection between the VPC and the SDDC which also provides free egress. In the case of S3 and the utilising the Veeam Cloud Tier it means more optimal connectivity between a Veeam Backup & Replication instance hosted in the SDDC and Amazon S3.

To allow communication between the SDDC and Amazon S3 over the ENI the following needs to be actioned.

Create Endpoint:

First step is to go into the AWS Console, go to the VPC thats connected to the VMC service and create a new Endpoint for S3 as shown below making sure you select the correct Route Table.

Configure Security Group:

Next is to configure the Security Group associated with your VPC to allow traffic to the logical network or networks. It’s a basic HTTPS Inbound rule where your source is the SDDN network or networks you want access from.

Create Compute Gateway Firewall Rule:

The final step is to configure a firewall rule on the SDDC Compute Gateway to allow HTTPS traffic to the Amazon VPC from the network or networks you want access to Amazon S3 from.

That’s pretty much it! After that, you should be able to access Amazon S3 over the ENI and get all the benefits that delivers.

References:

https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws-operations/GUID-B501FA3C-EAF9-4005-AC72-155C3F592281.html

9.5 Update 3 Officially Compatible with VMware Cloud on AWS

At VMworld 2017 Veeam was announced as one of only two foundation Data Protection partners for VMware Cloud on AWS. This functionality was dependant on the release of Veeam Backup & Replication 9.5 Update 3 that contained the enhancements for it to interoperate with VMware Cloud on AWS locked down vCenter.

This week 9.5 Update has been listed on the VMware Compatibility Guide (VCG) for Data Protection.

In terms of what you now get in Update 3, there is little noticeable difference in the process to configure and run backup or replication jobs from within Veeam Backup & Replication. The VMware Cloud on AWS resources are treated as just another cluster so most actions and features of the core platform work as if the cloud based cluster was local or otherwise.

There were a few limitations that VMware have placed on the solution which means that our NFS based features such as Instant VM Recovery, Virtual Labs or Surebackups won’t work at this stage. HotAdd mode is the only supported backup transport mode (which isn’t a bad thing as it’s my preferred transport mode) which talks to a new VDDK library that is part of the VMC platform.

With that the following features work out of the box:

  • Backup with In Guest Processing
  • Restores to original or new locations
  • Backup Copy Jobs
  • Replication
  • Cloud Connect Backup
  • Windows File Level Recovery
  • Veeam Explorers

I’m really excited where VMware takes VMware Cloud on AWS and I see a lot of opportunities for the platform to be used as an availability resource. Over the next couple of months I’m hoping to be able to dive a little more into how Veeam can offer both backup and replication solutions for VMware Cloud on AWS.

Resources:

https://www.vmware.com/resources/compatibility/search.php?deviceCategory=vsanps&details=1&partner=594&releases=282&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc

VMware Cloud on AWS: Thoughts One Year On

Last week at VMworld 2017 in the US, VMware announced the initial availability of VMware Cloud on AWS. It was the focal point for VMware at the event and probably the most important strategic play that VMware has undertaken in it’s history. This partnership was officially announced at last year’s VMworld and at the time I wrote a couple of blog posts commenting on the potential impact to the then, vCloud Air Network (now VCPP) and what needed to be done to empower the network.

As you can imagine at the time, I was a little skeptical about the announcement, but since that time we have seen the fall of vCloud Air to OVH and a doubling down of the efforts around enhancing vCloud Director and general support for the VMware Cloud Provider Program. Put this together with me stepping out of my role within the VCPP to one that is on the outside supporting it I feel that VMware Cloud on AWS is good for VMware and also good for service providers.

What It Looks Like:

This time last year we didn’t know exactly what VMC would look like apart from using vSphere, NSX and vSAN as it’s compute, networking and storage platforms or how exactly it would work on top of AWS’s infrastructure. For a detailed look under the hood, Frank Denneman has published a Technical Overview which is worth a read. A lot of credit needs to go to the engineering teams at both ends for achieving what they have achieved within a relatively small period of time.

The key thing to point out is the default compute and storage that’s included as part of the service. Four ESXi hosts will have dual E5-2686 v4 CPUs @2.3GHz with 18 Cores and 512GB of RAM. Storage wise there will be 10TB raw of All Flash vSAN per host, meaning depending on the FTT of vSAN a usable minimum of 20TB. The scale-out model enables expansion to up to 16 hosts, resulting in 576 CPU cores and 8TB of memory which is insane!

What does is Cost:

Here is where is starts to get interesting for me. Pricing wasn’t discussed during the Keynotes or in the announcements but looking at the pricing page here you can see what this base cluster will cost you. It’s going to cost $8.37 USD per host per hour for the on-demand option, which is the only option until VMware launches one year and three year reserved instances in the future where there looks to be a thirty and fifty percent saving respectively.

Upon first glance this seems expensive…however it’s only expensive in relative terms because there is the default resources that come the service. You can’t get anything less than the four hosts with all the trimmings at the moment which, when taken into consideration might lock out non enterprise companies from taking the service up.

Unless pricing changes by way of offering a smaller resource footprint I can see this not being attractive in other regions like ANZ or EMEA where small to medium size enterprises are more common. This is where VCPP service providers can still remain competitive and continue to offer services around the same building blocks as VMC on their own platforms.

CloudPhysics have an interesting blog post here, on some cost analytics that they ran.

How Can it be Leveraged:

With Veeam being a launch partner with VMware Cloud on AWS offering availability services it got me thinking as to how the service could be leveraged by service providers. A few things need to fall into place from a technology point of view but I believe that one of the best potential use cases for VMC is for service providers to leverage it for failover, replication and disaster recovery scenarios.

The fact that there this service posses auto-scaling of hosts means that it has the potential to be used as a resource cluster for disaster recovery services. If I think about Cloud Connect Replication, one of the hardest things to get right as a provider is sizing the failover resources and the procurement of the compute and storage to deal with customer requirements. As long as the base resources are covered the auto scaling capabilities mean that service providers only need to cover the base resources and pay any additional costs if a failover event happens and exceed the default cluster resources.

It must be pointed out that Cloud Connect can’t use a VMC cluster as a target at the moment due to the networking used…that is VXLAN on top of AWS VPN networking.

As I wrote last year, I feel like there is a great opportunity for service providers to leverage VMC as vCloud Director provider clusters however I know that this currently isn’t being supported by VMware. I honestly feel that service providers would love the ability to have cloud based Provider vDCs available across the world and I’m hoping that VMware realise the potential and allow vCloud Director to connect and consume VMC.

VMworld End of Show Report on VMware Cloud on AWS:

References:

https://www.vmware.com/company/news/releases/vmw-newsfeed.VMware-and-AWS-Announce-Initial-Availability-of-VMware-Cloud-on-AWS.2184706.html

https://cloud.vmware.com/vmc-aws

https://www.crn.com.au/news/pricing-revealed-for-vmware-cloud-on-aws-472011