There are maximums and minimums associated with many features in VMware Cloud on AWS.

All limits listed are hard limits unless otherwise indicated. A hard limit cannot be changed. Any limit described as a soft limit may be increased upon request. Contact VMware Support to request an increase to a soft limit.

SDDC Maximums

Maximum Value Description
Number of SDDCs per Organization 2 Number of SDDCs per organization. This is a soft limit.
Number of linked VPCs 1 Maximum number of linked AWS VPCs per SDDC.
Public IP Addresses (Elastic IPs) 75 Maximum number of elastic IP addresses per SDDC. This is a soft limit.
Minimum hosts per cluster for full SLA 3 This is the minimum number of ESXi per vSphere cluster to be supported at the full SLA.
Minimum hosts per cluster for no SLA 1 This is the minimum number of ESXi hosts per vSphere cluster with no SLA.
Maximum hosts per cluster, including stretched clusters 16 The maximum number of ESXi hosts per vSphere cluster. This limit applies to both single-AZ clusters and stretched clusters.
Maximum clusters 20 Maximum number of vSphere cluster per SDDC.
SDDCs per region 5 Maximum number of SDDCs per region. This is a soft limit.

vCenter Server Maximums

Maximum Value Description
Maximum hosts per SDDC 300 Maximum number of ESXi hosts per SDDC. This is a soft limit.
Maximum VMs per SDDC 4000 Maximum number of virtual machines per SDDC.
VMs per host 200 Maximum number of VMs per host.

Networking and Security Maximums

Maximum Value Description
ARP entries per Edge Node 5000 Maximum number of ARP entries.
IPSec VPN Tunnel 16 Maximum number of IPsec VPN tunnels created per SDDC.
Logical Segment 200 Maximum number of logical segments per SDDC.
Logical Ports 1000 per logical segment Maximum number of ports on a logical segment.
MGW Firewall Rule 200 Maximum number of Management Gateway firewall rules.
CGW Firewall Rule 950 Maximum number of Compute Gateway firewall rules.
CGW NAT Rule 500 Maximum number of Compute Gateway NAT rules.
Logical segment advertised over DX private VIF 16 Maximum number of logical segments advertised over Direct Connect Private VIF. This is a soft limit.
Number of L2 VPN Clients 1 Maximum number of sites connecting to L2 VPN server per SDDC.
Extended Network 100 per L2 VPN Maximum number of logical segments extended from on-premises.
Distributed Firewall Grouping Objects 10000 Maximum number of grouping objects (security groups).
Ports with Grouping Objects Applied 1000 Maximum number of ports with grouping objects (security groups) applied.
Distributed Firewall Sections 100 Maximum number of distributed firewall sections.
Distributed Firewall Rules Across All Section Groups 10000 Maximum total number of distributed firewall rules across all sections groups (Emergency Rules, Infrastructure Rules, and so on).
Distributed Firewall Rules Per Section Group 10000 Maximum number of distributed firewall rules per section group.
Distributed Firewall Sections Per Section Group 100 Maximum number of distributed firewall sections per section group (Emergency Rules, Infrastructure Rules, and so on).
Distributed Firewall Sections Across All Section Groups 100 Maximum number of distributed firewall sections across all section groups.
IPs per IP Set 4000 Maximum number of IP addresses that can be included in an IP set.
Distributed Firewall Rules per Grouping Object 512 Maximum number of distributed firewall rules per grouping object (security group).
Security Tags per VM 25 Maximum number of security tags per VM.
VMs per Grouping Object 5 Maximum number of VMs per grouping object (security group).
Port Mirroring Source VMs per session 5 Maximum number of source VMs in a port mirroring session.
Port Mirroring Destination VMs per session 1 Maximum number of destination VMs in a port mirroring session.
IPFIX Collectors 4 Maximum number of IPFIX Collectors configured.
IP Discovery ARP Snooping 1 Maximum IPs detected by ARP snooping on a VM.
IP Discovery VM Tools 1024 (with VMware Tools 10.3.x on a VM) Maximum IPs detected by VMware Tools 10.3.x on a VM.
Direct Connect Private VIF Connection per SDDC 4 Maximum number of private virtual interfaces attached to one SDDC.
Number of VIFs/Ports per host 400 Maximum number of VIFs or ports per host.

vSAN Maximums

Maximum Value Description
Maximum datastore capacity that can be utilized 75% You can use up to 75% of available datastore capacity. Usage beyond this point creates a non-compliant environment as described in Service Level Agreement for VMware Cloud on AWS
Datastore capacity requiring remediation plan 70% You should prepare a remediation plan when capacity utilization nears 70%. Either add hosts to augment datastore capacity, or reduce storage utilization.
VMs per vSAN Hosts 200 Maximum number of VMs per ESXi host in a vSAN cluster.

Site Recovery Maximums

Maximum Value Description
VMS per SDDC ( NSX-T based networking) 1000 This is the supported limit for NSX-T and takes into account both incoming and outgoing replications.

Bidirectional protection: The total number of protected VMs across both sites cannot exceed this limit.

VMs per protection group 500 Maximum number of VMs per protection group.
Number of recovery plans 250 Maximum number of recovery plans.
Protection groups per recovery plan 250 Maximum number of protection groups per recovery plan.
VMs per recovery plan 1000 Maximum number of VMs per recovery plan.
Concurrent recoveries 1000 Total number of VM recoveries that you can start simultaneously across multiple recovery plans.
Multiple-site deployment limits 10 With VMware Site Recovery, you can connect multiple protected and recovery sites to a single SDDC. A single SDDC can support a maximum of 10 paired remote sites.

HCX Maximums

Maximum Value Description
Site Pairs 10 Registered destination HCX sites (SDDCs) per source HCX Manager
Service Meshes 1 One per source and destination Compute Profile pair
HCX Interconnect Appliances 1 One per Service Mesh
HCX WAN Optimization Appliances 1 One per Service Mesh
HCX Network Extension Appliances 50 Per HCX Manager
Concurrent HCX Bulk Migration Operations 100 Per HCX Manager
Concurrent HCX vMotion Operations 1 Per Service Mesh. Subsequent operations are queued, up to a maximum of 100.
Concurrent HCX Cold Migration Operations 8 Per Service Mesh. Subsequent operations are queued, up to a maximum of 100.
Concurrent HCX vMotion w/vSphere Replication (Replication Assisted vMotion) 100 Scheduled switchover is serial. Switchovers are queued with HCX vMotions.
Maximum HCX Virtual Machine Protections 500 Maximum number of HCX Virtual Machine Protections.
Maximum Network Extensions to NSX-T SDDCs 8 Maximum number of on-premises networks that can be extended to an NSX-T cloud SDDC. 10 Network Extension appliance interfaces minus uplink/management
Maximum Network Extensions with Cisco Nexus 1000v at the Source Site 8 10 Network Extension appliance interfaces minus uplink/management.
Network Extension Throughput

4-6 Gbps

4-6+ Gbps per HCX Network Extension Appliance.

1+ Gbps per traffic flow.

Performance varies depending on: MTU, Latency, Environment Traffic, Network Bandwidth, CPU, Memory resources

Virtual Machine Hardware Version HW version 7 or higher is required for Bulk migration

Hardware version 9 or higher is required for HCX vMotion, RAV migrations, and cold migrations.

Minimum virtual machine hardware versions required for migration.
Maximum Virtual Machine Disk Size for HCX Bulk Migration and Replication Assisted vMotion 62 TB with ESXi 5.5 or later.

2 TB with ESXi 5.0 to 5.1

Maximum VM disk size for bulk migration and Replication Assisted vMotion.
Maximum Virtual Machine Disk size for HCX vMotion Reference the VMDK limitations for the destination site data store Maximum VM disk size for HCX vMotion.

Horizon Maximums

Maximum Value Description
Number of desktops per SDDC 2500 For knowledge worker as defined by Login VSI and WQHD display

Actual customer workload might have different characteristics than the benchmark workload used in testing. Therefore, results might vary.

VMware Cloud Services Identity Maximums

Maximum Value Description
Logins per Identity Provider 250 users/minute Each VIDM tenant has a limitation of 250 users max performing login in a minute.
Refresh Auth Token flow 9500 users/minute Maximum number of users that can exchange an API token for an authentication token using the following API: https://console.cloud.vmware.com/csp/gateway/am/api/swagger-ui.html#/Authentication/getAccessTokenByApiRefreshTokenUsingPOST.
Users in Organizations no limit There is no limit to the number of users in an Organization.
AD Connections no limit There is no limit to the number of open AD connections.