VMware Cloud on AWS implements a shared responsibility model that defines distinct roles and responsibilities of the three parties involved in the offering: Customer, VMware, and Amazon Web Services.

Customer responsibility “Security in the Cloud” – Customers are responsible for the deployment and ongoing
configuration of their SDDC, virtual machines, and data that reside therein. In addition to determining the network
firewall and VPN configuration, customers are responsible for managing virtual machines (including in guest security
and encryption) and using VMware Cloud on AWS User Roles and Permissions along with vCenter Roles and
Permissions to apply the appropriate controls for users.

VMware responsibility “Security of the Cloud” – VMware is responsible for protecting the software and systems that
make up the VMware Cloud on AWS service. This software infrastructure is composed of the compute, storage, and
networking software comprising the SDDC, along with the service consoles used to provision VMware Cloud on AWS.

AWS responsibility “Security of the Infrastructure” – AWS is responsible for the physical facilities, physical security,
infrastructure, and hardware underlying the entire service

For detailed information on our Shared Responsibility Model, please see our whitepaper at https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmc-aws/vmware-shared-responsibility-model-overview-vmware-cloud-on-aws.pdf