The Tanzu Kubernetes Grid (TKG) managed service is included as part of the basic offering of VMware Cloud on AWS. Users can run, deploy, manage, and operate Kubernetes clusters on top of VMware Cloud on AWS, like they can with on-premises vSphere. The SDDC console provides a mechanism to enable…
The VMware Hybrid Cloud Extension (HCX) service enables users to connect and migrate workloads from on-premises to VMware Cloud on AWS and back again, or from VMware Cloud on AWS to/from another VMware Cloud vSphere-based environment. HCX has a number of unique features that help to address the most sophisticated…
In this chapter, you will gain a comprehensive understanding of the intricacies involved in configuring integrated services. These services encompass the NSX Advanced security service, which offers a Layer 7 firewall and Intrusion Prevention System/Intrusion Detection System (IPS/IDS) security features. Additionally, you will explore VMware HCX, VMware Aria Operations for…
VMware Aria Operations for Logs aggregates logs from all infrastructure-related services in VMware Cloud on AWS, such as vCenter, ESXi, NSX, and the SDDC console. It is automatically preconfigured for all services. From the Cloud Service console, navigate to Services and select VMware Aria Operations for Logs. Once inside the…
Port mirroring allows us to copy and redirect packets to a destination monitoring device. This is useful for monitoring and analyzing specific traffic in use cases such as the following: Port mirroring configuration includes specifying the traffic to be monitored (referred to as the source) and determining the direction in…
The Management Gateway firewall protects access to management components such vCenter and NSX. There are two types of management groups: predefined management groups and user-defined management groups. When choosing a source or destination for a management firewall rule, there are three choices: Any, System-Defined, and User-Defined. System-defined groups simplify the…
Tier-1 gateways can terminate VPNs for multi-tenancy environments, where direct connectivity over the VPN is required by a tenant, as seen in the following architecture diagram: Figure 6.41 – Tier-1 gateway VPN termination diagram The configuration is available at Networking | VPN | Tier-1 VPN Services, as seen in the…
Route-based VPNs support dynamic routing and simplify routing configuration in complex network environments. Route-based VPNs utilize BGP over a VPN tunnel. Customers can establish the tunnel using a private connection such as a Direct Connect private virtual interface (VIF) or public internet. To configure the VPN connection, navigate to the…
With a policy-based VPN, there is no routing protocol such as BGP, so the initial setup of the VPN connection is easier. However, administrators must manually update the routing tables on both ends of the network when new routes are added. From the VMware Cloud Console, navigate to Inventory >…
VMware Transit Connect is a VMware Managed Transit Gateway (vTGW), which enables complex network topology, including inter- and intra-Region SDDC connectivity, AWS VPC connection, and much more. You deploy vTGW from the SDDC console through the SDDC groups feature, which lets customers manage multiple SDDCs and external AWS connectivity from…
