VMware Cloud on AWS | 20 AUG 2024 Check for additions and updates to these release notes. |
VMware Cloud on AWS | 20 AUG 2024 Check for additions and updates to these release notes. |
Current Release: VMware Cloud on AWS (SDDC Version 1.22) |
VMware Live Site Recovery
Support VMware Live Site Recovery in offline mode. You can now use VMware Live Recovery subscriptions to protect your VMs with VMware Live Site Recovery deployed in offline mode. The minimum version required to take advantage of this capability is VMware Site Recovery Manager 9.0.2.
Manage subscription quantities across all use cases. You can now use the VMware Live Recovery global console to manage subscription quantities (VMs) between VMware Live Site Recovery in offline mode, connected mode, or hyperscaler.
VMware Live Cyber Recovery
Expanded capacity with support for up to four cloud file systems per-recovery SDDC. Enjoy expanded cloud storage capacity by adding additional cloud file systems to your VMware Live Cyber Recovery deployment. VMware Live Cyber Recovery now supports up to four cloud file systems that can be associated with a single SDDC, which provides the following benefits:
Improved performance when running VMs live on the cloud file system during DR test and/or failover and ransomware recovery workflows.
Improved network performance by separating snapshot replication for large numbers of VMs across multiple cloud file systems and protected sites.
Simplified network topologies because you only need to manage networking for one SDDC, rather than having to link multiple SDDCs together.
Protect up to four logical sites in a single protected SDDC. Expand your protected SDDC site coverage to include up to four protected sites in the a single SDDC. Previously, each protected SDDC could only include a single protected site. With the introduction of support for up to four cloud files systems per recovery SDDC, you can now configure up to four protected sites to point to its own cloud file system.
Fast restore with VMware vSAN local snapshots for faster ransomware recovery. Reduce ransomware recovery VM restore times by leveraging a new integration with vSAN Data Protection's local snapshot manager. If a protected site vCenter is using VMware vSAN Data Protection, the ransomware recovery workflow will automatically restore a local VM snapshot closest to the snapshot candidate used in ransomware recovery prior to beginning the recovery from cloud to protected site. This in turn can help avoid large, time consuming data transfers when recovering cleansed VMs to the original protected site.
Sync back for optimized failback operations. Reduce DR failback times by performing 'sync back' operations after a failover to periodically transfer incremental, delta-based updates for failed-over workloads on the cloud file system. Sync back can reduce the time required for failback by minimizing the delta between the running VM workload in the recovery SDDC and the VM residing in the protected site.
API tokens replaced by OAuth 2.0 Apps for inter-service authentication. VMware Live Cyber Recovery now leverages OAuth 2.0 apps to communicate with VMware Cloud Services backend services and VMware Cloud on AWS, replacing the former usage of API tokens. For current users, when your existing API tokens expire they will automatically be replaced with the new OAuth apps. For more information, see Authorize VMware Live Cyber Recovery.
Advanced file system metrics for ransomware recovery. Improve VM snapshot selection accuracy in the ransomware recovery workflow by leveraging a more detailed file system analysis of VM snapshots. By selecting the 'Advanced metrics' checkbox on guided restore point selection, you will find the original change rate and entropy details, plus many new metrics. New metrics include: the amount of new files that were created and modified on the VM, and the number of new files created with known or ransomware or suspicious file extensions.
Ability to delete a cloud file system. Enjoy a new self-help administrative option that eliminates the need to contact support for assistance. You now have the ability to delete a cloud file system within the VMware Live Cyber Recovery UI. Before you can delete a cloud file system, you must delete all protected sites associated with the cloud file system.
Elastic DRS policy now monitors vSAN component utilization
A warning notification will be triggered when the vSAN component utilization in the cluster exceeds 75%, and a host addition will be triggered with a customer notification once the utilization exceeds 85% to auto remediate the cluster. Refer https://kb.vmware.com/s/article/74695 to learn more about vSAN component utilization. The additional hosts will be billed to your account at on-demand rates if you do not have an available subscription for the instance type and region.
External Storage API support
The VMware Cloud on AWS API has been updated with full support for managing NFS Datastores. With this improvement, API consumers can get a list of attached datastores and programmatically manage datastore attachment and detachment.
VMware Live Recovery
General Availability of VMware Live Recovery: VMware Live Recovery delivers powerful cyber and data resiliency for VMware Cloud Foundation. You can protect applications and data from modern ransomware and other disasters across VMware Cloud Foundation environments on-premises and in public clouds with flexible licensing for your changing business needs and threats.
VMware Live Recovery provides a variety of benefits, including:
Secure cyber recovery: industry-leading ransomware recovery-as-a-service with immutable snapshots, guided workflows, isolated “clean rooms” and embedded behavioral analysis.
Simplified consumption: single subscription that provides a full range of cyber and disaster recovery capabilities, as well as licensing flexibility for changing business needs and threats.
Unified service experience: centralized visibility and monitoring of ransomware recovery and disaster recovery across on-premises and public clouds, with access to respective management consoles.
VMware Live Recovery offers ransomware recovery and disaster recovery leveraging two technology stacks:
VMware Live Cyber Recovery (formerly known as VMware Cloud Disaster Recovery)
VMware Live Site Recovery (formerly known as VMware Site Recovery Manager)
Existing VMware Cloud DR customers will automatically get upgraded to VMware Live Recovery without further action. Existing VMware Site Recovery Manager customers can choose to purchase VMware Live Recovery when they are ready to access all new features and capabilities. For further information, refer to the FAQ and the solution guide.
VPC Peering for External Storage Self-Service
VPC Peering requests for NFS Storage can now be requested via the SDDC UI. See updated feature brief for additional information.
There is a maximum of 1 VPC peering connection per SDDC.
m7i.metal-24xl instance type is now available for select regions
M7i.metal-24xl instances are now available on VMware Cloud on AWS starting with SDDC version 1.24v2. These instances come with custom 4th Generation Intel Xeon Scalable processors (code named Sapphire Rapids) with an all-core turbo frequency up to 3.8 GHz, 48 physical cores, 96 logical cores with Hyper Threading enabled, 384 GiB memory and flexible NFS storage options to choose from as per customer needs – VMware Cloud Flex Storage or Amazon FSx for NetApp ONTAP. M7i.metal-24xl instances include support for always-on memory encryption using Intel Total Memory Encryption. This instance type is currently available in 5 regions, with support for more regions coming soon. More information is available on VMC TechZone.
VMware Cloud Disaster Recovery™
15 Minute RPO now GA. Protect mission-critical workloads with enterprise grade SLAs with RPOs as little at 15 minutes. Snapshot schedules using high-frequency snapshots can now be set to run every 15 minutes. This feature was in preview, and is now Generally Available (GA). 15 minute RPO is supported for up to 200 VMs per-protection group. The maximum number of VMs with 15 minute RPO can vary, depending on the network bandwidth and the change rates per disk.
Support for VMW on AWS Compute Gateways on the Recovery SDDC. Isolate and secure the networking on your VMC on AWS recovery SDDC by creating NSX Compute Gateways (CGWs) and assigning them to your disaster recovery and test/ransomware DR Plan configurations. With this capability, you can fail over and run production workloads on a dedicated network in the recovery SDDC, and safely power on and repair ransomware-infected VMs on a different CGW-specified network inthe same recovery SDDC.
Support for VMware Transit Connect for VMC on AWS protected sites. Support stringent security and compliance internet usage guidelines between your VMC on AWS protected source site and VCDR by using a dedicated private network, VMware Transit Connect. VMware Transit Connect provides a dedicated, private and secure connection between your VMC on AWS source SDDC and VCDR for replication, failover and failback traffic.
Recover ransomware-cleansed workloads to the recovery SDDC. Enhance your cyber resiliency runbook and be better prepared to recover from a ransomware attack by leveraging the option to recover cleansed ransomware workloads to the VCDR recovery SDDC. In addition to the existing options of recovering ransomware cleansed workloads to the original protected site or a new SDDC, this new option enables orchestrated VM restore to the recovery SDDC with the VM running in a failed over state. Because the scope of a ransomware attack is unpredictable, having a variety of VM restore options for cleansed workloads allows you to fine-tune remediation to your specific situation.
Quiescing for high-frequency snapshots. Enjoy improved data consistency and recoverability of database workloads and multi-tier applications with quiescing of high-frequency snapshots. When used with Microsoft Volume Shadow Copy Service (VSS) and Linux distributions, high-frequency snapshots will pause the state of running processes on the VM to provide a consistent state of any applications running at the time a snapshot is taken. This is especially useful when protecting databases that require a controlled power down to ensure the database is fully up-to-date at the time of snapshotting.
Automatically install the Linux security sensor when using the ransomware recovery workflow. Simplify VMware Cloud DR ransomware recovery workflow operations with automatic install of Linux OS security sensors. When the the Carbon Black cb_launcher tool is present in a VM snapshot, the ransomware recovery workflow will now leverage this utility to automatically install the Linux security sensor.
Usability enhancements for guest file recovery. Enjoy and improved user experience when using VCDR's Guest File Restore feature due to several recent workflow improvements. The 'recover guest files' dialog box now indicates how long large VMs will take to load. If you want to recovery guest files for large VMs, you can select a snapshot for the VM, close the dialog box, and return later when the VM is ready. VMware Cloud DR saves the last 10 loaded snapshots in history, so once a snapshot is loaded, you can return to it.
Pause failback before VM shutdown. Minimize production downtime by controlling the time at which VMs on the recovery SDDC will be shut down for failback operations. During failback, VMs must be powered off in the recovery SDDC, the last changes are replicated back and the VMs are powered back on, which can take considerable time for some larger VMs. With this new feature, you can configure a plan to pause for user confirmation before continuing the plan.
Failback retry. Ensure failover will succeed with a single workflow action by configuring failback recovery plans to retry errors it encounters when the plan is run. At times a transient issue can cause the failover to display an error, and retrying the operation again will succeed.
Detach recovery SDDC without deleting it. Preserve SDDCs and reduce future SDDC setup time by detaching recovery SDDCs without deleting them. Previously, when you detached a recovery SDDC from VMware Cloud DR, the SDDC was also deleted. Now, you can detach the SDDC and still use in on VMware Cloud.
Default maximum of 5 concurrent protection group snapshot tasks increased to 10 snapshot tasks. Enjoy expanded system concurrency of taking snapshots with the new VCDR ability to run up to 10 concurrent snapshot tasks at a time. Previously, the maximum allowed concurrent snapshot tasks was 5.
Easy access to Carbon Black Cloud security console during ransomware test and recovery. Allow users to more easily access detailed threat analysis data by accessing the Carbon Black Cloud security console from the integration configuration page. Previously, access to the Carbon Black Cloud console was only available in the ransomware recovery workflow's VM details page.
New countries for ransomware recovery data processing. Align Carbon Black Cloud region locale to your preferred region by activating ransomware recovery services in an expanded region list. In addition to the US and UK, you can now select Europe, Japan, and Australia as Carbon Black Cloud service instance regions.
Switch protection group type from high-frequency snapshots to standard-frequency snapshots. Enjoy flexible snapshot technology configuration with the ability to switch a high-frequency snapshot to a standard-frequency snapshot.
For more information on new features in SDDC Release 1.24, see Overview of New Features in VMware Cloud on AWS 1.24 Release.
VPC Peering for External Storage
With this enhancement, customers can Peer a single VPC to the SDDC for NFS Storage. This connection is used exclusively for NFS Datastores and cannot be used for any other purpose. This feature is supported on SDDCs at version 1.20 or later. To configure VPC Peering to a dedicated storage VPC, please contact your VMware customer success or account representative to initiate a peering connection.
Increased NFS Throughput
Starting in the 1.24 release, the MTU on VMK0 has been increased to 8500. This increases large block throughput by up to 20% for NFS Datastore workloads.
vSAN Express Storage Architecture (vSAN ESA) - IA tech preview
SDDC release 1.24 includes vSAN ESA, an alternative architecture that provides the potential for huge boosts in performance with more predictable I/O latencies and optimized space efficiency.
Some of the key features of vSAN ESA are:
Native snapshots: Native snapshots are built into the vSAN ESA file system. These snapshots cause minimal performance impact even when the snapshot chain is deep.
Erasure Coding without compromising performance: A highly efficient Erasure Coding code path allows a high-performance and space-efficient storage policy.
Improved compression: vSAN ESA has advanced compression capabilities that can bring up to 4x better compression. Compression is performed before data is sent across the vSAN network, providing better bandwidth usage.
Expanded usable storage potential: vSAN ESA consists of a single-tier architecture with all devices contributing to capacity. This flat storage pool removes the need for disk groups with caching devices.
Increased number of VM's per host in vSAN ESA clusters: vSAN 8.0 Update 2 supports up to 500 VMs per host VM on vSAN ESA clusters, provided the underlying hardware infrastructure can support it. Now you can leverage NVMe-based high performance hardware platforms optimized for the latest generation of CPUs with high core densities, and consolidate more VMs per host.
vSAN ESA support for encryption deep rekey. vSAN clusters using data-at-rest encryption have the ability to perform a deep rekey operation. A deep rekey decrypts the data that has been encrypted and stored on a vSAN cluster using the old encryption key, and re-encrypts the data using newly issued encryption keys prior to storing it on the vSAN cluster.
vSAN ESA is currently available as an IA tech preview. Contact your VMware TAM, sales, or customer success representative to request enablement of this feature.
For full details of vSAN ESA support in VMware Cloud on AWS, see vSAN ESA on VMware Cloud on AWS.
Default and Maximum Virtual Machine Hardware Version Increased
The default virtual hardware version has been increased from Virtual Hardware 14 (vSphere 6.7 compatibility) to Virtual Hardware 19 (vSphere 7.0 U2 compatibility). The maximum virtual hardware version has been increased from Virtual Hardware 19 (vSphere 7.0 U2 compatibility) to Virtual Hardware 20 (vSphere 8.0 compatibility). Virtual Hardware version 19 support greatly increases guest OS compatibility with a wide range of Microsoft and Linux operating systems. For more information on guest OS compatibility, see Guest OS Compatibility Guide. For more information on virtual hardware support, see Hardware Features Available with Virtual Machine Compatibility Settings.
SDDC Group to Group Connectivity
VMC Customers with multiple distinct SDDC Groups can now interconnect their SDDC Groups in the same Org. This benefits customers who have created a separate SDDC Groups per AWS region or internal team, and now need to connect them without disrupting existing network traffic. Customers can perform this action in the VMC SDDC Group UI by selecting the desired SDDC Groups. VMC will establish connectivity using the existing Transit Connect per region. Interconnected SDDC Groups can leverage their existing external connections to Direct Connect Gateway and/or AWS VPC and Transit Gateways.
IPv6 Support for Management Network Connectivity
Additional support for IPv6 VM communication to the SDDC Management Network. IPv6 VMs can now communicate with Management components such as vCenter (on IPv4) using SRE-configured NAT64 rules. Previously VMware Cloud on AWS announced support for IPv6 workload communication over Direct Connect and VMware Transit Connect. Please work with your Customer Success or account teams to get access to this feature. Learn more about this new update.
New Service Roles for NSX Security Admin and Network Admin
VMware Cloud on AWS Customers will now be able to configure RBAC controls with 4 new roles for NSX Manager UI- NSX Security Admin, NSX Security Auditor, NSX Network Admin, NSX Network Auditor. This feature enables customers to administer compelling NSX Security features like DFW and Advanced Security features independently of other features on VMC on AWS. The Security Admin and Security Auditor roles will allow users specific Full access and Read-only access respectively to Security configuration objects on the NSX Manager UI. The Network Admin and Network Auditor roles will provide the same granularity on Network related configuration on the Network tab in the NSX Manager UI. These new roles can be assigned by Org Admin under Identity and Access Management on the console.
New Region - Hyderabad
Customers can now deploy SDDCs in the Asia Pacific (Hyderabad) region. Note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
Read more at VMware Cloud on AWS region documentation: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.getting-started/GUID-19FB6A08-B1DA-4A6F-88A3-50ED445CFFCF.html
i4i instances now available in Zurich
The i4i.metal instance is now available in the Zurich region.
VMware Cloud on AWS: Advanced Edition
VMware Cloud on AWS: Advanced edition is now available to existing VMware Cloud on AWS customers. With the purchase of VMware Cloud on AWS subscription or deployment, customers will get:
VMware SDDC software
Bare metal AWS EC2 instance
vCenter Management
VMware HCX
Tanzu services
And now:
VMware Aria Automation
VMware Aria Operations
VMware Aria Operations for Logs
VMware Aria products help customers accelerate the cloud adoption by combining SaaS and on-premises capabilities for automation, operations, log analytics, network visibility, and cost optimization. With a common operating model across on-premises and cloud environments, VMware Aria serves as a single pane of glass management, providing complete visibility across the entire hybrid cloud environment.
Aria Operations Add-On with Seamless Activation
Customers are now able to activate Aria Operations for VMware Cloud on AWS SDDCs directly through the VMware Cloud console! This trial can be activated from any VMware Cloud on AWS SDDC by navigating to the SDDC’s Integrated Services tab. This feature reduces the manual steps to just a few clicks to configure and start using Aria Operations. This activation will initiate a 30-day free trial with full Aria Operations capability with the option to purchase a subscription at any point during the trial. After activation, all Aria Operations service use and operations will occur from the Aria Operations console.
New Region: Asia Pacific (Melbourne)
Customers can now deploy SDDCs in the Asia Pacific (Melbourne) region. Note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
New Region: Europe (Zurich)
Customers can now deploy SDDCs in the Europe (Zurich) region. Only i3en instance types are available at launch. Please note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
i4i New Region Launch - Cape Town
i4i metal instances are now also available in the following region and AZs for VMW SoR & AWS Resell
Region Code |
Region Name |
Availability Zones |
---|---|---|
af-south-1 |
Africa (Cape Town) |
af-south-1a, af-south 1b, af-south 1c |
Federation for vCenter Access
Federated Login for vCenter
VMware Cloud on AWS customers may now leverage Enterprise Federation with VMware Cloud Services to also authenticate into vCenter using Single Sign On (SSO). Enterprise Federation must be enabled in order to leverage vCenter SSO. Learn more about Enterprise Federation here.
Once the feature is enabled, vCenter’s external identity provider (authentication) is changed from LDAP to SSO managed by VMware Cloud Services. The process does not alter, or impact existing vCenter roles and permissions (authorizations) or grant users and groups defined in VMware Cloud Services access to vCenter.
To learn more about this feature, please see the documentation.
i4i New regions Launch - Osaka, Stockholm, Milan, Mumbai, Bahrain
i4i metal instances are now also available in the following regions and AZ for VMW SoR & AWS Resell
Region Code |
Region Name |
Availability Zones |
---|---|---|
ap-northeast-3 |
Asia Pacific (Osaka) |
ap-northeast-3a, ap-northeast-3b, ap-northeast-3c |
eu-north-1 |
EU (Stockholm) |
eu-north-1a, eu-north-1b, eu-north-1c |
eu-south-1 |
EU (Milan) |
eu-south-1a, eu-south-1b, eu-south-1c |
me-south-1 |
Middle East (Bahrain) |
me-south-1a, me-south-1b, me-south-1c |
ap-south-1 |
Asia Pacific (Mumbai) |
ap-south-1a, ap-south-1b, ap-south-1c |
Elasticity Enhancements in VMware Cloud on AWS
Elasticity Tab in SDDC UI -
A dedicated tab in the SDDC console to manage and track Elastic DRS policy. This new UI makes it easy to understand when the service will add or remove hosts based on utilization.
Custom Managed Elastic DRS Policies -
Customers can create and manage Elastic DRS policies at a cluster level by defining the Storage, CPU, and Memory thresholds for scale-in and out, minimum and maximum hosts per cluster, and scale increments. This allows customers to easily manage the elasticity as per their needs. There are no changes to current Elastic DRS policies.
Increased throughput for NFS Datastore
Starting in the 1.22 release, the vSphere NFS client will open multiple network connections to each datastore mount. These connections are used on a round-robin basis and allow each vSphere host to increase the per datastore throughput.
Cluster Renaming Support
Cluster renaming support in VMC on AWS SDDC will enable customers to rename the cluster as per their organizational naming strategy using SDDC UI and API.
Cluster renaming will also rename any resource pools associated.
Route Filtering UI update
Customers who want to configure Route filtering on the Intranet or Services uplinks, will have to navigate to the Global Configuration → Uplinks tab. This is intended to give a more intuitive configuration experience and closely associate the route filtering enable/disable experience with the corresponding uplink.
Alarms Dashboard on NSX Manager UI
Alarms dashboard on NSX Manager UI on VMC gives customers the visibility to monitor, manage and troubleshoot alarms which are generated due to networking and security related system events. A generated alarm will auto-resolve if a customer takes remedial action to resolve the condition which triggered the alarm. Limited alarms are available in this release and additional alarm definitions will be incrementally added to the Alarms dashboard in subsequent releases. Alarm definitions can be modified by SRE only, so please contact support in case of scenarios where changes might be required.
IPv6 workload communication over Direct Connect and Transit Connect
VMware Cloud on AWS introduces limited support for IPv6. Selected customers can now utilize IPv6 for their workloads to communicate over Direct Connect and VMware Transit Connect. Customers can opt to enable Dual Stack (IPv4/IPv6) in their SDDC and deploy IPv6 VMs using private address space on custom Tier-1 Gateways. IPv6 enabled VMs can communicate over Direct Connect and VMware Transit Connect/ SDDC Groups to on-prem destinations. Please work with your Customer Success or account teams to get access to this feature. Learn more about this new update.
Certificate Based Authentication for VPN Configurations
Customers can import and associate public and private CA-signed certificates with VPN configurations. Customers will now be able to configure Certificate-based authentication mechanism in addition to the Pre-Shared key method which currently exists. Compliance suite support has been added and this allows the selection of PRIME, FOUNDATION, CNSA, FIPS, Suite-B-GCM 128, Suite-B-GCM 256 profiles which will auto-populate the corresponding encryption, DH group, PFS settings which map to these profiles.
Simplified Networking & Security Dashboard View
The Networking and Security Dashboard is a simplified and improved update of the Networking & Security tab in your VMC-AWS SDDCs. It provides a single-page view of SDDC networking and security status with links to NSX Manager network management functions. The page includes six sections: VPN, Direct Connect, Transit Connect, Management Gateway, Default Compute Gateway, and Cloud Provider. You can get a summary of your connectivity status, such as VPN being up or down, and key information regarding your networking setups. If you need to edit any information, you can use the direct links in the UI to access NSX Manager.
This new update will provide better performance and faster page load. All SDDCs with version 1.22 or after will default to this new view. The legacy Networking & Security view is deprecated and will be removed in a feature release. Until then, you can temporarily revert to the legacy view by clicking on the legacy view button in the UI. Learn more about this new update.
All Hardware Configuration Options in vSphere available on VM Service for vSphere with Tanzu
In VM Service for vSphere with Tanzu, the VM Class is a set hardware configuration such as defining resource availability, security policy, available hardware, and device groups etc. that can be used to deploy VMs. In the VM Service workflow, VM Classes can be created and customized, then made available for users on a namespace to consume. In this update, VM Service now supports all of the same hardware configuration options available and supported on vSphere VMs through a standard vCenter CLI workflow. Users configure vGPUs, custom- and multi-NIC, custom disks, and passthrough devices, and more in the VM Class, and DevOps users can self-service deploy and manage VMs with these configurations using a standard kubectl interface with VM Operator.
VMware Site Recovery with enhanced replication capability
VMware Site Recovery with enhanced replication capability is an Initial Availability (IA) release. These features will significantly improve the performance, scalability and functionally to meet the strategic needs of our enterprise customers. The key enhancements are:
1 Minute RPO: With the redesign of the replication architecture, VMware Site Recovery now supports RPOs (Recovery Point Objectives) as low as 1 minute, down from 5 mins. Business critical applications demanding lower RPOs can now be satisfied.
Auto-scaling and Load Balancing: VMware Site Recovery now supports automated load balancing which distributes replicated VMs across resources for optimal performance. In addition, VMware Site Recovery supports automated scale-out which utilizes provisioned ESXi hosts and automatically adds them for additional replication capacity.
Note: These features require Site Recovery Manager and vSphere Replication versions 8.7 and later for both the source and the target site, and VMware Cloud on AWS Software-Defined Data Center (SDDC) version 1.22 or later.
Expanding Region Availability for VMware Site Recovery
VMware Site Recovery now supports the AWS Middle East (Bahrain) region. VMware Site Recovery is now available in 23 Global AWS Regions.
Additional Topology support for VMware Site Recovery for VMware Cloud on AWS Outposts
VMware Site Recovery for VMware Cloud on AWS Outposts now offers support for additional topologies including:
VMware Cloud on AWS Outposts to VMware Cloud on AWS Outposts
VMware Cloud on AWS to VMware Cloud on AWS Outposts
VMware Site Recovery on VMware Cloud on AWS Outposts is a fully-managed, subscription based service. As fully managed service, VMware Site Recovery on VMware Cloud on AWS Outposts relieves IT teams from the burden of managing infrastructure and empowers them to focus on business innovation by bringing the cloud operating model on-premises.
i4i Instances Available in New Regions
i4i metal instances are now also available in the following regions and AZs for VMW Seller of Record Only
Region Code |
Region Name |
Availability Zones |
---|---|---|
ap-northeast-3 |
Asia Pacific (Osaka) |
ap-northeast-3a, ap-northeast-3b, ap-northeast-3c |
eu-north-1 |
EU (Stockholm) |
eu-north-1a, eu-north-1b, eu-north-1c |
eu-south-1 |
EU (Milan) |
eu-south-1a, eu-south-1b, eu-south-1c |
ap-south-1 |
Asia Pacific (Mumbai) |
ap-south-1a, ap-south-1b, ap-south-1c |
i4i in these regions for AWS Resell customers will be made available in the future.
Additional Rest APIs for VMware Site Recovery
Customers will be able to use public RESTFUL APIs to monitor DR operations, set up protection and recover workloads using VMware Site Recovery. With a comprehensive set of APIs, customers will be able to build end to end automation to configure and manage DR at scale. For more information, see the blog.
i4i metal instances are now also available in the following regions and AZs
ap-northeast-2 - Seoul
sa-east-1 - Sao Paulo
Elastic DRS (eDRS) Enhancements
Elastic DRS optimize for rapid scaling policy now supports rapid scaling-in to enable faster scaling use cases like VDI, disaster recovery or any other business needs.
The Elastic DRS Cost Policy improvement will allow automated scale-in of a cluster if the storage utilization falls below 40% instead of the current 20% limit.
LiveAgent for Chat Support
Refreshed chat experience for VMware Cloud on AWS
Request technical or non-technical chat support
Added chat notifications and badges indicating new activity
Consolidated chat initiation to the in-product support panel
Windows 11 Desktop Operating System Support – vTPM
Microsoft introduced new minimum virtual hardware requirements with the Windows 11 operating system. Microsoft requires a Virtual Trusted Platform Module (vTPM) device to be present during Windows 11 virtual machine installation and upgrades. SDDCs created using version 1.19 and later automatically include the provisioning of vSphere Native Key Provider in vCenter to support new vTPM devices. This feature was in Preview earlier (See SDDC Version 1.19 Release Notes) and is now Generally Available in this release.
Add a vTPM device to a virtual machine
VMware Cloud on AWS enables customers to add a new Virtual Trusted Platform Module (vTPM) device to virtual machines running Windows Server 2008 and later, Windows desktop 7 and later, or Linux. SDDCs created using version 1.19 and later automatically include the provisioning of vSphere Native Key Provider in vCenter to support new vTPM devices. This feature was in Preview earlier (See SDDC Version 1.19 Release Notes) and is now Generally Available in this release.
New Region: Middle East (Bahrain)
Customers can now deploy SDDCs in the Middle East (Bahrain) region. Please note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
External Storage update
Customers can now use Single-AZ FSx for NetApp ONTAP as External Storage. Single-AZ FSx for ONTAP should be deployed in a dedicated VPC within the same AZ as the SDDC and connect to the SDDC using VMware Transit Connect.
Learn more about using FSx for ONTAP as an External Datastore.
Microsoft SPLA
VMware’s Windows server 2022 SPLA edition offering now comes with localized OVF’s and ISO’s for our Japanese, Chinese and French Customers. Customers can find download these from the existing paths for content library and use it to activate licenses.
New update for Ransomware Recovery
You can now take advantage of updated content that provides an overview of the Ransomware Recovery capabilities available with VMware Cloud today. VMware Cloud DR is an on-demand, as-a-Service solution, that is designed to help you identify restore point candidates, curate recovery points in an Isolated Recovery Environment preventing reinfection, and minimize data loss in the process, all through a guided, step by step workflow. These capabilities complement the disaster recovery capabilities and provide an end-to-end ransomware recovery solution. Additional information, resources, and tools such as FAQs and a sizing and cost estimator are available in Launchpad.
VMware Cloud Disaster RecoveryTM
AWS Africa (Cape Town): Protect and recover your workloads in the AWS Africa (Cape Town) region.
VMware Site Recovery on VMware Cloud on AWS Outposts Available Now
VMware Site Recovery on VMware Cloud on AWS Outposts enables customers to protect their workloads from disaster. VMware Site Recovery on VMware Cloud on AWS Outposts is a fully-managed, subscription based service. For more information about the operational limits of VMware Site Recovery on VMware Cloud on AWS Outposts, see Operational Limits of VMware Site Recovery.
VMware Cloud on AWS Outposts is the VMware and AWS jointly engineered on-premises as-a-service solution that integrates VMware’s enterprise-class Software-Defined Data Center (SDDC) software for compute (vSphere), storage (vSAN), and networking (NSX) along with vCenter Management, which runs on next-generation, dedicated Amazon Nitro-based EC2 bare-metal instances provisioned in AWS Outposts. As fully managed service, VMware Cloud on AWS Outposts relieves IT teams from the burden of managing infrastructure and empowers them to focus on business innovation by bringing the cloud operating model on-premises. For more information, see VMware Cloud on AWS Outposts Overview.
New Region: Africa (Cape Town)
Customers can now deploy SDDCs in the Africa (Cape Town) region. Please note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
I4i instances available with SDDC version 1.20v2
With SDDC version 1.20v2, customers can now deploy new SDDC(s) on the latest instance: i4i.metal. Support for adding new i4i clusters to existing SDDC(s) is already available with SDDC version 1.18v8. Please contact your VMware representative to learn more about availability at your region(s) of choice.
VMware Aria Operations for Networks (formerly vRealize Network Insight) Integrated-Service one-click activation
Customers are now able to activate VMware Aria Operations for Networks for VMware Cloud on AWS SDDCs through the VMware Cloud Console! Use this solution for visualizing application discovery for cloud migration, network traffic analysis, and more. This trial can be activated from any VMware Cloud on AWS SDDC by navigating to the SDDC’s Integrated Services tab. This feature reduces the setup to just a few clicks to configure and start using VMware Aria Operations for Networks. This activation will initiate a 30-day free trial with the option to purchase a subscription at any point during the trial.
VMware Cloud Integrated Services tab
The SDDC “Add-ons” tab has been renamed to the “Integrated Services” tab to better represent the SDDC integrated services that are available through the VMware Cloud Console.
Elastic DRS - SDDC Cost Optimization Recommendation
The Elastic DRS service will now pro-actively look for cross cluster scale in opportunities at a org level after every successful scale out operation and notify the customers with a SDDC Cost Optimization Recommendation containing cluster details and clear steps to remove the under utilized host/s. This notification is informational only and can be ignored without any action.
Elastic DRS - Storage scale-in guidance
The Elastic DRS service will now send an updated notification whenever a host is added for storage purposes. This notification will include guidance on the overall storage consumption limit to be maintained at the cluster level to safely remove the added host. This notification is informational only and can be ignored if the capacity is needed.
User Experience Improvements with Site Recovery Manager 8.6 and vSphere Replication 8.6
Health Check Report
DR protection of up to 4000 virtual machines per vCenter Server instance with vSphere 8.0 and later and VMware Cloud on AWS SDDC version 1.20 and later.
In-product feedback: VMware Site Recovery user interface introduces an in-product feedback option to enable you provide real-time rating and comments on key workflows and features.
Support for Rest APIs
I4i instance support in addition to i3i and i3en
VMware Cloud Disaster RecoveryTM
Support for i4i instance types: Enjoy improved compute, networking and application performance by adding i4i hosts in your recovery SDDC. For more information on the i4i instance type, refer to VMware Cloud documentation, found here. Due to limited regional availability of i4i instance types, please contact support to enable option to select i4i instance in the UI.
I4i.metal instance type is now available for select regions
I4i.metal instances are now available for existing SDDC(s) and existing cluster deployments on VMware Cloud on AWS. SDDCs need to be upgraded to the latest version of 1.18 to get i4i capabilities. New i4i clusters can be deployed on existing VMC on AWS SDDCs after upgrade is completed successfully. These instances come with Intel Xeon Ice Lake processors @3.5GHz (Turbo), 128 vCPUs with hyper-threading enabled, 1024 GB memory & approximately 20.46 TiB usable storage capacity. I4i instances include default support for host-to-host encryption and data-at-rest encryption powered by vSAN. I4i.metal instance type is currently available in 12 regions, with support for more regions coming soon. More information is available on our FAQ, Blog, and in https://vmc.techzone.vmware.com/resource/feature-brief-sddc-host-types#section4.
VMware Cloud Disaster Recovery™
VMware Cloud DR feature add-on: VMware Ransomware Recovery: Recover from ransomware attacks in a predictable and secure manner and solve several recovery pain points:
Establish a secure, on-demand Isolated Recovery Environment (IRE) which is used for restore point validation.
Leverage a dedicated ransomware recovery workflow that facilitates a predictable recovery process, and includes a recovery testing workflow which prepares teams to effectively respond to ransomware attacks.
Using change rate and entropy rate metrics, find the best restore points for validation.
Validate selected restore points with embedded Next Gen AV and Behavioral Monitoring, which ensures workloads are safe to restore to production.
Simplified, push-button VM isolation levels help prevent reinfection.
AWS Asia-Pacific (Hong Kong): Protect and recover your workloads in the AWS Asia-Pacific (Hong Kong) region.
Disable high-frequency snapshots on a PG: When high-frequency snapshot configuration is no longer desired, disable high-frequency snapshots with an easy-to-use CLI option.
DRaaS Connector Throughput Performance Check: Display logical and physical throughput between the DRaaS Connector and the cloud file system during replication and restore operations via a CLI option.
Activity Log improvements
Added support for VMware Cloud on AWS Outposts and vSphere+/vSAN+
Resource type now shows you whether the event is for an SDDC or Organization
More information available here.
VMware Cloud on AWS Certified NFS Storage
NFS Datastore support within VMware Cloud on AWS allows independent scaling of compute and storage within the SDDC. NFS datastores augment vSAN and can store Virtual Machines, Virtual Disks, Content Libraries, ISO, etc. Datastores are managed from the SDDC services console and associated with and attached to vSphere Clusters. Customers may attach any VMware Cloud Certified NFS Storage from the SDDC management console. Access to external datastores is available on SDDC versions 1.20 and greater. To request an upgrade to an existing SDDC, please contact VMWare support or notify your Customer Success Manager.
VMware Cloud on AWS Certified NFS Storage
The following have been certified for use as NFS datastore within VMware Cloud on AWS.
AWS FSx for NetApp ONTAP
VMware Cloud Flex Storage
Restrictions
Up to 4 datastores per Cluster
Stretched Clusters do not support NFS Datastores.
Storage I/O Control (SIOC) is not supported and has been disabled.
The following integrated services do not currently support NFS Datastores:
VMware Cloud Disaster Recovery
VMware Site Recovery
Automated Firmware Updates
From time to time, AWS develops firmware updates to address known issues within the EC2 fleet. These updates are staged on the instance and installed the next time the host reboots.The automated firmware update service has been enabled to expedite firmware updates within existing SDDC deployments. The process will add a new non-billable host to augment the cluster’s capacity. Once this new host is online and healthy, the service will initiate the firmware update process by first placing the host into maintenance mode, all workloads will be vMotioned to other hosts in the cluster, and then the host will be rebooted. Once the host is back online and confirmed healthy to run workloads, the non-billable host is removed. This activity will be logged in the SDDC activity log under "Firmware update".
Filtering Default CGW prefixes
Customers have often sought a way to scale networks beyond the limits imposed by AWS route advertisement quotas. By suppressing more specific route prefixes and intead only advertising aggregated routes for their default CGW workload segments, customers can significantly reduce their Transit Connect or Direct Connect or Connected VPC route table size.
This feature introduces the ability to filter out prefixes of segments connected to the default CGW. When the route filtering feature is enabled on Intranet (DX/TGW) or Services (Connected VPC) endpoints, prefixes behind the default CGW will not be advertised.
This feature will be available for VMware Cloud on AWS SDDCs version 1.20 and higher.
Shared Prefix Lists for SDDC Groups
This feature will be useful in scenarios where Transit Connect is connected to external VPC and AWS TGW. Before this feature was supported, customers must manually configure return routes for SDDC prefixes on the external VPC and AWS TGW to route traffic to the SDDC group. This manual process can be cumbersome and error prone over time as SDDC group memberships change or subnets are added or removed from SDDCs.
This feature provides the ability to a create shared prefix lists that can be shared with customer AWS accounts. Using the Shared prefix lists in the AWS VPC and TGW route tables will automatically update the external VPC and TGW route tables with SDDC subnet routes. The shared prefix lists can also be used in AWS Security Groups. Any SDDC subnet changes will be automatically reflected in the VPC route table, TGW route table and in Security Groups.
VMware Cloud Disaster RecoveryTM
VM term subscriptions - Plan ahead and receive lower prices when you purchase a 1-year or 3-year term subscription for protected Virtual Machines. The previous on-demand consumption model will continue to be supported for those who do not desire a subscription commitment. For more details, see the pricing page.
Complete on-demand mode - Consume VMware Cloud Disaster Recovery in a fully on-demand mode by foregoing the creation of term subscriptions. Data capacity and protected VM count will be metered hourly and billed monthly. A minimum of 10 TiB of data capacity per Orchestrator recovery region applies across a subscription region, irrespective of usage. As a result of enabling complete on-demand consumption of VMware Cloud Disaster Recovery, the previous Pilot mode option will be deprecated. For more details, see the pricing page.
2-tier support - Distributors can leverage a new VMware Cloud DR commerce option that enables making monthly payments associated with their Commitment Based Contract (CBC) with VMware. The distributor will be charged monthly by VMware based on the cumulative reseller and end customer consumption of VMware Cloud DR. This new commerce option is a continuation of improvements aimed at simplifying partner ecosystem support surrounding self-service configuration of services and purchases of VMware Cloud DR subscriptions.
Global DR Console notifications - Get visibility into life cycle of Global DR Console components by receiving notifications regarding recovery region deployment, recovery region deactivation, request access, and subscription creation via a banner on the Global DR Console UI and email.
Seller mobility - Ensure that up-to-date seller-of-record is set when creating a new VMware Cloud DR subscription by editing the Seller field. Editing of seller-of-record is possible when creating new VMware Cloud DR subscriptions in a subscription region that does not have any active subscriptions. Once a subscription is active, the seller-of-record will be fixed for all subsequent subscriptions created in that subscription region.
Available Now: Cross-cloud DR between VMware Cloud on AWS and Azure VMware Solution
Customers can conduct cross-cloud DR operations leveraging the capabilities of VMware Site Recovery Manager (version 8.5+) running on Azure VMware Solution and VMware Site Recovery running on VMware Cloud on AWS as a failover target or source site.
Some of the key benefits of this cross-cloud DR functionality are:
Improved reliability: With Active-Active configuration between source and target site, customers get low overall RPO/RTO for protected workloads.
Reduced operational complexity: Unified cross-cloud DR operations under one umbrella eliminates DR risk and complexity
Better resiliency: With sparse regional coverage provided by different cloud providers, cross cloud DR minimizes the risk of potential infrastructure outages.
Better data sovereignty and compliance: Due to data sovereignty and compliance reasons, if customers do not want to move data to a DR site in another geographical location and if the cloud provider has only region in that geography, customers can use cross-cloud DR to keep DR replicas in a DR site (in the same geography) provided by another cloud provider.
Note: The source site and target site are configured in Active-Active configuration where both sites can host the workloads and protect workloads between both sites.
VMware HCX Mobility Optimized Networking (MON) Designlets for VMware Cloud
VMware HCX MON (Mobility Optimized Networking) improves network performance and reduces latency for virtual machines that have been migrated to the cloud on an extended L2 segment. VMware HCX MON scale limits can be enhanced by additional resource allocation to HCX Manager. The following documents provide more information about VMware HCX MON use cases, best practices and procedure for MON scale enhancements.
Mobility Optimized Networking (MON) scalability process (88401) -https://kb.vmware.com/s/article/88401
HCX MON Designlet for VMWare Cloud on AWS - https://vmc.techzone.vmware.com/resource/designlet-vmware-hcx-mobility-optimized-networking-vmware-cloud-aws#introduction
New Features for VMware Cloud on AWS
Launchpad 2.0
VMware Cloud Launchpad enhancements: With the next release of VMware Cloud Launchpad(Version 2.0), we are bringing many new enhancements to provide better experience to our customers:
Fully responsive, mobile friendly User Interface: Now, VMware Cloud Launchpad UI is fully adaptive to mobile devices, providing customers additional convenience as they will be able to browse through the services of the Launchpad from their smartphones as well as tablets.
Availability of more solutions and services: VMware Cloud Launchpad will now have more infrastructure solutions and services available in the portal.
With the addition of vSphere+ and vSAN+ solution under the Infrastructure category, you can get started with these solutions by following step by step instructions mentioned in the journey map.
With the addition of new tools - vCenter Cloud Gateway and Power CLI under the ‘Tools’ category, you can explore the capabilities of ‘vCenter Cloud Gateway’ to deploy this virtual appliance in your on-premises infrastructure or explore Power CLI to automate your IT infrastructure.
With the introduction of the new category of ‘Integrated Services’, you can explore and get started with deploying different add-on solutions that run on top of VMware Cloud such as VMware HCX, VMware Advanced Firewall, vRealize Automation Cloud, vRealize Operations Cloud, and more.
New Features for VMware Cloud on AWS
Maintenance Rollouts
You are now able to see the upcoming SDDC updates/upgrades published by VMware in VMC Console. Each update or upgrade is managed using the rollout. Each rollout has the start and end date for the maintenance. The eligible SDDCs for the upgrade will be selected and assigned the dates to upgrade the SDDCs based on the resources available on the VMware side. After you log in to VMware VMC console and navigate to the Maintenance tab, Rollouts and Requests sub-tabs are displayed. When you select the rollout, eligible SDDCs are displayed. Each SDDC maintenance has three phases. The scheduled dates for each phase will be displayed for each of the SDDCs in the placed state. To minimize the business impact or to take care of other priorities, you might want to change the scheduled upgrade date. You can request changes to the scheduled dates using “Schedule Request” feature.
Maintenance Requests
You can now provide preferred date and time to upgrade the SDDC. This will help to minimize the customer impact and manage the upgrade without impacting business and organizational priorities. For more information, see Submit an Upgrade Schedule Request.
vCenter Server in VMware Cloud privilege enhancements
The CloudAdminGroup SSO group and CloudAdmin user have had their role updated on specific management objects. This role update will enable the CloudAdmin user and any users in the CloudAdminGroup to grant other users or groups read-only access to VMware Cloud on AWS vCenter management objects such as the Mgmt-ResourcePool, Management VMs folder, Discovered Virtual Machines folder, vmc-hostswitch, and vsanDatastore. For more details, see vSphere Permissions and Privileges.
Brazil Local commerce for AWS Resell
VMC automated onboarding was enabled via AWS Resell. Brazilian customers, including partners, can now have access to all services that are part of the AWS Resell contract, such as monthly payments, flex subscriptions, multiple sellers, etc. In addition, AWS Resell Brazilian customers had to levy 43% in taxes for purchasing VMC products through the US entity. With this feature, Brazilian customers will be billed under local Brazilian tax laws and benefit from not paying additional taxes.
$2000 USD pre-payment is conditionally waived for credit card users
Today, when a customer purchases VMware Cloud on AWS hosts online using a credit card, they are charged with $2,000* USD (or equivalent non-USD currency) upon their first deployment as a nonrefundable pre-payment, which gets applied to their hourly or annual subscription within 60 days. With this enhancement, this pre-payment will be waived at VMware’s discretion based on the customer’s current level of engagement with VMware.
2-Tier Commitment Based Contracts (CBC) using PurchasePay for VMC & VMCU Release Notes
With tens of thousands of partners worldwide, VMware has been uniquely positioned to help our customers in their digital transformation and IT modernization journey over the past several years. Today, keeping VMware customers and partners in the forefront, we are excited to announce a new commerce motion for our channel partners for purchasing VMware Cloud on AWS and VMware Cloud Universal. This new commerce motion provides an alternative to purchasing SPP credits upfront. Distributors will receive the opportunity to enable a significant volume discount for a specific reseller/end customer combination and make payments monthly on their upfront commitment by signing a Commitment Based Contract (CBC) with VMware and committing to spend a certain amount of money on behalf of the reseller/end customer combination over a specific period. There is no amount due on day 1 when the CBC is signed by the distributor. The distributor will be charged monthly by VMware based on the associated customer's consumption of VMware Cloud offerings (if the customer fulfills the 1-year/3-year commitment as agreed on in the contract between VMware and the distributor). The distributor is the one who is involved in the initial commitment-based contract, negotiating discounts and terms for their reseller/end customer combination, and creating value for their resellers and end customers. The customer has the complete freedom of self-service to configure their service, add hosts and purchase VMware Cloud on AWS subscriptions, and value-add VMware Cloud services. The end customers' selections are appended to the commitment-based contract signed by the distributor and billed through the distributor/reseller combination, eventually passing to the end customer.
The distributor has the option to sign two types of CBCs – VMware Cloud standalone CBC and VMware Cloud Universal (VMCU) CBC. The VMCU CBC includes benefits like Cloud Acceleration Benefit (CAB), VMware Success 360 (S360), and access to additional exclusive offerings like VMware Cloud Foundation Subscription (VCF-S) & vRealize Cloud Universal.
The channel customers who have started small with SKU-based transactional motion and are ready to invest in VMware Cloud on AWS and VMware Cloud Universal over time can shift to Commitment Based Contracts to get additional cloud offerings and better discounts.
VMware will share the usage data with distributors and resellers, which would enable them to perform downstream billing by setting up their custom price books. Distributors and resellers will have access to view the subscriptions, overages, and non-host usage data to engage with the customers, optimize their cloud spend, and ensure the end customers are optimally provisioned with hosts and subscriptions covering those hosts.
Benefits:
To customers:
SPP credits are not required to take advantage of this new commerce motion, as there is an option to pay either by SPP credits or by invoice at the end of the 30-day billing period.
Flexibility to self-serve purchase VMware Cloud offerings/additional subscriptions as needed every month to optimize cloud spending and investment
Get a volume discount that provides the lowest cost and leverages your distributor/reseller's consumption planning expertise with the certainty of having a reseller to guide you through your cloud journey.
An extra pair of eyes on your consumption with the reseller to ensure no over-provisioning or under-provisioning
The simplicity of self-service with the certainty of a trusted partner advisor involved directly in the commerce motion with VMware.
To partners:
The distributor/reseller is no longer required to purchase SPP credits on behalf of the end customer
Distributors can leverage prior CBCs as an informal template to scale by reproducing CBCs quickly and efficiently for each reseller/end customer combination
Distributors and resellers can enable significant volume discounts for their end customers, ensuring value for all partners and the end customer.
Distributors nor Resellers are required to pay upfront as a part of the commitment before the end customer is ready to consume/pay.
Increased visibility into subscriptions, host/non-host usage data (data transfer, elastic IP, elastic vSan, EBS, Direct Connect), overages, and others.
Better engagement with the end customers to make sure they can provision Software-Defined Data Centers (SDDC) accurately, avoiding any dissatisfaction they might encounter with over-provisioning or under-provisioning
Better engagement with VMware to monitor and track end-customer consumption, offering the potential for cross-selling and upselling your native applications
Direct involvement in the commerce activity so that the partner can remain valuable to the end customer throughout their cloud journey with VMware Cloud on AWS and the VMware Cloud family of services
Note: This release does not support the 2-Tier GovCloud commerce motion
New Features for VMware Cloud on AWS
New Region: Asia Pacific (Hong Kong)
Customers can now deploy SDDCs in the Asia Pacific (Hong Kong) region. Please note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
New Region: Asia Pacific (Osaka)
The Asia Pacific (Osaka) region is now available for all customer organizations. The previous limitations for this region have been lifted, and it now supports the SDDC Groups with TGW feature. This feature was previously launched in preview and is now available.
VMware Cloud Disaster RecoveryTM
SLA Status and notifications: SLA Status view displays status for all items related to Protection, including protected sites, protection groups, and snapshots, and the status of all items related to Recoverability, such as DR Plans, cloud file systems, and recovery SDDCs. Get notified right away by a banner on main dashboard or by an email notification when a status item needs attention.
Forward event log to vRealize Log Insight Cloud: Analyze events related to protection, recoverability, and user interactions in vRealize Log Insight Cloud after configuring event log forwarding for a specific time range.
Export global VM list with Protection Group mappings: Get details of all your protected VMs in an easy to download CSV, including the associated protection groups.
View logical delta bytes transferred and change rate for a VM snapshot: Understand the timing and magnitude of change that a VM might have undergone to potentially find a clean VM copy prior to a ransomware attack or help troubleshoot and analyze workload patterns.
Protect up to 6000 VMs in a vCenter: Scale up your protected inventory up to 6000 VMs in a single VMware Cloud DR instance. Now you can register a single vCenter to multiple protected sites.
Seamlessly switch between AWS Direct Connect and public internet: Switch between the connectivity options for a protected site without needing to re-create the protected site with the required configuration.
New Features for VMware Cloud on AWS
vRealize Automation Cloud Add-On with Improved Activation
Customers are now able to activate vRealize Automation Cloud for VMware Cloud on AWS SDDCs more easily through the VMware Cloud Console! This trial can be activated from any VMware Cloud on AWS SDDC by navigating to the SDDC’s Add-Ons tab. This feature reduces the setup to just a few clicks to configure and start using vRealize Automation Cloud. This activation will initiate a 45-day free trial with full vRealize Automation Cloud capability with the option to purchase a subscription at any point during the trial. After completing setup, the VMware Cloud account along with additional default configuration is added to vRealize Automation Cloud console allowing customers to quickly start using the product.
New Features for VMware Cloud on AWS
Introduction of NSX 4.0.0 & vSphere 8.0
This release of VMware Cloud on AWS introduces NSX-T 4.0.0 & interoperability with the next major release of vSphere 8.0. These new major releases will provide many features for enhanced security and networking functionality in VMware Cloud on AWS
Live Traffic Analysis
Live Traffic Analysis (LTA) is now enabled in VMware Cloud on AWS. LTA provides helpful insight about tracing live traffic and bi-directional packet tracing. Traffic analysis monitors live traffic at a source or between source and destination along with the packet capture. You can identify bad flows between the source and the destination. Live Traffic Analysis is supported on segments inside a single SDDC.
NSX Manager Standalone UI Access
This feature adds further enhancements to the Standalone NSX Manager UI feature introduced in 1.16. The following capabilities are enabled as part of this feature.
Ability to configure the whether the “Open NSX Manager” button defaults to Public URL or Private URL access
Ability to use API to retrieve and change this setting.
This feature will provide the ability to configure the access mode to public or private for the NSX Manager UI access. The configured setting can be retrieved or changed using the UI or API.
VPN Enhancements
FIPS 140-2 Validated Cryptographic Modules Refresh
NSX utilizes several FIPS 140-2 cryptographic modules to perform various networking functions in FIPS compliant mode. FIPS validated modules are eventually sunset when the module reaches it expiry date or NIST/CMVP
chooses to no longer re-validate certain module(s). When FIPS 140-2 cryptographic modules are sunset, vendors must replace those modules as necessary to maintain the FIPS validation of their platforms.
The FIPS 140-2 cryptographic modules leveraged in release 1.18 (VMware's VPN Crypto Module version 1.0) have been sunset.
This release introduces (VMware's VPN Crypto Module version 2.0) to maintain FIPs 140-2 Validation
More information on Validation Status can be found here: https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/modules-in-process-list
NAT Support for Policy-Based VPNs on Tier-1 Gateways
VPNs terminated on Tier-1 gateways can now support NAT rules that will allow 2 remote sites that share the same CIDR to use the same VPN
VMware NSX Advanced Firewall for VMware Cloud on AWS Add On Enhancements
These features require subscription of NSX Advanced Firewall Add-On to an SDDC.
Enhanced L7 Application IDs for Distributed Firewall (DFW)
More that 700+ additional App IDs have been added to identify & filter a more comprehensive number of Layer-7 applications. The User Interface has also been improved, so that Cloud Admins can now filter Application IDs by description, category and risk while creating or editing a DFW Context Profile.
This feature will be available for VMware Cloud on AWS SDDCs version 1.19 and higher that are subscribed to the NSX Advanced Firewall Add-On
Selective-Sync for Identity Firewall via API & UI
NSX Identity Firewall (IDFW) Active Directory (AD) configuration now supports selectively adding OUs and users. A Cloud Admin can now choose to register an entire AD (Active Directory) domain to be used by IDFW (Identity Firewall),
or can choose to synchronize a smaller subset of a large domain to prevent reaching AD sync limitations.
This feature will be available for VMware Cloud on AWS SDDCs version 1.19 and higher that are subscribed to the NSX Advanced Firewall Add-On
DHCP UI enhancement
This enhancement is targeted to have intuitive workflow and seamless user experience to the Cloud Admin for configuring DHCP. DHCP statistics for Gateway DHCP and Segment DHCP are exposed to help monitor DHCP messages.
Add a vTPM device to a virtual machine (Preview)
VMware Cloud on AWS enables customers to add a vTPM device to a virtual machine. Customers can add a vTPM device to virtual machines running Windows Server 2008 and later, Windows desktop 7 and later, or Linux. To support vTPMs in VMware Cloud on AWS, SDDCs created using version 1.19 and later will automatically include the provisioning of vSphere Native Key Provider in vCenter. Customers can opt-in to deploy new SDDCs with 1.19. This feature is available as PREVIEW and will be enabled on a request basis. Please contact your account team if you are interested in having this feature enabled for a new 1.19 SDDC.
Windows 11 Desktop Operating System Support – vTPM (Preview)
Microsoft introduced new minimum virtual hardware requirements with the Windows 11 operating system. Microsoft requires a vTPM device to be present during Windows 11 virtual machine installation and upgrades. In SDDC version 1.19, VMware Cloud on AWS is introducing a new feature to enable adding a Virtual Trusted Platform Module together with the vSphere Native Key Provider in vCenter.
Customers can opt-in to deploy new SDDCs with 1.19. This feature is available as PREVIEW and will be enabled on a request basis. Please contact your account team if you are interested in having this feature enabled for a new 1.19 SDDC.
Flexible Subscription for VMware Cloud on AWS - I3EN flexible subscription now available
Flexible Subscription is a new subscription type for VMware Cloud on AWS now available. It is available for redemption in the VMware Cloud Console as part of the subscription purchasing flow. Flexible subscription allows customers to exchange their existing VMware Cloud on AWS flexible subscription for a new VMware Cloud on AWS subscription. When requesting an exchange, the leftover value of the VMware Cloud on AWS flexible subscription will be used towards purchasing a new VMC on AWS full term subscription. Flexible subscription is available for i3.metal and i3en.metal in all regions. Customers can exchange an instance type, region or duration of their flexible subscription. Flexible subscriptions allow customers to commit to VMware Cloud on AWS but maintain flexibility when their business needs change.
Release Notes Completed (PM)
M1 Release: 2-Tier SKU-based transactional motion for VMC on AWS
With tens of thousands of partners worldwide, VMware is uniquely positioned to help our customers in their digital transformation and IT modernization journey over the past several years. Today, keeping VMware customers and partners in the forefront, we are excited to announce a new transactional motion for our channel partners to purchase VMware Cloud on AWS hosts.
With this new transactional motion, distributors and resellers are directly involved in providing value to their end customers and there is no need to purchase SPP credits upfront. Rather, distributors registered with VMware Partner Network will now be able to purchase the 1-year or 3-year prepaid subscription for VMware Cloud on AWS hosts by using SKUs from the VMware Channel price book, for a specific reseller/end customer who can immediately start consuming the service. The distributors will work with VMware sales teams to complete the purchase on behalf of the reseller/customer.
This new transactional motion provides a better experience to partners by providing them visibility and control of the commerce activities around the term subscription purchase. Partners will have access to view the subscriptions, overages, and non-host usage data that binds the end customer to the partner and the partner to VMware. With these details, partners will be able to better engage with the customers and will help customers optimize their cloud spend and drive consumption. The customer still owns the SDDCs and has the autonomy to create SDDCs, add/remove hosts, and manage Identity and Access Management. End customers will need to engage their reseller to have the distributor buy new subscriptions to cover those new hosts if they want to avoid costly on-demand host hourly charges.
Now customers can start their hybrid cloud journey with a lower cost of entry by engaging with the reseller/distributor, without the need for huge upfront SPP credit investments. They can start small by purchasing 1-year/3-year subscriptions from the reseller with a minimum of 2 hosts for the production environment and scale later as needed. And overages (on-demand hosts) and non-host charges (data transfer, elastic IP, elastic vSan, EBS, Direct Connect) will be charged monthly in arrears.
Benefits:
To customers and partners: No need for upfront capital investment in terms of SPP credits, optimized cloud spend
To partners: Better visibility into subscriptions, host/non-host usage data, overages, etc., better engagement with the customers
Simplified transactional motion where VMC on AWS is purchased by the distributor for a specific reseller/end customer combination, the subscription begins immediately, and there follows a transaction without a fund so the customer paying the partner for the whole sum is immediate.
N/A
New Features for VMware Cloud on AWS
Settings for public/private connectivity for the Open NSX Manager button
A new toggle is introduced in SDDC settings tab that enables users to change and save their default settings of the Open NSX Manager button from via the Internet to via internal network for better performance and security. The feature is available for both VMware Cloud on AWS and VMware Cloud on Dell services.
New Features for VMware Cloud on AWS
Regional Log Support for Canada (Preview)
VMware Cloud on AWS customers can now choose to forward SDDC logs to Canada (Central) in addition to Asia Pacific (Sydney), Europe (Frankfurt) or the default destination in US West (Oregon). Once applied, this configuration becomes an organization-level change and all SDDC vRLIC logs will forward to the new region. Customers can only choose a single vRLIC region for an organization. Please open a Service Request or Chat with Support to request enabling this feature for a customer organization.
New Features for VMware Cloud on AWS
NFS Datastores (Preview)
NFS Datastore support within VMware Cloud on AWS allows independent scaling of compute and storage within the SDDC. NFS datastores augment vSAN and can store Virtual Machines, Virtual Disks, Content Libraries, ISO, etc. Datastores are managed from the SDDC services console and associated with and attached to vSphere Clusters. Customers may attach any VMware Cloud Certified NFS Storage from the SDDC management console. This feature is available as PREVIEW and will be enabled on a request basis. Please contact your account team if you are interested in having this feature enabled for your SDDC.
VMware Cloud on AWS Certified NFS Storage
The following have been certified for use as NFS datastore within VMware Cloud on AWS.
FSx for NetApp ONTAP
Preview Restrictions
SOIC is not supported and will be automatically disabled if turned on.
The following integrated services do not currently support NFS Datastores:
VMware Cloud Disaster Recovery
VMware Site Recovery
Tanzu Services
New Features for VMware Cloud on AWS
2/3 Node Starter Kit Launch
The 2/3 Node Starter Kit has launched on 3/15/22. With the Starter Kit offer, any net new customer becomes eligible for upto 20% discounted pricing on the purchase of their first 1 year or 3 year subscription of 2/3 hosts. This is applicable to both I3 and I3en host types and can be purchased through VMware and their channel partners. This offer allows customers to begin their cloud migration journey at a low cost with a rich set of enterprise capabilities. Eligible customers can take advantage of both this, and the limited time price promotion for VMware Cloud on AWS I3 metal hosts. The Starter Kit cannot be purchased through AWS as a seller and cannot be bundled with MSP discount tiers.
For more information, please see https://blogs.vmware.com/cloud/2022/03/15/announcing-limited-time-price-promotion-for-vmware-cloud-on-aws-i3-metal-hosts/
VMware Cloud Disaster RecoveryTM
Support for AWS Direct Connect Private VIF: VMware Cloud DR now supports Amazon Web Services(AWS) Direct Connect (DX) private virtual interface (VIF)for on-premises protected site networks. AWS Direct Connect provides a dedicated network connection between your on premises data center and AWS services, which allows for high bandwidth and a more secure connection. To learn more, click here.
Additional details added to events list: View detailed information for a selected event underneath the events list including information such as start time, end time, and for snapshot jobs, the number of VMs in snapshot and the amount of snapshot data transferred. Also, you can open the snapshot log to view all events for the related snapshot to find any failed or missed snapshot replications.
Enhancements to protection group page: View all events related to a protection group in a single place under a dedicated tab for events in the protection group page. Additionally, the protection group list now shows the health status, logical storage capacity, last snapshot information and access to the snapshot log for each protection group.
Snapshot usability enhancements: Edit snapshots in a protection group to change a snapshot's name and its retention schedule. Also multi-select multiple snapshots and edit all of their retention schedules in a bulk operation.
Default Protection Group schedule optimized for Ransomware Recovery: When creating or editing a protection group, get recommended a 60 day snapshot retention schedule to ensure effective ransomware recovery.
Enhanced compliance checks: DR Plan compliance checks now provide flags about a plan's protection group health and snapshot retention expiration. Additionally, compliance checks indicate if any VMs in the snapshot were not snapshotted according to the protection group configuration.
Reuse saved settings for DRaaS connector deployment: Easily deploy additional DRaaS connectors by reusing existing settings from previous connector deployment.
REST APIs for monitoring (Preview): Build automation by leveraging VMware Cloud DR public REST APIs to retrieve information about protected VMs, protected sites, protection groups, snapshots, cloud file system and recovery SDDCs. REST APIs have been released in preview and future releases of REST APIs will not be backwards compatible with this release.
Network design simplifications: Simplify your DR network design by only using Port 443 for communication between DRaaS Connector and Orchestrator. For latest network port diagram, please click here.
Protect workloads on sites with stretched clusters: Protect your vSphere workloads on sites with stretched cluster enabled using VMware Cloud DR. The protected site could be an on-premises data center or VMware Cloud on AWS SDDC with stretched cluster enabled.
New Features for VMware Cloud on AWS
VMware Cloud on AWS Multi CGW
This feature enables customers to create additional CGWs (Compute Gateways or Tier-1 Gateways) and manage the life cycle for those CGWs. Customer managed CGWs can be created as Routed, NAT'ed or Isolated CGWs. This feature will support addition of static routes, route aggregation, filtering, local DHCP server or DNS forwarding, and Traceflow. This feature will enable the following use cases:
Multi-tenancy within an SDDC
Overlapping IPv4 address space across CGWs
Gateway Firewall/ NAT scoped to individual CGWs
Support for static routes on customer managed CGW
Access to the Connected VPC from customer managed CGW
Deployment of Isolated test 'segments’ for Disaster Recovery (DR) testing or “sandbox” environments.
Support for policy, route-based and L2 VPN to customer managed CGWs
For more information, please see https://blogs.vmware.com/cloud/2022/04/06/vmware-cloud-on-aws-advanced-networking-and-routing-features/
Route Aggregation for Advertisement over Direct Connect & Transit Connect
Customers now have more control over which SDDC CIDRs are advertised externally over Direct Connect & Transit Connect. These can be set via the NSX UI or NSX API. A customer can now:
Define desired SDDC CIDRs to advertise in a 'Prefix List'
Associate the Prefix List with a supported 'Connectivity Endpoint' to advertise routes
Supported 'Connectivity Endpoints include:
Direct-Connect & Transit Connect
Connected VPC
For more information, please see https://blogs.vmware.com/cloud/2022/04/06/vmware-cloud-on-aws-advanced-networking-and-routing-features/
VMware Cloud on AWS support for AD/LDAP
This feature will provide the ability to use Active Directory or OpenLDAP as an external authentication method in VMware Cloud on AWS. Customers can use this integration for:
Assigning NSX-T cloud-admin roles based on Active Directory or OpenLDAP group membership
DNS FQDN zones for Management Network
This feature enables customers to configure DNS FQDN Zones for Management Gateway traffic. This provides multi-tenant customers more flexibility to configure distinct FQDN zones on the MGW DNS forwarder.
Tanzu Kubernetes Grid (TKG) Services
Customers can now enable Tanzu Kubernetes Grid (TKG) Services on existing SDDCs and clusters on VMware Cloud on AWS and VMware Cloud on Dell EMC. There is no longer a need to create new SDDCs or new Clusters, allowing customers to leverage their existing environments.
Please consult the Tanzu on VMware Cloud documentation for details around capacity requirements and activation guidance.
New Features for VMware Cloud on AWS
New updates to Cloud Management solution in VMC Launchpad
In addition to the Overview tab for Cloud Management solution in the Launchpad, we have added Journey and Resources tab that provides additional documentations for users to get a jump start when learning and adopting the vRealize services. Under the Journey tab, you will find list of detailed steps and instructions for each vRealize service that guide you all the way from planning to deployment.
New Features for VMware Cloud on AWS
VMC support request submission process has moved from CSP to Connect Support, which is hosted on the VMware Customer Connect portal. This change aligns submission of support requests to the broader VMware organization. With this change, we obtain the following benefits:
Improved search capabilities, including KBs
Ability to take advantage of support focused tools
General digital experience improvements
Submitter can select what timezone they would like the ticket to be worked in
24x5 support based on the submitters timezone (SRs submitted through web only)
24x7 support for Severity 2 for Success 360 customers (SRs submitted through web only)
For more information, please refer to How Do I Get Support. Detailed instructions for submitting a Support Request can be found here.
New Features for VMware Cloud on AWS
3-Host scale-down
With this service update, Customers can scale down 3-host non-stretched single-AZ clusters to 2-host clusters. The scale-down process will remove any additional Elastic DRS configuration, and the cluster will revert to the Baseline Policy.
Telco Cloud Platform – Public Cloud 1.0
Telco Cloud Platform Public Cloud is a new Public Cloud platform that caters directly to Telecommunications Service Providers. This platform builds on top of existing Telco-class platforms VMware Cloud on AWS, Telco Cloud Platform and Telco Cloud Infrastructure, catering to Telco Requirements. VMware Telco Cloud Platform – Public Cloud is a cloud-smart solution, tightly integrated with VMware Cloud. The joint solution allows our customers to extend their on-premises telco clouds built with VMware Telco Cloud Platform. This first release is available on VMware Cloud on AWS SDDC Version 16.2. For more information go to https://docs.vmware.com/en/VMware-Telco-Cloud-Platform-Public-Cloud/index.html and to get started, https://vmc.vmware.com/solutions/telco-cloud/overview.
New Features for VMware Cloud on AWS
VMware Transit Connect – Intra-Region Peering with AWS TGW
This feature enables VMware Cloud on AWS SDDC customers to peer their VMware Transit Connect with AWS Transit Gateway (TGW) in the same region. With this, customers can establish high bandwidth connectivity between their VMC SDDC Group and AWS TGW, enabling seamless access to AWS VPC resources at scale without the need for a Transit VPC. Customers can scale their deployments without incurring additional data processing charges for data transferred over an intra-region peering attachment to/from Transit Connect.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
PCI DSS AOC/ROC: VMware Cloud DR is now compliant with hardening requirements for Payment Card Industry Data Security Standard (PCI DSS). Please refer to our Shared Responsibility Model and Product Documentation to review details of security considerations and implementations. You can download our PCI DSS Attestation of Compliance on VMware Cloud Trust Center or reach out to your sales representative for our Report of Compliance.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
SOC 2 Type 2 and SOC 3: We have obtained our SOC 2 Type 2 and SOC 3 Reports of Compliance. You can download our SOC 3 report on VMware Cloud Trust Center or reach out to your sales representative for our SOC 2 Type 2 report.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
File-level Recovery: Leverage VMware Cloud DR for operational restores and ransomware recovery by extracting guest files from an older snapshot of the VM. Use the VMware Cloud DR UI to browse the guest file system across any snapshot, and download a specific set of files or folders as a zip archive. See more details, see Recover Guest Files.
Application consistent snapshots with OS quiescing: Protection groups now support quiesced snapshots, which ensure that a snapshot represents a consistent state of the guest file systems of VMs in the group. From a quiesced snapshots you can restore the VM and its application to the same state as before a snapshot was taken. For more information, see App-consistent Snapshots with Quiescing.
Protect workloads running on VMware Cloud on AWS SDDC with low RPOs: Protect your workloads running on VMware Cloud on AWS SDDC using high-frequency snapshots to achieve RPOs as low as 30 minutes. The protected VMware Cloud on AWS SDDC should be version 1.16 or higher.
Convert protection groups from standard-frequency snapshots to high-frequency snapshots: Seamlessly convert protection groups to use high-frequency snapshots and achieve RPOs as low as 30 minutes without requiring a re-seeding of the VM data. Once a protection group is converted to use high-frequency snapshots, it cannot be reverted back.
IP address access list: Enhance the security of your DR environment by adding IP addresses and/or CIDR blocks to an allow-list so that access to the VMware Cloud DR scale-out cloud file system, orchestrator, and UI is only permitted from those IP addresses.
Custom user for protected vCenter registration: Register the vCenter in your on-premises protected site using a custom vCenter user with the minimal set of permissions required by the DRaaS Connector for protection and replication operations. Manually update the user to add other permissions required for failback only when necessary. Now use the VMware Cloud DR UI for this registration method. Use a human-readable custom script to create the vCenter user and role with minimal privileges.
In-product feedback: Provide instant feedback on your experience using VMware Cloud DR from within the UI.
Connectivity checker: Test communication between the connector and the VMware Cloud Disaster Recovery Orchestrator, cloud file system, and Auto-support server, and the protected site vCenter and ESXi hosts by using the DRaaS Connector CLI.
Improved replication progress reporting: Monitor the real time progress of snapshot replication in greater detail with the Tasks list, which shows percentage of data being transferred, the amount of data being transferred, the data transfer rate during and after the task. You can also view replication throughput from the Topology map for in-progress snapshot tasks.
VMware HCX interop: Migrate workloads using VMware HCX to VMware Cloud on AWS SDDCs while having them protected with VMware Cloud DR.
Protect workloads running on vSphere 7.0 update 3: Protect workloads running on sites that are on vSphere 7.0 Update 3.
Support for 2-host i3en.metal: Reduce your steady state and recovery infrastructure costs by using a 2-host i3en.metal SDDCs.
Multiple 2-host clusters in recovery SDDC: Optimize recovery infrastructure costs by adding a 2-host secondary cluster to your 2-host pilot light cluster.
Scale up from 1-host to 2-host: Scale up from a non-durable 1-host SDDC to a durable 2-host recovery SDDC. This is ideal for customers running evaluation using a 1-host pilot-light SDDC who then want to upgrade their pilot-light SDDC for permanent usage.
AWS Asia-Pacific (Osaka) region: Protect and recover your workloads in AWS Asia-Pacific (Osaka) region.
SDDC Inventory Screen Renaming
The SDDC inventory screen in the VMC Console has been renamed from “SDDC” to “Inventory” in both the left-nav menu as well as the top of the screen. There are no feature, functionality, API, or URL changes or impacts as a result of this rename.
Elastic DRS Baseline Policy
This new policy replaces the Default Storage Scale-Out policy. This policy is always in effect and cannot be disabled. The baseline policy will scale out the cluster should any of the following occur:
Less than 20% free capacity on any vSAN cluster
Availability Zone Failure
To learn more about Elastic DRS and the policies available visit the VMware Cloud on AWS Documentation.
New Features for VMware Cloud on AWS
VMware Cloud on AWS
New solution in Launchpad – Telco Cloud
Leverage Launchpad to learn about how Telco Cloud Platform – Public Cloud solution enables you to run your network functions and IT workloads on VMware Cloud on AWS with ease while keeping consistent operations across any of your telco clouds, from core, edge, RAN, to public Cloud. Learn more about Telco Cloud Platform – Public Cloud
PCI DSS certification for VMware Site Recovery
VMware Site Recovery received the highest level of PCI certification (PCI DSS Level 1 provider status). By being certified as PCI DSS compliant level 1 service provider, VMware Site Recovery service operates in compliance with PCI DSS compliant security measures and controls, thereby potentially addressing the needs of a broad range of customers and workloads that need to store, process, or transmit cardholder or sensitive authentication data. PCI compliance will be enabled in the AWS regions that support VMware Cloud on AWS where SDDCs are configured for compliance hardening for PCI. For more information, see Available AWS Regions.
New Features for VMware Cloud on AWS
VMware Cloud on AWS Outposts
VMware Cloud on AWS Outposts, the VMware and AWS jointly engineered on-premises as-a-service solution that integrates VMware’s enterprise-class Software-Defined Data Center (SDDC) software for compute (vSphere), storage (vSAN), and networking (NSX) along with vCenter Management, which runs on next-generation, dedicated Amazon Nitro-based EC2 bare-metal instances provisioned in AWS Outposts. As fully managed service, VMware Cloud on AWS Outposts relieves IT teams from the burden of managing infrastructure and empowers them to focus on business innovation by bringing the cloud operating model on-premises. This service is available with the v1.17 release of VMC on AWS. For more information, please see VMware Cloud on AWS Outposts Overview.
DR protection for up to 3000 VMs per SDDC
VMware Site Recovery™ now supports replication of up to 3,000 virtual machines to a single target VMware Cloud™ on AWS Software Defined Data Center (SDDC), allowing you to protect larger environments. To protect up to 3,000 virtual machines, Site Recovery Manager and vSphere Replication must be of version 8.4 or later. For more details, see Operational Limits of Site Recovery Manager in the VMware Site Recovery documentation.
New Features for VMware Cloud on AWS
Elastic DRS Storage Scale-up threshold update
Due to enhancements in vSAN, the vSAN Slack Space requirement has been decreased from 30% to 20%. To accommodate this improvement the Storage Scale-up threshold for all Elastic DRS policies has been increased to 80%. Customers can now consume up to 79% of vSAN capacity regardless of the Elastic DRS policy.
Tanzu Mission Control Essentials for VMware Cloud on AWS customers
Every new VMware Cloud on AWS customer will be given access to VMware Cloud with Tanzu services once they deploy a VMware Cloud on AWS SDDC or purchase a subscription. Tanzu Mission Control Essentials, is a version of Tanzu Mission Control specifically designed for VMware Cloud offerings. It will provide a set of essential capabilities for multi-cloud, multi-cluster Kubernetes management of any conformant Kubernetes clusters anywhere. Existing VMC customers can activate TMC-E by requesting for this feature to be enabled on SDDC v1.16 through their VMware account team or via opening a support ticket or reaching out to us on chat. More information can be found here.
Managed Storage Policy: Monitoring and alerting about VMs with SLA non-compliant policies
Managed Storage Policy has been enhanced to perform a daily scan of your environment and to notify you about VMs with non-compliant policies. Customers will be notified via email about VMs with non-compliant policies. They will be able to view an inventory of VMs with non-compliant objects in the VMC console and they will also have the option to remediate a few or all of the VMs by applying SLA compliant policies with a single click of a button.
New Features for VMware Cloud on AWS
2-Host Stretched Clusters (1-1)
Customers may now deploy a 2-host stretched cluster. With a single host in each AZ and a managed witness in the third, the cluster can survive the loss of an entire AZ. This powerful capability enables business-critical applications within VMware Cloud without rearchitecting for AWS Availability.
With One host per AZ, vSAN depends on the Dual Site Mirror for resiliency and therefore comes with a 99.9% availability guarantee. This can be increased to 99.99% at any time by scaling up to a 6-host cluster.
Elastic DRS storage-only scale-out is enabled by default. If a 2-host stretched cluster is scaled up to a 4-host, the cluster can not be scaled back down. For more information, please see the 2-Host release and or Stretched Cluster design considerations.
Stretched Cluster resiliency improvements
Elastic DRS has been improved to increase the resiliency of any Stretched Cluster. This enhancement is provided free of charge and works in conjunction with the existing Auto-Remediation capabilities found in Auto-Scaler. This release provides the following improvements:
The VMware Cloud service will automatically Scale-Out any Stretched Cluster on AZ failure. With this latest enhancement, the cluster will automatically Scale-In as soon as the failed AZ has been restored and the burst capacity is no longer needed.
Should an instance fail on a Stretched Cluster and Auto-Remediation is unable to recover or replace the host. The service will add the instance to the other AZ until a new host can be recovered in the original AZ. This capability is added free of charge and will attempt to maintain the Compute resources in the event of a partial AZ failure by adding non-billable hosts to the surviving AZ until the cluster has returned to its original host count. This functionality is dependent on free capacity and therefore carries no guarantee.
New Region: Asia Pacific (Osaka)
Customers can now deploy SDDCs in the Asia Pacific (Osaka) region. Please note that this region does not currently support the SDDC Groups with TGW feature. For more information about supported features per region, please see Available AWS Region details. This region can only be enabled by request. Please open a Service Request or Chat with Support to request this region.
New Region: Asia Pacific (Osaka) for VMware Site Recovery
VMware Site Recovery™ now supports activation on SDDCs provisioned in the Asia Pacific (Osaka) region of VMware Cloud™ on AWS.
New Features for VMware Cloud on AWS
Notification Preferences
Customers are now able to control which email notifications they receive using the Notification Preferences functionality found in the left menu of the VMC Console. As an Org Member or Org User, you will be able to select either individual notifications to receive, or entire categories.
New Features for VMware Cloud on AWS
VMware Transit Connect
VMware Transit Connect/ SDDC Group connectivity to External TGW (across regions). This feature enables VMware Cloud on AWS customers to peer their native Transit Gateways (TGW) with VMware Transit Connect, simplifying access between VMC and AWS resources across accounts and across regions, while retaining control over connectivity in the respective environments. This capability becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above). For more information please see VMware Transit Connect Enhancements.
VMware NSX Advanced Firewall
VMware NSX Advanced Firewall is Generally Available to paying customers on October 1 2021. Customers using the service after October 1 2021 will incur charges as published at https://www.vmware.com/products/nsx-advanced-firewall-for-vmc.html
NSX Advanced Firewall 1-year and 3-year Subscriptions. NSX Advanced Firewall is available with 1-year and 3-year subscriptions. Customers can avail of significant cost savings compared to on-demand consumption of the NSX Advanced Firewall by making a commitment to a number of hosts per region. Subscriptions can be purchased on the VMC console on a per-region and per host-type basis. NSX Advanced Firewall provides the advanced security of NSX Distributed IDS/ IPS, NSX Identity Firewall and Distributed Firewall Layer7 with Application Identification and FQDN Filtering. Available as an Add-on for VMware Cloud on AWS SDDCs version 1.15 and higher. For more information please see this page.
VMC Networking UI in standalone mode
VMC users can access the VMC Networking UI in standalone mode from the Internet using the Open NSX Manager button in the VMC UI for easy access. The standalone Networking UI features the VMware NSX Manager user interface with a streamlined layout and separate tabs for Networking, Security and Troubleshooting. Users can authenticate themselves using CSP credentials. Users can also access the VMC Networking UI in standalone mode over Direct Connect, Transit Connect or VPN.
NSX Traceflow for Visibility and Self-serve Troubleshooting
VMware Cloud on AWS customers can utilize Traceflow to inspect the path of a packet from source to destination in the SDDC. Traceflow provides visibility for external communication over VMware Transit Connect.
Networking and Security - Operational Improvements
Customers can view network traffic stats per external interface to the SDDC. The Global Configuration tab provides user visibility in terms of bytes/ packets received and transmitted per uplink. Users can also control interface settings on the Global Configuration tab.
vSphere Distributed Switch (VDS)
The vSphere Distributed Switch (VDS) enables customers to manage NSX network segments as vCenter DVPG objects. New deployments in 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade. The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/ return values are changing, therefore customers need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16.
For more details, including the latest VMware and partner application versions that are compatible with VDS, please refer to the KB https://kb.vmware.com/s/article/82487
Custom Metering for Elastic IP: This feature will only meter against those elastic IPs that are unattached.
EIPs are the public IPs which are created to fulfill different purposes in SDDC instances. They can be requested by customers or requested for SDDC functionality such as those used on MGW, vCenter etc. EIPs result in charges. The cost per EIP is $0.005 per hour which could compute to about $10K per month across the fleet. Having identified that customers should be billed only for the EIPs requested by them and not for the ones created for functioning of SDDC, we made a policy decision to ensure they are only billed for the IPs they create. This resulted in cost savings of up to 50% for a customer and has also addressed issues related to timing of billing as custom metering allows for customers to be billed in relevant bill period
Custom Metering for Transit Connect: custom metering for Transit Connect charge type which provides the following benefits:
Customers can view, manage, and interpret their billing and usage data in real time: Transit connect usage and bill data will now be visible on console in the relevant bill period and monthly cycle with usage data visible every 4 hours
Customers will be billed in the appropriate bill cycle: Prior to custom metering, we had a dependency on the cost and usage report provided by AWS to pass these charges to the customer. This was provided in arrears with a month’s delay from the actual bill period. This is now eliminated with custom metering of this charge type which allows for timely billing and cost management for the customer.
Managed Kubernetes service (Gated Availability)
Tanzu-based Managed Kubernetes Service on VMware Cloud on AWS is Available. This enables a consistent managed experience on-premises, in the public cloud, and on the edge. IT or cloud admins can enable the Kubernetes service on VMware Cloud on AWS cluster to deploy, run and scale containerized workloads. Once enabled, customers will be able to manage VMs and containers through the familiar vCenter Server interface. This service is available in all VMware Cloud on AWS regions and is currently supported on three (3) or more host SDDC clusters. Customers will get access to a set of Tanzu Mission Control capabilities, to centrally manage cluster lifecycle, operate, and secure their Tanzu Kubernetes clusters on VMware Cloud on AWS.
During this gated availability, customers will be able to deploy the managed Kubernetes service on new clusters only and Customers must explicitly request for this feature to be enabled on SDDC 1.16 through their VMware account team. Please note a minimum of 3-host or 4-host will be required for medium-sized or large-sized SDDCs respectively.
Advanced Workload protection on VMware Cloud (AWS)
VMware Carbon Black Workload™ now delivers advanced protection purpose-built for securing workloads running in VMware Cloud to reduce the attack surface and strengthen security posture, while simplifying operations for IT and Security teams.
Compute Policy Scale Increase
The limit for VM-VM anti-affinity compute policies has been increased to 1500 (total of all compute policies combined). The limit for all other compute policies remains at 100. Using the card view is recommended when working with a large number of policies in the UI. See the VMware Configuration Maximums page for limit details.
VMware Transit Connect Support in VMware Site Recovery
VMware Site Recovery™ now supports using VMware Transit Connect to get high-speed and resilient connections between VMware Cloud on AWS SDDCs across different AWS regions for DR replication traffic.
Single Host expiration extended to 60 days from 30 days
This new update will give you more sufficient time to test your use cases with VMware Cloud on AWS Single Host SDDC. This applies only to new SDDCs deployed since 10/8. Existing single host SDDCs deployed before this date will remain on 30 days. Learn More
VMware NSX Advanced Firewall
VMware NSX Advanced Firewall is Available to paying customers on October 1 2021. Customers using the service after October 1 2021 will incur charges as published at https://www.vmware.com/products/nsx-advanced-firewall-for-vmc.html
NSX Advanced Firewall1-year and 3-year Subscriptions. NSX Advanced Firewall is available with 1-year and 3-year subscriptions. Customers can avail of significant cost savings compared to on-demand consumption of the NSX Advanced Firewall by making a commitment to a number of hosts per region. Subscriptions can be purchased on the VMC console on a per-region and per host-type basis. NSX Advanced Firewall provides the advanced security of NSX Distributed IDS/ IPS, NSX Identity Firewall and Distributed Firewall Layer7 with Application Identification and FQDN Filtering. Available as an Add-on for VMware Cloud on AWS SDDCs version 1.15 and higher. For more information please see this page.
VMware Transit Connect/ SDDC Group connectivity to External TGW (across regions)
This feature enables VMware Cloud on AWS customers to peer their native Transit Gateways (TGW) with VMware Transit Connect, simplifying access between VMC and AWS resources across accounts and across regions, while retaining control over connectivity in the respective environments. This capability becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above). For more information please see VMware Transit Connect Enhancements.
Storage policy configuration update for VMC deployments
When manually selecting or modifying a VM storage policy, please select the following option as part of the workflow in the vSphere Client: Edit VM Storage Policy > vSAN > Storage Tier > All Flash. The other options (No Preference and Hybrid) are not supported in VMC and will be hidden in a future release so that customers will not need to manually select this when configuring or modifying policies. If you select Storage Tier > No Preference, you might observe alarms and will need to change your selection option to All Flash manually.
New Features for VMware Cloud on AWS
vRealize Operations Cloud Add-On with Seamless Activation (Preview)
Customers are now able to activate vRealize Operations Cloud for VMware Cloud on AWS SDDCs directly through the VMware Cloud console! This trial can be activated from any VMware Cloud on AWS SDDC by navigating to the SDDC’s Add-Ons tab. This feature reduces the manual steps to just a few clicks to configure and start using vRealize Operations Cloud. This activation will initiate a 30-day free trial with full vRealize Operations Cloud capability with the option to purchase a subscription at any point during the trial. After activation, all vRealize Operations Cloud service use and operations will occur from the vRealize Operations Cloud console. Please open a Service Request or Chat with Support to request this feature.
New Features for VMware Cloud on AWS
2-Host i3en.metal clusters
Customers may deploy 2-host i3en.metal Clusters as the primary cluster within an SDDC as well as secondary clusters within an existing SDDC. Secondary 2-host i3en.metal clusters support custom core counts of 16, 24, 30, 36, or 48.
Storage Only Scale-outwarnings
The VMware Cloud on AWS service will now send warning notifications when any cluster is within 5% of a forced scale-out due to storage utilization. These notifications warn of the potential need to add hosts for stability and provide the ability to reduce storage consumption to avoid the scale-out.
Host replacement email notifications
In addition to the Activity Log and Log Insight notifications, the VMware Cloud on AWS service will now send email notifications whenever a host issue is detected or a host is replaced. These notifications are opt-in only and disabled by default.
AZ Failure Simulation Report
This report enhances the AZ failure simulation process by sending a status report upon completion of any scheduled testing. In addition, this report will include time to recovery and details on any workload that HA couldn't recover.
New Features for VMware Cloud on AWS
You Can Now Begin your App Modernization Journey with the New Application Transformer for VMware Tanzu on VMware Cloud on AWS (Preview)
Application Transformer for VMware Tanzu is a portfolio analysis and application containerization tool. Use Application Transformer to automate discovery, structure migration planning, and accelerate application containerization. To get started Download Application Transformer for VMware Tanzu and the Eval Guide in the VMC Console. For more details please refer to this blog post here.
You Can Now Purchase VMware Cloud DR instantaneously from the Purchase Online Page
With the streamlined end-to-end experience, you can access, learn, and deploy VCDR through the Purchase Online page and VMware Cloud Launchpad. It is the fastest and the easiest way to get both VMware Cloud on AWS and VMware Cloud DR. View the step-by-step guide in the blog post here.
New Features for VMware Cloud on AWS
New Updates for VMware Cloud Launchpad
New solution – Cloud Management: Provides information on vRealize Cloud Universal. VMware Cloud Universal customers can access the vRCU subscription creation flow from Launchpad.
New solution – Desktop: Provides an overview page, a step-by-step journey page that takes you through learn, plan, deploy phases, and a resource page that helps you learn about the solution.
New update for Kubernetes: You can now take advantage of updated content, which provides an overview of the Tanzu services you can use with VMware Cloud today. These services include vSphere 7 with Tanzu (in Preview), Tanzu Kubernetes Grid and Tanzu Mission Control. Customers who are part of the vSphere 7 with Tanzu preview on VMware Cloud, can enable a managed Kubernetes service through Launchpad. Customer with Application Modernization initiatives can take advantage of the VMware App Navigator content under Resources.
New Features for VMware Cloud on AWS
Managed Kubernetes service (Preview)
Tanzu-based Managed Kubernetes Service on VMware Cloud on AWS is in preview. This enables a consistent managed experience on-premises, in the public cloud, and on the edge. IT or cloud admins can enable the Kubernetes service on VMware Cloud on AWS cluster to deploy, run and scale containerized workloads. Once enabled, customers will be able to manage VMs and containers through the familiar vCenter Server interface. This service is being previewed in all VMware Cloud on AWS regions and is currently supported on three (3) or more host SDDC clusters. Customers will get access to a set of Tanzu Mission Control capabilities to centrally manage cluster lifecycle, operate, and secure their Tanzu Kubernetes clusters on VMware Cloud on AWS.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
Bring your existing recovery SDDC: Maximize your investment in VMware Cloud on AWS by using an existing SDDC created from the VMware Cloud console, for recovery with VMware Cloud DR. Clusters and hosts added to Vmware Cloud DR from VMware Cloud console are automatically recognized by VMware Cloud DR.
User actions added to events list: View a log of user actions such as login, logout, configuration changes, and DR Plan executions in the Monitor view of the VMware Cloud DR UI. The user ID and the source IP address are shown for each item in the Events list, enhancing your ability to audit user actions.
Protect workloads running in VMware Cloud Foundation: Expand your DR strategy to include protection of your virtual machines running in VMware Cloud Foundation (VCF). See the VMware Product Interpretability Matrix for the latest information on interoperability of VMware Cloud DR with other other solutions.
DR protection for up to 2500 VMs per AWS region per VMware Cloud organization: Protect larger environments by replicating up to 2500 virtual machines to a single AWS region in a VMware Cloud organization. You might need to split 2500 VMs across multiple VMware Cloud DR file systems for larger protected capacity scale. See VMware Configuration Maximum tool for operational scale limits of VMware Cloud DR.
Replication throughput in UI: See the network throughput of the replication data traffic between the source site and the target VMware Cloud DR cloud file system. The throughput can be viewed in the Dashboard Topology map and on the Protected Sites page in the VMware Cloud DR UI.
AWS Europe (Milan) region: You can now protect and recover your vSphere virtual machines in AWS Europe (Milan) region.
New Region: Europe (Milan) for Site Recovery Manager
VMware Site Recovery™ now supports activation on SDDCs provisioned in the Europe (Milan) region of VMware Cloud™ on AWS.
New Features for VMware Cloud on AWS
Flexible Subscription for VMware Cloud on AWS(Preview)
Flexible Subscription is a new subscription type for VMware Cloud on AWS now available in preview. It is available for redemption in the VMware Cloud Console as part of the subscription purchasing flow. Flexible subscription allows customers to exchange their existing VMware Cloud on AWS flexible subscription for a new VMware Cloud on AWS subscription. When requesting an exchange, the leftover value of the VMware Cloud on AWS flexible subscription will be used towards purchasing a new VMC on AWS full term subscription. Flexible subscription is available for i3.metal in all regions. Customers can exchange an instance type, region or duration of their flexible subscription. Flexible subscriptions allow customers to commit to VMware Cloud on AWS but maintain flexibility when their business needs change.
New Features for VMware Cloud on AWS
Regional Log Support for Frankfurt and Sydney (Preview)
VMware Cloud on AWS SDDCs currently forward vRLIC logs to US West (Oregon) region. With this new feature, SDDCs can now forward vRLIC logs to Asia Pacific (Sydney) or Europe (Frankfurt) regions. Once applied, this configuration becomes an organization-level change and all SDDC logs will point to the new region. Customers can only choose a single vRLIC region for an organization. This feature can be enabled only by request. Please open a Service Request or Chat with Support to request this feature.
New Features for VMware Cloud on AWS
New Region: Europe (Milan)
Customers can now deploy SDDCs in the Europe (Milan) region. Please note that in order to link an AWS Account to an SDDC in this region, customers must first opt-in their linked account as per the instructions at https://docs.aws.amazon.com/general/latest/gr/rande-manage.html.
New Features for VMware Cloud on AWS
Enhanced Log Forwarding Filter: Log forwarding from vRealize Log Insight Cloud now supports additional filter options for whether a field exists or not, in addition to existing filter options for whether a field name contains or does not contain specific values. You can specify these filter conditions to select which events are forwarded to an external destination.
SDDC Grouping Activity Logs for VMware Cloud: You can now access all your VMware Cloud SDDC Grouping activity logs in vRealize Log Insight Cloud. These logs correspond to the following activities:Creation of an SDDC Group.
Modification of an SDDC Group
Removal of an SDDC Group
Addition of an SDDC Member to a Group
Removal of an SDDC Member from a Group
Addition of a Direct Connect Gateway to a Group
Removal of a Direct Connect Gateway from a Group
Addition of an External AWS Account
Removal of an External AWS Account
Modification of External Attachments
New Features for VMware Cloud on AWS
The VMware Cloud on AWS SLA has been revised:
99.9% availability for any Stretched Cluster with 4-hosts or less
Clarified the storage policy requirements for SLA eligibility
Removed Elastic vSAN
VMware Cloud Disaster RecoveryTM
Inter-AZ DR in VMware Cloud on AWS: Protect your virtual machines running in VMware Cloud on AWS to a designated recovery Availability Zone within the same AWS region, ensuring the data stays in the same region even after recovery. See here for more information.
Cloud File System deployment wizard. Deploy the Cloud File System for replication and recovery using a self-service wizard in the VMware Cloud Disaster Recovery UI. See here for more information.
SOC 2, Type 1 Compliance: System & Organization Control (SOC) Reports are independent, third-party examination reports that demonstrate how VMware Cloud DR achieves key compliance controls and objectives to meet SOC 2, Type 1 requirements. The purpose of these reports is to help you and your auditors understand the controls established to support operations and compliance.
Avoid full re-sync even when CBT is disabled on the protected site: Fall back to a fingerprint-based method to efficiently calculate the delta when Change Block Tracking (CBT) is disabled on the protected site. This helps to avoid a re-transfer of all the virtual machine data and reduces interruptions to DR protection.
Auto-exclude management virtual machines from protection groups: vSphere Cluster Services (vCLS) VMs, DRaaS Connector VMs and VMware Cloud on AWS management VMs are now automatically excluded from protection groups.
Capacity limit monitoring: View the currently protected storage capacity relative to the maximum capacity limit of the Cloud File System. This is displayed as a percentage value in the cloud file system information panel. See here for more information.
Usability enhancement: The global summary page now shows number of running DR plans.
For a list of caveats, limitations, and known issues please visit the VMware Cloud Disaster Recovery Release Notes page.
New Features for VMware Cloud on AWS
vRealize Log Insight Cloud Update: vRealize Log Insight Cloud delivered a major product update. For a detailed overview of updates, please see the following link.
Knowledge Base (KB) Insights: You can now browse and view the VMware knowledge base such as KB articles and community solutions for log events with errors or exceptions, and take actions to resolve them. KB insights use sophisticated machine learning techniques to help detect and associate log errors or events with suggested solutions from a knowledge base created by experts for similar problems solved in the past. You can learn more about Knowledge Base (KB) Insights here.
What's New: A new user-friendly What’s New pop-up window now provides information about the latest features in vRealize Log Insight Cloud.
Microsoft SPLA – Academic Licenses
Microsoft SPLA is now offering customers who qualify as an Educational Institution per Microsoft’s definition to self-identify themselves on the VMC Console while editing Microsoft licenses. This allows customers who qualify the advantage of the special Academic Pricing for Microsoft licenses.
New Features for VMware Cloud on AWS
VMware Transit Connect/ SDDC Group connectivity to Transit VPC
VMware Transit Connect enhancement to enable Transit VPC connectivity. VMware Transit Connect customers can configure a static route for a VPC attachment in the same AWS region. This capability becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above).
VMware Transit Connect/ SDDC Group connectivity across regions
SDDC Groups can now be expanded across regions. Customers can select SDDCs in more than one region for an SDDC Group. VMware Transit Connect provides automatic provisioning and connectivity for SDDCs Group members across multiple regions. This provides high bandwidth connectivity for SDDC to SDDC communication across regions.
VMware NSX® Advanced Firewall for VMware Cloud on AWS
VMware Cloud on AWS introduces major security capabilities. NSX Advanced Firewall includes NSX Distributed IDS/ IPS, NSX Identity Firewall and Distributed Firewall Layer7 with Application Identification and FQDN Filtering. Available as an Add-on for SDDC version 1.15.
NSX Distributed IDS/ IPS
VMware NSX Distributed IDS/IPS is an intrusion detection and prevention system for SDDC network traffic. Customers can detect and prevent lateral threats to workloads using curated threat signatures and apply rules at the relevant VM level. Distributed IDS/IPS utilizes threat signatures updated by the VMware NSX Threat Intelligence Service.
NSX Distributed Firewall Layer7 with Application Identification and FQDN Filtering
Customers can apply stateful layer 7 access controls and filtering. The Distributed Firewall is built with L7 application profiles (L7 Application IDs) for common enterprise applications. Customers can also define specific FQDNs that are allowed or denied access to applications in the SDDC.
NSX Identity Firewall
Distributed Firewall integrates with Active Directory to provide User Identification rules. Customers can utilize Active Directory Groups to define distributed firewall rules to control access to workloads and applications such as virtual desktops (VDI) in SDDCs.
vSphere Distributed Switch (VDS)
VMware Cloud on AWS ESXi hosts will use the vSphere Distributed switch (VDS) for networking, replacing the current NSX-T Virtual distributed Switch (NVDS). The VDS switch will be introduced in SDDC version 1.15. Customers can opt-in to use VDS in 1.15. Please chat with the Support team or open an SR to get access to this feature.
Future deployments starting with version 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade.
The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/ return values are changing, therefore customers need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16.
For more details, please refer to the KB https://kb.vmware.com/s/article/82487
Local User Management in PCI
It provides the ability to add local users to NSX Manager in order to allow users to operate the SDDC in environments that don't use CSP to authenticate users.
Networking performance improvement for i3EN hosts
This release incorporates improvements for i3EN.metal (approximately 50% higher packet processing compared to the previous release). Customers can realize higher throughput for their workloads, depending upon the specific application network profile.
VMC Networking UI in standalone mode with CSP Authentication
Using CSP credentials, VMC users would be able to authenticate to Networking UI in standalone mode. This will enable private access to Networking UI from on-prem over Direct Connect, Transit Connect or VPN.
VMware Cloud on AWS Networking enhancements.
Enhancements to minimize data plane impact due to planned edge failover events. Communication over Transit Connect/ Connect VPC is affected for sub-second duration. Communication over Direct Connect/ VPN is affected for less than 10 seconds due to planned edge failover event.
Enable RPF on a per interface Basis. This will allow the customer to enable/disable/change Reverse Path Forwarding (RPF) on the Intranet and Services Interface. This will enable customers who have asymmetric routing in their environment to control the RPF behavior on these interfaces.
This release also optimizes communication from VM to Edge on the same host, which benefits VDI workloads.
Limited SDDC Support
SDDC version 1.15 features several early access integrations that are not yet supported on stretched deployments. This optional release is supported on Single-AZ clusters (3-16 hosts) only. 2-Host and Multi-AZ Stretched Clusters are not supported with this release.
New Features for VMware Cloud on AWS
Stretched Cluster Auto Scale-out on AZ Failure
The VMware Cloud service will automatically scale up any stretched cluster on AZ failure. This capability is added free of charge and will attempt to maintain the Compute resources in the event of an AZ failure by adding non-billable hosts to the surviving AZ until the cluster has returned to its original host count. This functionality is dependent on free capacity and therefore carries no guarantee.
4 Host Stretched Clusters (2-2-1)
Customers may now deploy a 4 host Stretched Cluster. With two hosts in both AZs and a managed witness in the third, the cluster can survive the loss of an entire AZ. This powerful capability enables business-critical applications within VMware Cloud without rearchitecting for AWS Availability. With two hosts per AZ, vSAN depends on the Dual Site Mirror for resiliency and therefore comes with a 99.9% availability guarantee. This can be increased to 99.99% at any time by scaling up to a 6 host cluster.
Elastic DRS storage-only scale-out is enabled by default. If a 4 host stretched cluster is scaled out to a 6+ hosts for any reason, it cannot be scaled back down. For more information, please see this page.
New Features for VMware Cloud on AWS
2-Host Secondary Clusters with Custom Core Support
Customers may now deploy additional 2-Host i3.metal clusters in any existing SDDC. Secondary 2-Host clusters support custom core count of 16 and 36 cores.
New Features for VMware Cloud on AWS
VMware Cloud Disaster Recovery TM
CSA Trusted Cloud Provider
VMware Cloud DR is now a Cloud Security Alliance (CSA) Trusted Cloud Provider and registered as a Security, Trust, Assurance and Risk (STAR) Level One service. CSA is an organization dedicated to defining best practices to help ensure a secure cloud computing environment. STAR Registry is a publicly accessibly registry that documents the security and privacy controls. You can find the VMware Cloud DR STAR Register listing, including the downloadable CAIQ, here.
New Features for VMware Cloud on AWS
Tanzu Application Service 2.11 Support
Tanzu Application Service v2.11 is now supported on VMware Cloud on AWS. We recommend that deploying a new foundation Tanzu Application Service foundation rather than “lift and shift” existing deployment. This provides customers the ability to enable the “cf push” experience for their development teams while taking advantage of all the services provided by VMware Cloud on AWS.
Tanzu Kubernetes Grid (TKG) Management Cluster Registration with Tanzu Mission Control
Tanzu Mission Control now supports the ability to register Tanzu Kubernetes Grid (1.2 & later) management clusters running on VMware Cloud on AWS. Application development teams can complete lifecycle management TKG workload clusters running on VMware Cloud on AWS through TMC console and CLI.
Automatic Partition Placement Group Retrofit
A fully automated background process to retrofit existing clusters with Partition Placement Groups (PPG). This process will replace non-PPG compliant hosts by adding a new PPG compliant host and then gracefully removing the old host. This process will only modify a single host per SDDC and wait up to 14 days between host replacements.
VMware Cloud Sizer Launchpad Integration
The VMware Cloud Sizer has been added to the VMware Cloud Launchpad to make it easier for customers to find and size VMware Cloud deployments.
Single host to 2-host scale-up
Single host SDDC's can now be non-disruptively scaled up to a 2-host SDDC. This process adds resiliency and full SLA support allowing the SDDC to exist beyond 30-days.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
Pilot deployment
Try out VMware Cloud Disaster Recovery as a "pilot" before committing to a term subscription. Pilot deployments are charged at a fixed hourly rate and include 5 TiB of protected capacity and 25 protected virtual machines. Any usage beyond these limits will incur charges at the applicable per-TiB overage and per-VM on-demand rates. Once you are done with your evaluation, create a 1-year or 3-year committed term subscription to seamlessly convert this to a standard deployment and continue using the service. Please refer to the VMware Cloud Disaster Recovery pricing page for additional details.
Monthly payment option for term subscriptions
Get additional payment flexibility with a new option to pay for 1-year or 3-year committed term subscriptions in monthly installment rather than paying for it all upfront. Please refer to the VMware Cloud Disaster Recovery pricing page for additional details.
Faster replication
Achieve faster initial backup ingest and higher steady state replication throughput through several optimizations of the Scale-out Cloud File System and the DRaaS Connector. Improvements include parallel processing of multiple protection groups, improved selection of optimal Connector for remote sites, and automatic tuning of certain parameters.
Enhanced recovery performance
An accelerated cache within the Scale-out Cloud File System now enables enhanced performance of your recovered virtual machines and faster completion of the Storage vMotion to VMware Cloud on AWS. This functionality is fully managed by the service with no need for user configuration.
Cancellation option for replication in-progress
Exercise greater control over your ongoing protection operations with the ability to cancel a running snapshot task from the VMware Cloud Disaster Recovery UI.
Direct Connect (Public VIF) for replication and failback traffic
Use AWS Direct Connect with public virtual interfaces (Public VIF) to carry replication, failback, and management traffic between your on-premises protected site and VMware Cloud Disaster Recovery over a high-bandwidth, low-latency network connection. For more details, please refer to the this VMware Cloud DR documentation page.
Support for protected sites running vSphere 7.0 Update 2
You can now protect virtual machines in sites running vSphere 7.0 Update 2. Refer to the VMware Product Interoperability Matrix for the latest information on interoperability of VMware Cloud Disaster Recovery with other VMware solutions.
Choose seller of record for Recovery SDDC
Optimize your cloud spend by choosing between VMware or AWS as the seller of record while deploying your Recovery SDDC, regardless of the seller of record for VMware Cloud Disaster Recovery itself. For more details on your purchase options, please refer to the VMware Cloud DR documentation.
Custom user for protected vCenter registration (*Preview)
Register the vCenter in your on-premises protected site using a custom vCenter user with the minimal set of permissions required by the DRaaS Connector for protection and replication operations. Manually update the user to add other permissions required for failback only when necessary.
Run recovered VMs off cloud filesystem (*Preview)
Achieve faster failover times and failback sooner by recovering your virtual machines directly on the Scale Out Cloud File System and skipping the storage migration to VMware Cloud on AWS. The virtual machine storage continues to be served from the cloud filesystem. Before using this feature, please consult the Caveats and Limitations section here.
For a list of caveats, limitations, and known issues please visit the VMware Cloud Disaster Recovery Release Notes page.
PCI Compatible Regions
You can now use VMware Cloud on AWS as a PCI compliant platform to run your PCI regulated workloads. PCI Regions available today are US East (N. Virginia), US West (Oregon), Europe (Dublin), Europe (London), Europe (Frankfurt) and Asia Pacific (Sydney). More regions are planned for PCI upgrade in 2021.
New Features for VMware Cloud on AWS
Faster re-protect
Re-protect your virtual machines significantly faster after a planned recovery. The re-protection operation is especially quick when run shortly after the planned recovery such that the delta between the data on the source and recovery sites is not large. VMware Site Recovery now automatically starts tracking changes on the recovered virtual machine after failover. Only those changes are then replicated to the original protected site when re-protect is run and checksum comparisons can be completely avoided. This capability requires at least vSphere 7.0 Update 2 in your on-premises environment and VMware Cloud on AWS SDDC version 1.14. vSphere Replication 8.4 is also required in both sites.
Replication performance improvements
Replication performance has been optimized such that replication throughput is up to 3X higher when using high bandwidth and low latency connectivity between the protected and recovery sites. This capability requires at least VMware Cloud on AWS SDDC v1.14 and vSphere Replication 8.4 at the recovery site.
User experience improvements:
Enhanced export: Now export all DR configuration data related to Recovery Plans, Protection Groups, virtual machines, and datastores
Easier configuration: Use the combined Protection and Mapping wizard to achieve faster protection of your virtual machines
Easier replication monitoring: Replication status and issues are now included in the Recovery Plan for easier monitoring
Improved Recovery Plan history: The recent history of a Recovery Plan now shows more details on errors
Re-protect notification: After running a planned migration or recovery, be reminded to re-protect through a new notification
Improved folder mapping: See the full path and hierarchy of the folders during folder mapping
Auto-select placeholder datastore: The placeholder datastore is automatically selected if you do not configure one explicitly
Easier replication rebalancing: Now select multiple virtual machines to more easily reconfigure or move replications between vSphere Replication servers
Accessibility enhancements
Improved public API: New methods have been introduced for the following operations:
Create empty protection groups
Create/edit folders and move recovery plans and protection groups
Manual per VM protection/inventory mapping
Add/Remove/Get Placeholder Datastore(s)
Pair/Reconfigure/Break Site Recovery Manager services
Add VM dependencies
For a list of known and resolved issues please visit VMware Site Recovery Release Notes for more information.
New Features for VMware Cloud on AWS
Multiple Sellers of Record in One Organization
VMware Cloud on AWS now supports multiple sellers (VMware and AWS) in the same Organization. Customers will have the ability to choose the seller before they create a new SDDC or purchase a new term subscription. This provides customers with a way to optimize their spending on the cloud and also have access to all services provided by the two companies. To know more about purchase options for VMware Cloud on AWS please visit here.
New Features for VMware Cloud on AWS
PCI requires new SDDCs version 1.14 and newer
Only version 1.14 and newer SDDCs are capable of applying PCI compliance configurations. You start by creating a new 1.14 standard SDDC and request VMware to enable PCI compliance controls. We recommend that you apply PCI compliance configurations at the time when you have configured your SDDC, fully migrated your PCI workloads, and are ready to start your PCI audit by your Qualified Security Assessor (QSA). For more information on PCI compliance, please see this page.
No PCI DSS upgrades to M13 or older SDDCs
No SDDCs prior to version 1.14 can be upgraded, as only 1.14 and newer SDDCs can apply PCI configurations. Your new 1.14 PCI SDDCs will continue to be upgraded automatically by the standard SDDC upgrade lifecycle.
PCI workload migration
You can use HCX, VMware Site Recovery, vMotion, or other methods to migrate your PCI regulated virtual machines and data to your new 1.14 or newer SDDC. You must finish your migration before you apply PCI compliance configurations from your VMware Cloud on AWS console.
PCI compliant access to Networking and Security UI
Once PCI controls are enabled in your SDDC, you will see the recommended options to disable the Networking & Security Tab in the VMware Cloud on AWS console. Users can access the SDDC Networking & Security UI over Direct Connect/ VPN.
Direct Connect/ VPN connectivity to the SDDC must be established prior to disabling the Networking and Security Tab. Firewall rules must be configured on the Management Gateway (MGW) to permit access to the NSX Manager prior to disabling the Networking and Security Tab. For more information, see this page.
In case the user has to re-enable the Networking and security tab, a support request has to be raised to re-enable “Networking and Security” tab in the VMware cloud console.
PCI compliance & VMware Cloud on AWS Add-ons
Some VMware Cloud on AWS Add-ons are not yet PCI compliant. Once PCI controls are enabled in your SDDC, you will see the recommended options to disable HCX, VMware Site Recovery, and the Networking & Security Tab in the VMware Cloud on AWS console. We also recommend that you ensure that the vRA Add-on is deactivated before starting your PCI audit with your Qualified Security Accessor (QSA). For more information, please see this page.
Support for I3 and I3en hosts types
You can provision I3 or I3en hosts into a new SDDC that requires PCI compliance.
PCI SDDC controls - no additional cost
When you build a new SDDC for PCI workloads, there are no additional fees for PCI configured SDDCs.
PCI DSS compliance on VMware Cloud on AWS
VMware Cloud on AWS will continue to be audited for PCI compliance annually and we provide industry standard evidence from the successful 3rd party Qualified Security Accessor (QSA) assessment with our Attestation of Compliance (AOC) document. The VMware Cloud on AWS PCI AOC is available now for download here.
vCenter Cloud Gateway updates independent of SDDC updates
The vCenter Cloud Gateway has now been enhanced to receive automatic updates for features and patches even if the SDDC is not updated.
Performance Optimizations for Erasure Coding for bursty writes
In version 1.14, we have improved the performance and CPU efficiency of RAID 5/6. This enables the space efficiency of erasure coding while enhancing application performance and reducing CPU cost per I/O, particularly for bursty writes. Additional buffer tier performance improvements were also made.
Stretched Cluster/ Multi-AZ Improvements: vSAN DRS awareness:
VMware Cloud on AWS version 1.14 introduces integration with data placement and DRS so that after a recovered failure condition, DRS will keep the VM state at the same site until data is fully re-synchronized, which will ensure that all read operations do not traverse the inter-site link (ISL). Once data is fully re-synchronized, DRS will move the VM state to the desired site in accordance with DRS rules. This improvement can dramatically reduce unnecessary read operations occurring across the ISL, and free up ISL resources to continue with its efforts to complete any re-synchronizations post-site recovery.
Cloud Native Storage for Vanilla Kubernetes:
Cloud native storage is a capability that would provide comprehensive data management for stateful applications. Built natively into vSphere, this feature would make Kubernetes aware of how to provision storage in VMware Cloud on AWS environments on-demand in a fully automated, scalable fashion as well as provides visibility for the administrator into container volumes through vCenter. This functionality is supported for Tanzu Kubernetes Grid (multi-cloud) on VMware Cloud on AWS.
Networking & Security
Informational level VPN logs from the SDDC are now visible in VMware vRealize Log Insight Cloud.
As previously noted, VMware Cloud on AWS supports higher scale attributes for NSX Distributed Firewall (DFW) for SDDCs running version 1.12 and higher. The complete list of configuration maximums for Networking and Security can be found here.
vRealize Log Insight Cloud Update: vRealize Log Insight Cloud delivered a major product update. For a detailed overview of updates, please see the following link.
VMware Site Recovery Manager log integration
VMware Site Recovery Manager (SRM) is a business continuity and disaster recovery solution that helps you plan, test, and run the recovery of virtual machines between a protected vCenter Server site and a recovery vCenter Server site. SRM log integration and content pack is now available, which collects, imports, and analyzes logs to provide real-time answers to problems related to systems, services, and applications, and derive important insights.
Alert Definition
The new alert management UI lets you create a granular rule definition of log alerts/events with the ability to set different notifications for different severities.
Alert Exploration
You can browse your security incidents and log alerts similar to log search with the new Triggered Alerts page. You can filter triggered alerts by severity, type, origin, and tags for quick review and prioritization.
GCP Log Sources
vRealize Log Insight Cloud provides 11 Google Cloud Platform log sources, including applications such as Cloud Functions, Compute Engine, Firewall, Storage, and VPC.
Fluent Bit Log Source
You can now configure Fluent Bit to collect logs from various sources and forward to vRealize Log Insight Cloud. Fluent Bit is an open source Log Processor and Forwarder, which lets you collect data like logs from different sources and enrich them with filters.
Logstash Log Source
You can now configure Logstash to collect logs from various sources and forward them to vRealize Log Insight Cloud. Logstash is an open source data collection engine with real-time pipelining capabilities.
vRealize Operations Cloud Update : vRealize Operations Cloud delivered a major product update. For a detailed overview of updates, please see the following link.
Cloud Management Assessment
The Cloud Management Assessment (CMA) is the next logical stage of the vSphere Optimization Assessment (VOA) in vRealize Operations. While the VOA was extremely popular and helped VMware customers/partners see the value of vROps within a matter of minutes across all the different aspects of cloud management (capacity, cost, troubleshooting, etc.).
vRealize Operations Cloud Regional Availability
Since the last release of vRealize Operations, vRealize Operations Cloud became available in Frankfurt, Germany, in addition to US West (Oregon), Asia Pacific (Sydney) and Europe (Frankfurt).
Near Real-Time Metric Collection
With vRealize Operations cloud, you can now collect near real time metrics with 20 seconds granularity for VMware Cloud on AWS based vCenter Server. You can collect, visualize and alert on near-real time frequency.
New Features for VMware Cloud on AWS
VMware Cloud Disaster Recovery
Inter-region DR in VMware Cloud on AWS
Protect your virtual machines running in VMware Cloud on AWS across cloud regions using VMware Cloud Disaster Recovery. Deploy the DRaaS Connector on your VMware Cloud on AWS clusters to start replicating the virtual machines running there to a VMware Cloud DR instance in another VMware Cloud on AWS region. Use VMware Cloud DR's orchestrated recovery capabilities to perform DR tests and failovers in a VMware Cloud on AWS SDDC in the target region.
2-host pilot light and recovery SDDCs
Lower your steady state DR costs by deploying an i3.metal 2-host VMware Cloud on AWS SDDC to serve as a pilot light cluster for VMware Cloud Disaster Recovery. For DR tests and failovers, scale up the pilot light SDDC into a full-sized recovery site by adding more clusters to it. After the test or failover, scale back down to the 2-host footprint by removing the additional recovery clusters.
New AWS regions
You can now protect and recover your vSphere virtual machines in the following additional AWS regions: Asia Pacific (Seoul), Europe (Stockholm), and South America (São Paulo).
Support for protected sites running vSphere 7.0 Update 1
You can now protect virtual machines in sites running vSphere 7.0 Update 1. Please refer to the VMware Product Interoperability Matrix for the latest information on interoperability of VMware Cloud Disaster Recovery with other VMware solutions.
Multi-instance support for increased scalability
Deploy multiple instances of the scale-out cloud file system and multiple recovery SDDCs in the target region to protect a large volume of virtual machine data and a large number of virtual machines. Orchestrate company-wide DR testing and failovers from a single, federated VMware Cloud DR management console spanning across all instances.
HIPAA BAA
A HIPAA Business Associate Agreement (BAA) is available for VMware Cloud Disaster Recovery to help healthcare organizations stay in compliance while ensuring DR protection of their critical applications.
Enhanced replication resiliency
Benefit from increased resiliency of the replication process against transient network outages and temporary unavailability of the cloud file system due to cloud upgrades. The progress of a replication job is now saved periodically so that it can continue from that point onwards when the transient situation is resolved.
For more information, please see this page.
New Features for VMware Cloud on AWS
EDRS Rapid Scale Out Enhancement
When you select the Elastic DRS Rapid Scale Out policy, you can now scale faster and add up to 12 hosts in parallel, as compared to up to 4 hosts previously. For more information, please see this page.
Select SDDC in Support Ticket
While creating support tickets on the VMware Cloud Console,you can now select a SDDC for which you need support for. When a SDDC is selected, the selected SDDC information will be passed to VMware support so they can better assist you. Selecting a SDDC is optional, but highly recommended so VMware support has all the information to assist you.
New Features for VMware Cloud on AWS
Increased Scale Attributes for NSX Distributed Firewall (DFW)
VMware Cloud on AWS supports higher scale attributes for NSX Distributed Firewall (DFW) for SDDCs running version 1.12 and higher. VMware Cloud on AWS SDDC now supports up to 40,000 DFW rules across all sections. Also, the number of security groups supported is now increased to 12,000 and the number of VMs per security group in the SDDC is increased to 1,800. The complete list of configuration maximums for Networking and Security can be found here.
1-Year API Change Notice
VMware Cloud on AWS ESXi hosts will use the vSphere Distributed switch (VDS) for networking, replacing the current NSX-T Virtual distributed Switch (NVDS). The VDS switch will be introduced in SDDC version 1.15. Customers can opt-in to use VDS in 1.15. Please chat with the Support team or open an SR to get access to this feature.
Future deployments starting with version 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade.
The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/ return values are changing, therefore customers need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16.
For more details, please refer to the KB https://kb.vmware.com/s/article/82487
New Features for VMware Cloud on AWS
Stretch Cluster Cross-AZ Charges Update
Ten petabytes per month of Cross-AZ charges are now included with Stretched Clusters. Stretched Clusters are supported globally in all VMware Cloud on AWS regions. Starting with the billing cycle completing in January, there will no longer be Stretched Cluster data transfer charges up to ten petabytes per month.
New Features for VMware Cloud on AWS
Configuration Monitoring and Alerting with vRealize Operations
With this release, vRealize Operations Manager and vRealize Operations Cloud will measure, report, and provide alerts on key configuration limits for VMware Cloud on AWS based on Configuration Maximums for VMware Cloud on AWS. See VMware Cloud on AWS Alert Definitions, VMC Configuration Maximums Dashboard and the vRealize Operations documentation for more information.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
New region. You can now protect and recover your vSphere virtual machines to the following additional region: Asia Pacific (Tokyo).
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
New regions: You can now protect and recover your vSphere virtual machines to the following additional regions: Europe (Ireland), Europe (Paris), and Asia Pacific (Mumbai).
Support for I3en hosts in Recovery SDDC: You can now provision I3en hosts in your Recovery SDDC and use them for recovery operations.
Support for multiple vSphere clusters in Recovery SDDC: You can now add multiple vSphere clusters to your Recovery SDDC to increase your recovery capacity.
Faster recovery: Failover now happens faster as virtual machines are powered on in parallel in batch sizes that scale with the number of hosts in your Recovery SDDC.
Use VM tags to configure protection groups: You can now define which virtual machines should be members of a protection group based on their vSphere tags. When backing up, any virtual machines with the tags you specify are dynamically associated with the protection group and included in the snapshot.
Preserve VM tags on Recovery: The recovery process now preserves vSphere tags on recovered VMs that were associated with those VMs on the original protected site. The tags and their associated categories must be pre-configured on the recovery SDDC for successful failover.
Data transfer optimizations for failback and VM restore: In situations where incremental data transfer based on snapshot data is not possible during a failback or VM restore operation, VMware Cloud Disaster Recovery now leverages the VM content that already exists on the restore destination to speed up the failback or VM restore.
Consistent handling of time zones in UI: All timestamps shown in the UI now display using the user’s browser time zone setting. Protection Group schedules are still based on the protected site’s time zone. When this time zone is different from the user’s browser time zone setting, the UI indicates the protected site's time zone for reference.
Show progress of Recovery SDDC deployment and snapshot replication: The UI now provides progress status for Recovery SDDC deployment and snapshot replication, listing all running and completed tasks associated with these operations.
Support for protected sites running vSphere 7.0: You can now protect virtual machines in sites running vSphere 7.0. Please refer to the VMware Product Interoperability Matrix for the latest information on interoperability of VMware Cloud Disaster Recovery with other VMware solutions.
Maintenance Details
You can now can view the detailed progress of ongoing SDDC upgrade maintenance in VMC Console. If maintenance is ongoing, the maintenance summary shows information about the current phase and step of maintenance. It shows details of the operations performed in each step, as well as start and end times for the steps.
New Features for VMware Cloud on AWS
Reduced time needed for reprotect
The time needed for reprotecting virtual machines after a planned recovery with VMware Site Recovery has been reduced significantly. The reduction in time for reprotecting virtual machines is the largest when the delta between the data on the source site and recovery site is not large. This feature works for cloud-to-cloud DR topology and vSphere Replication on your VMware Cloud on AWS SDDC should be on version 8.3.2 or higher. You can read more about reprotecting virtual machines after a recovery in the VMware Site Recovery documentation.
Large SDDC runtime scale up
Now customers can scale SDDC management appliances including NSX edge and vCenter to large size post deployment as part of day 2 operations. By default standard size SDDC are deployed, but if the SDDC is expected to grow more than 30 hosts or 3000 VMs, Large SDDC deployment is recommended. The operation incurs about an hour of SDDC downtime, and requires a vCenter re-start and an NSX failover. For more information on sizing and limits, please see this page.
New Features for VMware Cloud on AWS
Minimize security risks by enabling network encryption
You can enable the network encryption of the replication traffic data for new and existing replications to enhance the security of data transfer. When the network encryption is enabled for a replication, an agent on the source encrypts the replication data on the source ESXi host and sends it to the vSphere Replication appliance on the target site. The vSphere Replication server decrypts the data and sends it to the target datastore. For more information about network encryption, see Network Encryption of Replication Traffic.
VMware Remote Console (VMRC) vCenter Proxy
VMware Remote Console connections will now be proxied through the SDDC’s vCenter, and clients no longer require connectivity to ESXi hosts. This simplifies connectivity requirements, and allows for the use of VMRC over VPN when a DX or vTGW is also being used with the SDDC.
New Features for VMware Cloud on AWS
VMC Sizer Updates
New features for the VMC Sizer and TCO tool are now available. For more information, please see this page.
New Features for VMware Cloud on AWS
SDDC Version 1.12v2 released
This release provides improvements for i3en.metal network performance for north-south communication (approximately twice the performance compared to i3.metal) to the SDDC, as well as east-west communication within the SDDC. Customers can realize higher network throughput for their workloads driving TCP traffic as well as for UDP traffic across i3en edge nodes.
New Features for VMware Cloud on AWS
vCenter Linking for SDDC Groups is now available
Customers that have SDDC Groups configured on VMware Cloud on AWS can now link their vCenters within a group and manage them from a single vSphere client interface. VMware Transit Connect offers the required networking connectivity for the vCenters to be linked in the group. As part of this single view, customers can perform VM operations and also perform clone, copy and migration across the grouped vCenters. Additionally, tags that are created on any of the vCenters within the group will automatically be synced across the other vCenters in the group. For more information, please see this page.
Known Issues: vMotion of a VM across linked vCenters in the SDDC group will not work because VMware Transit Connect only creates L3 connectivity between the group members
HCX for VMware Cloud on AWS Enhancements
With the release of VMware HCX R145, VMware Cloud on AWS SDDCs supports all HCX Advanced services as well as select HCX Enterprise class services with no additional license requirement and at no additional cost. For more information, please see this page.
Replication Assisted vMotion
Mobility Optimized Networking
Application Path Resiliency
TCP Flow Conditioning
Mobility Groups
Note: HCX Mobility Groups support integration with vRealize Network Insight, available as a separate license. This integration allows the creation of mobility groups from VMware vRealize Network Insight discovered applications to HCX for wave planning and migration.
New Features for VMware Cloud on AWS
VMware Cloud Disaster RecoveryTM
Protect your vSphere virtual machines to the cloud and recover them to VMware Cloud on AWS using VMware Cloud Disaster Recovery. Based on the scale-out cloud file system technology developed at Datrium, VMware Cloud Disaster Recovery helps lower the cost of disaster recovery by storing backups in cloud storage, and allows you to pay for recovery host capacity only when you want to conduct a disaster recovery test or perform a recovery. VMware Cloud on AWS makes rapid recovery at scale possible with its "live mount" capability, which enables fast power-on of the recovered VMs in VMware Cloud on AWS without a long data rehydration process. A fully-featured SaaS-simple disaster recovery orchestrator is built-in to minimize the need for manual effort during recovery. The service is tightly integrated with VMware Cloud on AWS for efficient recovery and a consistent operational experience without error-prone VM format conversions. For more information, visit our blog and FAQ. Features of VMware Cloud Disaster Recovery include:
Available in US West (Oregon), US East (N. Virginia), US East (Ohio), US West (N. California), Europe (London), Asia Pacific (Sydney), Canada (Central), Asia Pacific (Singapore), and Europe (Frankfurt)
Option to maintain a small, pre-provisioned "pilot light" SDDC to run foundational components and further speed recovery
Continuous disaster recovery health checks every 30 minutes for increased reliability
End-to-end and daily data integrity checks of backup copies
Deep history of immutable snapshots for recovery from ransomware attacks
Audit-ready, detailed disaster recovery reports
Delta-based failback
New Features for VMware Cloud on AWS
Microsoft Server Licenses
The VMC Console now includes the status and control of Microsoft Licensing on individual clusters. Customers purchasing VMC through VMware can edit Cluster settings to enable or disable VMware-issued Microsoft Windows Server and SQL Server licenses. Intended for new or updated Microsoft licenses acquired after October 1, 2019, an end-user can designate individual clusters for Windows or SQL Server licensing. For information on enabling Windows Servers Licenses in the VMC console, visit this page.
New Features for VMware Cloud on AWS
PowerCLI 12.1.0 is now available
PowerCLI 12.1 is now available and includes several new capabilities that make automation for VMware Cloud on AWS easier than ever (for specific PowerCLI release notes, please see here). This release includes two new cmdlets for configuring Elastic DRS (EDRS) policy, several enhancements that improve your ability to control the size, type, and scale of new software-defined data centers (SDDC), and updates that enable scaling multi-cluster SDDCs. In addition to that, this release makes it easier than ever to seamlessly bridge automation from the VMware Cloud infrastructure layer to the vCenter Server instance on your SDDC that is used to manage your workloads. At a high level, below are the top features, and if you’d like more information, please visit our blog here.
Configure EEDRS policies for your SDDC
Enhancements to configure SDDC appliance size and host type (I3, I3en)
Enhanced cluster management to scale a multi-cluster SDDCs
New Features for VMware Cloud on AWS
i3en metal instances are available in the following regions and AZs
ap-south-1 - Mumbai
ap-northeast-2 - Seoul
sa-east-1 - Sao Paulo
AWS Commerce Platform Integration
When customers purchase VMware Cloud on AWS via AWS or through AWS Partners, AWS Commerce Platform will now help them organize, report, forecast, and optimize their cost and usage. This includes the ability to pay for 1 and 3 year term subscriptions in monthly installments, in addition to the ability to pay upfront. For more information, please visit our blog here.
New Features for VMware Cloud on AWS
Link to vRealize Log Insight Cloud from Activity Log
You can now access vRealize Log Insight Cloud from the Activity Log through a quick link to view all your log, including all the events in your Activity Log!
New Notifications for Fund Depletion and Fund Negative Balance
You will receive an automated email notification if your fund has been in negative balance for 30, 60, and 90 days, which would be a good reminder for you to start a renewal conversation with your sales contact. You will also receive a heads up email notification if we predict that your fund may run out of credits in the next 3 months, according to your recent on-demand usage. This provides an additional guardrail that prevents you from going into negative balance. For more information about what notifications are supported, please see this link.
New Features for VMware Cloud on AWS
i3en Custom CPU Core Count
The i3en host type now supports the Custom CPU Core Count feature. Users can select the number of physical cores per i3en host when provisioning new clusters in order to optimize the cost of applications that are licensed per core. Users can choose to provision 16, 24, 30, or 36 custom physical CPU cores. For more information on Custom Core Counts, see the Add Cluster documentation.
Stretched Clusters
Stretched Clusters are now supported in the Canada Region.
New Features for VMware Cloud on AWS
i3en metal instances are available in the following regions and AZs
us-west-1 - San Francisco
eu-west-3 - Paris (Only 2 AZs are available, please work with your VMware contact to determine which AZs have i3en available)
eu-west-1 - Ireland
ap-southeast-1 - Singapore
eu-north-1 - Stockholm
New Features for VMware Cloud on AWS
vSAN Compression for i3en is now available
The new “Compression only” feature allows customers to take advantage of space efficiency techniques while minimizing the tradeoff with performance that is typically associated with these techniques. Using the “compression only” option also reduces a failure domain in comparison to clusters running deduplication and compression, as a failed capacity device in a cluster using the “compression only” feature will affect just the discrete device, and not the entire disk group. This new feature helps improve space efficiency, but with minimal overhead and operational changes when compared to a cluster not running any form of cluster-based space efficiency.
TRIM/UNMAP (Preview)
The Trim/Unmap feature enables your VMC deployment to be more space efficient by automatically reclaiming used space that it no longer needed. It allows the guest OS to issue trim/unmap so that vSAN can remove unused blocks thereby benefitting thin provisioned VMDKs as unused blocks can be reclaimed automatically. This feature is available as PREVIEW and will be enabled on a request basis. Please contact your account team if you are interested in having this feature enabled for your cluster or SDDC.
Enhanced data durability during maintenance operations
The Enhanced data durability during maintenance mode feature will protect against data loss in the event that there is only one active replica. This durability is provided by the introduction of delta (or differential) writes, which protect against data loss in the above scenario by replicating writes to an available fault domain (typically a host) when there is only one active replica serving I/O. If the host with the sole active replica fails, the object will become inaccessible. However, once the host in maintenance mode has returned the delta write will be leveraged to update that replica and return the object to availability.
SDDC Groups with VMware Transit Connect™ is now available
SDDC Groups provide customers with the ability to logically organize a set of SDDCs to simplify management at scale. With an SDDC group, customers can manage multiple SDDCs as a single logical entity. In this release, SDDC Groups will enable connectivity by leveraging VMware Transit Connect. With VMware Transit Connect™, connectivity is automatically established between the VMware Cloud on AWS SDDC Group members, while simplifying connectivity to multiple on-premises infrastructure environments as well as native AWS VPC environments. For more details, see the Networking section. This feature was in Preview earlier (See SDDC Version 1.11 Release Notes) and is now Generally Available in this release.
VMware Transit Connect with AWS Transit Gateway is now available
VMware Transit Connect delivers VMware-managed, easy-to-use, scalable and performant connectivity solution between VMware Cloud on AWS SDDCs that are designated within an SDDC Group. It leverages the AWS Transit Gateway (TGW) to enable any-to-any high bandwidth, low latency connectivity between SDDC Group members in a single AWS region. It also enables connectivity between an SDDC Group and multiple AWS native Virtual Private Clouds (VPCs) as well as multiple on-premises environments connected via an AWS Direct Connect Gateway. Customers can provision Transit Connect to their SDDCs by organizing them into an SDDC Group in the VMware Cloud on AWS Organization console. This feature was in Preview earlier (See SDDC Version 1.11 Release Notes) and is now Generally Available in this release.
VMware Transit Connect support for AWS Direct Connect Gateway is now available
Customers can establish connectivity to on-premises/ colo Data Centers via their AWS Direct Connect Gateway. VMware Transit Connect enables customers to centralize connectivity for SDDC Group to Direct Connect Gateway (see above release note). This reduces the need to configure Direct Connect Private VIF per individual SDDC.
Multi-Edge SDDC
Multi-Edge SDDC capability enables customers to add network capacity for North-South network traffic. Customers can linearly scale bandwidth for migration and workload communication over VMware Transit Connect and Connected VPC. It enables customers to dedicate compute capacity for network connectivity in the form of SDDC Edges and to selectively steer certain traffic sets over individual SDDC Edges by using Traffic Groups. This feature, also referred to as Edge Scale Out, is available for Large SDDCs (See SDDC Version 1.10 Release Notes).
Firewall
Advanced search and filtering capability in the UI - Users can search firewall rules using a number of criteria including rule ID, rule name, Group membership, source/ destination IP address, protocol, service, action and rule status.
Rule ID is now directly available in the UI.
Distributed Firewall
Time-based Scheduling of DFW Rules- Users can now schedule enforcement of specific rules for specific time intervals. This option can be accessed through the clock symbol in the UI.
Advanced search and filtering capability in the UI - Users can search firewall rules using a number of criteria including rule ID, rule name, Group membership, source/ destination IP address, protocol, service, action and rule status.
Rule ID is now directly available in the UI.
VPN
MSS Clamping is now supported for Policy-based/ Route-based VPN. This option allows the user to set the maximum segment size IPSec traffic to avoid fragmentation. VPN UI is streamlined to group together all required fields above the Advanced Parameters fold.
DHCP
Users can create custom DHCP profiles for DHCP Relay/ Server. DHCP server can be configured at Gateway (all segments) or Local (individual segment) level as well as Relay mode. Users can view DHCP Relay/ Server configuration stats under Tier-1 Gateways (CGW) tab in the UI.
Segments
Segment level metrics - Fine grained network stats are available at the individual segment level. Counters for packets transmitted/ received/ dropped are available via the UI. Users can view all related Groups where individual segment is referenced.
Segment Profiles - Users can view the segment profiles that apply to individual segments during segment creation. Users can set bindings for DHCP addresses.
Segments UI enhancement - Users can view all related Groups where the individual segment is referenced.
Transit Connect (SDDC Networking & Security UI)
Routes advertised and learnt over VMware Transit Connect can be viewed at the individual SDDC level. This is provided as a new section in the SDDC Networking & Security UI.
EDRS for Upgrades
SDDCs with multiple clusters now have shorter upgrade durations with add/remove host parallelism and increased resiliency to add/remove host failures.
New Features for VMware Cloud on AWS
VMC Sizer Updates
Users can customize the compression ratio when sizing for the i3en instance type. The compression ratio is used by the VMC Sizer to estimate storage savings.
New Features for VMware Cloud on AWS
SDDC Version 1.10v8 released
This release fixes networking issues found in previous SDDC versions.
New Features for VMware Cloud on AWS
i3en Metal Instances are now available in ap-northeast-1 (Tokyo) and eu-west-1 (Ireland)
New Features for VMware Cloud on AWS
SDDC Version 1.10v7 released
This release fixes storage and networking issues found in previous SDDC versions.
New Features for VMware Cloud on AWS
VMware Configuration Maximum Tool now live for VMware Cloud on AWS
The VMware Configuration Maximum Tool is now live for VMware Cloud on AWS. Customers can now easily access information on product maximums and configurations for VMware Cloud on AWS, along with other VMware products and services.
New Features for VMware Cloud on AWS
vRLI Cloud Update
vRealize Log Insight Cloud delivered a major product update. For a detailed overview of updates, please see the following link. Here is a short note on top 5 features:
VMware cloud audit dashboards across 10+ areas including activity and alarms
Expanded log collection across 35+ AWS applications
One-click field extraction based on log sources and content packs
Customizable homepage with out of the box widgets to pick from
New drag, drop, and done dashboard creation experience with tagging, filtering, and grouping of dashboards
New Features for VMware Cloud on AWS
Citrix Support on VMC
Citrix CVAD (Citrix Virtual Apps and Desktops) solution is now fully supported on VMware Cloud. This moves us from Citrix Ready validation to full production support by Citrix Support.
Support for Citrix CVAD with VMware Cloud on AWS provides our customers additional flexibility with their rapidly evolving business continuity strategies by securely delivering employee instances and secure virtual desktops in additional hybrid-cloud configurations.
New Features for VMware Cloud on AWS
VMware Cloud Launchpad
The VMware Cloud Launchpad is a consolidated starting point designed to help customers learn about the latest VMware Hybrid Cloud solutions and infrastructure providers. From the VMware Cloud Launchpad, customers will find detailed technical information, relevant tools, and step-by-step integrated workflows that will help them get to their business outcomes quickly.
The VMware Cloud Launchpad is designed to present a 360º view of each offering under the following categories:
In the Resources page, customers will find technical documents (white papers, solution briefs, reference architecture, and so on), videos, FAQs, and much more to learn about the underlying technologies and the capabilities of the offering.
Through the Journey page, customers are able to see the end-to-end journey with VMware for the selected offering. It consists of three or more stages with the intent of helping customers learn and prepare their environment, deploy the offering, and configure the offering to maximize value. For some offerings, the Journey will also allow customers to track and monitor progress after signing-in.
The Overview consists of a short video or image that provides a technical overview of the offering followed by additional details and diagrams discussing the architecture and technical capabilities.
The VMware Cloud Launchpad is available to everyone without requiring explicit login. This will enable future VMware Cloud customers to learn how to use and deploy our solutions and service offerings prior to onboarding to the service. For more information, please see this page.
New Features for VMware Cloud on AWS
Webhook and Activity Log APIs are published in the API Explorer
Webhook and Activity Log APIs are published in the API Explorer. Both Webhook and Activity Log APIs are in preview but fully functional in production. Customers can leverage Webhook to push notifications to any 3rd party apps, such as Slack, Microsoft Teams, PagerDuty, etc. to monitor incoming notifications. Customers can also use the Activity Log API to pull all the past notification events for auditing. You can find all the available notification events here.
New Features for VMware Cloud on AWS
i3en.metal instance type is now available in US-Gov-West
The default release for all new SDDCs on i3en.metal hosts and i3.metal hosts in US-Gov-West is SDDC Version 1.10v5. This release also provides support for 2-Host i3.metal clusters.
vRealize Automation Cloud Add-on
Customers are now able to activate a vRealize Automation Cloud trial directly through the VMware Cloud on AWS console! This trial can be activated from any VMC SDDC by navigating to the SDDC’s Add-Ons tab. From the Add-Ons tab, customers are able to click activate, which will begin a 45-day free trial of the vRealize Automation Cloud service. After activation, all vRA Cloud service use and operations will occur from the vRA Cloud console. This activation occurs at the org-level, and only a single 45-day trial is provided. For more information, visit our blog.
CloudHealth Hybrid by VMware
CloudHealth Hybrid provides a single platform with visibility into cost, usage, and performance of hybrid cloud resources, including VMware vSphere, VMware Cloud on AWS (in Early Access), and public clouds. With CloudHealth, organizations can identify optimization opportunities and align cost and usage by business unit for Showback. CloudHealth also helps plan migration assessment across clouds. CloudHealth policies help enforce proper usage of cloud resources by enabling Infrastructure and Operations teams to set policies, then flag violations and take remediation actions. For more information, visit our blog.
New Features for VMware Cloud on AWS
SDDC Version 1.10v6 released
This release fixes a problem which caused the customer Storage FTT policy to be shown incorrectly for VMs converted from templates. This release also fixes issues found in the previous 1.10v5 SDDC version.
New Features for VMware Cloud on AWS
2-Host Cluster size now available with SLA
The 2-Host Cluster size is now available with an SLA! With this change we are now offering 99.9% SLA availability for 2-Host Cluster deployments in all supported global regions. 2-Host Clusters previously created in Preview are also now offered the same SLA as those deployed moving forward. For more information on the SLA, please visit this page.
New Features for VMware Cloud on AWS
Service Description Update
The VMware Cloud on AWS Service Description has been updated with details on Microsoft Server License functionality provided by VMware.
The related announcement from Microsoft can be found here. VMware will also provide commercially reasonable assistance with installation, configuration, and troubleshooting of supported applications, including but not limited to Microsoft, Oracle, and VMware Technology Partners.
See Release notes below for more information on Microsoft Server Licenses.
If you have additional questions about your agreement with VMware regarding VMware Cloud on AWS, please contact your VMware representative for more information.
Microsoft Server Licenses
VMware-issued Microsoft Windows Server and SQL Server licenses obtained with VMware Cloud on AWS are available to purchase directly from VMware. Intended for new or updated Microsoft licenses acquired after October 1, 2019, an end-user can designate individual clusters for Windows or SQL Server licensing. For information on enabling Windows Servers Licenses in the VMC console, visit this page.
New Features for VMware Cloud on AWS
Partition Placement Groups
Partition Placement Groups is an instance placement strategy that places hosts in different AWS logical partitions. Logical partitions do not share the same underlying hardware. Placing the hosts of a cluster in different partitions reduces the probability of correlated host failures due to hardware failures and increases application availability. Partition placement happens automatically for all new SDDC, cluster, and host add operations. Existing SDDCs benefit from partition placement as hosts are added and removed. Partitions are not visible to users and placement takes place automatically, without any configuration from the user. You can read more about placement groups here.
Large SDDC - UI and Stretched Cluster Support
UI and Multi-AZ support is now available when deploying Large SDDCs. Note that previously, in SDDC Version 1.10, only API support was provided for Large SDDCs (See SDDC Version 1.10 Release Notes). This enhancement makes this feature easily configurable and extends the use case.
New Features for VMware Cloud on AWS
SDDC Version 1.10v5 released
This release fixes networking issues found in the previous 1.10v4 SDDC version.
SDDC Version 1.9v2 released
This release fixes networking issues found in the previous 1.9 SDDC version.
New Features for VMware Cloud on AWS
Multiple Points in time recovery:
This feature allows the vSphere Replication administrator to configure the retention of replicas from multiple points in time. After a recovery, vSphere Replication presents the retained instances as ordinary virtual machine snapshots. Each replica is a Point in Time (PIT) to which you can revert the virtual machine. You can recover virtual machines at different points in time (PIT), such as the last known consistent state. You can configure the number of retained instances on the Recovery Settings page of the replication configuration wizards. You can view details about the currently retained instances in the replication details panel for a specific replication in vSphere Replication Outgoing and Incoming views.
New Features for VMware Cloud on AWS
i3en.metal instance type is now available for select regions
i3en.metal instances are now available for new SDDC and cluster deployments on VMware Cloud on AWS. These instances come with Intel Xeon Cascade Lake processors @2.5GHz, 96 vCPUs with hyper-threading enabled, 768 GiB memory & 45.84 TiB (50TB) raw storage capacity, with additional 6.55 TiB cache storage capacity. Additionally i3en instances include in-transit hardware encryption of east-west traffic for improved security. i3en.metal instance type is available in US West (Oregon) and US East (N. Virginia), with support for more regions coming soon. Please contact your VMware representative to learn more about availability at your region(s) of choice.
New Features for VMware Cloud on AWS
EDRS for Stretched Clusters
EDRS is now supported with Stretched Clusters. Customers can configure cost, performance and rapid scale-out EDRS policies with Stretched Clusters.
New Features for VMware Cloud on AWS
General
Fund Expiration Reminder Email: Notification Gateway Service will now send customers fund expiration reminders to keep them well-informed on upcoming fund expirations, so that customers can plan their consumption accordingly. Customers will receive emails 7 days, 30 days, and 60 days before the date their fund expires.
VMware Cloud Director service
VMware Cloud Director service makes VMware Cloud on AWS more accessible to a wider set of customers by allowing customers of all sizes to enjoy agile cloud expansion with consistent operations. VMware Cloud Director service enables Cloud Providers to deliver proven multi-tenancy to VMware Cloud on AWS, enabling them to provision custom-sized slices of VMware Cloud on AWS for customers. The cloud-based solution helps Cloud Providers grow their customer base, accelerate business expansion and increase business agility. For more information on VMware Cloud Director Service, see the following page.
CSP Integration with LINT
The new Audit Events for VMware Cloud Services dashboard and content pack in vRealize Log Insight Cloud enables VMware Cloud on AWS organization owners to monitor VMware Cloud Services audit events triggered by activity with user logins, user management, API Tokens, and OAuth Applications.
New Features for VMware Cloud on AWS
VMware Transit Connect with AWS Transit Gateway (Preview)
VMware Transit Connect delivers VMware-managed, easy-to-use, scalable and performant connectivity solution between VMware Cloud on AWS SDDCs that are designated within an SDDC Group. It leverages the AWS Transit Gateway (TGW) to enable any-to-any high bandwidth, low latency connectivity between SDDC Group members in a single AWS region. It also enables connectivity between an SDDC Group and multiple AWS native Virtual Private Clouds (VPCs) as well as multiple on-premises environments connected via an AWS Direct Connect Gateway. Customers can provision Transit Connect to their SDDCs by organizing them into an SDDC Group in the VMware Cloud on AWS Organization console. This feature is in Preview for this release.
SDDC Groups with VMware Transit Connect™ (Preview)
SDDC Groups provide customers with the ability to logically organize a set of SDDCs to simplify management at scale. With an SDDC group, customers can manage multiple SDDCs as a single logical entity. In this release, SDDC Groups will enable connectivity by leveraging VMware Transit Connect. With VMware Transit Connect™, connectivity is automatically established between the VMware Cloud on AWS SDDC Group members, while simplifying connectivity to multiple on-premises infrastructure environments as well as native AWS VPC environments. For more details, see the Networking section. This feature is in Preview for this release.
Terraform Provider for NSX-T Policy API support extended to VMware Cloud on AWS
Resources and Data Sources applying to NSX-T Policy API on VMware Cloud on AWS have been qualified, tested and documented in order to allow Terraform consumption of VMware Cloud on AWS environments. Authentication for these environments has also be added to the Provider. For more details see Terraform documentation on NSX-T and VMware Cloud on AWS.
New Features for VMware Cloud on AWS
Automatic adjustment of vSAN policy for improved data availability
The Automatic adjustment of vSAN policy for improved data availability feature will automatically assign the default policy for your VMs to ensure that your workloads are SLA compliant. You can deploy your cluster, and based on the number of hosts, we will auto-assign the policy to it. If we cross a host limit which requires a different policy, we will automatically change it for you so that your clusters remain SLA compliant. In the event, that you want to set the policies yourselves, you can override this function to set the policies of your choosing.
The policies settings which will be applied by Automatic adjustment of vSAN policy for improved data availability are:
Standard Cluster:
=< 5 hosts: Failure to tolerate 1 - RAID-1
>= 6 hosts: Failure to tolerate 2 - RAID-6
Stretched Cluster:
Dual Site Mirroring, Failure to tolerate 1 - RAID-1
This feature will be enabled for SDDC Versions 1.10 and higher.
Auto-remediation host notifications
Auto-remediation notifications are added to the Activity Log to notify users of the following host related events:
Autoscaler detected an issue with a host
Autoscaler successfully remediated a problematic host
Autoscaler replaced a problematic host
Autoscaler replaced a host due to a scheduled AWS maintenance event
The updated notifications contain the IP address and Cluster name for the host in question.
New Features for VMware Cloud on AWS
Resolved Issues:
This release fixed a corner case regression, observed in the failover of a third party load balancer.
New Features for VMware Cloud on AWS
2-Host Cluster (Preview)
Customers can now spin up a 2-Host Cluster in Preview. This Cluster offers greater stability than our single host SDDC and no 30 day limitation, with FTT=1 and RAID=1, and DRaaS available as an add-on service. This 2-Host Cluster will be without an SLA, supports only the Default EDRS storage policy, and cannot be scaled down from 3+ hosts to 2 hosts. All other aspects of the 2-Host Cluster are enabled.
New Features for VMware Cloud on AWS
Seamless disk re-sizing with vSphere Replication for VMware Site Recovery
Seamless disk re-sizing allows customers to increase the virtual disks of virtual machines that are configured for replication, without interruption of ongoing replication. The virtual disk on the target site will be automatically resized. For more information about the feature, see Increasing the Size of Replicated Virtual Disks.
New Features for VMware Cloud on AWS
VMware SD-WAN for Hybrid Cloud
The solution provides an optimized and secure WAN overlay to connect users to VMware Cloud on AWS. Dynamic Multipath Optimization™ (DMPO) offers real-time monitoring, packet steering and link remediation on the underlying WAN links between VMware SD-WAN edges and gateways delivering optimal performance. Traffic egressing from branches and destined towards VMware Cloud on AWS, is directed towards the SD-WAN gateway, which leverages Policy-Based IPSec VPN to connect into the VMware Cloud on AWS T0 Gateway. Traffic flows southbound towards a T1 Gateway, and then towards workloads in their respective logical networks, known as segments. Traffic towards branches, from VMware Cloud on AWS, takes the reverse path. The integration is supported on SDDC Version 1.10v2 and beyond. For more information, click here.
New Features for VMware Cloud on AWS
General
VMware Cloud on AWS Self-Service: Customers can sign up and start using VMware Cloud on AWS via our website registration process, receiving an immediate invite for the service. Customers can on-board using their credit card and start consuming VMware Cloud on AWS quickly. Option is available in commercial regions, and resource deployment is limited to up to 3 hosts and a single SDDC. Register here, More information is available on our FAQ and Blog.
Pre-Charge: Customers that on-board VMware Cloud on AWS using credit card as a default payment method will be charged $2000 USD (+tax) at time of the deployment of their first SDDC. The $2000 USD charge will be used as credit for usage. More information is available on our FAQ.
EDRS Rapid Scale Out:
With existing EDRS cost and performance policies, scale out of a cluster occurs only after resource demands have remained high for a certain period of time. Once the scale out is triggered, hosts are added conservatively, one at a time. EDRS Rapid Scale Out can be configured to react faster and to add hosts in parallel to allow a cluster to scale out more quickly during a DR event for VDI or other workloads. EDRS Rapid Scale Out maximum thresholds are the same as the EDRS performance policy thresholds. Minimum thresholds, on the other hand, are set to 0%, meaning that scale in should be performed manually once an environment has been recovered and stabilized. More information can be found in the Elastic DRS Policy documentation.
New Features for VMware Cloud on AWS
General
Increased notification channels: In addition to the Activity Log UI, you can now find activity and notification log in these new channels.
Webhook API (in preview) - Enables customers to subscribe to notification events and have the events pushed to any 3rd party destination, such as Slack, PagerDuty, ServiceNow, etc. The events that are available through the webhook are listed in the notification documentation
VMware vRealize Log Insight Cloud (Available) - All activity and notification log events are now available. The event filters can be found in thevRealize Log Insight Cloud documentation.
SDDC Upgrades:
The SDDC upgrade process has been updated. For more details, please see SDDC Upgrades & Maintenance
Flexible vCenter Permissions during upgrades
Flexible vCenter permissions model for role-based access. Existing SDDCs that do not currently support flexible vCenter permissions will now get the feature as part of the next upgrade. This capability enables cloud administrators to create custom roles and assign more granular permissions to users and groups. These permissions can be assigned to users and groups globally or for specific vCenter objects.
Stretched Clusters
Stretched Clusters are now supported in the Sao Paulo region.
Networking
Enhancements to DNS UI. Users can now enter the DNS server IP addresses in the DNS service section. Previously, users had to configure the server in the DNS zones section. Users can now insert a description to the DNS service, add tags and view stats on the DNS service section.
Resolved Issues:
This release resolves an issue with IP address range expansion, which caused the server to become overloaded, which in turn caused the API and UI to be unreachable.
VMware vRealize Log Insight Cloud
Log events from the Activity Log UI are now available in VMware vRealize Log Insight Cloud. This includes all activities performed by org members as well as historical notification events.
Large SDDC
Deploy Large SDDC with large size NSX Edge and VC using deployment time APIs. Recommended for large size deployments with more than 50 hosts/ 4000 VM’s or if the resources (cpu/mem) are oversubscribed in the management cluster
Tanzu Kubernetes Grid Plus
Now you can deploy Kubernetes clusters on your VMC clusters using Tanzu Kubernetes Grid Plus. With Tanzu Kubernetes Grid running on VMware Cloud on AWS, customers can deploy production-ready infrastructure that delivers single or multiple Kubernetes clusters. This establishes a reliable foundation for cloud native application management and application modernization. Please refer to VMware Product Interoperability Matrix for detailed support matrix.
New Features for VMware Cloud on AWS
General
Enhanced Activity Log with historical notification events: Customers can now see the log of the historical notification events that were sent to them in the past 6 months in the Activity Log tab in the VMC UI. The notification log events would include maintenance notifications, EDRS add host notification, SDDC upgrade events, etc.
SDDC Upgrades:
The SDDC upgrade process has been updated. For more details, please see SDDC Upgrades & Maintenance
VMware Site Recovery
vSphere Replication Configuration Import/Export Tool: VMware Site Recovery™ now offers vSphere Replication Configuration Import/Export Tool, which can be used to export and import configuration data of replications in vSphere Replication. If you plan to migrate vSphere Replication configuration to a different host, you can use the tool to export replication settings and the related objects into an XML file. You can then import the configuration data from the previously exported file. You can find more details about the tool in VMware Site Recovery documentation covering Exporting and Importing Replication Groups Configuration Data.
There are new known issues for DRaaS as a part of this release. Please visit VMware Site Recovery Release Notes for more information.
vCenter Cloud Gateway
Resolved Issues:
vCenter Cloud Gateway auto updates are no longer impacted by the expiry of the vCenter Cloud Gateway appliance root password
Fixed compatibility between the vCenter Cloud Gateway and on-premises vCenter version 6.7 Update 3 which was preventing customers from managing their on-premises inventory through the Cloud Gateway. This compatibility issue has also been addressed when customers configure Hybrid Linked Mode directly from the VMware Cloud on AWS vCenter to an on-premises vCenter version 6.7 Update 3.
Fixed an issue introduced in the prior version that prevented the installation of the vCenter Cloud Gateway against custom SSO domain names
Fixed an issue where the vCenter Cloud Gateway UI installer would initialize a prior version of the OVA if there were multiple instances of the installer deployed
Storage
VM Level Space reporting on vSAN: Gain better visibility of VM capacity consumption in the vSphere Client across all levels. Customers can now see information about the space consumed before and after a policy is applied, VM level space consumption for vSAN as well as the storage policy associated with a VM.
Visibility of vSphere Replication objects in vSAN capacity view: Customers can also view vSphere Replication objects in the vSAN Capacity View
Networking
Jumbo Frame support for traffic over Direct Connect: This feature enables customer to increase payload size to 8900 bytes per packet over Direct Connect. Customers can achieve higher throughput for their SDDC to Data Center traffic over VMware Hybrid Cloud Extension (HCX) or directly going over Direct Connect when the end to end path supports Jumbo Frames. This can be configured on the Global Configuration page when the Direct Connect VIF is set to Jumbo MTU size. Please see the product documentation for more details
Enhancements to Firewall UI: Gateway Firewall and Distributed Firewall UI have been enhanced.
Users can dynamically re-prioritize rules by dragging and dropping them into place. Users can also filter rules by name, source, destination or service and can edit rules inline on the UI. For more information, please visit the documentation on the Compute and Management Gateways
Enhancements to Distributed Firewall:
Users can now set the Distributed Firewall to block all traffic using the Whitelist option. The default rule under Distributed Firewall remains set to allow all traffic (under the Blacklist setting).
Distributed Firewall Rules can be saved as drafts, making it easier to stage and compare proposed rules against the published configuration.
Each rule has statistics including the hit count, packet count, session count, byte count and popularity index as well as maximums seen versus current hit counts.
For more information please visit the product documentation
Enhancements to Inventory Groups: Groups functionality has been enhanced with additional membership criteria.
Users can dynamically mix and match criteria with boolean (AND/OR) logic.
Groups can be nested with Groups, making it easier for users to build hierarchical rules for Gateway and Distributed Firewall.
A maximum of 500 VMs can be added to a Group.
For more information please visit the product documentation
Improvements to Internal Monitoring: VMware has improved internal monitoring of the following critical components and resources to proactively identify and address customer issues:
Logical network: data transmitted/ received by Management Gateway and Compute Gateway per logical segment
Physical network: data transmitted/ received per network interface
Edge Node resources: CPU utilization per core
NSX Policy API: The NSX-T Policy API features new API specifications. The VMC Networking UI utilizes the new API to create objects. We recommend updating tools that rely on the API to the new version. As with every release, please consult the API specs and product documentation for more details
Resolved Issues:
This release resolves an issue that caused the routing daemon to crash, in turn causing the edge to failover
This release fixes a previously identified memory leak issue, and contains performance improvements on networking components
New Features for VMware Cloud on AWS
VMware Cloud on AWS 1-year or 3-year monthly payment option
Additional monthly payment option for the 1-year or 3-year commitment. An ability to pay for the 1 or 3 yearly term through monthly installments. This capability will allow customer increased flexibility in their payment options – not only paying for the subscription through upfront expenditure, but now customers will be able to pay monthly for the commitment terms. For more details see VMware Cloud on AWS FAQ
New Features for VMware Cloud on AWS
New Region: Europe (Stockholm)
Customers can now deploy SDDCs in the Europe (Stockholm) region.
New Features for VMware Cloud on AWS
Resolved Issues
The following issues have been resolved in this release
Virtual machines configured with vmxnet3 NIC might hang or consume excessive CPU cycles.
Add host operation fails during ESX data plane upgrade as vCenter is unable to push CA certificates and CRLs to new host
Known Issue SDDC Version 1.8 and 1.8v2 have a known issue - Virtual machines configured with vmxnet3 NIC might hang or consume excessive CPU cycles. Please read the VMware Knowledge Base article here for more information.
Enhanced Navigation and SDDC Views in the VMware Cloud (VMC) Console
The VMware Cloud on AWS service now offers two new enhancements to navigation and SDDC views in the VMC console:
Left Side Nav: The VMC console user interface has been reorganized to the move top-level navigation tabs to the left-hand side of the screen. This navigation can be opened or closed at the customer's preference. This new navigation provides more screen space as well as enables future expansion to additional options from the navigation panel.
SDDC Grid View: In addition to the card view, the VMC console user SDDC interface now offers a grid view. The grid view displays the same information currently found in the SDDC card view, but represented in a grid with each row representing a single SDDC deployment. This makes it easy to view a customer's fleet of SDDCs when there are multiple SDDC deployments. Both card and grid views can be easily toggled from the VMC console.
VMware Site Recovery 1-year and 3-year subscriptions
Avail of significant cost savings compared on-demand consumption with VMware Site Recovery 1-year and 3-year subscriptions. In addition to the on-demand model where you can pay as you go for usage of VMware Site Recovery, you can now also commit to and pay upfront for virtual machine protection and secure term discounts for one or three year terms. The commitment is made for a number of virtual machines and a specific region. Once a subscription has been created, hourly usage for a given region up to the cumulative number of virtual machines committed to across all active subscriptions for that region will not incur on-demand VMware Site Recovery charges. Usage over the cumulative committed number of virtual machines in a given region will incur on-demand charges according to prevailing on-demand rates published at https://cloud.vmware.com/vmc-aws/pricing. For more details, see the VMware Site Recovery FAQ page and for instructions on how to create a VMware Site Recovery subscription, consult the Getting Started section in the VMware Site Recovery documentation.
VMware Site Recovery
VMware Site Recovery™ now supports replication of up to 1,500 virtual machines to a single target VMware Cloud™ on AWS Software Defined Data Center (SDDC), allowing you to protect larger environments. For more details, see Operational Limits of Site Recovery Manager in the VMware Site Recovery documentation.
New Features for VMware Cloud on AWS
vCenter Cloud Gateway - Managing Roles and Permissions
Customers can now manage roles and permissions belonging to the VMware Cloud on AWS vCenter through the vCenter Cloud Gateway
Networking
Networking performance has been improved for UDP traffic flows across the edge. Customers can realize higher throughput for their workloads driving UDP traffic from their SDDCs.
VMC workloads now have a larger receive buffer to better handle traffic bursts.
VMware has improved internal monitoring of the following critical components and resources to proactively identify and address customer issues:
Edge Node
Unplanned Failover
Edge Memory above 85% threshold
ARP Table above 85% threshold
Disk saturation
Memory saturation
Storage
vSAN datastores in VMware Cloud on AWS now support multi-writer mode on Thin-Provisioned VMDKs. Previously, vSAN required VMDKs to be Eager Zero Thick provisioned for multi-writer mode to be enabled. This change enables deployment of workloads such as Oracle RAC with Thin-Provisioned, multi-writer shared VMDKs.
Resolved Issues
This release resolves an issue that caused the IPsec VPN to lose connectivity between the on-premises data center and VMC due to session memory errors.
Static IP Configuration - The vCenter Cloud Gateway appliance would deploy with DHCP even when a static IP was configured during installation. This issue has now been fixed
Connecting to 6.0 vCenter deployments - The vCenter Cloud Gateway would connect to a 6.0 version of an on-premises vCenter even though this version was not supported for hybrid management through the gateway. This issue has been fixed and during installation the Gateway will no longer connect to vCenter 6.0.
New Features for VMware Cloud on AWS
Elastic vSAN availability in new regions
It is now possible to create Elastic vSAN clusters consisting of R5.metal hosts (including Stretched Clusters) in the following additional regions: US West (N. California), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Ireland), EU (London), and EU (Paris).
Faster host replacement on Elastic vSAN clusters
In a situation where a single host in an Elastic vSAN cluster needs to be replaced due to a planned maintenance activity or a host hardware failure, the automatic host replacement will now take significantly less time because of optimizations made to the back end processes. Note that there is no change to the VMware Cloud on AWS SLA.
New Features for VMware Cloud on AWS
Configure HCX Manager FQDN Resolution Address
Customers are now able to connect to the HCX manager in their SDDC via either a public or private IP address. A private IP address is useful when customers connect to HCX manager either via VPN or via direct connect (DX). A public IP address can be used while connecting over the Internet. This can be configured within the SDDCs “Settings” tab for any SDDC with HCX deployed. For instructions on setting HCX FQDN resolution address, please see the docs here.
Networking End Of Life (EOL) announcement
NSX for vSphere (NSX-V) has reached end of life as of August 30, 2019 and will no longer be supported.
New Features for VMware Cloud on AWS
Migration
The VMware Cloud on AWS Migration Solution is a prescriptive, step-by-step guide that consolidates relevant documentation and tools and walks customers through the migration process, from the time they are just starting to learn about VMware Cloud on AWS all the way to the final stages of standing up a cloud SDDC and migrating on-premises workloads. As customers step through their migration project, they can track their progress by checking off items that they have completed. For more info, please go to VMware Cloud Solutions
Content Library
Content Library now supports in-place updates of VM templates along with a rich version history. With this feature, users can quickly check out a VM from a VM template managed by Content Library, update it and check it back into Content Library as a new version. One previous version of the template is retained, providing the ability to rollback to it if needed. The timeline view in the Versioning tab provides version history which includes information like the name of the user that triggered the operation and the time of the operation.
VMware Cloud Marketplace
VMware Cloud Marketplace™ enables customers to discover and deploy validated, third-party solutions on VMware Cloud on AWS. VMware Cloud Marketplace™ currently includes content from common use-case categories such as Back-up & Recovery, Endpoint Security and Network Security. In addition to top-tier ISV solutions, VMware Cloud Marketplace™ also includes a catalog of 125+ open-source solutions packaged by Bitnami.
Networking
NSX Distributed Firewall was previously available as a limited free trial. It is now available as a standard feature on VMware Cloud on AWS. The associated warning has been removed.
Fixed an issue with secondary IP address release. This allows the IP address to be reassigned immediately.
The policy API provides the capability to view VPN stats for all current sessions in a single command. To read stats for all sessions, call the respective API without specifying any session id.
Multiple Stretched Clusters with Elastic vSAN
Simplify the management of your large-scale business-critical deployments by creating and managing multiple Stretched Clusters configured with Elastic vSAN within the same VMware Cloud on AWS SDDC. You can now also have a mix of one or more i3.metal Stretched Clusters with one or more Elastic vSAN Stretched Clusters within the same SDDC.
Elastic vSAN dynamic storage scale-up
Right-size your Elastic vSAN cluster for your growing storage-dense workloads by dynamically increasing the storage capacity of the entire cluster without having to add any new hosts, re-provision the cluster, or migrate any workloads off it. In a single operation triggered from the VMware Cloud console or API, storage capacity is added to each existing host across the entire cluster in increments of 5,000 GiB per host up to a maximum of 35,000 GiB per host. This new capability is only supported with Elastic vSAN clusters which combine the enterprise-grade capabilities of VMware vSAN with the automated provisioning and elasticity of Amazon Elastic Block Store (EBS) volumes.
Storage
VMware Cloud on AWS storage, powered by vSAN, now offers better performance on i3.metal hosts. Applications will now benefit from more consistent latencies (i.e. reduced jitter) and increased sequential I/O throughput. vSAN now also offers new robust handling of capacity constrained situations by pausing resync traffic and initiating rebalancing to even out capacity across disks and disk groups. vSAN Policy reconfigurations are also handled more efficiently by batching resync operations and reserving transient space for these operations.
New Features for VMware Cloud on AWS
Resolved Issues
Active Directory users cannot access vCenter Web Console after SDDC 1.7 release. This issue is now fixed.
VM provisioned through vRealize Automation fails to connect to NSX-T logical switch. This issue is now fixed.
New Features for VMware Cloud on AWS
New Regions: Asia Pacific (Seoul) and South America (São Paulo)
Customers can now deploy SDDCs in the Asia Pacific (Seoul) and South America (São Paulo) regions. Please note that South America (São Paulo) does not support stretched clusters.
New Features for VMware Cloud on AWS
VMware Site Recovery
Site Recovery Manager available as appliance for on-prem deployment
For customers protecting between their on-prem datacenter and VMware Cloud on AWS SDDC, reduce layers of complexity associated with Windows Server by leveraging a Linux based operating system - Photon OS, purpose-built for disaster recovery functions. Streamline deployment on-prem by installing the Site Recovery Manager virtual appliance directly from vCenter Server.
Enhancements to Site Recovery UI
Includes ability to import/export configuration, view capacity information in Protection Groups Datastores tab, monitor target datastores in the replication details pane and switch to a dark theme.
New Features for VMware Cloud on AWS
Flexible vCenter permissions model for role-based access
Customers can now leverage a more flexible permissions model with vCenter Server in VMware Cloud on AWS. This capability enables cloud administrators to create custom roles and assign more granular permissions to users and groups. These permissions can be assigned to users and groups globally or for specific vCenter objects. For more details, please see the documentation
New Features for VMware Cloud on AWS
vCenter Cloud Gateway In-Service Chat
In-service chat support is now available on the vCenter Cloud Gateway. Customers can now contact our support teams 24/5 using the chat window on the lower right hand side of the vCenter Cloud Gateway user interface.
New Features for VMware Cloud on AWS
New Region: Asia Pacific (Mumbai)
Customers can now deploy SDDCs in the Asia Pacific (Mumbai) region.
New Features for VMware Cloud on AWS
Compute Policies
Compute Policies enables customers to define VM placement constraints as preferential policies in their SDDC by leveraging inventory tags. In a multi-cluster environment, a single policy can be defined to constrain the placement of tagged VMs. The following new policies are now supported:
VM-Host Anti-Affinity
A VM-Host anti-affinity policy allows the user to specify anti-affinity relations between a group of VMs and a group of hosts. This can be useful to avoid running general purpose workloads on hosts that are running resource intensive applications to avoid resource contention.
VM-VM Affinity
A VM-VM affinity policy allows the user to specify affinity relations between VMs. VM-VM affinity policies can be useful when two or more VMs can benefit from placement on the same host to keep latency to a minimum.
Networking
Direct Connect with VPN as Standby
This enables customer to utilize one Direct connect link with VPN as Standby. To enable this, Direct Connect Private VIF can be configured with IPSEC VPN as Standby for non-ESXi and non-vMotion traffic
ECMP with Route Based IPSEC VPN
Equal Cost Multi Pathing (ECMP) enables customers to scale the BW across multiple links. With this release, multiple Route Based IPSEC VPN tunnels can be used with ECMP to provide additional bandwidth and connectivity resiliency to on-prem, AWS VPCs, and to AWS TGW
DHCP Relay
DHCP Relay can be configured within VMware Cloud on AWS so DHCP requests can be forwarded to an external/3rd party DHCP server. Customers can use the native NSX DHCP capabilities in VMware Cloud on AWS or use DHCP Relay to leverage an advanced external/3rd party DHCP server
New Features for VMware Cloud on AWS
Storage Auto Scale up
Elastic DRS will now automatically enforce our Datastore maximums. Previously, customers were advised to maintain at least 30% "slack space" in their SDDCs. In this release, eDRS has been modified to enforce this limit. Customers are advised to set their internal storage alarms to 70% of capacity consumed. Once the SDDC reaches 75% consumed, eDRS will automatically add a host. This functionality is reflected in the eDRS UI which now lists "Storage Only" scale up instead of "Off". "Cost Optimized" and "Performance Optimized" eDRS modes continue to work as before. In Storage Only mode, eDRS will scale up only in an emergency and will not scale down. Customers will be billed for any additional hosts added by eDRS. This action is only taken in cases where storage capacity has become dangerously low and emergency action must be taken.
Notification Service
The new multi-channel notification service would send automated notification to customers for important events. In this release, customers will get notified via email and in-console notification when EDRS adds a host on-behalf of customers when storage utilization exceeds the threshold. Customers can also subscribe to the notification webhook for the events.
Multi-AZ Elastic vSAN clusters
A Stretched Cluster can now be configured with Elastic vSAN. Only a single Elastic vSAN Stretched Cluster is supported within an SDDC.
New Features for VMware Cloud on AWS
Elastic vSAN
Elastic vSAN, with R5.metal hosts, is a new VMware Cloud on AWS cluster type that gives you a choice of storage capacity options ranging from 15,000 GiB to 35,000 GiB per host, in increments of 5,000 GiB. This new cluster type is suitable for workloads that require high storage capacity. Elastic vSAN combines the enterprise-grade storage capabilities of VMware vSAN with automated provisioning and management of Amazon Elastic Block Store (EBS) volumes. R5.metal hosts and Elastic vSAN solution is currently available in Oregon, N. Virginia, Ohio and Frankfurt regions.
New Features for VMware Cloud on AWS
VMware Site Recovery
DR protection of on-premises NSX-T based data centers
VMware Site Recovery now supports DR protection of on-premises NSX-T based data centers to VMware Cloud on AWS using VMware Site Recovery. For more details, see the VMware Site Recovery Manager 8.1.2 Release Notes.
New Features for VMware Cloud on AWS
SDDC with External Storage Through an MSP
Customers can now have additional external storage attached to an SDDC through a managed service provider (MSP). Customers purchase the SDDC and external storage from an MSP. Both the SDDC and storage are managed by the MSP. An SDDC with external storage has three NFS datastores that are backed by MSP cloud storage. This capability is currently offered through Faction as the MSP. The following lists the caveats of VMware Site Recovery with External Storage Through an MSP:
Only a single on-premises site can be protected with VMware Site Recovery to a VMware Cloud on AWS SDDC attached to external NFS storage through an MSP.
Multi-site disaster recovery topologies are not supported with external NFS storage through an MSP.
All protected VMs should be exclusively replicated to the external NFS storage. Simultaneous replication to vSAN storage/datastore attached to the same SDDC is not supported.
VMs running in a VMware Cloud on AWS SDDC should not be protected with VMware Site Recovery to another VMware Cloud on AWS SDDC attached to external NFS storage. This configuration is not supported.
Only single Point In Time recovery is supported with VMware Site Recovery and external NFS storage through an MSP.
Total number of virtual machine recoveries that you can start simultaneously across multiple recovery plans is 500.
Total number of virtual machines that can be protected to a VMware Cloud on AWS SDDC attached to external NFS storage through an MSP is 500. Other VMware Site Recovery limits are listed here: VSR operational limits. Bidirectional Protection is not supported with this configuration.
New Features for VMware Cloud on AWS
New Regions: Asia Pacific (Singapore), Canada (Central), and Europe (Paris)
Customers can now deploy SDDCs in the Asia Pacific (Singapore), Canada (Central), and Europe (Paris) regions. Please note that the Canada (Central) region does not support stretched clusters.
VMware Network Insight
VMware Network Insight helps customers build an optimized, highly available and secure network infrastructure across multi-cloud environments. It accelerates micro-segmentation deployment, minimizes business risk during application migration and enables customers to confidently manage and troubleshoot application networking and security across their on-premise and VMware Cloud on AWS environments. VMware Network Insight now supports integration of VMware Cloud on AWS as a data source. VMware Network Insight integration with VMware Cloud on AWS provides the following key capabilities to VMware Cloud on AWS users:
Traffic analysis and micro-segmentation planning for VMware Cloud on AWS workloads
Migration planning from workloads from on-premises SDDC to VMware Cloud on AWS
Hybrid network path troubleshooting that includes VMware Cloud on AWS to on-premises path through gateways and VP
This release includes the below change
Direct Connect BGP Local ASN change
Direct Connect connection to SDDC now uses BGP Local ASN as 64512. This BGP local ASN is editable and any private ASN from the range 64512 – 65534 can be used. If the selected ASN 64512 is already used on-premises, a different ASN number must be used. Before this change, AWS Public ASN was used as BGP local ASN. The following public ASNs were used - 17493 in the Asia Pacific (Singapore) region, 10124 in the Asia Pacific (Tokyo) region, 9059 in the EU (Ireland) region, and 7224 in other regions.
Important note around deployments:
If you are creating a new Direct Connect virtual interface (VIF), you will only be able to use a private local ASN with VMware Cloud on AWS.
If you want to change an existing public ASN to a private ASN, you must delete any AWS Direct Connect VIF that uses the existing public ASN.
If you change to a private ASN, you will not be able to change back to a public ASN later.
If you have an SDDC that is using the prior default public ASN, you can continue using the public ASN for the SDDC.
New Features for VMware Cloud on AWS
Language and Regional Format Support (French, Spanish, Korean, Simplified Chinese and Traditional Chinese)
VMware Cloud on AWS now supports language and regional format settings in French, Spanish, Korean, Simplified Chinese and Traditional Chinese, in addition to German and Japanese. These languages are supported in the VMware Cloud on AWS console and in Cloud Service Platform features such as Identity & Access Management, Billing & Subscriptions, and some areas of the Support Center. You can change your display language before you login to the VMware Cloud on AWS console or in your account settings. See Set Language for the VMC Console for more information.
New Features for VMware Cloud on AWS
VMware Site Recovery
Site Recovery connectivity checker in Troubleshooting tab
Accelerate your deployment of VMware Site Recovery™ using single-click tests from the Troubleshooting tab of the SDDC in the VMware Cloud on AWS console. These tests can help to identify network connectivity issues affecting VMware Site Recovery™. The tests verify connectivity from the current SDDC toward the remote site, which itself can be an on-premises site or another VMware Cloud on AWS SDDC. The "Site Recovery" option will show up in the use case drop-down menu of the Troubleshooting tab when the Site Recovery add-on is active for the SDDC.
Support for fan-in and other multi-site topologies
VMware Site Recovery™ now supports fan-in and other multi-site topologies, allowing you to connect a single VMware Cloud™ on AWS SDDC that is based on NSX-T to multiple on-premises sites and/or to other VMware Cloud on AWS SDDCs for disaster recovery purposes. You can pair up to ten remote sites with a single SDDC. You can recover virtual machines from multiple protected sites to the same VMware Cloud on AWS SDDC, or recover different sets of virtual machines from a single VMware Cloud on AWS SDDC to multiple recovery sites. Other complex multi-site topologies are also now possible provided you can establish network connectivity between the remote sites and the shared VMware Cloud on AWS SDDC. For more details on multi-site topologies, see the VMware Site Recovery documentation.
Custom CPU Core Count
VMware Cloud on AWS now supports Custom CPU Core Count capability. This capability gives you more flexibility in configuring SDDC clusters and allows you to reduce costs for running mission-critical applications licensed per-core. Before, you were not able to specify how many CPU cores per host you want in your cluster. It was always all CPU cores enabled: 36 for I3 or 48 for R5 host types. Now, you can also select 8 or 16 CPU cores per host to better tailor your SDDC cluster for your needs. For more information on how to use the feature, see this blog post and the Add Cluster documentation.
Native support for Microsoft SQL Server Clustering
vSAN now natively supports shared disks in multi-writer mode, without the need for iSCSI setup. This is intended to be used for clustering applications that require shared disks. Supports 2,4, and 8 node application clusters and up to 64 shared disks per application cluster. Some operations such as storage vMotion, snapshots, and cloning operations are not supported.
Networking
Default Logical Network change
To avoid overlapping IP issues with default logical network, during SDDC deployment a network with CIDR 192.168.1.0/24 will not be created. If a customer is deploying 2/3 or more node SDDC, it is the customer's responsibility to create a network with appropriate CIDR that doesn't overlap. However, in the case of one node SDDC, default logical network is created.
BGP Routes from On-premises available in VPN UI/API
If customers configures Route Based VPN, in the VPN UI and API they will be able to see the routes advertised from on-premises. This helps in identifying any connectivity related issues.
Overview network topology now shows Source NAT public IP
Under the networking security tab the topology view will show the Source NAT IP.
Resolved Issues
Intermittent packet drops through Edge Firewall - Intermittent packets drops for a particular session was due to the removal of firewall state after receiving ICMP unreachable packets. We have fixed this by handling the ICMP unreachable packets.
Missing Routes caused connectivity issues over Direct Connect - Some customers lost connectivity to vCenter and workloads over Direct connect. This issues is now fixed by making sure the routes are updated properly.
Policy based VPN tunnel to On-Premises VPN device behind NAT doesn't work - Customers who established Policy based VPN tunnel from VMware Cloud on AWS SDDC to a VPN device sitting behind NAT on-premises had connectivity issues. This was due to the use of wrong port for communication. This is now fixed.
New Features for VMware Cloud on AWS
Rename an SDDC
VMware Cloud on AWS now supports SDDC renaming. An SDDC can be renamed whenever necessary, with no change to configuration or functionality. The SDDC ID will remain unchanged. To rename an SDDC from the VMC console, select "Rename SDDC" from the Actions menu on the SDDC card. SDDCs can also be renamed through the API.
Delete Restricted Role
The VMware Cloud on AWS service now supports an additional service role named Administrator (Delete Restricted). This role has full cloud administrator rights to all service features in the VMware Cloud on AWS console but cannot delete SDDCs or clusters within an organization. This role can be assigned and changed by a user with organization owner privileges, so the role should be assigned along with the role of organization member to prevent modification. When multiple service roles are assigned to an organization user, permissions are granted for the most permissive role. This means that if the Administrator (Delete Restricted) role is selected along with the Administrator role, a user will be able to delete SDDCs and clusters. To ensure proper enforcement of the role, organization owners should select only Administrator (Delete Restricted) to ensure that an organization member cannot delete an SDDC or cluster. A user must log out and then log back in for a new service role to take effect. For more details, read about how to Assign a Role to an Organization Member.
New Features for VMware Cloud on AWS
Language and Regional Format Support (German)
VMware Cloud on AWS now supports language and regional format settings in German. German is supported in the VMware Cloud on AWS console and in Cloud Service Platform features such as Identity & Access Management, Billing & Subscriptions, and some areas of the Support Center. You can change your display language before you login to the VMware Cloud on AWS console or in your account settings. See Set Language for the VMC Console for more information.
New Features for VMware Cloud on AWS
Definitions
*Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available
VMware Site Recovery™
Support for fan-in and other multi-site topologies (*Preview)
VMware Site Recovery™ now supports fan-in and other multi-site topologies, allowing you to connect a single VMware Cloud™ on AWS SDDC that is based on NSX-T to multiple on-premises sites and/or to other VMware Cloud on AWS SDDCs for disaster recovery purposes. You can pair up to four remote sites with a single SDDC. You can recover virtual machines from multiple protected sites to the same VMware Cloud on AWS SDDC, or recover different sets of virtual machines from a single VMware Cloud on AWS SDDC to multiple recovery sites. Other complex multi-site topologies are also now possible provided you can establish network connectivity between the remote sites and the shared VMware Cloud on AWS SDDC. For more details on multi-site topologies, see the VMware Site Recovery documentation.
New Features for VMware Cloud on AWS
DR protect up to 1000 VMs per SDDC
VMware Site Recovery now allows you to replicate up to 1,000 VMs to a single target VMware Cloud on AWS SDDC, allowing you to DR protect larger environments with the service. For more details about the new operational limits, consult the Operational Limits section in the VMware Site Recovery documentation.
vCenter Cloud Gateway
The vCenter Cloud Gateway is an appliance that you can download and install on-premises to connect your on-premises and Cloud vCenters. It joins the on-premises Single Sign On (SSO) domain and allows you to configure Hybrid Linked Mode to manage the hybrid resources from the on-premises data center. vCenter Hybrid Linked Mode (HLM) allows you to link the VMware Cloud on AWS vCenter to an on-premises vCenter to provide a Hybrid management interface across Cloud and on-premises resources. With HLM, you can view and manage the on-premise and Cloud vCenters from a single pane of glass and perform hybrid operations such as workload mobility across the two environments. The vCenter Cloud Gateway supports on-premises vCenter(s) version 6.5 patch d or later.
BGP ASN configuration option over Direct Connect
During the Direct Connect Private VIF configuration, you now have option to choose the BGP ASN. By default, the AWS Public ASN of the region is configured. You can change that to a Private ASN before the Private VIF is attached.
Resolved Issues
Edge FW policies not working with VPN
In the deployments using route-based VPN over Direct Connect, the Edge FW didn't allow traffic according to the user-defined rules. This issue is now fixed.
VPN tunnel flapping
VPN tunnels were repeatedly disconnected and re-established due to the failure of the active Edge device. The Edge failure was due to a memory leak issue, which is now fixed.
Unable to modify FW policy or perform vMotion
A memory utilization issue with NSX manager caused API failures for the following actions. This issue is now fixed.
Change FW policies
Perform vMotion
DHCP traffic failure
Logical network/switch security policy blocked DHCP traffic. The policy has now been modified to handle DHCP requests.
Loss of VM connectivity after Upgrade
A stateful DFW Data structure change across the releases caused a connectivity issue after upgrade. This is now fixed.
Loss of connectivity to HCX components
An Edge segmentation fault was the reason for the loss of connectivity to HCX components. This issue is now fixed.
Deployment Issues
Unsupported deployment with Direct Connect/Route-based VPN to on-premises data center and Policy-based VPN to AWS VPCs
If you advertise default route (0.0.0.0/0) from you on-premises data cneter over Direct Connect or a route-based VPN, you can't then use a policy-based VPN to other VPCs with specific routes. We recommend you advertise specific routes over Direct Connect or route based VPN, and then configure a policy-based VPN to AWS VPCs.
New Features for VMware Cloud on AWS
New Regions: US East (Ohio) and US West (N. California)
Customers can now deploy SDDCs in the US West (N. California), and US East (Ohio). Please note that the US West (N. California) region does not currently support stretched clusters.
New Features for VMware Cloud on AWS
New Region: Europe (Ireland)
Customers can now deploy SDDCs in the Europe (Ireland) region.
New Features for VMware Cloud on AWS
New Region: Asia Pacific (Tokyo)
Customers can now deploy SDDCs in the Asia Pacific (Tokyo) region.
Language and Regional Format Support (Japanese)
VMware Cloud on AWS now supports language and regional format settings in Japanese. Japanese is supported in the VMware Cloud on AWS console and in Cloud Service Platform features such as Identity & Access Management, Billing & Subscriptions, and some areas of the Support Center. You can change your display language before you login to the VMware Cloud on AWS console or in your account settings. See How Do I Change My Language and Regional Format for more information.
New Features for VMware Cloud on AWS
The following new features and changes are Available or in *Preview for the new release:
Definitions
Available: Feature now available for use by applicable customers and may not be available in all AWS regions
*Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available
Features listed below are Available unless otherwise indicated as *Preview.
VMware Site Recovery™
Support for NSX-T
VMware Site Recovery now supports protecting workloads to or from VMware Cloud on AWS SDDCs based on NSX-T, giving users more flexibility and control over their networking configuration for their disaster recovery needs.
Fan-out Topology Improvements - Activate DR with Custom SRM Extension ID
VMware Site Recovery can now be activated on an SDDC with a custom extension ID. This allows you to pair this instance with an on-premises Site Recovery Manager installation using a custom plug-in identifier or a VMware Site Recovery instance on another SDDC deployed with the same custom extension ID. This makes it easier to incrementally implement fan-out disaster recovery topologies. For example, if you already have an on-premises Site Recovery Manager installation deployed with the default plug-in identifier and paired with another on-premises Site Recovery Manager instance or with another VMware Cloud SDDC, you can now install a second on-premises Site Recovery Manager in the same vCenter Server instance with a non-default custom plug-in identifier and pair it to a newly deployed VMware Site Recovery instance activated with the same custom extension ID.
VMware Hybrid Cloud Extension (HCX)
Support for NSX-T SDDCs
HCX supports all capabilities in both NSX for vSphere and NSX-T SDDCs.
Support for Private VIF
HCX-enabled NSX-T SDDCs also support the ability to leverage the Direct Connect private VIF option for the HCX interconnects.
Multi-cluster Support for NSX-T
Customers can now configure multiple clusters per SDDC using enhanced networking capabilities with NSX-T.
Stretched Cluster Support for NSX-T
Customers can configure Stretched Clusters using enhanced networking capabilities with NSX-T. Only a single cluster can be configured in a Stretched Cluster SDDC.
i3p to i3.Metal Transition
VMware will be moving all customers from the i3p instance type to the i3.Metal instance type. This is a minor firmware revision and should have no customer impact.
SDDC Sizing Clarification
VMware is clarifying our documentation to state that our recommended maximum for clusters in VMware Cloud on AWS is 16 nodes. We suggest customers plan for clusters of 16 nodes or fewer. This will clarify our customer sizing recommendation and will align all our documentation to a single number.
Data at Rest Encryption
All customer SDDC data at rest will be natively encrypted by vSAN. vSAN will use AWS Key Management Service for managing encryption keys. Similar to deduplication & compression, vSAN encryption at rest cannot be turned on or off for individual clusters. It is a cluster-wide setting that is always on by default when a cluster is provisioned in the SDDC. Customers have the option to change the KEK (Key Encryption Key) either through vSAN API or through the vSphere UI.
Expanded Networking Support
Direct Connect Private VIF for Management Appliance and Workload Traffic
VMware Cloud on AWS allows management appliance and workload traffic over Direct Connect private VIF. This eliminates the need for separate VPN tunnels for these traffic types and simplifies the hybrid connectivity for customers.
Route-based VPN and Redundancy
This support for dynamic routing protocol simplifies the VPN configuration and provides redundancy against tunnel failures.
Distributed Firewall (Micro-segmentation)
Distributed Firewall enables granular control over East-West traffic between application workloads running in a VMware Cloud on AWS SDDC. Security policies are dynamically enforced at the VM-level, preventing security threats from spreading across the network. Customers are able to define policies based on application constructs, such as workload attributes (for example, VM names) and user-defined tags. Security policies follow workloads wherever they are moved inside the VMware Cloud on AWS SDDC. These dynamic security policies provide operational simplicity compared to traditional IP-based firewall rules.
Granular Visibility through IPFIX and Port Mirroring
IPFIX provides flow-level visibility and port mirroring provides packet-level visibility across all VMs running on an overlay network inside the SDDC. Flow and packet data can be consumed by third-party tools for application performance monitoring, security analysis, and troubleshooting.
Enhanced Connectivity to enable Automation and Partner Solutions
VMware Cloud on AWS now provides native connectivity across workloads, management appliances (vCenter Server), and ESXi hosts, which improves performance and throughput, and simplifies configuration for automation and backup-restore solutions. For example, PowerCLI scripts can now access vCenter Server and automate common VM operations or partner solutions deployed as Proxy VMs can connect to vCenter Server and ESXi for backup-restore operations.
Firewall Logging
Firewall Logging enables customers to log packets for specific firewall rules configured as part of Compute Gateway, Management Gateway and Distributed Firewall. As customers configure a firewall rule, they have a choice to enable logging for the rule. The packets logs will be forwarded to the Log Intelligence Service. Customers can access the packet logs through the Log Intelligence Service. Log Intelligence customers would need to enable ingestion of these logs from the User Interface (As a default setting, ingestion of firewall logs is disabled). Once enabled, the logging will incur subscription charges based on the Log Intelligence pricing model. Please refer to the Log Intelligence site for more information on the various subscription models.
Log Intelligence Usage Report
Usage report in Log Intelligence provides accurate insight into daily log consumption across multiple sources (syslog, firewall logs, application logs, and so on). For example, during the initial free trial customers can use this report to track the firewall log consumption to more accurately plan their pricing model.
Backups now supports datastores with names containing special characters - Previously, some implementations of backup solutions were incompatible with the URL encoding scheme expected by vCenter when using HTTP access to vSphere server files
New Features for VMware Cloud on AWS
Three Host SDDC
The minimum cluster size for SDDC deployments has been reduced to three hosts. These are considered full production SDDCs and will be treated like four host SDDCs from an SLA and supportability point of view. Customers can scale up to four hosts or down to three hosts by simply adding or removing hosts from existing SDDCs. New SDDCs can be created by selecting three hosts at deployment time.
New Features for VMware Cloud on AWS
The following new features and changes are Available or in *Preview for the new release:
Definitions
Available: Feature now available for use by applicable customers and may not be available in all AWS regions
*Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available
Features listed below are Available unless otherwise indicated as *Preview.
New Payment Method: Pay by Invoice
VMware Cloud on AWS now supports the pay by invoice payment method which allows you to pay for your services in arrears. To set up pay by invoice, contact your VMware sales representative, or create a support request in the Support Center.
Compute Policies
Compute Policies enable customers to define VM placement constraints as preferential policies in their SDDC by leveraging inventory tags. In a multi-cluster environment, a single policy can be defined to constrain the placement of tagged VMs using the following capabilities:
Simple VM-Host Affinity
This capability constrains the placement of tagged VMs on specifically tagged hosts in each cluster, thereby circumventing the need to define rules on a per-cluster basis.
VM-VM Anti-Affinity
This policy allows the user to specify anti-affinity relations between a group of VMs. These groups of VMs are identified using vSphere tags. The policy automatically applies to all the VMs that have the tags specified in the policy. DRS will try to ensure that all the VMs in the vCenter that have the policy's VM-tag, are preferably placed on separate hosts.
Disable DRS vMotion
This policy allows the user to specify that a virtual machine not be migrated away from the host on which it was powered-on, unless the host is placed into maintenance mode.
Data at Rest Encryption (*Preview)
All customer SDDC data at rest will be natively encrypted by vSAN. vSAN will use AWS Key Management Service for managing encryption keys. Similar to deduplication & compression, vSAN encryption at rest cannot be turned on or off for individual clusters, it is a cluster-wide setting that is always on by default when a cluster is provisioned in the SDDC. Customers have the option to change the KEK (Key Encryption Key) either through vSAN API or through the vSphere UI.
VMware Site Recovery™
New region: APJ (Sydney): VMware Site Recovery now supports activation on SDDCs provisioned in the APJ (Sydney) region of VMware Cloud on AWS.
Automating Cluster Scaling with Elastic DRS: Optimize resource management of your DR cluster after fail-over by automating cluster scaling with Elastic DRS.
VMware Hybrid Cloud Extension
New region: APJ (Sydney): VMware HCX now supports activation on SDDCs provisioned in the APJ (Sydney) region of VMware Cloud on AWS.
VMware Cloud Motion with vSphere Replication (*Preview): HCX is introducing Cloud Motion with vSphere Replication enabling vSphere Replication Assisted vMotion capabilities. This feature allows bulk migrations with the operational parallelism of vSphere Replication and the no-downtime semantics of vMotion.
New vRealize Operations Management Pack: A new vRealize Operations Management Pack for HCX is now available. This management pack helps monitor, provides dashboards & reports, and triggers problem alerts for the HCX components and services.
Elastic DRS
The Elastic Distributed Resource Scheduler (DRS) automatically scales the number of hosts up or down in an SDDC cluster based on CPU, memory, and storage utilization. Customers enable Elastic DRS per cluster and choose between a cost or performance based policy that determines how eager the algorithm will be to remove a host. The monitoring interval is five minutes and customers can choose the minimum and maximum number of hosts in the cluster. Elastic DRS is not available for single host SDDCs. This feature was previously in Preview and is now Available.
vCenter Cloud Gateway (*Preview)
The vCenter Cloud Gateway provides a single pane of glass to manage hybrid cloud resources from a customer's on-premises data center. It is delivered as an appliance that customers download and install on-premises and configure to link to the VMware Cloud on AWS SDDC using vCenter Hybrid Linked Mode (HLM). Effectively, the vCenter Cloud Gateway allows customers to manage the Cloud SDDC as an extension of their on-premises data center, enabling workload migration to the cloud and back using common workflows in the vSphere HTML5 Client. The vCenter Cloud Gateway supports on-premises vCenter(s) version 6.5 patch d or later.
VMware Cloud on AWS Migration Assessment powered by Cost Insight
The free Migration Assessment utilizes VMware Cost Insight to enable cloud administrators to calculate the capacity and cost required to migrate workloads from private clouds to VMware Cloud on AWS. The Network Insight integration with Migration Assessment allows admins to discover and select applications for migration, taking into account application dependencies while assessing the migration of workloads. Migration Assessment allows cloud admins to:
Plan in advance any capacity needed on VMware Cloud on AWS for a migration.
Calculate the investment required to migrate workloads.
Get additional visibility to network egress costs and application dependencies.
VMware Cloud on AWS Audit Log Support
VMware Cloud on AWS customers can access VMware Cloud on AWS audit logs through Log Intelligence for faster monitoring and troubleshooting as a core service.
Content Library: Import and Sync OVA Templates
Content Library now supports importing and syncing OVA templates with checks for certificate and manifest files. The OVA contents will be checked for data consistency, un-packaged, and imported into Content Library.
Storage as a Service (*Preview)
This feature enables customers to consume Faction Cloud storage attached to an SDDC. The storage is offered through Faction as the Managed Service Provider.
VMware Horizon™ 7 on VMware Cloud on AWS
VMware Horizon 7 on VMware Cloud on AWS delivers a seamlessly integrated hybrid cloud for virtual desktops and applications. It combines the enterprise capabilities of VMware’s SDDC, delivered as a service on AWS with the market leading capabilities of VMware Horizon for a simple, secure and scalable solution. Customers deploying Horizon 7 on VMware Cloud on AWS can now preview Instant Clone, App Volumes, and User Environment Manager, in addition to running Full Clones in production.
Cloud Automation Services: VMware Cloud Assembly®
VMware Cloud Assemblyis a multi-cloud, declarative blueprint orchestration and automation solution that enables infrastructure as code for expedited infrastructure consumption and application delivery while reducing manual effort and the need for cloud specific knowledge. The ability to share content and deployments among project teams increases collaboration and agility. Cloud Assembly supports the following:
VMware Cloud on AWS as a dedicated endpoint in cloud zones – enables teams to easily provision to VMware Cloud on AWS, AWS Native, or an SDDC-based private cloud and later edit deployments based on any updates to the Cloud Assembly blueprint.
Provision workloads directly to VMware Cloud on AWS using Cloud Assembly blueprints via a GUI, CLI or API.
Use existing NSX-T networks through Cloud Assembly and Service Broker when provisioning to VMware Cloud on AWS
Benefit: NSX -T constructs are surfaced within Cloud Automation services which will automate the discover of existing networks. These networks can then be associated with VMware Cloud on AWS deployments.
Initial AWS services available at launch include:
S3
RDS (Instance)
RDS (Cluster)
Glacier
Lambda
OpsWorks (support Puppet/Config Management in AWS)
Add Wavefront by VMware for additional metrics and monitoring.
Cloud Automation Services: VMware Service Broker®
VMware Service Broker is an aggregator of services across multiple cloud platforms as well as a single access point for consumption (catalog) with guardrails for a range of services including Cloud Assembly blueprints and AWS Cloud Formation templates. Service Broker supports the following:
VMware Cloud on AWS as a dedicated endpoint in cloud zones – enables teams to easily provision to VMware Cloud on AWS, AWS Native or an SDDC based private cloud using Service Broker.
Publish any VMware Cloud on AWS blueprints that have been defined and created to the Service Broker as well as the ability to consume other services and templates from AWS with access based on assigned roles.
Surface native AWS services as catalog items
Initial AWS services available by M5 launch include:
S3
RDS (Instance)
RDS (Cluster)
Glacier
Lambda
OpsWorks (support Puppet/Config Management in AWS)
Add Wavefront by VMware for additional metrics and monitoring
Cloud Automation Services: VMware Code Stream®
VMware Code Stream provides release automation and continuous delivery to enable frequent, reliable releases of application and IT code for development and operations teams. Service Broker supports the following:
Model release pipelines (continuous delivery) that test and release code into VMware Cloud on AWS workloads using Code Stream.
Increased visibility into the release process via release and KPI dashboards within the tool.
Add Wavefront by VMware for additional metrics and monitoring.
The August 14, 2018 release includes the following changes
Security updates for L1 Terminal Fault Vulnerability
This patch addresses the ‘L1 Terminal Fault’ (L1TF) speculative execution vulnerability described in CVE-2018-3646. For more information, see https://kb.vmware.com/s/article/55808.
The August 3, 2018 release includes the following changes
New Region: Asia Pacific (Sydney)
Customers can now deploy an SDDC in the Asia Pacific (Sydney) region. This region does not currently support stretched clusters.
New Features for VMware Cloud on AWS
The following new features and changes are Available or in *Preview for the new release:
Definitions
Available: Feature now available for use by applicable customers and may not be available in all AWS regions
*Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available
Features listed below are Available unless otherwise indicated as *Preview.
Deferred AWS Account Connection
This new capability allows for provisioning single-host SDDCs before a connection to an AWS account has been established. Prior to this feature release, establishing a connection to an AWS account was a mandatory step on the way to provisioning an SDDC. It is now possible to run a single-host SDDC for up to 14 days without establishing the connection to the AWS account. A connection to an AWS account must be established prior to scaling-up the single-host to a four-host configuration. Establishing a connection to an AWS account creates a unique, high-bandwidth, low-latency connection between your SDDC and your AWS resources with no cross-AZ charges.
Multi-Factor Authentication (MFA)
MFA is a security enhancement that requires you to present two pieces of evidence upon signing in: something you know such as your password, and something you have such as an application that generates a one-time passcode. MFA helps protect access to your data by adding an extra layer of security. For more information about using MFA, see How Do I Secure My Account Using Multi-Factor Authentication.
International Payment Method Support
You can now pay for VMware Cloud on AWS in various currencies using a credit card and promotional credits. The address of your organization determines the currency in which you are charged. For more information, see How Is My Payment Currency Determined.
Expanded Networking Support with NSX-T (*Preview)
NSX-T (*Preview)
NSX-T is a networking and security platform built for scale and performance. It supports a number of heterogeneous platforms and endpoints including public cloud environments and cloud native platforms using containers in addition to vSphere-based environments.
Direct Connect Private VIF for Management appliance and workload traffic (*Preview)
VMware Cloud on AWS allows management appliance and workload traffic over Direct Connect Private VIF. This eliminates the need for separate VPN tunnels for these traffic types and simplifies the hybrid connectivity for customers.
Route-based VPN and Redundancy (*Preview)
This support for dynamic routing protocol simplifies the VPN configuration and provides redundancy against tunnel failures.
Distributed Firewall (Micro-segmentation) (*Preview):
Distributed Firewall enables granular control over East-West traffic between application workloads running in a VMware Cloud on AWS SDDC. Security policies are dynamically enforced at the VM-level, preventing security threats from spreading across the network. Customers are able to define policies based on application constructs, such as workload attributes (e.g. VM names) and user-defined tags. Security policies follow workloads wherever they are moved inside the VMware Cloud on AWS SDDC. These dynamic security policies provide operational simplicity compared to traditional IP-based firewall rules.
Granular visibility through IPFIX and Port mirroring (*Preview):
IPFIX provides flow-level visibility and port mirroring provides packet-level visibility across all VMs running on an overlay network inside the SDDC. Flow and packet data can be consumed by third-party tools for application performance monitoring, security analysis, and troubleshooting.
Enhanced connectivity to enable automation and partner solutions (*Preview)
VMware Cloud on AWS now provides native connectivity across workloads, management appliances (i.e., vCenter Server), and ESXi hosts, improving performance and throughput and simplifying configuration for automation and backup-restore solutions. For example, PowerCLI scripts accessing vCenter Server and automating common VM operations or partner solutions deployed as Proxy VMs connecting to vCenter Server and ESXi for backup-restore operations.
Cross VDS version vMotion Compatibility
With this advanced configuration option enabled, bi-directional vMotion between on-premises and VMware Cloud on AWS can be achieved across different virtual distributed switch (VDS) versions (greater than or equal to version 6.0). This must be enabled on the on-premises vCenter.
Elastic DRS (*Preview)
The Elastic Distributed Resource Scheduler (DRS) automatically scales the number of hosts up or down in an SDDC cluster based on CPU, memory, and storage utilization. Customers enable Elastic DRS per cluster and choose between a cost or performance based policy that determines how eager the algorithm will be to add a host to the cluster. The monitoring interval is five minutes and customers can choose the minimum and maximum number of hosts in the cluster.
Multi-Cluster Support
This feature enables customers to add additional clusters to their SDDCs. VMware Cloud on AWS will support a maximum of 10 clusters per SDDC, but customer organizations may have lower "soft" limits set. To raise these limits, please contact the customer success team or reach out through chat. Additional clusters will support customer workloads only and share the management infrastructure running on the first cluster.
SDDC Domain Change
The domain name for newly deployed SDDCs can now show as *.vmwarevmc.com for some SDDCs in place of *.vmware.com. This will only impact newly deployed SDDCs, all existing SDDCs will retain the original domain. There is no impact to the VMC console (vmc.vmware.com), only the URL used to access vCenter.
The June 13, 2018 release includes the following changes
Security updates for speculative execution vulnerabilities
This release provides Hypervisor-Assisted Guest Mitigations for CVE-2018-3639(Speculative Store Bypass) and Microcode Mitigations for CVE-2018-3640 (Rogue System Register Read). Please see VMware KB Article 54951 for further information.
New Features for VMware Cloud on AWS
The following new features and changes are Available or in *Preview for the new release:
Definitions
Available: Feature now available for use by applicable customers and may not be available in all AWS regions
*Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available
Features listed below are Available unless otherwise indicated as *Preview.
New Region: EU (Frankfurt)
VMware Cloud on AWS is now available in the AWS EU (Frankfurt) Region. This release continues to expand regional coverage and introduces capabilities to continue improving enterprise readiness and enhancing access through flexible, frictionless consumption. Please refer to the VMware Cloud on AWS pricing website for the latest pricing: https://cloud.vmware.com/vmc-aws/pricing.
Compliance Certifications and Attestations
VMware Cloud on AWS ihas achieved the following industry certifications and attestations: ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, HIPAA. Additionally, VMware Cloud on AWS has been independently verified to comply with the General Data Protection Regulation (GDPR). For more information on VMware Cloud on AWS and GDPR readiness, visit: http://techtest.vmware.com/2018/05/24/vmware-cloud-aws-gdpr-ready/.
Single Host SDDC
The new Single Host SDDC offering provides a low-cost entry point for customers to jump-start their hybrid cloud experience and prove the value of VMware Cloud on AWS before easily scaling up to 4+ hosts. A Single Host SDDC lasts for up to 30 days, but customers can choose to scale up to 4 hosts to retain workloads and data. Customers can also choose to deploy a new Single Host SDDC.
Multi-Availability Zone Stretched Cluster
This feature enables customers to deploy a single SDDC across two AWS Availability Zones (AZs) to support critical applications that require high availability in the event of an AZ failure. In a Multi-AZ Stretched Cluster, vSAN guarantees synchronous writes across two AZs and logical networks extend to support vMotion between AZs. In the event of an AZ failure, vSphere HA attempts to restart VMs in the surviving AZ. Customers can choose a stretched cluster configuration at SDDC creation time and are limited to a single cluster.
Multi-Cluster Support (*Preview)
This feature enables customers to add additional clusters to their SDDCs. VMware Cloud on AWS will support a maximum of 10 clusters per SDDC, but customer organizations may have lower "soft" limits set. To raise these limits, please contact the customer success team. Additional clusters will support customer workloads only and share the management infrastructure running on the first cluster.
Troubleshooting Tab
This feature enables a new tab in the SDDC that enables customers to perform tests against their running infrastructure. The current test enabled is for Hybrid Linked Mode. Using this feature, customers will be able to confirm that their network is configured correctly to support Hybrid Linked mode.
vCenter Cloud Gateway (*Preview)
The vCenter Cloud Gateway is an appliance that customers can download and install on-premises. It joins the on-premises Single Sign On (SSO) domain and allows customers to configure Hybrid Linked Mode and manage the hybrid resources from the on-premises data center. vCenter Hybrid Linked Mode (HLM) allows customers to link the VMware Cloud on AWS vCenter to an on-premises vCenter to provide a Hybrid management interface across Cloud and on-premises resources. With HLM, customers can view and manage the on-premise and Cloud vCenters from a single pane of glass and perform hybrid operations such as workload mobility across the two environments. The vCenter Cloud Gateway supports on-premises vCenter(s) version 6.5 patch d or later. VM Clone, Cold Migration, and vMotion require on-premises vCenter 6.5 U2 or later.
VMware Site Recovery™
New region: EU (Frankfurt): VMware Site Recovery now supports activation on SDDCs provisioned in the EU (Frankfurt) region of VMware Cloud on AWS.
Multi-site Disaster Recovery (DR) topology support - Fan-out from on-premises: Extend your existing on-premises DR strategy to the cloud by protecting some on-premises workloads to VMware Cloud on AWS using VMware Site Recovery while simultaneously protecting other workloads managed by the same on-premises vCenter server to a secondary on-premises DR site. Multiple instances of Site Recovery Manager 8.1 can be deployed on-premises, with one paired to VMware Cloud on AWS for disaster recovery as a service (DRaaS) and others paired to secondary data centers.
Replication Seeding: Accelerate time to protection by leveraging previously replicated base disks of virtual machines as the seed for the new replication. Replication for VMs that have been protected in the past will be able to use previously replicated base disks as a seed instead of requiring an initial full sync.
Backward compatibility with older vCenter server versions: Simplify DR protection by pairing VMware Site Recovery with sites running earlier versions of vCenter. Building on previous releases, VMware Site Recovery is compatible with multiple versions of vCenter, allowing you to protect sites running vSphere 6.7, 6.5 and 6.0U3.
VMware Hybrid Cloud Extension
New region: EU (Frankfurt): VMware HCX now supports activation on SDDCs provisioned in the EU (Frankfurt) region of VMware Cloud on AWS.
Multi-AZ Stretched Cluster: HCX now supports the VMware Cloud on AWS feature to enable customers to span their SDDC across availability zones. This was previously not supported.
Multi-Cluster Support (*Preview): HCX now supports the VMware Cloud on AWS feature to enable customers to add additional clusters to their SDDCs (this feature is currently in *Preview).
On-Premises HCX vSphere Compatibility Update: Support has been extended for vSphere 6.7. As a result, HCX supports vSphere 5.0 and later.
HCX Backup and Restore: The HCX Manager can now be backed up/restored from the HCX appliance management.
HCX Management Pack for vRealize® Operations™: The HCX management pack for vRealize Operations is now generally available. This enables customers to monitor and plan their hybrid operations (migration waves, stretched networks etc.).
VMware Horizon™ 7 on VMware Cloud on AWS
VMware Horizon 7 on VMware Cloud on AWS delivers a seamlessly integrated hybrid cloud for virtual desktops and applications. It combines the enterprise capabilities of VMware’s SDDC, delivered as a service on AWS, with the market leading capabilities of VMware Horizon, for a simple, secure and scalable solution. Horizon 7 is software that can be deployed by customers on VMware Cloud on AWS. Customers are responsible for their Horizon 7 infrastructure even though their SDDC infrastructure is managed by VMware.
Security and Audit Logs Forwarded to VMware Log Intelligence
All current and future VMware Cloud on AWS customers now have the ability to view security and audit logs directly in the Log Intelligence cloud service if they have activated Log Intelligence.
VMware Cloud on AWS Sizer and Total Cost of Ownership (TCO)
The VMware Cloud on AWS Sizer and TCO tool enables customers to size applications for VMware Cloud on AWS and calculate a TCO for these applications when running on VMware Cloud on AWS vs on-premises virtualized environments. Customers can access the tool at https://vmcsizer.vmware.com.
Service API Developer Center
Developer Center - Samples
Samples can now be filtered by development language
Samples can now be searched for using the new "Filter Samples" feature
Samples now have a tag to show the development language they were written in
Developer Center - API Explorer
API Explorer now provides the ability to choose an SDDC and automatically populate the SDDC ID when needed in API calls
API Explorer now supports Integers and Booleans
API Explorer now provides a confirmation box on mutation operations
API Explorer now has the ability to easily copy JSON response from an API call
API explorer improves usability when creating an API payload
Software Development Kits (SDKs)
The following SDKs have been updated to work with SDDC version 1.4 and include the latest API documentation:
Features in Preview Now Available on VMware Cloud on AWS
The following features launched in preview on March 7 2018 are now available (may not be available in all regions):
Tunnel Status Monitor
IPSec and L2 VPN tunnels provide hybrid connectivity. To help monitor and troubleshoot these tunnels, granular statistics and error counters are exposed on the VMware Cloud on AWS console. Customers can click on the VPN status details and will see statistics including packets in/out and bytes in/out. Customers can refresh the statistics by clicking the refresh button. The screen also provides information on the error counters that help to quickly identify issues.
Firewall Rule Accelerator
The Firewall Rule Accelerator automatically creates the required firewall rules in the VMware Cloud on AWS console to allow communication across on-premises networks and VMware Cloud on AWS SDDC components. For example, this tool can be used for the automated configuration of the firewall rules to establish the necessary ports for vCenter, SRM, and other service communication for Hybrid Linked Mode and VMware Site Recovery.
This release includes the following changes
The following feature was listed as available and has now been moved to preview to gather further feedback (features are released in preview to gather feedback and may not be available in all regions):
Multi-Cluster Support (*Preview)
This preview feature enables customers to add additional clusters to their SDDCs. VMware Cloud on AWS will support a maximum of 10 clusters per SDDC, but customer organizations may have lower "soft" limits set. To raise these limits, please contact the customer success team. Additional clusters will support customer workloads only and will share the management infrastructure running on the first cluster.
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available.
The March 12, 2018 release includes the following changes
Security fixes for the Spectre-2 vulnerability
This release contains the updated Intel microcode and associated VMware hypervisor changes for the Spectre-2 vulnerability. Please see https://kb.vmware.com/s/article/52245 for further information.
New Features for VMware Cloud on AWS
The following new features and changes are Available or in Preview for the new release:
Definitions
Available: Feature now available for use by applicable customers and may not be available in all AWS regions
Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available.
Features listed below are Available unless otherwise indicated as Preview.
New Region: EU (London)
We are launching our 3rd AWS region support for VMware Cloud on AWS and our first in Europe: EU (London). VMware Cloud on AWS customers can use the EU (London) region to better serve customers in and around the UK.
Expanded Currency Support
The following six currencies are now supported on VMware Cloud on AWS: USD, GBP, EURO, JPY, AUD and CNY. Customers can transact in these currencies and run their workloads in one of the AWS regions where VMware Cloud on AWS is available.
VMware Site Recovery™
New region: EU (London): VMware Site Recovery now supports activation on Software Defined Data Centers (SDDCs) deployed in the EU (London) region of VMware Cloud on AWS.
Site Recovery Firewall Rules Accelerator: VMware Site Recovery now provides a Firewall Rules Accelerator UI in the VMware Cloud on AWS console to streamline the process of creating firewall rules between your on-premises data center and the Management Gateway for disaster recovery purposes. Currently, these firewall rules must be manually created in the Network tab of the SDDC to allow data replication traffic in both directions, communication with the Site Recovery Manager and vSphere Replication management components, and access to the VMware Site Recovery UI. While you can still follow this manual process to create the rules, now you also have the option of using the Firewall Rules Accelerator to automatically generate the required rules for a remote network that you specify. Rules created through the Firewall Rules Accelerator can be subsequently viewed, edited, and deleted using the Network tab of the SDDC.
Forward compatibility with the next minor release: VMware Site Recovery is now forward compatible with the next minor release of vSphere, Site Recovery Manager, and vSphere Replication after vSphere 6.5, Site Recovery Manager 8.0, and vSphere Replication 8.0, respectively. VMware Site Recovery continues to be compatible with vSphere 6.0 Update 3, vSphere 6.5, vSphere 6.5 Update 1, Site Recovery Manager 8.0, and vSphere Replication 8.0.
VMware Hybrid Cloud Extension
New region: EU (London): VMware Hybrid Cloud Extension (HCX) now supports activation on SDDCs deployed in the EU (London) region of VMware Cloud on AWS.
HCX connectivity options: VMware HCX supports vMotion data traffic, Bulk Migration data traffic, L2 extended networks and DR traffic flows over the internet and/or DX (public VIF).
HCX minimum support versions: VMware HCX supports migration from vSphere 5.0+ to your target SDDC. Source networks can be on the VMware standard switch (vSS), VMware distributed switch (vDS) or Cisco Nexus 1000v distributed switch (n1kv).
L2 VPN Client Resiliency
L2 VPN configuration requires customers to deploy a standalone NSX edge if they do not have NSX on-premises. In SDDC Version 1.3, customers have a choice to deploy standalone edges in an active standby configuration to provide added resiliency. In the case of failure of the active standalone edge, the standby takes over and continues to provide connectivity.
Tunnel Status Monitor (*Preview)
IPSec and L2 VPN tunnels provide hybrid connectivity. To help monitor and troubleshoot these tunnels, granular statistics and error counters are exposed on the VMware Cloud on AWS console. Customers can click on the VPN status details and will see statistics including packets in/out and bytes in/out. Customers can refresh the statistics by clicking the refresh button. The screen also provides information on the error counters that help to quickly identify issues.
Firewall Rule Accelerator (*Preview)
The Firewall Rule Accelerator automatically creates the required firewall rules in the VMware Cloud on AWS console to allow communication across on-premises networks and VMware Cloud on AWS SDDC components. For example, this tool can be used for the automated configuration of the firewall rules to establish the necessary ports for vCenter, SRM, and other service communication for Hybrid Linked Mode and VMware Site Recovery.
VMware vSphere® vMotion®
VMware vSphere® vMotion® between on-premises and VMware Cloud on AWS is now Available. Customers can migrate a powered-on VM with vMotion from their on-premises SDDC to VMware Cloud on AWS and back. There is no need to re-IP the VM at the destination and there is zero downtime during migration to VMware Cloud on AWS. Additionally, vMotion between hosts within a VMware Cloud on AWS cluster in a single SDDC and between hosts across clusters within a VMware Cloud on AWS SDDC is supported.
Customers must have vSphere 6.0 U3 or above version on-premises; AWS Direct Connect (Private VIF); and NSX L2VPN.
Customers with vSphere Distributed Switch (VDS) version 6.5 will need to initiate VMware Cloud on AWS to upgrade the VDS version to 6.5
Customers can perform vMotion between on-premises and VMware Cloud on AWS using the UI (which requires vCenter Hybrid Linked Mode to be connected) or using API or PowerCLI.
VMware vSphere vMotion between hosts across two AZs (*Preview): vMotion between hosts across two AWS availability zones in a resilient elastic cluster for VMware Cloud on AWS is in Preview.
Content Library
In addition to the VM template (VMTX) support introduced in SDDC Version 1.2, Content Library now supports a streamlined template creation workflow to improve the user experience and template naming consistency in the inventory and Content Library views.
Hybrid Linked Mode
VMware vCenter Hybrid Linked Mode (HLM) extends support to on-premises vCenters running vSphere 6.0 U3c and later. Both embedded and external PSC topologies for on-premises vCenters are supported..
Enhanced Storage Efficiency with Deduplication and Compression
VMware Cloud on AWS SDDCs are now automatically enabled for storage deduplication and compression. Users can experience storage savings without making any changes to their configuration. Storage is first deduplicated to eliminate redundant blocks and further compressed to reduce the block size. Compression is only applied if storage can be further compressed by half. Customers can observe these savings by monitoring their capacity usage in the vCenter.
Multi-AZ Stretched Cluster (*Preview)
This feature enables customers to deploy a single SDDC across two AWS availability zones (AZs). Using VSAN's stretched cluster feature, it allows for synchronous writes across two AZs in a single SDDC cluster. This feature also extends workload logical networks to support vMotion between AZs. In the case of an AZ failure, vSphere HA will attempt to restart your VMs on the surviving AZ. This feature is in limited Preview for this release. Contact your customer success manager if you are interested in this feature.
Multi-Cluster Support
Previously in preview, this feature is now Available and enables customers to add additional clusters to their SDDCs. VMware Cloud on AWS will support a maximum of 10 clusters per SDDC, but customer organizations may have lower "soft" limits set. To raise these limits, please contact the customer success team. Additional clusters will support customer workloads only and will share the management infrastructure running on the first cluster.
VMware Cloud on AWS RESTful API
The VMware Cloud on AWS Service API is now Available and can be accessed within the new Developer Center. This feature enables customers to integrate and automate the key features of VMware Cloud on AWS through a RESTful API, PowerCLI (PowerShell module), Datacenter CLI (DCLI) a simplified multi-platform CLI and also a number of open source software development kits. Learn more about the software development kits at https://vmware.github.io/vsphere-automation-sdk/.
/networks APIs (*Preview): The /networks APIs are currently in Preview.
Developer Center
This feature enables automation experts, devops engineers, and developers to easily find the resources needed to automate and integrate with the VMware Cloud on AWS service, providing the following:
Overview of the APIs and tooling available.
Interactive API Explorer for the VMware Cloud on AWS RESTful APIs enabling the ability to learn and execute the APIs.
Access to VMware and community code samples for common development languages and API tooling.
Access to download the supported Open Source software development kits (SDKs) and links to getting started guides and documentation.
Developer and Automation downloadable tools and interfaces for working with these APIs.
vRealize® Operations™ support for VMware Cloud on AWS
Predictive DRS and Service Discovery Management Pack is not supported with this release of VMware Cloud on AWS.
The following are known issues with workarounds in this release:
Content Library and Hybrid Linked Mode
In a Hybrid Linked Mode (HLM) setup, Content Library operations performed from the VMware Cloud on AWS SDDC to the on-premises vCenter objects may fail. All objects across the on-premises vCenter and VMware Cloud on AWS SDDC are still visible through the HLM setup where the user logs in from the VMware Cloud on AWS SDDC. To workaround this issue, operations on on-premises vCenter objects should be performed directly from the on-premises vCenter interface.
Characters repeated in Firefox
When typing in the web-based vSphere Client console using some versions of the Firefox web browser, there is a known issue where characters are repeated. To workaround this issue, use a browser other than Firefox such as Chrome or Internet Explorer.
The January 23, 2018 release includes the following changes
AWS Account Linking Improvements
We have added support for creating more than one SDDC as well as a new way to connect to an AWS account that permits adding more than one account per org. This change is visible during the first step of the SDDC creation workflow. Previously, customers were only able to select one linked AWS account. Now, customers are provided a drop-down that shows the existing AWS account along with the option to add an additional account. The AWS account selected during this step will dictate which account will be connected to the new SDDC. An SDDC can only be linked to one AWS account. Network interfaces in the AWS account that are created and used for account connections will now have their life tied to the SDDC itself, which means they will be removed automatically when an SDDC is deleted. Additionally, the SDDC creation page has been streamlined to reduce the time it takes to start an SDDC deployment.
Features in Preview on VMware Cloud on AWS
The following feature is in preview (features are released in preview to gather feedback and may not be available in all regions):
VMware Cloud Networking APIs (Preview)* [formerly NSX Simple Mode APIs]
All VMware Cloud on AWS network and security features are available to consume through APIs. These APIs can be used for Day0 and Day2 automation activities. The VMware Cloud Networking API is in preview and may change in the future.
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available.
This release includes the following changes
ESXi hosts in vCenter now show as IP addresses
Previously, when a new SDDC was deployed, each of the ESXi hosts were added to the vCenter inventory with a fully qualified domain name (FQDN). Now, when a new SDDC is deployed, each of the ESXi hosts will be added with an IP address.
New Features for VMware Cloud on AWS
We are consistently improving the VMware Cloud service platform. In this release, we provide the following new features:
Support Center
We are here to help you. Check out the new Support Center where you can let us know of any problems you might run into. We have also created a Support role. While organization owners can automatically create and track support tickets, they can also assign the role of support person to one or more organization members - in addition to their organization role - so that they can create and track support tickets for the organization. See How Do I Get Support.
Consolidated Billing
VMware Cloud services now support consolidated billing. Use your VMware funds as a payment method. You can also use VMware promotional credits that you have accrued. Choose your preferred VMware fund when you sign up for a service, or later on when you manage your payment methods. You can also view your current costs and a monthly billing statement. See How Do I Manage Payment Methods and Billing.
Features in Preview Now Available on VMware Cloud on AWS
The following features launched in preview on November 28 2017 are now available (may not be available in all regions):
L2 VPN
Extend Layer 2 networks from on-premises to VMware Cloud on AWS using the VMware NSX L2 VPN feature. The layer 2 extension enables customers to move workloads from on-premises to VMware cloud on AWS without changing IP addresses. This enables bi-directional VMware vSphere® vMotion® to and from VMware Cloud on AWS and also helps in disaster recovery scenarios by enabling applications to retain their same IP address during recovery.
AWS Direct Connect Private VIF for migration traffic
The AWS Direct Connect (DX) integration with VMware Cloud on AWS provides customers with a high bandwidth and low latency link to their on-premises data centers. Customers who have already established AWS Direct connect link between their AWS virtual private cloud (VPC) and on-premises data center can take advantage of this integration with VMware Cloud on AWS. Customers have the option to establish a connection to a VMware Cloud on AWS SDDC with one or multiple DX links. While connecting to an SDDC, customers can choose a Private VIF, Public VIF, or both VIF options. The Private VIF connection will carry VMware vSphere® vMotion® and ESX management traffic over the DX link. The Public VIF connection is optional and can be used to establish virtual private network (VPN) tunnels to carry the management appliance and workload virtual machine traffic.
L3 VPN Generic Download
To reduce configuration related issues with IPsec deployments, this would allow customers to download generic configurations after the VPN is configured on VMware Cloud on AWS. By clicking generic download config, customers can get access to the text file with all the parameters that have to be configured on remote VPN device.
VMware Hybrid Cloud Extension
VMware Hybrid Cloud Extension (HCX) provides application migration and infrastructure hybridity without application downtime or infrastructure retrofit. The VMware HCX service offers bi-directional application landscape mobility and datacenter extension capabilities between any vSphere version. HCX includes patent-pending capabilities to support VMware vSphere® vMotion®, Bulk Migration, High Throughput Network Extension, WAN optimization, traffic engineering, automated VPN with Strong Encryption (Suite B) and secured datacenter interconnectivity with built-in vSphere protocol proxies. VMware HCX enables cloud on-boarding without retrofitting source infrastructure supporting migration from vSphere 5.0+ to VMware Cloud on AWS without introducing application risk and complex migration assessments. Learn more at https://cloud.vmware.com/vmware-hcx.
New Features for VMware Cloud on AWS
The following new features are available or in preview for the new release:
Definitions
Available: Feature now available for use by applicable customers. May not be available in all AWS regions
Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available.
Features listed below are Available unless otherwise indicated as Preview.
VMware Site Recovery™
The VMware Site Recovery™ service expands and simplifies traditional disaster recovery operations by delivering on-demand site protection across a common, vSphere-based operating environment from on-premises to the cloud. The service protects workloads between on-premises data centers and VMware Cloud on AWS, as well as between different instances of VMware Cloud on AWS. Built on top of enterprise-grade recovery plan automation (VMware Site Recovery Manager™) and native hypervisor-based replication capabilities (VMware vSphere® Replication™), the service provides an end-to-end disaster recovery solution that reduces the requirements for a secondary disaster recovery site, accelerates time-to-protection, and simplifies disaster recovery operations.
VMware Hybrid Cloud Extension (Preview)
VMware Hybrid Cloud Extension (HCX) provides application migration and infrastructure hybridity without application downtime or infrastructure retrofit. The VMware HCX service offers bi-directional application landscape mobility and datacenter extension capabilities between any vSphere version. HCX includes patent-pending capabilities to support VMware vSphere® vMotion®, Bulk Migration, High Throughput Network Extension, WAN optimization, traffic engineering, automated VPN with Strong Encryption (Suite B) and secured datacenter interconnectivity with built-in vSphere protocol proxies. VMware HCX enables cloud on-boarding without retrofitting source infrastructure supporting migration from vSphere 5.0+ to VMware Cloud on AWS without introducing application risk and complex migration assessments. Learn more at https://cloud.vmware.com/vmware-hcx.
1 and 3 Year Subscriptions
VMware Cloud on AWS one and three year subscriptions provide significant cost savings (up to ~50%) compared to on-demand usage. In addition to the on-demand model where customers pay as they go for host consumption, customers are now able to commit and pay upfront for hosts and secure term discounts for one or three years. The commitment is made for a number of hosts and a region. Once a subscription has been created, hourly usage for a given region up to the cumulative number of hosts committed to in subscriptions will not incur on-demand charges for the hosts. Usage over the cumulative committed number of hosts in a given region will incur on-demand charges according to on-demand pricing. Learn more about pricing at https://cloud.vmware.com/vmc-aws/pricing.
Multiple-SDDCs
Multiple Software Defined Data Center (SDDC) support enables customers to create more than one SDDC in an organization. Each SDDC must be connected to an AWS account.
New region: US East (N. Virginia)
VMware is announcing the availability of a new region for VMware Cloud on AWS. Starting today, you can provision Software Defined Data Centers (SDDCs) in US East (Virginia). Resources aren't replicated across regions automatically. To create an SDDC in a specific region, simply select the desired region radio button in the VMware Cloud on AWS Console or provide the desired region string for the "region" property in the sddcConfig for the API at https://vmc.vmware.com/swagger/index.html#!/sddc/post_orgs_org_sddcs.
AWS Direct Connect (Preview)
The AWS Direct Connect (DX) integration with VMware Cloud on AWS provides customers with a high bandwidth and low latency link to their on-premises data centers. Customers who have already established AWS Direct connect link between their AWS virtual private cloud (VPC) and on-premises data center can take advantage of this integration with VMware Cloud on AWS. Customers have the option to establish a connection to a VMware Cloud on AWS SDDC with one or multiple DX links. While connecting to an SDDC, customers can choose a Private VIF, Public VIF, or both VIF options. The Private VIF connection will carry VMware vSphere® vMotion® and ESX management traffic over the DX link. The Public VIF connection is optional and can be used to establish virtual private network (VPN) tunnels to carry the management appliance and workload virtual machine traffic.
L2 VPN (Preview)
Extend Layer 2 networks from on-premises to VMware Cloud on AWS using the VMware NSX L2 VPN feature. The layer 2 extension enables customers to move workloads from on-premises to VMware cloud on AWS without changing IP addresses. This enables bi-directional VMware vSphere® vMotion® to and from VMware Cloud on AWS and also helps in disaster recovery scenarios by enabling applications to retain their same IP address during recovery.
Simple Mode NSX APIs (Preview)
Expose network and security services available in VMware Cloud on AWS through simple mode NSX APIs. Customers can use NSX APIs and Power CLI for the Day0 and Day2 automation activities.
L3 VPN Generic Download (Preview)
To reduce configuration related issues with IPsec deployments, this would allow customers to download generic configurations after the VPN is configured on VMware Cloud on AWS. By clicking generic download config, customers can get access to the text file with all the parameters that have to be configured on remote VPN device.
AWS Service Access Enhancements
Customers now have the choice to access S3 buckets over the internet or over the AWS connected VPC.
VM templates (.vmtx) support in Content Library (MVP)
With this new feature, Content Library introduces the support of one of the most popular content types: VM Template (.vmtx). This will allow customers to add VM Templates to Content Library, delete them, and use them to deploy VMs.
VMware vSphere® vMotion® over L2VPN/Direct Connect (Preview)
Customers can migrate a powered-on VM with VMware vSphere® vMotion® from their on-premises datacenter to VMware Cloud on AWS and back. There is no need to re-IP the VM at the destination and there is zero downtime during migration to VMware Cloud on AWS. This would require customers to have set-up Hybrid Linked Mode (HLM) and L2VPN.
vCenter HLM: Extend on-premises support to include vCenter(s) with external PSC
vCenter Hybrid Linked Mode (HLM) allows customers to link the VMware Cloud on AWS vCenter to their on-premises vCenter and to manage the on-premises and cloud vCenter resources from a single pane of glass. In the first release of VMC, HLM supported a single on-premises 6.5 vCenter with an embedded Platform Services Controller. Today, HLM is extending the on-premises support to include 6.5 vCenter with an external Platform Services Controller. This further allows HLM to link to a group of 6.5 on-premises vCenters that are joined in the same Single Sign-On (SSO) domain, known as Enhanced Linked Mode configuration.
External Storage Access from Inside Guest VMs
Customers can now access external storage from inside a guest operating system. NFS, SMB/CIFS and iSCSI storage protocols are validated over the following VMware Cloud on AWS networks:
AWS Elastic Network Interface (ENI)
VMware Cloud on AWS Compute Gateway (CGW)
VMware Cloud on AWS Internet Gateway (IGW)
Customers can access block and file based storage from inside their guest VMs to provide access to external data and applications. VMware Cloud on AWS external storage is available from various operating systems and applications that can provide block and file services.
Guided Tour
With the new guided tour feature, customers can follow detailed, step-by-step guidance to set up the VMware Cloud on AWS environment, including firewall rules, VPN, and HLM. The "Getting Started" button in the help panel will trigger this feature.
Multi-Cluster Support (Preview)
This feature enables customers to add additional clusters to their SDDCs. VMware Cloud on AWS will support a maximum of 10 clusters per SDDC, but customer organizations may have lower "soft" limits set. To raise these limits, please contact the customer success team. Additional clusters will support customer workloads only and share the management infrastructure running on the first cluster.
SDDC Scale
The maximum cluster size is 32 ESXi hosts.
PowerCLI for VMware Cloud on AWS (Preview)
As part of VMware PowerCLI 6.5.4, a new module has been added which enables the automation and scripting of VMware Cloud on AWS features. Updates to the existing PowerCLI modules are in process to enable you to work with the newer features of vCenter. The VMware Cloud on AWS Service API is currently in preview and may change in the future.
As well as the new VMware Cloud on AWS module there will be updates to the existing PowerCLI modules to enable you to work with the newer features of the Virtual Center deployed as part of your VMC SDDC. For example, automating the new Content Library VMTX Template feature.
You can update your version of PowerCLI to use these features using the normal update procedures for PowerCLI at https://blogs.vmware.com/PowerCLI/2017/08/updating-powercli-powershell-gallery.html.
VMware Cloud on AWS SDKs (Preview)
The existing vSphere Automation SDKs for both Python and Java are being worked on to include functionality for programmatic access of the VMware Cloud on AWS service. The existing Github repositories at https://vmware.github.io/vsphere-automation-sdk/ have now been updated with new language bindings and new samples custom built as sample common workflows. These would allow you to programmatically access the VMware Cloud on AWS API. The VMware Cloud on AWS Service API is currently in preview and may change in the future.
Datacenter CLI (DCLI) (Preview)
All new features of the VMware Cloud on AWS API are available via a multi-platform simple command line interface, that can be downloaded at https://my.vmware.com/web/vmware/details?productId=664&downloadGroup=VMC_GA. The VMware Cloud on AWS Service API is currently in preview and may change in the future.
The October 6, 2017 release included the following fixes and new content:
The logical network plugin UI actions “Attach VMs” and “Detach VMs” were allowing virtual machine changes without the appropriate privileges. A change was made to hide these actions from the plugin in the current release.
There were connectivity issues between VMware Cloud on AWS virtual machines and AWS Elastic Cloud Compute (EC2) instances in the user’s linked virtual private cloud (VPC). The problem was that logical network routes were not updated correctly to the cross VPC route table. A fix was made to correctly update the route tables, enabling the connection.
The September 13, 2017 release included the following fixes and new content:
During SDDC deployment, when HA was enabled on the cluster, the service was not considering some of the intermittent progress state of FDM and was bailing out prematurely as deployment failure. A fix was made to encompass all the intermediate FDM statuses and make SDDC deployment more robust.
The storage policy associated with Managements VMs was mutable and a customer could have inadvertently made changes impacting the compliance and behavior of management VMs. A change was made to make the storage policy associated with Management VMs to be immutable.
Hybrid Linked Mode (HLM) failed to accept a valid DN that included a hyphen from onPrem Active Directory. As a result, users were not able to configure HLM by adding the OnPrem Identity source. The fix allows using a DN with hyphen.
SDDC deployment has increased number of retries to provision and add hosts to the cluster to improve the deployment reliability.
A security fix related to SM2 shared parsing.