Each SDDC runs in an Amazon Virtual Private Cloud (VPC) and provides a full VMware stack, including vCenter, NSX software-defined networking, and storage, and one or more ESXi hosts that provide compute and storage resources to your workloads. When you create an SDDC, you can choose between vSAN Original Storage Architecture (vSAN OSA), vSAN Express Storage Architecture (vSAN ESA), and external storage such as NFS.

When you're done with your Network Planning and Resource Planning, take a look at the VMware Cloud Tech Zone Quick Start guide, then follow up with the Deploy an SDDC section of the VMware Cloud on AWS Operations Guide.

To ensure control and security, an SDDC provides separate networks for management and compute components. Management components such as vCenter, ESXi, and NSX manager connect to the SDDC management network. You can create an IPsec VPN to provide secure access to the management network through the SDDC Management Gateway, an NSX Edge dedicated to this function. You access compute components (workload VMs on a compute network) through a Compute Gateway. The compute network is typically implemented as an L2VPN that provides a single IP address space that spans your on-premises and SDDC environments. The Compute Gateway, a separate NSX Edge instance and Distributed Logical Router, control network access to workload VMs.

For more information about SDDC networking, see VMware Cloud on AWS Networking and Security