Use of AWS Direct Connect is optional. If traffic between your on-premises network and your SDDC workloads requires higher speeds and lower latency than you can achieve with a connection over the public Internet, configure VMware Cloud on AWS to use AWS Direct Connect.
There are a couple of ways you can configure your
VMware Cloud on AWS SDDC to take advantage of AWS Direct Connect for traffic to and from your on-premises datacenter:
- Configure Direct Connect to a private VIF.
- AWS Direct Connect (DX) provides a dedicated network connection between your on-premises network infrastructure and a virtual interface (VIF) in an AWS VPC. A private VIF provides direct private access to your SDDC. Configure DX over a private VIF to carry workload and management traffic, including VPN, HCX, and vMotion, between your on-premises data center and your VMware Cloud on AWS SDDC. A DX connection provides a private path for network communications and uses BGP to advertise routes between the SDDC and your on-premises data center. Provisioning procedures for this VIF depend on the type of DX connection you choose.
- Associate a Direct Connect Gateway (DXGW) with your SDDC Group's VMware Managed Transit Gateway.
- If you have created an SDDC Group in your VMware Cloud on AWS organization, you can use an AWS transit VIF to connect to that group's DXGW and provide DX connectivity between your on-premises data center and all SDDCs in the group. See Attach a Direct Connect Gateway to an SDDC Group.
- Access AWS services over a public VIF
- If you just want to use DX to access AWS services, you can do so over a public VIF. A public VIF is transparent to the SDDC and requires no configuration in the SDDC itself. You cannot use a public VIF to carry the same kinds of SDDC traffic (such as vMotion) that require a private VIF or Direct Connect Gateway. When you have a public VIF configured to learn AWS routes in the region where your SDDC is located, any connectivity from your SDDC to a public IP in your on-premises data center will be included in the AWS routes for that region and will traverse your DX. In this kind of configuration, a VPN connection over the public VIF provides secure, private connectivity to the SDDC.