Deploying a Software-Defined Data Center (SDDC) is the first step in making use of the VMware Cloud on AWS service. After you deploy the SDDC, you can view information about it and perform management tasks.

There are a number of factors that you should consider before deploying your SDDC.

The default topology deployed is shown below.

Connected AWS account

When you deploy an SDDC on VMware Cloud on AWS, it is created within an AWS account and VPC dedicated to your organization and managed by VMware. You must also connect the SDDC to an AWS account belonging to you, referred to as the customer AWS account. This connection allows your SDDC to access AWS services belonging to your customer account.

If you are deploying a Single Host SDDC, you can delay linking your customer AWS account for up to two weeks. You cannot scale up a Single Host SDDC to a multiple host SDDC until you link an AWS account. If you are deploying a multiple host SDDC, you must link your customer AWS account when you deploy the SDDC.

AWS VPC Subnet Configuration and Availability Requirements

The VPC and subnet you use to connect the SDDC to your AWS account must meet several requirements:

  • It must be dedicated to the SDDC. No other AWS services or instances should connect to that subnet.

  • You can link multiple SDDCs to a VPC as long as the VPC subnet used for ENI connectivity has enough ENIs (17 per SDDC) or you can allocate a separate VPC subnet for each SDDC connection. You must ensure in all cases that the CIDR blocks for the SDDC and the VPC do not overlap.

  • The subnet(s) used for the SDDC, as well as any subnets on which AWS services or instances communicate with the SDDC must all be associated with the VPC's main route table.

  • The IP address range of the subnet must be unique within your enterprise network infrastructure. It cannot overlap the IP address range of any of your on-premises networks.


Be sure that your connected Amazon VPC includes a subnet in each Availability Zone (AZ) in the AWS Region where the SDDC will be created. That way, you can identify all the AZs where an SDDC can be deployed and select the AZ that best meets your SDDC placement needs, whether you want to keep your VMC workloads close to or isolated from your existing AWS workloads running in a particular AZ. See Creating a Subnet in Your VPC in the AWS documentation for information about how to use the Amazon VPC console to create a subnet in your VPC.

Single Host SDDC starter configuration for VMware Cloud on AWS

You can kickstart your VMware Cloud on AWS experience with a Single Host SDDC starter configuration. This is a time-limited offering designed for you to prove the value of VMware Cloud on AWS in your environment. The service life of a Single Host environment is limited to 30 day intervals. At any point during the service life of the Single Host SDDC, you can choose to scale up to a production SDDC configuration with three or more hosts, without loss of data. If you don't scale up the Single Host SDDC before the end of the service life, the SDDC is deleted along with all the workloads and data it contains.

Stretched Clusters for VMware Cloud on AWS

You can create an SDDC with a cluster that spans two availability zones. A vSAN stretched cluster is used to create a single datastore for the cluster and replicate the data across both availability zones. If service in one availability zone is disrupted, workload VMs are brought up in the other availability zone.

The following restrictions apply to stretched clusters:

  • You can't convert a stretched cluster to a single availability zone cluster, or vice versa.

  • A given SDDC can contain either single availability zone clusters or stretched clusters, but not a mix of both.

  • Currently, a given SDDC can contain only one stretched cluster.


The default networking topology deployed is shown below.

Figure 1. Default SDDC Network Topology

Management Gateway (MGW)

The MGW is an NSX Edge Security gateway that provides north-south network connectivity for the vCenter Server and NSX Manager running in the SDDC. The Internet-facing IP address (Public IP #1) is automatically assigned from the pool of AWS public IP addresses when the SDDC is created. The management logical network internal to your SDDC is assigned the CIDR block by default. When you create your SDDC, you can assign a different address block to prevent address conflicts with other environments that you connect to your SDDC.

Compute Gateway (CGW)

The CGW provides north-south network connectivity for virtual machines running in the SDDC. VMware Cloud on AWS creates a default logical network to provide networking for these VMs. You can create additional logical networks using the vSphere Client.

You will need to configure IPsec VPNs, firewall rules, and other networking elements to allow full communication between your on-premises data center and your cloud SDDC.