vmware cloud on aws poster-v7 05102019 · • esxi to vpn subnet - all tra˜c, any port •...

VMware Cloud on AWS - Quick Reference

Copyright © 2019 VMware, Inc. All rights reserved. @vmwarecloudawshttps://cloud.vmware.com/vmc-aws

ArchitectureHCX Enterprise Network

NSX-T AWS Connected VPC Firewall Rules

- Management Gateway - • vCenter to VPN subnet - All tra�c, any port • ESXi to VPN subnet - All tra�c, any port • On-premises subnet to vCenter - HTTPS, TCP 443 • On-premises subnet to vCenter - ICMP, any ports • On-premises subnet to ESXi - Provisioning, TCP 902 • On-premises subnet to ESXi - Remove Console, TCP 903 • On-premises subnet to ESXi - ICMP, any port • On-premises subnet to NSX Manager - HTTPS, TCP 443

- HCX -

• On-premises network to HCX Manager (public IP or DX) - HTTPS, TCP 443 • On-premises network public IP to HCX Interconnect IP(s) (public IP or DX) - UDP 500,4500

- Site Recovery -

• Remote network to SRM - SRM Server Management, TCP 9086 • Remote network to VR - All tra�c, port 31013 • Remote network to VR - All tra�c, port 44046 • Remote network to VR - VR Server Management, TCP 8043 • Remote network to VR - HTTPS, TCP 443 • SRM to remote network - HTTPS, TCP 443 • SRM to remote network - SRM Server Management, TCP 9086 • SRM to remote network - VR Server Management, TCP 8043 • VR to remote network - SRM Server Management, TCP 9086 • VR to remote network - VR Server Management, TCP 8043 • ESXi to remote network - All tra�c, port 31013 • ESXi to remote network - All tra�c, port 44046

Infrastructure Overview

On-premises Data Center

SRM / VR

HCX

vCenter Server vsphere.local

vSphere

AWS Global Infrastructure

SRM / VR

HCX

vCenter Servervmc.local

vSphere

All FlashvSAN

Content Library

Hybrid Linked Mode

Customer Data Center VMware Cloud on AWS

...

...

AmazonEC2

AmazonS3

AmazonRDS

...

...

AWS IOT AWS DirectConnect

AWS IAM

AWS Global Infrastructure

ENI

Direct Connect Topology

VLAN 20

VLAN 10

Management Components

10.20.0.0/16

Customer Data Center

On-premisesNetwork

CustomerNetwork

AWS BackboneNetwork

Workload Tra�cOver Private VIF

vMotion,ESX Management,

Mgmt. Appliances Tra�cOver Private VIF

CustomerRouter

AWS DXRouter

VMware Cloud on AWS SDDC

Internet GW

CGW

VGW192.168.20.0/24

192.168.10.0/24

NSX OverlayNetwork

10.10.0.0/16

ESXVMKernel

Mgmt.Appliance

MGW

Private VIF

DX Location

EC2 Instances

VPC Connectivity through ENI

VPC Router

VPC subnets

VPC Endpoints

AmazonS3

VMware Cloud on AWS SDDC

Internet GWCGW

192.168.30.0/24

192.168.20.0/24

192.168.10.0/24

NSX OverlayNetwork

10.10.0.0/16

ESXVMKernel

Mgmt.Appliance

MGW

Customer VPC

10.20.0.0/16

VPC routetable

192.168.10.0192.168.20.0192.168.30.0

EC2 Instances

Availability Zone 1

WA

N: P

ublic Internet

Or Private C

ircuit

HCX WAN Transport/Suite B Crypto (IKEv2,Certificate Based)

Internet

Boundary

HCX Interconnect

Network Extension

HCX Enterprise Mgr

WAN Optimization

connect.hcx.vmware.com

vCenterServer

HCX Administrator

vCenterServer

HCX WAN Transport/Suite B Crypto (IKEv2,Certificate Based)

vCenterServer

NSX API TCP-443NSX API (OPTIONAL)

Internet

Boundary

HCX Appliance Management

VMware HCX at the Enterprise Site VMware HCX at VMware Cloud on AWS

hybridity-depot.vmware.com

HCX-Activation & Entitlement (connect)HCX-Updates (hybridity-depot)

HCX-Activation & Entitlement (connect)HCX-Updates (hybridity-depot)

HCX WAN FLOWS

SDDC INTEGRATION FLOWS

HCX Multisite Management (SSL/TLS1.2) TCP-443

HCX HTTPS HCX Enterprise on Premises HCX Cloud on VMC SDDC

HCX X-vMotion Control

HCX vMotion

OVF Import

HCX Internal

ESX Authorization & HCX Cold/Bulk Migration

Accelerated Bi-Directional Virtual Machine Mobility

vSphere Distributed

Switch

HCX Network Extension

VM NetworksVLAN/VXLAN

Extended VM Networks(NSX Logical Switches)

On-premisesESXi Cluster

NSX NetworkingHCX Cloud Manager

Peer HCX Interconnect

Peer Network Extension

Peer WAN Optimization

HCX Internal & Migration Control

HCX/SDDC Administrator

HCX Appliance Management

HCX Internal

OVF Import

vCenterServer

SDDC Hosts

HCX Mobility Control Plane

VMware HCXHCX Appliance Management

HCX HTTPS

Web-Client/Plugin/SSO

HCX X-vMotion Control

ESX Authorization & HCX Cold/Bulk Migration

Web-Client/Plugin/SSO

HCX vMotion

HCX Internal & Migration Control

ESXiManagementVMkernel Interface

ESXivMotionVMkernel Interface

ESXiManagementVMkernel Interface

ESXivMotionVMkernel Interface

Authors: @emad_younis @vMegie

http://www.vmw.re/vmc/getstarted

https://twitter.com/emad_younis

https://twitter.com/vMegie

http://www.vmw.re/hcx/resources

http://www.vmw.re/vmc/dx

http://www.vmw.re/vmc/vpc

http://www.vmw.re/vmc/mgmtfw

http://www.vmw.re/hcx/fw

http://www.vmw.re/vmc/srmfw

https://cloud.vmware.com/vmc-aws

https://twitter.com/vmwarecloudaws?lang=en

vmware cloud on aws poster-v7 05102019 · • esxi to vpn subnet - all tra˜c, any port •...

Documents