The Tanzu Kubernetes Grid (TKG) managed service is included as part of the basic offering of VMware Cloud on AWS. Users can run, deploy, manage, and operate Kubernetes clusters on top of VMware Cloud on AWS, like they can with on-premises vSphere. The SDDC console provides a mechanism to enable…
The steps involved to do this are as follows: Figure 7.55 – The HCX Migration section Figure 7.56 – The HCX migration group application selection Figure 7.57 – HCX migration resource mappingNOTEHCX supports different migration types beyond vMotion. Bulk Migration uses vSphere Replication to replicate the VM data and requires…
The VMware Hybrid Cloud Extension (HCX) service enables users to connect and migrate workloads from on-premises to VMware Cloud on AWS and back again, or from VMware Cloud on AWS to/from another VMware Cloud vSphere-based environment. HCX has a number of unique features that help to address the most sophisticated…
The Management Gateway firewall protects access to management components such vCenter and NSX. There are two types of management groups: predefined management groups and user-defined management groups. When choosing a source or destination for a management firewall rule, there are three choices: Any, System-Defined, and User-Defined. System-defined groups simplify the…
Tier-1 gateways can terminate VPNs for multi-tenancy environments, where direct connectivity over the VPN is required by a tenant, as seen in the following architecture diagram: Figure 6.41 – Tier-1 gateway VPN termination diagram The configuration is available at Networking | VPN | Tier-1 VPN Services, as seen in the…
Route-based VPNs support dynamic routing and simplify routing configuration in complex network environments. Route-based VPNs utilize BGP over a VPN tunnel. Customers can establish the tunnel using a private connection such as a Direct Connect private virtual interface (VIF) or public internet. To configure the VPN connection, navigate to the…
Source NAT (SNAT) is automatically configured for all SDDC and tier-1 gateway workloads. SNAT is configured for translating the source IP of the VM into the internet public IP address assigned by the VMware Cloud on AWS SDDC. Therefore, customers do not need to create NAT rules for outbound traffic.…
With a policy-based VPN, there is no routing protocol such as BGP, so the initial setup of the VPN connection is easier. However, administrators must manually update the routing tables on both ends of the network when new routes are added. From the VMware Cloud Console, navigate to Inventory >…
VMware Transit Connect is a VMware Managed Transit Gateway (vTGW), which enables complex network topology, including inter- and intra-Region SDDC connectivity, AWS VPC connection, and much more. You deploy vTGW from the SDDC console through the SDDC groups feature, which lets customers manage multiple SDDCs and external AWS connectivity from…
This chapter focuses on the practical basics of SDDC networking and security functionality, starting from basic networking and security features, including NSX Micro-Segmentation, and Day 2 operations. You will learn the networking and security configuration essentials required for day-to-day work. The following topics are covered in this chapter: Before moving…
