Deploying a Software-Defined Data Center is the first step for using the VMware Cloud on AWS service. After you deploy the SDDC, you can view information about it and perform management tasks.

There are a couple of things to consider before you deploy an SDDC.

Connected AWS Account

When you deploy a VMware Cloud on AWS SDDC, it is created in an AWS account and VPC dedicated to your organization and managed by VMware. You must also link the SDDC to an AWS account and VPC that you own. This VPC, which we call the Connected Amazon VPC, provides SDDC workloads with access to AWS networks and services.

If you are deploying a single-host starter SDDC, you can delay linking your customer AWS account for up to two weeks.

AWS VPC Configuration and Availability Requirements

The VPC, subnet, and AWS account you use for your SDDC must meet several requirements:
  • The subnet must be in an AWS Availability Zone (AZ) where VMware Cloud on AWS is available. Start by creating a subnet in every AZ in the AWS Region where the SDDC will be created. It helps you identify all AZs where an SDDC can be deployed and select the one that best meets your SDDC placement needs, whether you want to keep your VMC workloads close to or isolated from your AWS workloads running in a particular AZ. See Creating a Subnet in Your VPC in the AWS documentation for information about how to use the Amazon VPC console to create a subnet in your VPC.
  • The subnet must exist in the connected AWS account. It cannot be one owned by and shared from another account.
  • The AWS account being linked must have sufficient capacity to create a minimum of 17 ENIs per SDDC in each region where an SDDC is deployed. Although you cannot provision more than 16 hosts in a cluster, SDDC operations including planned maintenance and Elastic DRS can require us to temporarily add as many as 16 more hosts, so we recommend using an account that has sufficient capacity for 32 ENIs per SDDC per region.
  • We recommend dedicating a /26 CIDR block to each SDDC and not using that subnet for any other AWS services or EC2 instances. Because some of the IP addresses in this block are reserved for internal use, a /26 CIDR block is the smallest subnet that can accommodate SDDC IP address requirements.
  • By default, AWS services or instances that communicate with the SDDC must be on VPC subnets associated with the main route table of the connected VPC. To use a custom route table, enable AWS Managed Prefix List Mode. See Enable AWS Managed Prefix List Mode for more information. By default, AWS limits the size of the main route table to 50 routes. Because the main route table must accommodate an entry for each routed SDDC network segment as well as the management network CIDR and any additional routes you create directly in your AWS account, the default limit might not be adequate for your SDDC networks, especially if you connect more than one SDDC to the VPC. You can request a route table size increase as described in Amazon VPC quotas.
  • If necessary, you can link multiple SDDCs to a VPC if the VPC subnet used for ENI connectivity has a large enough CIDR block to accommodate them. Because all SDDCs in a VPC use the same main route table, make sure that network segments in those SDDCs do not overlap with each other or the VPC's primary CIDR block. Workload VMs on routed SDDC networks can communicate with all subnets in the VPC's primary CIDR block, but are unaware of other CIDR blocks that might exist in the VPC.

AWS Elastic IP Requirements

Every SDDC consumes at least 4 AWS Elastic IP (EIP) addresses that are not displayed on the VMware Cloud Console. These EIPs are required for core SDDC operations. Charges for them are listed in the VMware on AWS Pricing document under Additional charges not included. EIPs are billed per-hour. EIP address remaps, typically initiated by vMotion or a failover event on the edge gateway, are free of charge for the first 100 events. Here's a summary of how these core EIPs are used in a new SDDC:
Table 1. Core EIP Usage
Usage Description
Management Provides VMware support with access to your SDDC.
Management Gateway (MGW) SNAT Provides the default SNAT address for traffic egressing the MGW to the Internet.
Compute Gateway (CGW) SNAT Provides the default SNAT address for traffic egressing the CGW to the Internet.
vCenter Public IP Provides the IP address used for vCenter when the vCenter FQDN is set to Public IP. See Set vCenter Server FQDN Resolution Address. This EIP is always consumed, even if you set the vCenter FQDN to Private IP.

Credit Card Payments

If you choose to use a credit card to pay for your VMware Cloud on AWS SDDC, rather than SPP credits or another method, you might incur a one-time $2000 pre-charge the first time you deploy an SDDC. Any SDDC usage in your first 60 days will be charged against this pre-charged amount. If you delete your initial SDDC before using up the $2000, any remaining amount is not refunded, but the usage for any other SDDCs you deploy counts towards this amount. Usage beyond this amount will be charged to your credit card. If you reach the end of the 60 days without consuming the full $2000 pre-charge, you forfeit any remainder. This pre-charge amount can be used only for VMware Cloud on AWS and cannot be applied to other VMware Cloud Services.

The implementation of the $2000 pre-charge is part of VMware's fraud-prevention policy. This pre-charge is waived at VMware's discretion based on the your current level of engagement with VMware. You will learn of the waiver when you are about to deploy your first SDDC.

By default, credit cards can't be used as the payment method for purchasing subscriptions. If you need to use a credit card to purchase a subscription, open a support ticket, and VMware will assist you with the purchase.