VMware Cloud on AWS uses vSphere to create the compute layer of the SDDC.

Software-Defined Data Center (SDDC)

The Software-Defined Data Center (SDDC) is a collection of bare-metal hosts which are installed with a standard set of VMware software.

Since VMware Cloud on AWS is a managed service, full admin-level access to the SDDC is not permitted. Instead, customers are given a role that allows them to fully manage workloads that they have deployed within the SDDC.

Each SDDC is provided direct access to AWS services via a connection to a customer-owned AWS account. This connection is established as part of the SDDC provisioning process.

The term “connected” simply means that the customer has granted permissions for VMware to enable routing between an SDDC and a VPC within the customer-owned AWS account. These permissions are granted via IAM roles which are created within the connected account. Once a connection is established to the AWS account, it then becomes possible to configure a cross-link between an SDDC and a VPC within that account. The cross-link itself is made up of a series of cross-account ENIs which are attached to a subnet within the VPC. It is these ENIs that provide the hosts of an SDDC with a network forwarding path to resources within the VPC.

SDDC Group

An SDDC deployment group (SDDC Group) is a logical entity designed to simplify the management of VMware Cloud on AWS resources at scale. Collecting SDDCs into an SDDC Group provides a number of benefits to an organization with multiple SDDCs whose workloads need a high-bandwidth, low-latency connection to each other.

All network traffic between group members travels over a VMware Transit Connect network. Routing between compute networks of all SDDCs in a group is managed automatically by VMware Transit Connect as subnets are added and deleted. You control network traffic among group member workloads with compute gateway firewall rules.

An SDDC group can include VPCs and an AWS Direct Connect Gateway (DXGW) which provides connectivity between group members and your external sites.

vSphere Clusters

vSphere Clusters enable the vSphere High Availability (HA) and vSphere Distributed Resource Scheduler (DRS) features within an SDDC. As hosts are added to a vSphere Cluster, the total CPU, memory, and storage capacities are increased per the specifications for the instance type of that host. VMC on AWS has a maximum vSphere Cluster size of 16 hosts and 20 vSphere Clusters per SDDC.

vSphere HA's admission control policy is configured for one host failure. This guarantees resources are available in the cluster to allow virtual machines to continue running if a host fails.

Elastic DRS (EDRS) is a feature that auto-scales a vSphere Cluster in the SDDC by dynamically adding and removing hosts based on resource contention within a given vSphere Cluster.

Resource Pools

Since VMware Cloud on AWS is a managed service, resource pools are utilized to guarantee the management components that run the SDDC always have their required resources.

When an SDDC is created an appliance size is specified, the default size results in the management resource pool being configured with 116 GB memory reservation and 59,774 MHz CPU reservation. It is also possible to specify Large-sized appliances, when doing so the memory reservation is 240 GB, and the CPU reservation is 119,548 MHz.


CPU is reserved in MHz. Depending on the Physical CPU in the ESXi host the CPU reservation will vary, though it is always calculated for 32 vCPUs in the default size and 64 vCPUs in the Large size appliances.

Additional clusters added to the SDDC contain only a compute resource pool for user workloads. These additional clusters do not run SDDC management components as such all resources are available for user workloads.

vSphere Design Decisions

Design Decision

Design Justification

Design Implication

Deploy SDDC with Large size appliances.

Deploys appliances with enough resources to run the SDDC at scale from day 1 which reduces risk and prevents an outage to upsize post-deployment.

Larger appliances utilize more resources.

Deploy vSphere Clusters with a minimum of three ESXi hosts.

Provides the minimum amount of hosts to provide data redundancy.


Create an SDDC Group.

Deploys the VMware Transit Gateway to connect all SDDCs, desired VPCs, and external sites.

Management CIDR ranges can not overlap between SDDCs.

Configure EDRS to Optimize for Best Performance for all vSphere Clusters.

Ensures there is enough compute, memory, and storage capacity to run the workloads in the vSphere Cluster.


Monitor vSphere Cluster resource utilization and deploy new vSphere Clusters or SDDCs as needed.

vSphere Clusters can contain 16 ESXi hosts, once this number is reached either manually or via EDRS a new cluster or SDDC must be created to ensure available capacity for new workloads.

Requires proper monitoring and alerting processes.

Configure vCenter Server with an external identity source.

Provides the ability to utilize existing user and service accounts, including password policies.

Requires coordination between vCenter Server and authentication provider administrators.

Requires connectivity from vCenter Server to the external identity source.