vSphere in a software-defined data center like your VMware Cloud on AWS SDDC works in the same way that your on-premises vSphere does. In the SDDC, some vSphere components are owned and managed by VMware, so some of the on-premises administrative workflows that you're familiar with aren't needed in VMC.

For information about vSphere administration in VMware Cloud on AWS, you should refer to the vSphere Documentation, but you'll need to keep a few high-level differences in mind when reading those topics:
  • VMware Cloud on AWS users don't have physical access to access ESXi host hardware and cannot log in to the ESXi host operating system. Procedures that require this kind of access are performed by VMware staff.
  • Global Permissions are not replicated from your on-premises vCenter Server and the vCenter Server in your SDDC. Global permissions do not apply to objects that VMware manages for you, like SDDC hosts and datastores.

Specific Differences to be Aware Of

In addition to the high-level differences we've noted, many topics in the vSphere Documentation are written specifically for on-premises users, and don't include some of the information you need when using vSphere in the SDDC.

Table 1. Topic Content Differences Between On-Premises and SDDC vSphere
Topic Highlights
vSphere Managed Inventory Objects Each VMware Cloud on AWS SDDC has a single data center named SDDC-Datacenter. The data center defines the namespace for networks and datastores. The names for these objects must be unique within a data center. You cannot have two datastores with the same name within a single data center. Virtual machines, templates, and clusters need not be unique within the data center, but must be unique within their folder.
vCenter Server System Roles The vCenter Server in your SDDC includes two predefined roles that are not present in your on-premises vCenter.
CloudAdmin Role
The CloudAdmin role has the privileges necessary to create and manage SDDC workloads and related objects such as storage policies, content libraries, vSphere tags, and resource pools. This role cannot access or configure objects that are supported and managed by VMware, such as hosts, clusters, and management virtual machines. The CloudAdmin role can create, clone, or modify non-default roles. For detailed information about the privileges assigned to this role, see CloudAdmin Privileges.
CloudGlobalAdmin Role
The CloudGlobalAdmin role is an internal role that must exist during SDDC deployment but can be removed by a CloudAdmin after deployment is complete.
VMware Cloud on AWS users don't have physical access to access ESXi host hardware and cannot log in to the ESXi host operating system. Procedures that require this kind of access are performed by VMware staff.
Securing vCenter Server Systems In an on-premises SDDC, you are responsible for ensuring the security of your vCenter Server system. In VMware Cloud on AWS, VMware performs most of these tasks for you. You are responsible for following security best practices, especially for the VMs in your environment, and might want to be aware of some other aspects of vCenter Server and vCenter Single Sign-On such as password and lockout policies.
vSphere Authentication with vCenter Single Sign-On

When you change the password for your SDDC from the vSphere Client, the new password is not synchronized with the password that is displayed on the Default vCenter Credentials page. That page shows only the Default credentials. If you change the credentials, you are responsible for keeping track of the new password. Contact Technical Support and request a password change.

After installation, cloudadmin@vmc.local has administrator access to both vCenter Single Sign-On and vCenter Server. That user can also add identity sources, set the default identity source, and set policies in the vmc.local domain. Certain management operations in the vmc.local domain are restricted to VMware Cloud on AWS operations staff.