AWS Direct Connect

VMware Live Cyber Recovery supports Amazon Web Services (AWS) Direct Connect (DX) public or private virtual interface (VIF) for on-premises protected site networks.

AWS Direct Connect provides a dedicated network connection between your on premises data center and AWS services. With this connection, you can create public or private virtual interfaces (VIF) that give you direct access to all public AWS IP addresses, including VMware Live Cyber Recovery components.

Note: For more information about using Direct Connect with VMware Live Cyber Recovery, see Configure Direct Connect (Private VIF).

Direct Connect gives you the flexibility to have some protected sites connect to VMware Live Cyber Recovery through Direct Connect, while other protected sites can connect to the same instance over the internet. Recovery plan failovers can be targeted to any AWS regions that support Direct Connect.

Direct Connect offers higher speeds and lower latency than a connection over the public internet, which can increase speeds of replication to the cloud backups, management traffic, failbacks, and any VMware Live Cyber Recovery operation that requires internet connectivity.

AWS offers three types of Direct Connect connections: dedicated, hosted, and hosted VIF.

This graphic illustrates a Direct Connect connection to a recovery SDDC.

Dedicated Connection

A dedicated Direct Connect connection provides a physical Ethernet port dedicated to a single customer that supports multiple private or public virtual interfaces (VIF) and one transit VIF. To order a dedicated connection, use your (customer-managed) AWS account.

After the circuit has been provisioned, create a hosted private VIF to your SDDC using the account shown in the AWS Account ID field of the Direct Connect page of the Networking & Security tab. If an SDDC is a member of an SDDC group, you can create a Direct Connect Gateway (DXGW) in your account and connect a transit VIF to it from the DXGW.

For more information about Direct Connect deployment groups, see Creating and Managing SDDC Deployment Groups with VMware Transit Connect.

This graphic illustrated a dedicated Direct Connect connection to a recovery SDDC.

Hosted Connection

A hosted connection is a circuit shared by multiple customers and provisioned to your AWS account by an Direct Connect Partner. After the circuit has been provisioned, create a hosted private VIF to your SDDC using the account shown in the AWS Account ID field of the Direct Connect page of the Networking & Security tab.

If your hosted connection speed is 1 Gbps or higher and the SDDC is a member of an SDDC group, you also have the option to create a Direct Connect Gateway (DXGW) in your account, and connect a transit VIF to it from the DXGW.

Hosted VIF

A hosted VIF is similar to a hosted connection but only provides the ability to create a single VIF, managed by a partner. The hosted private VIF must be created by the AWS Partner using the account number shown in the AWS Account ID field of the Direct Connect page of the Networking & Security tab rather than provisioned to your AWS account.

For more information about using Direct Connect with VMware Cloud on AWS, see the VMware Design VMware Cloud on AWS SDDC Connectivity With Direct Connect Private VIF.

This graphic illustrates an Direct Connect hosted VIF connection to a recovery SDDC.

Summary

Both VPN or Direct Connect eliminate having to access the SDDC using the internet. The result is a reduced risk of exposure to internet threats, because no ingress traffic is allowed, except those originating from the trusted enterprise network.

By integrating vCenter authentication with the corporate identity provider (SSO), you can enforce enterprise policies for user management and passwords