Happy to clear VMware Cloud on AWS certification which i was dreaming to complete since it is launched. Thanks to VMware for articles and on demand courses that are made available in My Learning portal.
VMware Cloud on AWS is an on-demand service that is capable to run applications across vSphere-based cloud environments with access to a broad range of AWS services.
Preparing for the exam:
Started preparing for the course by checking the exam blue print and certification guide, later went through the on demand course available in VMware Education: VMware cloud on AWS : Deploy and Manage – On Demand
This course helped me to know fundamentals including few AWS services that I was not aware of. I would highly recommend this for people having good exposure on vSphere as the on demand course cloud on aws doesn’t touch the in depth features of vSphere. Course also provides very good lecture material which you can download from my learn.
Lab:
Hands on Lab is available in my learn (or)
Subscribe and purchase sddc from vmware cloud on AWS, prices given in vmc portal – This will help you in gaining greater exposure about the product.
Key Points captured during On demand course:
- Use Cases:
- Extension of onprem DC to the public cloud to expand resource capacity, increase disaster avoidance and recovery options, or localize application instances.
- Consolidation
- Peering the private and public cloud that allows for application mobility
- Global compliance – ISO, SOC1-3, GDPR, and HIPAA
- Many different AWS regions available plus GovCloud
- SDDC
- Minimum of 3 hosts and maximum of 32 hosts
- Up to 10 clusters can be added to a SDDC
- Stretched Cluster – between two AZ’s (min of 6 hosts and max of 28)
- Host Configuration
- 2 18 core sockets – Broadwell
- 512 gibibytes of memory (550GB)
- 14.3TB of NVMe SSD’s – 3.6TB for flash, 10.7TB for capacity
- 1 AWS ENA – 25Gbps
- vSAN/Storage
- Two Disk Groups per host
- Dedupe/Compression is on by default
- Encryption is happening at the drive level
- Two different datastores – WorkloadDatastore (for workloads) and vsanDatastore (management VMs, cannot be modified)
- Default policy is PFTT 1, RAID1
- Can pick from PFTT of 1 to 3, RAID1/5/6 (if available hosts)
- Since All Flash, reads are from cap tier
- Stretched Cluster
- Sync writes between two AZ’s
- Witness host is added and not charged to customer
- Pre-reqs
- Requires a AWS VPC with two subnets, one subnet per AZ
- Smallest SC is 6, largest is 28
- Must grow in pairs
- Adding hosts trombones between AZs – first one is added to AZ1, next is AZ2, next is AZ1, and so on
- Site Disaster Tolerance – default is dual site mirroring
- Network
- Traffic is separate between management and compute gateways
- Amazon Direct Connect allows for low-latency connections between on-prem and AWS.
- ENA’s are highly redundant even though there’s a single pNIC per host
- Two types of VPCs
- One created and managed by VMware – underlying VPC that is created when the SDDC is created
- Second – VPC that you create so you can peer with native AWS services
- Firewall
- Default deny all
- Must add rules for vCenter access, IPsec, etc
- Firewall Rule Accelerator created a group of rules to accelerate successfully connecting a VPN tunnel
- Logical Networks
- Routed network – internal communication over a IPsec or Internet connection. Normal overlay network that we are used to.
- External Network – utilized for L2VPN connectivity. Requires Tunnel ID. Think of this as a subint
- Inter-Networking Scenarios
- Compute GW – IPsec for guest OS connectivity
- Compute CW – L2VPN for vMotion, same L2 domain
- Direct Connect with pub virtual interface – in conjunction with IPsec or L2VPN or Pub Internet. Used for AWS services
- Direct Connect with private virtual interface – secured to direct SDDC
- Hybrid Linked Mode
- Allows for a single management interface between on-prem vCenter and VMC
- Pre-req for migration from on-prem to VMC
- Same SSO is not needed
- Configuration is only done from one of the vCenters to configure HLM. Will only be visible from this vCenter for future management. So, no bi-directional UI support.
- Pre-reqs
- IPsec VPN connection between on-prem and SDDC management gateway
- Network connectivity between your VMC vCenter and on-prem vCenter server and identity source
- Same DNS
- Less than 100ms RTT
- Misc ports needed for successful connectivity
- vCenter Cloud Gateway Appliance configured HLM.
- HCX
- Can do migrations between vSphere 5.1 to VMC
- No charge
- VPC
- Only one VPC can be connected to a SDDC
- VPC subnets can only reside in one AZ.
- Elastic IP addresses are public IPv4 addresses mapped to the AWS account, not the resource.
- Connecting –
- Must connect a Amazon VPC or if it’s a single node SDDC, can delay up to 14 days.
- Migrating VMs
- Cluster EVC and Per-VM EVC
- In 6.7, can enable disable or change the EVC mode at the VM level.
- Requirements for Hybrid Cold Migration
- vSphere 6.5 patch d or later, 6.0U3, vSphere 5.1/5.5
- IPsec VPN
- HLM but can use move-vm cmdlet
- Hybrid Migration with vMotion
- Minimum bandwidth of 250Mbps and less than 100ms RTT
- vSphere 6.5 patch d / vSphere 6.0U3
- IPsec VPN
- vCSS/vDS 6.0 or 6.5
- AWS DC with a private virtual interface
- HLM or move-vm cmdlet
- L2VPN to extend VM networks between on-prem and VMC
- All FW rules in order.
- VM hardware version 9, Cluster based EVC baseline on Broadwell
- Per-VM EVC
- Must be hardware version 14 or greater
- VM must be powered off to change Per-VM EVC
- Cluster EVC and Per-VM EVC
- Permissions and Security
- CloudAdmin –
- Necessary privileges for creating/managing workloads in the SDDC
- Does not allow changing the configuration of management components that are supported by VMW
- CloudGlobalAdmin –
- Associated with global privileges that allows you to create and manage content library objects and perform other global tasks.
- [email protected] is the default user generated during creation.
- Other users cannot be created until HLM is configured. DO NOT modify solution users associated with the VMC created in an on-prem vSphere domain
- CloudAdmin –
- Elastic DRS
- Allows the SDDC to scale based on resource thresholds
- Not supported for multi-AZ deployment or single host SDDC
- If a user adds or removes a host, current EDRS remediations are ignored
- Licensing/Pricing
- On-Demand, One-Year and Three-Year Subscription models
- HLP discounts of up to 25%
- Site Recovery is an add-on cost
- All other AWS services are billed separately
- Cloud Services Roles
- Organization Owners –
- Can have one or more
- Owners can invite additional owners and users, manage access
- Organization Users –
- Access VMware Cloud services
- Cannot invite users, change access, or remove
- Organization Owners –
- Deployment
- Default Subnet CIDR is 10.2.0.0/16 – reservations for other RFC1918 addresses
- 192.168.1.0/24 is reserved for default compute
- Maximum hosts are dictated by the CIDR block you state
- Content Libraries
- Onboarding Assistant is a java CLI tool for transferring to VMC
- Can still utilize subscribe functionality
- Utilize vSphere Client to upload files
- Site Recovery
- vSphere Replication based
- Supports Active-Active, Active-Passive, Bidirectional
- Pre-Reqs
- vCenter 6.7/6.5/6.0U3, ESXi 6.0U3 or later
- SRM 8.x on-prem
EXAM:
Exam duration is 45 minutes with 30 questions, covers mostly the fundamentals taught in on demand course.
Finally, after successful completion of certification, you will get a bagde from VMware.. All the best and happy learning 🙂