VMware Cloud on AWS Operations Guide - VMware Cloud …

1 VMware Cloud on AWS Operations Guide13 January 2022 SDDC Version Cloud on AWSYou can find the most up-to-date technical documentation on the VMware website at: , Hillview Alto, CA 2017-2022 VMware , Inc. All rights reserved. Copyright and trademark Cloud on AWS Operations GuideVMware, VMware Cloud on AWS Operations61 About Software-Defined Data Centers7 Supported SDDC Versions7 Configuration Maximums for VMware Cloud on AWS8 Correlating VMware Cloud on AWS with Component Releases8 VMware Cloud on AWS Developer Resources10 Deploying and Managing a Software-Defined Data Center10 Deploy an SDDC from the VMC Console13 Rename an SDDC22 Delete an SDDC22 Creating and Managing SDDC Deployment Groups with VMware Transit Connect 23 Create or Modify an SDDC Group29 Add Compute Gateway Firewall Rules to Enable SDDC Group Member Workload Connectivity34 Attach a Direct Connect Gateway to an SDDC Group36 Use vCenter Linking in an SDDC Group38 Configure SDDC Compliance Hardening40 Disable Networking & Security Tab Access40 Disable Add-On Services42 Using VMware Tanzu Kubernetes Grid Services with VMware Cloud on AWS44 Activate Tanzu Kubernetes Grid Within Your SDDC46 Enable Internal Access to a Tanzu Kubernetes Cluster49 Enable Internet Access to Kubernetes Service50

2 Deactivate Tanzu Kubernetes Grid in Your SDDC51 SDDC Upgrades and Maintenance52 View an SDDC Maintenance Schedule Reservation56 View Maintenance Progress56 Convert UTC Time to Local Time57 Estimating the Duration of SDDC Maintenance57 Actions Taken by VMware to Ensure SDDC Health58 View Billing Information60 Upsize SDDC Management Appliances60 Roles and Permissions in the SDDC612 Managing SDDC Hosts and Clusters63 VMware Cloud on AWS Host Types63 Add a Cluster64 VMware , a Cluster65 Add Hosts66 Remove Hosts67 About Elastic DRS68 How the Elastic DRS Algorithm Works69 Select Elastic DRS Policy71 Introduction to Auto-Remediation73 Auto-Remediation High-Level Architecture74 Functions of Auto-Remediation74 How Do You Remediate with Auto-Scaler 75 Events in Auto-Scaler76 Using Policies and Profiles76 Create or Delete a VM-Host Affinity Policy77 Create or Delete a VM-Host Anti-Affinity Policy78 Create or Delete a VM-VM Affinity Policy79 Create or Delete a VM-VM Anti-Affinity Policy80 Create or Delete a Disable DRS vMotion Policy81 Microsoft Product Licenses in VMware Cloud on AWS82 License Mobility84 Select License Options from the VMC Console85 Deploying Microsoft Server Instances86 Activate or Reactivate a Windows Server VM90 Converting Clusters from i3 to i3en Hosts913 Working With SDDC Add-On Services94 Using the vRealize Log Insight Cloud Add-On94 Using the vRealize Automation Cloud Add-On95 Using VMware Carbon Black Workload95 Using the NSX

3 Advanced Firewall Add-On964 Getting Templates, ISOs, and Other Content into Your SDDC97 Use the Content Onboarding Assistant to Transfer Content to Your SDDC98 Use a Content Library to Import Content into Your SDDC100 Upload Files or Folders to your SDDC1015 Migrating Virtual Machines102 Hybrid migration With VMware HCX103 Hybrid migration with VMware HCX Checklist103 Hybrid migration with vMotion104 Hybrid migration with vMotion Checklist106 Required Firewall Rules for vMotion107 VMware Cloud on AWS Operations GuideVMware, migration with vMotion109 Hybrid Cold Migration109 Hybrid Cold migration Checklist110 Required Firewall Rules for Cold Migration1106 Accessing AWS Services112 Access an EC2 Instance 112 Access an S3 Bucket Using an S3 Endpoint115 Access an S3 Bucket Using the Internet Gateway1167 Using On-Premises vRealize Automation with Your Cloud SDDC118 Prepare Your SDDC to Work with vRealize Products118 Connect vRealize Automation to Your SDDC119 Connect vRealize Automation to Your SDDC1198 Service Notifications and Activity Log121 View the Activity Log121 View and Subscribe to the Service Status Page122 Notifications Available from VMware Cloud on AWS122 Set Notification Preferences1349 Troubleshooting135 Get Support135 Unable to Connect to VMware Cloud on AWS135 Unable to Connect to vCenter Server136 Unable to Select Subnet When Creating SDDC137 Unable to Copy Changed Password Into vCenter Login Page138 Compute Workloads Are Unable to Reach an On-Premises DNS Servers Over a

4 Policy-Based VPN138 VMware Cloud on AWS Operations GuideVMware, VMware Cloud on AWS OperationsThe VMware Cloud on AWS Operations Guide provides information about configuring advanced SDDC features that support ongoing operation of your VMware Cloud on AWS SDDC, including storage management, provisioning, and seamless interoperation with your on-premises data AudienceThis Guide is primarily for VMware Cloud on AWS organization members who have the CloudAdmin role or another role that includes administrative rights over objects owned by your organization. It covers operational areas like provisioning your SDDC with content from your on-premises datacenter , using AWS services like S3 and Direct Connect, and integrating VMware Cloud on AWS with other VMware and Amazon assume you already have experience using an SDDC with a management network as described in the VMware Cloud on AWS Getting Started Guide . Experience configuring and managing vSphere in an on-premises environment and familiarity with virtualization concepts are assumed.

5 In-depth knowledge of Amazon Web Services is useful, but is not , Software-Defined Data Centers1A VMware Cloud on AWS Software-Defined Data Center (SDDC) includes compute, storage, and networking SDDC runs in an Amazon Virtual Private Cloud (VPC) and provides a full VMware stack, including vCenter Server, NSX-T software-defined networking, vSAN software-defined storage, and one or more ESXi hosts that provide compute and storage resources to your chapter includes the following topics:nSupported SDDC VersionsnConfiguration Maximums for VMware Cloud on AWSnCorrelating VMware Cloud on AWS with Component ReleasesnVMware Cloud on AWS Developer ResourcesnDeploying and Managing a Software-Defined Data CenternCreating and Managing SDDC Deployment Groups with VMware Transit Connect nConfigure SDDC Compliance HardeningnUsing VMware Tanzu Kubernetes Grid Services with VMware Cloud on AWSnSDDC Upgrades and MaintenancenView Billing InformationnUpsize SDDC Management AppliancesnRoles and Permissions in the SDDCS upported SDDC VersionsA given version of the SDDC software is supported only for a specific period of time.

6 Updates to the SDDC software are necessary to maintain the health and availability of the service, and are version of the SDDC software has an expiration date. SDDCs whose software version is past the expiration date are not guaranteed support from find the version of your SDDC software, see Get , 1-1. Lifecycle Support for SDDC Software VersionsSDDC VersionExpiration 28, 31, 31, 30, 2021 Configuration Maximums for VMware Cloud on AWST here are maximums and minimums associated with many features in VMware Cloud on limits listed are hard limits unless otherwise indicated. A hard limit cannot be changed. Any limit described as a soft limit may be increased upon request. Contact VMware Support to request an increase to a soft the latest maximums, see VMware Configuration MaximumsCorrelating VMware Cloud on AWS with Component ReleasesThe following table shows the ESXi, vCenter Server, NSX-T, and virtual machine hardware versions associated with each SDDC versionESXi versionvCenter Server versionNSX-T versionVirtual Machine Hardware (Build 18877114) (Build 18944372) (Build 18898460)19 (version 17 is the default) (Build 18710037) (Build 18725380) (Build 18707895)19 (version 17 is the default) (Build 18186873) (Build 18241532) (Build 18196142) (Build 18110030) (Build 18137590) (Build 18112709) (Build 18893290) (Build 18900449) (Build 18790718) (Build 18596908) (Build 18596906) (Build 18574048) (Build 18370790) (Build 18370788 ) (Build 18358881)17 VMware Cloud on AWS Operations GuideVMware, versionESXi versionvCenter Server versionNSX-T versionVirtual Machine Hardware (Build 18226209) (Build 18231847) (Build 18084735)

7 (Build 18118720) (Build 18119277) (Build 18084735) (Build 17867587) (Build 17933601) (Build 17818935) (Build 17776467) (Build 17803906) (Build 17723245) (Build 17230216) (Build 17182107) (Build 17148774) (18370181) (Build 17672114) (Build 17667295) (Build 17672114) (Build 17699042)( (Build 17667295) (Build 17460241) (Build 17589294) (Build 17367165) (Build 17460241) (Build 17429602) (Build 17367165) (Build 17230436) (Build 17259191) (Build 17101807) (Build 17053012) (Build 17053011) (Build 17101807) (Build 16862706) (Build 16862250) (Build 16837606) (Build 16239929) (Build 16241306) (Build 16222301) (Build 18369174) (Build 16737387) (Build 16798767) (Build 16737387) (Build 16765794) (Build 16798767) (Build 16717799) (Build 16763602) (Build 16732946) (Build 16447747) (Build 16591182) (Build 16586072) (Build 16447747) (Build 16350205) (Build 16432221) (Build 16365721) (Build 16350205) (Build 16329990) (Build 16183155) (Build 15987059) (Build 15978420) (Build 15866630) (Build 15900180) (Build 15833404) (Build 15734104) (Build 15726776) (Build 15698959)17 VMware Cloud on AWS Operations GuideVMware, versionESXi versionvCenter Server versionNSX-T versionVirtual Machine Hardware versionVMware Cloud on AWS GovCloud ( ) (Build 15423985) (Build 15424599) (Build 15419370) (Build 15423985) (Build 15424599) (Build 15419370)17To find compatible versions of solutions, see the VMware Interoperability Site Recovery Manager InteroperabilitynVMware HCXVM ware Cloud on AWS Developer ResourcesVMware Cloud on AWS provides an open, extensible framework that enables customers, partners, independent software vendors, and open-source software contributors to create scripts, solutions and services that integrate, extend, and automate SDDC creation, deployment, and the VMware Cloud on AWS Dev Center to find out more about the available APIs, SDKs, CLIs, and other resources.)

8 You can also use many of the native vSphere tools that apply to your on-premises vSphere installation to automate vSphere Operations in the SDDC. See Working with the Developer Center in the vSphere and Managing a Software-Defined Data CenterDeploying a Software-Defined Data Center is the first step for using the VMware Cloud on AWS service. After you deploy the SDDC, you can view information about it and perform management are several actions to be considered before deploying your AWS AccountWhen you deploy your SDDC on VMware Cloud on AWS, it is created within an AWS account and a VPC dedicated to your organization and managed by VMware . You must also connect the SDDC to an AWS account belonging to you, called the customer AWS account . This connection allows your SDDC to access AWS services belonging to your customer can deploy one, two or multiple hosts on VMware Cloud on you are deploying a Single Host SDDC, you can delay linking your customer AWS account for up to two weeks.

9 You cannot scale up a Single Host SDDC to a multiple host SDDC until you link an AWS account. If you are deploying a multiple host SDDC, you must link your customer AWS account when you deploy the Cloud on AWS Operations GuideVMware, VPC Configuration and Availability RequirementsThe VPC, subnet, and AWS account you use must meet several requirements:nThe subnet must be in an AWS Availability Zone (AZ) where VMware Cloud on AWS is available. Start by creating a subnet in every AZ in the AWS Region where the SDDC will be created. It helps you identify all AZs where an SDDC can be deployed and select the one that best meets your SDDC placement needs, whether you want to keep your VMC workloads close to or isolated from your AWS workloads running in a particular AZ. See Creating a Subnet in Your VPC in the AWS documentation for information about how to use the Amazon VPC console to create a subnet in your subnet must exist in the connected AWS account. It cannot be one owned by and shared from another AWS account being linked must have sufficient capacity to create a minimum of 17 ENIs per SDDC in each region where an SDDC is deployed.

10 Although you cannot provision more than 16 hosts in a cluster, SDDC Operations including planned maintenance and Elastic DRS can require us to temporarily add as many as 16 more hosts, so we recommend using an AWS that has sufficient capacity for 32 ENIs per SDDC per recommend dedicating a /26 CIDR block to each SDDC and not using that subnet for any other AWS services or EC2 instances. Because some of the IP addresses in this block are reserved for internal use, a /26 CIDR block is the smallest subnet that can accommodate SDDC IP address VPC subnets on which AWS services or instances communicate with the SDDC must be associated with the main route table of the connected VPC. Use of a custom route table or replacement of the main route table is not supported. By default, AWS limits the size of the main route table to 50 routes. Because the main route table must accommodate an entry for each routed SDDC network segment as well as the management network CIDR and any additional routes you create directly in your AWS account, the default limit might not be adequate for your SDDC networks, especially if you connect more than one SDDC to the VPC.