Metal Packaging Token

To get started with VMware SD-WAN, customers will need to have an SD-WAN subscription with the Premium license (which provides access to SD-WAN Gateways, and Non-VeloCloud-Site capabilities) or Enterprise License (which needs Non-VeloCloud-Site capability via Gateway add-on option).Customers should also have access to the VMware SD-WAN Orchestrator to have the capability to create a Non-VeloCloud Site Network Service.Customers will also need to have at least a single-host VMware Cloud on AWS environment with access to manage Networking and Security.

What does In-Process High mean? Is the VMware Cloud on AWS GovCloud (US) now FedRAMP In-Process High?

An In-Process designation indicates that a CSP is actively working on the documentation required to achieve a FedRAMP Authorization and that an agency is reviewing that documentation with the intent to provide an ATO.FedRAMP introduced their High Baseline to account for the government’s most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.Yes.VMware Cloud on AWS GovCloud (US) is now FedRAMP In-Process High with United States Marshals Service as the Agency sponsor.

What does it mean when it says AWS is VMware's preferred partner?

The relationship we have with AWS is a mutual and strategic partnership that runs both ways.AWS is VMware’s preferred public cloud partner for all VMware vSphere-based workloads.Conversely, VMware Cloud on AWS is the preferred public cloud service recommended by AWS for all VMware vSphere based workloads.

What does VMware HCX offer?

The VMware HCX service offers bi-directional application landscape mobility and data center extension capabilities between any vSphere version.VMware HCX includes vMotion, bulk migration, high throughput network extension, WAN optimization, traffic engineering, load balancing, automated VPN with strong encryption (Suite B) and secured data center interconnectivity with built-in hybrid abstraction and hybrid interconnects.VMware HCX enables cloud onboarding without retrofitting source infrastructure, supporting migration from vSphere 5.0+ to VMware Cloud on AWS without introducing application risk and complex migration assessments.

What does VMware manage and operate Vs what is the responsibility for customers?

VMware is responsible for the SDDC software components and the IaaS infrastructure resources.Customers are responsible for their applications and workloads running on the service.

What Editions of Microsoft Software will VMware provide to me?

For Windows Server, we will provide the Windows Datacenter.We will provide SQL Enterprise.

What EDRS policies are supported with Stretched Clusters?

All EDRS policies – Cost, Performance and Rapid Scale Out – are supported with Stretched Clusters, in addition to the Storage-only default policy.

What external virtual storage arrays are supported on VMware Cloud on AWS?

VMware Cloud on AWS supports a variety of AWS EC2 based virtual storage arrays and general purpose operating systems that export storage volumes or LUNs.Our storage partners will independently test and provide documentation for their respective solutions.

What failure scenarios does Active-Standby client deployment protects from?

This protects from the edge failure scenario.If the active edge fails, the standby will take over the tunnel traffic.

What features are available in the vRealize Cloud Add-on trial period?

The trial enables full access to vRealize Automation Cloud services – Cloud Assembly, Service Broker and Code Stream.Customers will be able to use all capabilities in the three services including Kubernetes configuration and Terraform integration.

What firewall rules should be created in the VMware Cloud on AWS SDDC customer environment for vRealize Network Insight or vRealize Network Insight Cloud service?

Please refer to this link to learn more about the firewall rules that need to be created.

What happens after vRealize Network Insight Cloud service sign up?

After you sign up for vRealize Network Insight Cloud SaaS, or after the VMware sales person submits a referral on your behalf, you will receive a Thank You email immediately.Following the Thank You email, you will receive an invitation email with NIaaS activation link within 1-2 business days.Note: If you do not see the invitation email with activation link in your inbox folder, please check your spam folder.

What happens during a maintenance update for the SDDC software running on VMware Cloud on AWS GovCloud (US)?

Prior to a maintenance update, you will receive an email notification telling you the date and time of when the update is going to occur.When the update process is initiated, you will receive another email notification.The process occurs in 2 main phases, control plane update and data plane update.During the control plane update, customers are temporarily prevented from gaining access to vCenter.Direct access to VMs will still be available during this phase.A backup of vCenter and NSX Manager is taken prior to installing the update.The update is then installed.Once the installation is completed, access to vCenter is restored and the control plane phase is completed.An email is sent to you once the control plane is completed.In the data plane update phase, an extra ESXi host is temporarily added to each cluster to ensure sufficient capacity to complete the update process.The data plane update process is conducted on a rolling basis, with the hosts being updated one at a time.Each ESXi host is placed into maintenance mode and VMs are migrated to another host in the cluster.Update of the ESXi host is done in-place after the VMs are migrated.Once all of the hosts are updated, one of the hosts is removed from the cluster to restore the host count to the original number before the update process gets over.An email is sent to customers once the data plane update is completed.

What happens during a maintenance update for the SDDC software?

SDDC update is a three phase activity with NSX-T.Refer to Managing service lifecycle page for more details.

What happens during the vRealize Automation Cloud trial activation process?

The trial activation process takes about 20-30 minutes to complete.During this time, your organization is created in vRealize Automation Cloud and a cloud proxy in your VMware Cloud on AWS SDDC is setup.The activation also configures cloud account, network profile, default lease policy and a catalog item in vRealize Automation Cloud to get started.

What happens if "Use VPN as backup to Direct Connect" is enabled but no VPN is configured?

The traffic will go over Direct Connect as usual.There will not be any VPN backup to Direct Connect until a route based IPSEC VPN is configured.

What happens if AWS has Infrastructure availability issues?

Availability of the VMware Cloud on AWS service is dependent on and subject to availability of the AWS infrastructure on which it is hosted.The VMware Cloud on AWS Console and APIs are all located in the AWS US West (Oregon) Region.Only a complete failure of this region would result in a service disruption to the VMware Cloud on AWS Console and APIs.If the AWS Availability Zone that your SDDCs are deployed in has an availability issue, then you may lose access to Virtual Center and the SDDCs running in that region may be impacted.VMware has processes in place to restore operations to the VMware Cloud on AWS service if an AWS Availability Zone or an AWS Region becomes unavailable.Customers are responsible for their own contingency plans including backups of their workloads and alternative hosting locations.Customers with workloads that need to be resilient of AWS infrastructure availability events should deploy workloads using stretched clusters and run workloads in multiple AWS Regions.

What happens if I have an SPBM policy of RAID 6 set and eDRS tries to scale down to four hosts?

If you have an SPBM policy that requires a minimum number of hosts, such as RAID 6, eDRS will not scale down below that minimum number.To allow scale down, reconfigure SPBM to use a policy without that restriction such as RAID 1.

What happens if I have an SPBM policy of RAID 6 set and eDRS tries to scale down to four hosts?

If you have an SPBM policy that requires a minimum number of hosts (such as RAID 6), eDRS will not scale down below that minimum number.To allow scale-down, reconfigure SPBM to use a policy without that restriction such as RAID 1.

What happens if partition placement fails?

Partition placement is a best-effort operation.Placement may fail if there are insufficient physical racks or insufficient capacity.If partition placement fails, a host is added outside of a partition.This means the host is still added, but it is added to a rack that may already have a host from the same cluster.No further action is required when partition placement is sub-optimal.

What happens if VMware receives a court order or legal request to access Customer Content?

If we are required by a subpoena, court order, agency action, or any other legal or regulatory requirement to disclose any of Your Content we will provide you with notice and a copy of the demand as soon as practicable, unless we are prohibited from doing so pursuant to applicable law.If you request, we will, at your expense, take reasonable steps to contest any required disclosure.We will limit the scope of any disclosure to only the information we are required to disclose.As an additional layer of protection, VMware Cloud on AWS customers may also choose to implement encryption or security software within their guest operating system or applications.This enables a customer to use the same security software they use in their own data centers and utilize their own Key Management Infrastructure to further protect their content from VMware, VMware Cloud on AWS sub-processors and legal entities.

What happens to a customer when vRA trial period offered by vRA Add-on expires?

Upon trial period expiration, customer will no longer have access to vRealize Automation Cloud.All the users will be removed from the organization, including the organization admin.

What happens when an AZ fails and when it comes back after a failure?

We will re-synchronize the vSAN datastore.This resync time will depend on how much data you have stored and how long the systems have been segmented.This operation is automatic and monitored by our operations team.

What happens when I delete an SDDC on VMware Cloud on AWS GovCloud (US)?

When you delete an SDDC, your VMs and data are deleted and the hosts and other resources allocated to the SDDC are released for use in other SDDCs.

What happens when I delete an SDDC on VMware Cloud on AWS?

When you delete an SDDC, your VMs and data are deleted and the hosts and other resources allocated to the SDDC are released for use in other SDDCs.

What happens with SDDCs are added or removed from an SDDC group with linking enabled?

If an SDDC is added to a group when linking is enabled, the vCenter of the added SDDC is automatically linked to the group’s others.If an SDDC is removed from a group with linking enabled, the vCenter is unlinked from the remaining members.

What if I delete tags?

If tags associated with a policy are deleted, the policy is no longer in effect, and is deleted.

What Incidental Software can be used with VMware Cloud on AWS?

There is no Third-Party Content included in the VMware Cloud on AWS service or required to use the service.VMware does run the VMware Solution Exchange (VSX) that provides customers with a centralized resource for finding technology solutions that complement, integrate or interoperate with VMware’s portfolio of products.

What information is available on firewall statistics?

Administrators can now access firewall statistics directly from the Networking and Security console.

What information is available on the tunnel statistics?

You will be able to see packets in/out and bytes in/out per tunnel as well as error counts per tunnel.

What instance types are supported with the ability to create multiple stretched clusters?

Multiple stretched clusters are supported with the i3.Metal instances and i3en.Metal instances.

What is "Service Operations Data" and "Usage Data"?

Service Operations Data and Usage Data is information VMware collects in connection with the provisioning and delivery of the VMware Cloud on AWS service.It includes information from VMware’s software or systems hosting the service, and from the customer systems, applications and devices that are used to access the service.The Service Operations Data is used to facilitate the delivery of the service to customers, including managing and monitoring the infrastructure, and providing support, and the Usage Data is used for VMware’s own analytics and product improvement purposes.The data collected is generally technical information, with limited individually identifying information such as email address, IP/MAC address of the VMware Cloud on AWS administrator’s devices, and identifiers (including cookies).The information may include the following types of data: Account Information: Information that a customer provides to us in connection with the creation or administration of a customer account, including names, usernames, phone numbers, email addresses, and billing information.Configuration Data: Technical data about how a customer organization has configured VMware Cloud on AWS and related environment information.Feature Usage Data: Feature usage data relates to how a customer organization uses VMware Cloud on AWS features..Authentication Data: Information that is used to provide access to the Services, such as username and passwords (for local authentication only).Performance Data: Performance data relates to how the VMware Cloud on AWS Services are performing.Examples include metrics of the performance and scale of the Services, response times for user interfaces and API calls.Service Logs: Service logs are automatically generated by the Services.Typically, these logs record system events and state during the operation of the Services in a semi-structured or unstructured form.Security Logs: Security logs come from multiple sources including Intrusion Detection and Prevention Software (IDS/IPS), firewalls, vulnerability scanners, file Integrity monitoring systems, anti-virus solutions, access control systems, vSphere, and AWS Infrastructure.Diagnostic Information: Diagnostic information may be contained in log files, event files and other trace and diagnostic files.Support Data: Support data relates to information that has been provided by a customer to VMware or is otherwise processed in connection with support facilities such as chat and service support tickets.Survey Data: Survey data relates to a customer’s Net Provider Score ("NPS") and other similar in-Service surveys or feedback in relation to a customer’s use of the relevant Services.The main difference between Usage Data and Services Operations Data are the purposes for which we use the data.When collecting both Usage Data and Services Operations Data, we always aim to collect the minimum amount of personal information necessary to fulfill these respective purposes.

What is a "Shadow Account" or "Shadow VPC"?

A Software Defined Data Center (SDDC) is deployed in a dedicated AWS Virtual Private Cloud (VPC) that is owned by an AWS Account created by the VMware Cloud on AWS service exclusively for the customer.Amazon Accounts and Amazon VPC’s are the mechanisms implemented by AWS to logically isolate sections of the AWS Cloud for each customer.The customer dedicated Account and VPC is referred to as the Shadow Account or Shadow VPC.A single Shadow Account can hold multiple SDDCs across all AWS regions where the VMware Cloud on AWS service is offered.Upon termination of the customer’s VMware Cloud on AWS account, all resources held in the Shadow Account will be released and the Shadow Account is retired from use.

What is a flow?

Flow is a combination of 5 tuples : Source and Dest IP, Source and Dest Port, and Protocol.There is always a unique flow across two application talking to each other on a specific port.

What is a L2 VPN Client?

There are two components of L2 VPN: The L2 VPN server is running on the VMware Cloud on AWS GovCloud (US) and the L2VPN client is deployed on the on-premises data center.Customers who don’t have NSX on-premises must deploy a standalone NSX edge and configure it as an L2 VPN client talking to the server running on VMware Cloud on AWS GovCloud (US).

What is a NSX L2 VPN?

NSX L2 VPN is a tunnel that enables extending layer 2 networks across geographic sites.Extended layer 2 networks enable virtual machines to move across sites (vMotion) while keeping their IP addresses the same.L2 VPN allows enterprises to seamlessly migrate workloads backed by VLAN or VXLAN between on-premises and VMware Cloud on AWS GovCloud (US).

What is a Seller?

Seller is a Billing Account for an org.In simpler words, the company that would send the bill to the customer.It indicates which legal entity or person is identified as the Seller of Record for a specific product to the end consumer.The Seller of Record also often assumes the responsibility for accounting for a transaction tax on that particular transaction.Sellers have their own set of commerce attributes that may or may not be unique to that seller such as Payment Method, Terms of Service, Offer catalog, Pricing, Regions, Currencies accepted, and Billing engines with different invoice templates and billing business rules.

What is a SLA Credit?

Each “SLA Credit” is an amount equal to a portion of the monthly recurring or metered subscription amount (net of any discounts) for the billing month in which the SLA Event occurred.The SLA Credit is calculated based on the scope of the Availability issue and how close to the Availability Commitment the component or service met for the month.An SLA Event that impacts an entire SDDC would result in an SLA credit for a portion of the entire SDDC monthly subscription or metered bill.If one or more SLA events within a billing month resulted in the Monthly Uptime Percentage falling below the Availability Commitment thresholds defined in the VMware Cloud on AWS SLA a greater portion of the customer’s bill would be returned in the SLA Credit.

What is a storage policy and why is it important? How is the feature 'Automatic adjustment of vSAN policy' different?

Storage policies define levels of protection or performance for your VMs or VMDKs.Typically, a user manually sets a policy for one or more VMs and these are then managed by vCenter.With Automatic adjustment of vSAN policy for improved data availability, we will automatically set the policy for you based on the number of nodes in your VMware Cloud on AWS cluster.

What is a Traffic Group?

A Traffic Group is a new VMC construct that creates additional network capacity resources in the form of NSX Edge routers.

What is Account Linking?

In order to allow the SDDC to access resources in a customer’s existing AWS account (and vice versa), VMware employs a workflow called Account Linking that grants the VMware Cloud on AWS service limited permissions in a customer’s account to help select the optimal deployment zone(s), set up cross-account networking via Cross-Account ENIs (X-ENI), and update route table information.This is done via a template-based workflow that allows the customer to grant these permissions in a few clicks.The set of permissions is maintained by an AWS-controlled policy, with cross-account access granted via role assumption from specific VMware Cloud on AWS accounts.

What is an Association Map?

An Association Map is the construct used to bind an IP Prefix List to a Traffic Group.

What is an IP Prefix List?

An IP Prefix List is how customers define the source IP addresses of traffic that will utilize the new network capacity created by the Traffic Group.

What is an IPFIX Template?

An IPFIX template provides meta data format about the collected flows.For example, the flow template may include "timestamp when flow started and ended” "amount of bytes allowed during that time.

What is an L2 VPN client?

There are two components of L2 VPN: The L2 VPN server is running on the VMware Cloud on AWS and the L2VPN client is deployed on the on-premises data center.Customers who don’t have NSX on-premises must deploy a standalone NSX edge and configure it as an L2 VPN client talking to the server running on VMware Cloud on AWS.

What is an SDDC Group?

An SDDC Group is a set of SDDC organized together for a common purpose.It is a logical grouping meant to simplify SDDC operations at scale.SDDC Groups provide customers with the ability to logically organize a set of SDDCs to simplify management at scale, as customers deploy multiple SDDCs within VMware Cloud on AWS.With an SDDC group, customers can manage multiple SDDCs as a single logical entity.

What is AWS Direct Connect?

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.Using AWS Direct Connect (DX), you can establish private connectivity between AWS and your data center, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput and provide a more consistent network experience than Internet-based connections.

What is BGP ASN (Autonomous System Number) and do I need one to use AWS Direct Connect?

Autonomous System numbers are used to identify networks that present a clearly defined external routing policy to the Internet.AWS Direct Connect requires an ASN to create a public or private virtual interface.

What is Cloud Motion with vSphere Replication?

Cloud Motion with vSphere Replication is a new and innovative way to enable mass migration of workloads from on-premises to VMware on AWS.With Cloud Motion with replication, you can migrate VMs at large scale without any downtime (live).

What is Cloud Native Storage?

Cloud Native Storage (CNS) is a VMware Cloud on AWS and Kubernetes (K8s) feature that makes K8s aware of how to provision storage on VMC on-demand in a fully automated, scalable fashion as well as providing visibility for the administrator into container volumes through the CNS UI within vCenter.Cloud Native Storage on VMC is supported with TKG and TKG Plus.

What is CloudHealth Hybrid by VMware?

CloudHealth Hybrid by VMware is a relaunch and rebranding of CloudHealth Data Center module with new capabilities that enable CloudHealth customers and partners to optimize and govern hybrid clouds.CloudHealth Hybrid brings together the functionality of CloudHealth Data Center and vRealize Business for Cloud (vRBC) into a single standalone SaaS offering.

What is Compute Policy?

Compute Policy is a new framework to allow you the flexibility, control, and policy-based automation required to keep up with the demands of your business.

What is Customer Content?

Customer Content is any content you, as a customer, upload into a Service Offering as further specified in the VMware Cloud Service Offerings Terms of Service.This includes all text, sound, video, or image files, and software (including machine images), or other information that you or any of your end users upload into the VMware Cloud on AWS service for processing, storage, or hosting in connection with your account with us.Account information, including names, usernames, phone numbers, and billing information associated with your account, is not included in the definition of “Customer Content”, nor is any information we collect in connection with your use of the service.VMware will handles account information in accordance with our Privacy Notice.

What is Distributed Firewall?

The NSX Distributed Firewall enables micro-segmentation (granular control over East-West traffic) for application workloads running in the VMware Cloud on AWS SDDC.

What is EDRS Rapid Scale Out?

EDRS Rapid Scale-Out causes EDRS to react faster and to add hosts in parallel to allow a cluster to scale out more quickly during a DR event for VDI or other workloads.

What is EDRS Rapid Scale Up?

EDRS Rapid Scale Up causes EDRS to react faster and to add hosts in parallel to allow a cluster to scale up more quickly during a DR event for VDI or other workloads.

What is Elastic DRS (eDRS) feature in VMware Cloud on AWS GovCloud (US) service?

Elastic DRS (eDRS) is a feature that uses the resource management features of vSphere to analyze the load running in your SDDC to scale your clusters up or down.Using this feature, you can enable VMware Cloud on AWS GovCloud (US) to manage your cluster sizes without manual intervention.

What is Elastic DRS (eDRS)?

Elastic DRS (eDRS) is a feature that uses the resource management features of vSphere to analyze the load running in your SDDC to scale your clusters up or down.Using this feature, you can enable VMware Cloud on AWS to manage your cluster sizes without manual intervention.

What is expected of the clusters set up in prior releases with encryption turned off?

All existing clusters in the last release will be migrated to the latest release.As part of migration, encryption shall be turned on for all existing clusters.All new clusters will be provisioned with encryption turned on by default.

What is FedRAMP Ready?

This designation indicates that a Third Party Assessment Organization (3PAO) attests to a Cloud Service Provider’s (CSP) readiness for the authorization process, and that a Readiness Assessment Report (RAR) has been reviewed and approved by the FedRAMP PMO.The 3PAO (auditor) reviews the implementation of the top 100 most critical security controls that a CSP is required to implement to achieve a FedRAMP ATO.While becoming FedRAMP Ready is not a guarantee that a CSP will become authorized, achieving FedRAMP Ready status provides a greater likelihood of success in the authorization process as the government has a clearer understanding of a CSP’s technical capabilities.

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

What is Firewall Logging?

Firewall Logging enables customers to log packets for specific firewall rules.The captured packet logs help in troubleshooting or security monitoring activities.

What is Grouping?

Grouping construct enables users to create identifiable group of objects and create security policies using those objects.For example, you can create group of VMs called as "web" and "app" and "db" and then use those objects to create FW policy between Web and App and App and DB layers.

Overview of Metal Packaging Token

Metal Packaging Token aims to revolutionize the metal packaging industry, by making it more cost-effective, eliminating or reducing the economic advantages of other less recyclable packaging materials.

Metal Packaging Token es un proyecto centrado en el bienestar social, medioambiental y de la industria de envasados de metal desde su propuesta de reciclaje.

Metal Packaging Token has an available supply of – and a total supply of 1,800,000,000 coins alongside with $0.0 market cap and a $2.3 24h trading volume.

Metal Packaging Token will reserve a total of 10% of the maximum token supply, in order to massively purchase metal scrap and sending it directly to melt.

Metal Packaging Token all basically know this, as this ‘we’ refers to the world’s population, ‘we’ should start to do a fewthing about this.

Metal Packaging Token believes that this token distribution model is the best option for MPT, but also for a variety of other projects.

Metal Packaging Token introduces to us a blockchain based project under EOS that will reduce this harmful waste for our environment.

Metal Packaging Token will set the standard that commissions (fees), through the whole chain, are paid out in MPT.

Metal Packaging Token Bounty starts on June 7th, 2019 and ends on July 18th, 2019 .

Metal Packaging Token had an all-time high of $1.4353 3 months ago.

Blockchain

The Metal Packaging Token is a blockchain-based solution to improve cost-effectiveness within the metal packaging industry.

AdMad at your Computer?

Boost and fix your computer with ease, now.

Am I required to run NSX in on-premises installations when interacting with VMware Cloud on AWS GovCloud (US)?

No.You are not required to run NSX on-premises in order to interoperate with VMware Cloud on AWS GovCloud (US).VMware Virtual Machines can be cold migrated to VMware Cloud on AWS GovCloud (US) without any modifications.

Are all hosts in VMware Cloud on AWS homogeneous? How does per-VM EVC mode help there?

Yes, as of now, all hosts in VMware Cloud on AWS are homogeneous.The per-VM EVC setting comes into play when migrating back from VMware Cloud on AWS to on-premises to ensure there are not compatibility issues.

Are all NSX-T APIs in VMware Cloud on AWS available under Developer Center?

Yes, you can find all available NSX-T APIs for VMware Cloud on AWS in API Explorer.

Are audit logs part of the VMware Cloud on AWS core service?

Yes, VMware Cloud on AWS Customers can access VMware Cloud on AWS audit logs through vRealize Log Insight Cloud for faster monitoring and troubleshooting as a core service.

Are custom vCenter roles supported with NSX-V networking configurations?

No, custom vCenter roles not supported for NSX-V networking configurations.Only NSX-T configurations are supported by this feature.

Are maintenance outages eligible for a SLA Credit?

Scheduled Maintenance outages are not counted towards the service’s stated availability metric, if you have been notified at least 24 hours in advance.Upgrades are scheduled in advance and may limit availability of specific services or capabilities such as Virtual Center access for a short period of time, but the maintenance process used by VMware Cloud on AWS does not typically impact the availability of a customer’s workload.Customers’ workloads should continue to run during upgrades of the physical hardware, drivers, hypervisor, virtual networking, and management systems.In the extremely rare case that an upgrade has the potential to impact a customer’s workloads, this will be carefully coordinated with customers by the VMware Cloud on AWS operations team.

Are my audit and security logs already in vRealize Log Insight Cloud?

No, we will not start forwarding the audit and security logs into vRealize Log Insight Cloud until you have activated your vRealize Log Insight Cloud instance.

Are network outages eligible for a SLA Credit?

Depending on the cause of the outage, you may be eligible for an SLA credit.As stated in the VMware Cloud on AWS SLA, "If all of your virtual machines ("VMs") running in a cluster do not have any connectivity for four consecutive minutes" you could be eligible for an SLA credit.If the cause of this outage is determined to be caused by the failure of NSX or one of the NSX components then you are eligible for an SLA credit.If the network connectivity issue is due to AWS Direct Connect being unavailable, then you can contact AWS for credit based on the Direct Connect SLA provided by AWS.

Are SDDC Groups needed to be able to manage vCenters from multiple SDDCs together?

Yes, SDDC Grouping is a pre-requisite for the vCenter linking feature to work across multiple VMware Cloud on AWS vCenters.This feature allows customers to manage resources from multiple SDDCs in a single vSphere Client interface.

Are some policies preferred over others?

No.All defined policies (except Disable DRS vMotion) are treated the same, and no one policy is preferred over the other.As a result, one policy cannot be violated to remediate another.

Are stretched clusters a good way to implement Disaster Recovery?

No.Stretched clusters improve availability but are not intended for DR.AWS AZs in an AWS region are located in the same geographical area.A disaster affecting a geographical area could take out all AZs in an AWS region.

Are there any additional charges to use VMware Site Recovery in a multi-site configuration?

There are no additional charges to use VMware Site Recovery in a multi-site configuration such as fan-in, fan-out or other complex topologies.The standard pricing applies to all of the virtual machines you protect using VMware Site Recovery.

Are there any firewall rules configured as part of the vCenter linking feature within SDDC Groups?

Firewall rules are automatically created between each of the SDDCs to enable the required connectivity to vCenter on port 443 and ESX on port 902.

Are there any functional differences or caveats I should be aware of when using external storage through the Managed Service Provider (MSP)?

Please check the VMware Cloud on AWS release notes for a list of caveats and limitations related to the usage of external storage through the Managed Service Provider (MSP).Also, please check with the Managed Service Provider (MSP) for additional details.

Are there any known limitations for vMotion between on-premises and VMware Cloud on AWS?

Yes, if you vMotion a VM that has snapshots from/to vSphere 6.5(d), it will fail.Please update to 6.5 U1 to resolve this issue or delete the snapshots.

Are there any limitations of VMware SD-WAN?

At this time, there is only a singular non-redundant tunnel that is instantiated.This limitation will be addressed in future releases of VMware Cloud on AWS and SD-WAN integration.

Are there any limitations on using VMware Site Recovery on NSX-T SDDCs?

All capabilities of VMware Site Recovery that are available on NSX-v SDDCs are also available on NSX-T SDDCs with the exception of the Firewall Rule Accelerator.To configure firewall rules required to use VMware Site Recovery on NSX-T SDDC, please follow the instructions documented here.General caveats, limitations, and known issues with VMware Site Recovery are documented in the VMware Site Recovery release notes.These apply to both NSX-v and NSX-T SDDCs unless otherwise indicated.

Are there any other options for customers to bring their own keys for data at rest encryption?

The Customer Master Key(CMK) is sourced from AWS Key Management Service and this is the only option available.

Are there any other requirements to be eligible for an SLA Credit?

The specific requirements that must be met to be eligible for an SLA Credit are documented in the VMware Cloud on AWS SLA.You must be operating your SDDC as a production environment.For instance, Failures to Tolerate (FTT) and VM Storage Policies must be configured appropriately and sufficient storage capacity must be available.

Are there any prerequisites for running Tanzu Application Service on VMware Cloud on AWS?

There are no prerequisites for running Tanzu Application Service on VMware Cloud on AWS.

Are there any prerequisites to activating the vRealize Automation trial using the Add-on?

Yes, there are a few prerequisites.It is important to note that if your organization already has a vRealize Automation Cloud subscription, trial activation is not available.An existing subscription appears as a vRealize Automation Cloud card in your VMware Cloud services interface.

Are there any scenarios in which the VM-VM Anti-Affinity policy may not be enforced?

One scenario is when any provisioning operation issued by its corresponding API call specifies a destination host is allowed to violate a policy.However, DRS will try to move the VM in a subsequent remediation cycle.If it is not possible to place a VM as per its VM-VM anti-affinity policies, then the policy is dropped and the operation (power-on or host enter MM) continues.This means that first DRS tries to place the VM such that policy can be satisfied, but if that is not possible then DRS will continue to find the best host per other factors, even if it violates the policy.Other scenarios where VMs may not be placed as per the policy could be: • Every host in the cluster has at least one VM with the tag specified by VM-VM anti-affinity policy.• None of the policy preferred host can satisfy VM’s CPU/memory/vNIC reservation requirements.

Are there any scenarios where a VM may not run on a designated host?

In VMware Cloud on AWS, VM Power ON, maintenance and availability have a higher priority over policy enforcement.However, policy enforcement has a higher priority over host utilization.As a result, there are scenarios where a VM may not run on a designated host.For example: • If a host goes down due to any failure, and if HA is enabled, the recovering VM may get powered ON on any available host in the cluster.• Similarly, if reservations are used, and if a compliant host cannot satisfy a VM’s reservations, the VM will get powered ON on any available (non-compliant) host that can satisfy the reservation.• If there is no compliant host (i.e.if no host has the Host-tag specified by the policy), the VM shall be powered ON an available host.• If the user configures multiple VM-Host affinity policies that are in conflict for VM, the policies shall be ignored and the VM shall be powered ON a suitable host chosen by DRS.Note, however, that in all cases, Compute Policy will keep trying to move the VMs back to the compliant hosts.

Are there any scenarios where the VM-Host Anti-Affinity policy may not be honored?

Yes.DRS always tries to place the VM such that policy can be satisfied, but if that is not possible, for example, when there is no compliant host or when all the hosts in the cluster have the Host tag included in the policy or resource reservations for a VM can’t be met on a compliant host, then DRS will continue to find the best host per other factors even if it violates the policy.A policy shall not be violated for fixing cluster imbalance or host over-utilization.However, a VM power on is not prevented.If the user configures multiple affinity or anti-affinity policies that are in conflict for the VM, the policies shall be ignored and the VM shall be powered ON a suitable host chosen by DRS.

Are there any scenarios where the VM-VM Affinity policy may not be honored?

DRS will always try to place as many VMs belonging to this policy on the same host as possible.Once it is no longer possible to place additional VMs on the same host, DRS may violate the policy and power on VMs on other hosts.This could happen if the VMs subjected to the policy have reservations that the host cannot meet.DRS, however, continues to scan the cluster and will move the VMs to ensure compliance at the first available opportunity.

Are there any special considerations when setting up VMware SD-WAN?

Yes, you must call into VMware GSS and mention this KB article.This KB article discusses that the SD-WAN Gateway private IP must be obtained for the configuration of the VMware Cloud on AWS side, and this information can only be gained from Support.Additionally, while this integration with VMware SD-WAN will provide the capability for branches to communicate with VMware Cloud on AWS workloads, this integration is not recommended to be used for migration of workloads from the data center to cloud using IPSec VPN.

Are there different types of port mirroring?

Yes.There are different types of port mirroring sessions: Local Switch Port Analyzer (SPAN), Remote SPAN, Encapsulated Remote SPAN.

Are there other options for customers to bring their own keys?

For vSAN encryption, the Customer Master Key (CMK) is sourced from AWS Key Management Service and this is the only option available.Customers may run any security or encryption software they choose within the guest operating systems and use their own keys and KMI to manage the in-guest software.

Are users able to modify other vCenter roles as well, or only roles that they've created?

Users will only be able to modify or delete any roles that have lesser than or equal to the privileges of their current role.

Are you a Promotional Product Distributor?

Learn why Botanical PaperWorks is a trusted supplier and apply to be one of our distributors.

As a TAP Partner, what are my restrictions for the Single Host SDDC Offer?

Please review the Single Host SDDC offer details for the general terms and conditions.There are a few changes for Technology Partners: • Partners can deploy a total of one (1) 3-host SDDC, one (1) 4-host SDDC and up to two (2) Single Host SDDC.• Partner discount will apply for a Single Host SDDC or 3-host SDDC or 4-host SDDC.• 3-host or 4-host or Single Host SDDCs are for development of joint VMware and Partner solutions or Partner validation of their product on VMware Cloud on AWS only.Discounted instances are not available for POCs or production.

Can a Cloud Gateway be used with linking enabled within an SDDC Group?

You can continue to use the Cloud Gateway to manage a single Cloud vCenter with your on-premises infrastructure, but you cannot manage the entire group from the Cloud Gateway.

Can a customer convert VMware SPP Funds to EDP Credits and vice versa?

No.This is not possible.

Can a customer create i3en Single Host or 2-host SDDC?

No, Single Host or 2-host SDDCs are not currently supported with the i3en.

Can a customer create multiple SDDCs?

In VMware Cloud on AWS, you can provision multiple SDDCs and can connect to multiple AWS accounts.

Can a single SDDC have 2 Sellers?

No, An org can have 2 sellers, but the SDDC’s under the orgs can have only 1 seller for 1 SDDC.

Can a standard SDDC be upgraded to a PCI SDDC?

SDDC upgrades are only available to version 1.14 SDDC’s and newer.The new PCI configuration changes cannot be applied to SDDC versions prior to version 1.14 and can only be enabled during the initial provisioning of version 1.14 or newer SDDCs.The new SDDC can be provisioned in a new or existing PCI enabled Org.

Can a stretched cluster span across AWS regions?

No.A stretched cluster spans across 2 AZs within the same region.If you wish to protect against a regional failure, please use a DR tool such as our Site Recovery service.

Can an SDDC contain both single AZ clusters and stretched clusters?

No.An SDDC can have either single AZ clusters or stretched clusters.

Can AWS access my Customer Content?

Foremost, AWS does not have programmatic or remote access to customers SDDCs.Customer Content resides on physical servers that reside in data centers operated by AWS.However, there are multiple protection mechanisms in place that make it extremely difficult for AWS to access Customer Content.In order for an AWS employee with access to the physical disks to gain access to Customer Content, the individual would first have to identify which servers were part of the logically defined cluster of servers that make up a Software Defined Data Center (SDDC).Since VMware is the registered owner for all VPCs for all customers created by the VMware Cloud on AWS service, and VMware controls which servers in a VPC make up a specific SDDC, there is a level of segregation that makes it extraordinarily difficult for anyone at Amazon to identify which servers contain data for a particular customer and a particular SDDC.If it was possible for an AWS employee to identify all of the necessary hardware, they would need access to all of the physical drives from all of the servers and would need a means to circumvent the encryption built into the Self-Encrypting Drives (SEDs) used to store Customer Content.Additionally, the Customer Content residing on the SEDs has been handled by vSAN and striped, de-duped, compressed and encrypted across all of these disks.The algorithms used for these operations are proprietary to VMware and are not shared with AWS.Customers who deploy their own security technologies in-guest have an added layer of protection.(See the "Is my data Encrypted at Rest? FAQ).

Can customers cancel a 1-year or 3-year subscription?

No, subscriptions cannot be cancelled before the subscription term expires.

Can Customers run their own Vulnerability and Penetration Tests?

All VMware Cloud on AWS customers are encouraged to perform their own vulnerability and penetration testing to ensure the effectiveness of the security controls within their virtual infrastructure (SDDCs) and applications.VMware requires customers to submit the Penetration Request Form at least 10 business days before your planned test start date.Please use this Request Form to provide us relevant information about your test plans.Note: Any penetration testing requests that require testing above the standard 1Gbps peak bandwidth limit, or outside of these guidelines, will require an additional time for the VMware Cloud on AWS Team to request an approval from AWS.Penetration testing must be conducted in accordance with our Penetration Testing Rules of Engagement: a.Acceptable testing activities include utilizing tools to conduct port scans, vulnerability assessments and fuzzing against virtual machines and applications running within SDDCs that are only owned by you.b.All penetration and/or vulnerability testing must be focused on the VMware Cloud on AWS SDDC dedicated to the customer, and must not target any VMware Cloud on AWS shared infrastructure components or VMware Cloud on AWS resources dedicated to other customers.c.None of your activities will attempt to access another customer’s environment or data.d.All testing activities must not generate traffic that would exceed the 1Gbps bandwidth limit without explicit approval.e.All testing activities must not include utilizing any tools or services in a manner that perform Denial-of-Service (DoS) attacks or simulate any type of DoS attack, or any “load testing” or any flood testing against any VMware Cloud on AWS asset or SDDC/VM assets owned by you.f.Attempts to conduct phishing or other social engineering attacks against VMware employees or anyone else involved in operating the VMware Cloud on AWS service is prohibited.g.You are responsible for any damage to the VMware Cloud on AWS platform or other VMware Cloud on AWS customers that are caused by your testing activities or by failing to abide by these rules of engagement.h.You are responsible for ensuring any contracted third parties performing penetration and/or vulnerability testing do not violate these rules.VMware reserves the right to respond to any actions on the platform networks that appear to be malicious.Various automated risk mitigation mechanisms are employed throughout the VMware Cloud on AWS platform that may trigger a security or operations response to customer penetration and/or vulnerability testing activities that may lead to a disruption of service.

Can customers use existing Enterprise PKS or PKS Essentials licenses for TKG on VMware Cloud on AWS deployment?

Existing Enterprise PKS or PKS Essentials do not entitle customers to run TKG on VMware Cloud on AWS.Customers will be required to purchase a TKG subscription license.

Can Federal Agencies run production workloads on VMware Cloud on AWS GovCloud (US)?

Federal, State and Local Agencies and healthcare providers, educational institutions etc.can run production workloads on VMware Cloud on AWS GovCloud (US).They must each evaluate the risk of using the service and determine that VMware has sufficient security in place to support their security requirements of their workloads.Federal Agencies have determined that a Cloud Service with a FedRAMP Ready designation is sufficiently secure and will elect to run specific production workloads on a service with this status.

Can HLM from the Cloud be used along with linking within an SDDC Group?

No, you cannot enable the vCenter linking feature within an SDDC Group if any SDDC has HLM from the Cloud configured.

Can Horizon also be deployed on VMware Cloud on AWS stand-alone? What are the other ways I can deploy this solution?

Yes.There are two ways you can deploy: • Deploy one or more Horizon pods on VMware Cloud on AWS.You can choose to link them together using CPA (or not).• Deploy one or more Horizon pods on VMware Cloud on AWS and deploy one or more Horizon pods on-premises.You can choose to link them together using CPA (or not).

Can I add a three host cluster to an existing SDDC?

Yes.All non-stretched clusters accept a minimum cluster size of three hosts.

Can I add and remove clusters on demand?

Yes.You can add and remove clusters to your SDDC in a similar manner to the way you add and remove hosts today.

Can I add external storage to an SDDC that I own and manage?

No.External storage can only be added through the Managed Service Provider(MSP).Both the SDDC and the external storage are managed by the Managed Service Provider(MSP).

Can I add hosts to a Single Host SDDC?

Yes, a Single Host SDDC can be non-disruptively scaled up to a 2-host SDDC at any point.

Can I add hosts to a stretched cluster?

Yes.Just like a regular cluster, you can add and remove hosts at any time.However, in a stretched cluster these hosts must be added and removed in pairs.You must have the same number of hosts on each side at all times.Thus, you can grow a cluster from 6 to 8, 10, 12, etc.

Can I add my own VIBs to my SDDC hosts on VMware Cloud on AWS GovCloud (US)?

You are not able to add any software to the base ESXi image installed on your hosts.Patching and updates will be handled for you by the VMware Cloud service.

Can I add my own VIBs to my SDDC hosts on VMware Cloud on AWS?

You are not able to add any software to the base ESXi image installed on your hosts.Patching and updates will be handled for you by the VMware Cloud service.

Can I apply Deduplication & Compression selectively for each volume?

No, deduplication or compression cannot be enabled individually, it is a cluster-wide setting.Also, all the volumes in VMware Cloud on AWS are automatically enabled for this feature without any user configuration and cannot be turned off.

Can I apply existing VMware Site Recovery Manager (SRM) licenses to enable VMware Site Recovery?

No, VMware Site Recovery service is a separately priced and licensed solution.Please visit the pricing page for the latest information on pricing.

Can I attach multiple private VIFs to a VMware Cloud on AWS SDDC?

Yes.You can attach multiple private VIFs to provide redundancy and higher throughput.

Can I bring my own third party software?

Yes.We don’t restrict what you can install, but they may not always be directly integrated with VMware Cloud on AWS.

Can I bring Windows Server versions from before 2019 to VMware Cloud on AWS?

Yes.You can bring Windows Server licenses from before 2019 (e.g.2016, 2012, 2008) that you have acquired previously, prior to Oct 1, 2019, to VMware Cloud on AWS under the BYOL license terms.

Can I cancel a monthly billed subscription?

No, subscriptions are not cancelable – you are liable for either 1- or 3-year full term payments.

Can I change any cluster settings, such as DRS or HA?

DRS and HA settings are fixed to values that provide the best performance and availability for both management components as well as virtual machines you deploy.

Can I change any cluster settings, such as DRS or HA?

DRS and HA settings are fixed to values that provide the best performance and availability for both management components as well as virtual machines you deploy.

Can I change the host count or type for a purchased subscription?

No.you cannot change any parameters in the subscription after purchase.Before purchasing, please confirm that you select the correct host type and count.You can always purchase additional subscriptions to increase host count.

Can I change the region for a purchased subscription?

No.you cannot change any parameters in the subscriptions after purchase.Before purchasing please confirm that you select the right region in which your SDDC is or will be deployed.

Can I choose the AZ in which my VMs run with VM-Host Affinity?

Yes.When defining a VM-Host affinity policy, you can select hosts tagged with the required AZ.

Can I choose the AZ in which my VMs run?

Yes.When deploying a VM you can choose an ESXi host in the desired AZ.In case of failure, the VM will stay in its original AZ if possible.

Can I choose the version of VMware ESXi running in my VMware Cloud on AWS SDDC?

There are no plans to offer customer-selectable version options for the underlying infrastructure components.This consistency enables VMware to operate at scale.

Can I configure HLM from both VMware Cloud on AWS and from on-premises using the gateway?

Yes, but not at the same time.HLM can be configured either from VMware Cloud on AWS or from on-premises using the Cloud Gateway.

Can I configure the vCenter Cloud Gateway to link to multiple cloud SDDCs?

What is Horizon on VMware Cloud on AWS?

VMware Horizon on VMware Cloud on AWS delivers a seamlessly integrated hybrid cloud for virtual desktops and applications.It combines the enterprise capabilities of VMware’s Software-Defined Data Center, delivered as a service on AWS, with the market leading capabilities of VMware Horizon – for a simple, secure and scalable solution.

What is Horizon Smart Provisioning for VMware Cloud on AWS?

Instant Clones has been enhanced to support Smart Provisioning.Smart Provisioning is the ability for Horizon to choose the best way to provision an instant clone, depending on the environment.In certain cases, instant clones are provisioned to optimize for the speed of clone creation by creating and leveraging parentVMs on each host.In other cases, when speed is not paramount, they can be provisioned in a way that does not require parentVMs, thus freeing up more host memory for desktop workloads.Horizon can seamlessly choose one method or another without the administrator’s involvement, sometimes even in the same pool.This capability makes resource usage even more efficient on VMware Cloud on AWS.

What is included in TKG?

TKG includes the core binaries to install a TKG cluster on VMware Cloud on AWS plus Customer Reliability Engineering support & services to assist customers in successfully planning, deploying and maintaining their Kubernetes environment.You can find a detailed list of technologies & services supported in TKG in KB 78173.

What is Infrastructure Hybridity?

VMware HCX abstracts vSphere-based on-premises and cloud resources and presents them to the applications as one continuous resource, creating infrastructure hybridity.At the core of this hybridity is a secure, encrypted, high throughput, WAN-optimized, load balanced and traffic engineered interconnect that provides network extension.This allows support for hybrid services, such as app mobility, on top of it.Apps are made oblivious to where they reside over this infrastructure hybridity, making them independent of the hardware and software underneath.

What is Inventory and why is it used with DFW policies?

Inventory provides the list of VMs deployed in the vCenter.It allows user to create security polices using VM context instead of IP address and these policies are easy to configure and manage.

What is IPFIX?

IPFIX is a standard that allows virtual or physical switches to export flow information going through the switch to collector tools.Customers may decide to monitor all flows on a particular logical switch or set of logical switches.

What is Multi Edge SDDC?

Multi Edge SDDC is a feature that enhances the overall network capacity of the SDDC by provisioning additional edge resources in the SDDC.Users can utilize this feature by configuring Traffic Groups and mapping specific network traffic to utilize additional resources assigned to the group.

What is multi-cluster support?

Multi-cluster support is the ability for SDDC administrators to add additional clusters to an existing SDDC.You are able to create multiple clusters in your SDDC and these will share a common set of management VM’s and network.

What is NSX L2 VPN?

NSX L2 VPN is a tunnel that enables extending layer 2 networks across geographic sites.Extended layer 2 networks enable virtual machines to move across sites (vMotion) while keeping their IP addresses the same.L2 VPN allows enterprises to seamlessly migrate workloads backed by VLAN or VXLAN between on-premises and VMware Cloud on AWS.

What is Port Mirroring?

Port Mirroring is a feature on virtual or physical switch that allows users to capture all packets from a port and send it to a destination device.

What is required while establishing an AWS Direct Connect connection?

You must create an AWS virtual interface (VIF) to begin using your AWS Direct Connect connection.There are two types of virtual interfaces.You can create a Private Virtual Interface to connect to a VPC, or you can create a Public Virtual Interface to connect to AWS public services.The Public Virtual Interface also allows VPN traffic to travel over your DX.

What is required while establishing an AWS Direct Connect connection?

You must create an AWS virtual interface (VIF) to begin using your AWS Direct Connect connection.There are two types of virtual interfaces: 1.You can create a Private Virtual Interface to connect to a VPC.2.You can create a Public Virtual Interface to connect to AWS public services.The Public Virtual Interface also allows VPN traffic to travel over your DX.For more information, please click [here.] (https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/) What is AWS Direct Connect? AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.Using AWS Direct Connect (DX), you can establish private connectivity between AWS and your data center, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput and provide a more consistent network experience than internet-based connections.

What is route-based VPN?

Route Based VPN provides the ability to dynamically publish networks across the VPN tunnel using BGP protocol.It simplifies the deployment for customers compared to the manual and static policy based VPN.

What is Service Offering Documentation and how does VMware Cloud on AWS notify customers about changes to the Service Offering Documentation?

Service Offering Documentation includes the VMware Terms of Service and the VMware Data Processing Addendum along with the VMware Cloud on AWS Service Description, Support Policy, and Service Level Agreement.Updates to this documentation are typically done along with updates to the VMware Cloud on AWS Service to accommodate new features and functionality and communication of major changes will be included in the release communications.The latest versions of the Service Offering Documentation are available on the VMware website: [https://www.vmware.com/download/eula.html(https://www.vmware.com/download/eula.html).

What is Source NAT public IP in the Networking Security Topology view ?

Any internet facing communication from the SDDC requires a public IP.By default a public IP is provisioned and Source NAT configuration is done for such communication.Topology view now shows that public IP.This will be useful during any troubleshooting exercise.

What is Tagging?

Tagging allows user to assign tags to virtual machines.These tagged virtual machines can be automatically made part of a group that is used for firewall policies.

What is the "Scale up for Storage Only" policy in Elastic DRS?

Scale Up for Storage Only policy is now configured for every cluster deployed within your SDDC.Previously, you were simply advised to maintain at least 30% slack space in your SDDCs, but this is now being enforced.The maximum usable capacity of your vSAN datastore is 75%; when you reach that threshold, eDRS will automatically start the process of adding a host to your cluster and expanding your vSAN datastore.Please note that even if you free up enough storage to fall below the threshold, the cluster will not scale-down automatically.You will need to manually remove host(s) from the cluster.

What is the 2-host cluster capability?

The 2-host cluster capability enables a customer to provision a persistent production cluster with just 2-hosts in VMware Cloud on AWS.Previously a customer needed 3-hosts to spin up a persistent cluster in VMware Cloud on AWS.This offering is a great place to start for customers who do not need the full 3-host Production cluster due to smaller size workloads or wish to prove the value of VMware Cloud on AWS for a longer duration than the Single Host SDDC can offer today.

What is the behavior if the number of VMs to be anti-affined is greater than the number of available hosts, for any of the above operations?

DRS will first try to place as many VMs on different hosts as possible, which in this case will be equal to the number of hosts available in the cluster.After that, the policy shall not be enforced, i.e.the remaining VMs will be placed based on the other factors DRS, which may result in multiple VMs on the same host.To remedy this violation, additional hosts can be added to the cluster.Once the hosts are added, DRS will move the VMs that are violating the policy to the newly added hosts.

What is the benefit of using API Explorer for NSX-T APIs?

NSX-T APIs can easily be found and used within the VMware Cloud on AWS SDDC’s API Explorer.Furthermore, customers can even perform a search on keywords.Customers can easily lookup and test NSX-T APIs directly from API Explorer before including them in larger scripts or applications.

What is the Breach Notification Process?

Upon becoming aware of a Personal Data Breach, the VMware Incident Response team and the VMware Cloud on AWS Operations team will contact the customer directly via email from vmc-services-notices@vmware.com to the email addresses of all organization owners.VMware will use reasonable endeavors to assist Customer in mitigating, where possible, the adverse effects of any Personal Data Breach.

What is the change in default logical network?

As you deploy a 3 or higher nodes SDDC, default logical network will not be created.

What is the Crypto Scenarios Calculator?

The Crypto Scenarios Calculator gives your holding’s valuation based on your Metal Packaging Token price prediction and market capitalization scenarios.With the ability to change the circulating supply, you can create a valuation forecast at different stages of a crypto release schedule.

What is the default Distributed Firewall policy?

The default security policy is allow all.Users can create deny polices as part of the different sections created by default.

What is the Developer Center?

Developer Center for VMware Cloud on AWS gives automation experts, DevOps engineers and developers a central portal for getting access to detailed API information, software development kits, code samples and command line interfaces.• Integrated into the VMware Cloud on AWS Service Console.• Easily learn and execute the VMware Cloud on AWS Service RESTful APIs with the Interactive API Explorer.• Quickly integrate your workflows and partner solutions with VMware and community code samples for common development languages.• Obtain open source software development kits (SDK’s) and links to getting started guides and documentation that will provide a better developer experience to VMware Cloud on AWS features.• Automation experts and DevOps engineers can seamlessly tie their business workflows into VMware Cloud with a selection of command line interfaces.Learn about the latest updates to the developer center by reading this blog post.

What is the DFW Exclusion List?

The DFW Exclusion List keeps a list of virtual machines excluded from consideration from the Distributed Firewall.This is to ensure administrators don’t block access to key management platforms by applying a strict security policy.By default, vCenter, NSX Manager ands NSX Controllers are on the Exclusion List but this option now adds the ability to add more VMs to it.

What is the difference between "NSX VMC Policy" API and "NSX VMC AWS Integration" API?

NSX VMC Policy API includes all the NSX Networking and Security APIs for the NSX capabilities within the SDDC.NSX VMC AWS Integration API includes APIs that are specific to AWS like Direct Connect.

What is the difference between a mandatory or preferential policy?

Mandatory policies are equivalent to the DRS “must” rules, while preferential policies are similar to the DRS “should” rules.Preferential policies cannot block a host from entering into maintenance mode.However, a policy cannot be violated for fixing cluster imbalance or host over-utilization.

What is the difference between FedRAMP High ATO and FedRAMP Moderate ATO?

Moderate Impact systems account for nearly 80% of CSP applications that receive FedRAMP authorization and is most appropriate for CSOs where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals.Serious adverse effects could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.High Impact data is usually in Law Enforcement and Emergency Services systems, Financial systems, Health systems, and any other system where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.FedRAMP introduced their High Baseline to account for the government’s most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.VMware Cloud on AWS GovCloud (US) is pursuing a FedRAMP High ATO.

What is the difference between Horizon on VMware Cloud on AWS and Horizon Cloud?

The biggest difference is the management model.Horizon on VMware Cloud on AWS is an IaaS model where only the cloud platform/SDDC is fully managed and you must manage your own Horizon infrastructure as well as RDSH farms and desktop pools.For Horizon Cloud, you only have to manage RDSH farms and desktop pools.Horizon Cloud infrastructure as well as the cloud platform/SDDC are fully managed.A significant advantage of Horizon on VMware Cloud on AWS is that it is the same architecture as the Horizon on-premises deployment, and the two can be linked by CPA.For existing on-premises customers who want to build a hybrid VDI cloud, extending Horizon to VMware Cloud on AWS is very easy.Horizon is more customizable than Horizon Cloud.A good example is the desktop model, for example, vCPU and vRAM per VM.With Horizon, you can have any configurations of the vCPU and vRAM.On Horizon Cloud, it is standardized on a limited number of configurations.If you require extensive customized options, you may want to start with Horizon on VMware Cloud on AWS.

What is the distinction in what AWS gets versus the other public cloud partners?

There are two clear areas of distinction in the AWS relationship.The first is that VMware Cloud on AWS is the only public cloud service delivered, operated and supported by VMware.Additionally, as strategic and preferred partners, there is a deeper level of engineering and joint go to market investment that we have with AWS.The services offered by other hyperscalers are VMware Cloud Verified services are developed, sold, and supported by those partners.

What is the download config link in Layer 3 IPSec VPN set up?

You can download the IPSec VPN configuration for VMware Cloud on AWS.The downloaded file captures all the key parameters that need to be configured on the Peer IPSec VPN device.This is a generic parameter file that will expedite the configuration on the remote side by providing all the key parameters in a single file.

What is the hardware configuration?

The VMware Cloud on AWS base cluster configuration contains three hosts.Refer to the Compute section for available host models and specifications.

What is the integration between VMware Cloud on AWS and VMware SD-WAN about?

The integrated solution is about providing Policy-Based IPSec VPN connectivity between SD-WAN enabled branches and application workloads that reside in VMware Cloud on AWS.The solution leverages the VMware SD-WAN Gateways, as an on-ramp mechanism to VMware SDDC deployed on AWS.The SD-WAN Gateway is the peer end of the tunnel that is set up on the VMware SDDC T0 Gateway.The SD-WAN solution has a feature called “Non-VeloCloud-Site,” which allows SD-WAN Gateways to set up IPSec tunnels to non-SD-WAN locations.

What is the largest amount I can pay by credit card?

Your credit card limit and your payment processor determine the size of your transactions.The maximum amount you can spend in a single transaction is $25,000.For more information about your credit limit, you should contact your issuing bank.More information is available here.

What is the largest stretched cluster that would be supported?

We support cluster sizes of up to 16 hosts.

What is the licensing model?

We provide “per VMware Cloud on AWS host “ based Microsoft licensing model to the VMware Cloud on AWS customers, and all hosts in a cluster must be licensed.

What is the licensing requirement for Horizon on VMware Cloud on AWS?

There are two main cost components to a Horizon on VMware Cloud on AWS deployment.The first component is the cost of VMware Cloud on AWS infrastructure service.List prices are posted online.The second component is the Horizon license, which is a separate charge from VMware Cloud on AWS.Given that this is a cloud deployment, customers are required to use subscription licenses.There are currently two available options for purchasing Horizon subscription licenses.1) Workspace ONE Enterprise Subscription License For customers looking for a full digital workspace solution, including Horizon, they can purchase Workspace ONE Enterprise or Workspace ONE Enterprise for VDI.Workspace One Enterprise entitles customers to Workspace ONE Advanced, Workspace One Intelligence, and Horizon Apps.For Horizon customers, this unlocks the RDSH use case.Workspace ONE Enterprise for VDI adds the VDI use case on top of the Workspace ONE Enterprise.In order to use these licenses, the customer would have to connect to cloud vIDM (VMware Identity Manager).2) Horizon Subscription License Horizon subscription licenses are also available for customers who only want to deploy and pay for Horizon.All subscription licenses can be used for both cloud deployments as well as on-premises deployments.

What is the max latency supported between the vCenter Cloud Gateway and the on-premises vCenters/PSC?

The vCenter Cloud Gateway should be co-located with the on-premises PSC it is connected to (as part of the SSO join configuration).Latencies between the Cloud Gateway and the on-premises PSC could impact the overall UI performance.

What is the maximum latency supported between on-premises vCenter and VMware Cloud on AWS vCenter server for Hybrid Linked Mode?

100 ms round trip latency.

What is the maximum number of clusters supported?

VMware Cloud on AWS supports a maximum of 20 clusters per SDDC.Your organization may have lower "soft" limits set.If you wish to have your limits raised, please contact your customer success team.

What is the maximum supported cluster size in VMware Cloud on AWS?

The maximum cluster size is 16 ESXi hosts.

What is the maximum supported clusters size in VMware Cloud on AWS GovCloud (US)?

The maximum cluster size is 16 ESXi hosts.

What is the maximum value for the Jumbo frame?

8900 bytes.

What is the minimum number of VMware Cloud on AWS hosts required for a TKG cluster?

Tanzu Kuberenets Grid (TKG) is just like any other workload on VMware Cloud on AWS that gets installed on VMs.The management cluster can be a single VM, the workload Kubernetes cluster will need at least a minimum 1 VM for master and 1 VM for worker node (i.e.

What is the minimum version of vCenter required at the paired on-premises datacenter to support VMware Site Recovery?

The version of vCenter required at the paired on-premises datacenter to support VMware Site Recovery depends on the version of Site Recovery Manager and vSphere Replication deployed on the paired on-premises datacenter.VMware Product Interoperability Matrices between VMware vCenter Server and Site Recovery Manager here can be used to find out the minimum version of vCenter needed based on the version of Site Recovery Manager deployed on the paired on-premises datacenter.Similarly, VMware Product Interoperability Matrices between VMware vCenter Server and vSphere Replication here can be used to find out the minimum version of vCenter needed based on the version of vSphere Replication deployed on the paired on-premises datacenter.For example, if the current version of Site Recovery Manager and vSphere Replication deployed on the paired on-premises datacenter is 8.2, the minimum version of vCenter supported is 6.0 U3 based on the VMware Product Interoperability Matrices.

What is the minimum VMware Cloud on AWS SDDC size supported by VMware Cloud Director service?

Currently the minimum supported SDDC deployment for production use is 3 hosts.Cloud Providers are able to use 1-host as well as 2-host SDDC’s for test/dev purposes.

What is the on-premises vCenter version supported with the vCenter Cloud Gateway?

The vCenter Cloud Gateway supports on-premises vCenter version 6.5 patch d or later.If using on-premises vCenter versions < 6.5 U2, you will be prompted to enter the Cloud Admin user credentials when performing VM clone/migration to the cloud SDDC.

What is the performance impact of TRIM/UNMAP feature?

This process does carry some performance impact.However, we have built it in a way that it will only consume up to a certain threshold of bandwidth and it will be throttled as it reaches this threshold.

What is the reason for not creating default logical network for 3+ nodes SDDC?

There were many incidents where default logical network CIDR (192.168.1.0/24) overlapped with on-premises network and caused connectivity issues.These issues are very difficult to troubleshoot.

What is the sampling rate?

Sampling rate indicates how frequently a packet is sampled within a flow.

What is the scope of eDRS?

When you enable eDRS you do so per cluster.

What is the scope of eDRS?

When you enable eDRS, you do so per cluster.

What is the Single Host SDDC offering?

With the new time-bound Single Host SDDC starter configuration, you can now purchase a single host VMware Cloud on AWS environment with the ability to seamlessly scale the number of hosts up within that time period, while still retaining your data.The service life of the Single Host SDDC starter configuration is limited to 30-day intervals.This single host offering applies to customers who want a lower-cost entry point for proving the value of VMware Cloud on AWS in their environments.

What is the smallest stretched cluster I can make?

The smallest supported stretched cluster is six nodes.This is because we require a quorum to survive in case of a full AZ failure.This implies you must have three nodes per AZ.Thus, six is the smallest supported stretched cluster.

What is the vCenter Cloud Gateway?

The vCenter Cloud Gateway is an on-premises appliance that allows you to configure vCenter Hybrid Linked Mode to link your on-premises vCenter(s) to the VMware Cloud on AWS SDDC vCenter, and to manage both resources from a single pane of glass (vSphere Client) running in your data center.

What is the VMware Cloud Marketplace?

VMware Cloud Marketplace enables VMware customers to discover and deploy validated third-party and open-source solutions on VMware environments such as VMware Cloud on AWS.

What is the VMware Cloud on AWS Migration experience?

VMware Cloud on AWS Migration experience is a prescriptive step-by-step guide that helps customers through the migration process from on-premises to VMware Cloud on AWS.The migration process is broken down into 3 stages: Plan, Build, Migrate.Each stage is further divided into individual steps that include links to relevant documentation and tools.At the end of all 3 stages, customers will have successfully created an SDDC and migrated workloads from their on-premises infrastructure to the cloud.

What is the VMware Cloud on AWS Service Level Agreement (SLA)?

The Service Level Agreement for VMware Cloud on AWS is published online here.VMware is committed to use commercially reasonable efforts to ensure that, during any given billing month of the Subscription Term, availability of each component of the Service Offering ("service component") meets the “Availability Commitment” specified in the Service Level Agreement.

What is the VMware Cloud on AWS sizing and assessment tool?

You can use the sizing and assessment tool to size your workloads for VMware Cloud on AWS.The tool enables you to size for factors including storage, compute, memory and IOPS in the logic to provide you with the most optimized server and SDDC recommendation for VMware Cloud on AWS.Once you have completed sizing your workloads, you can calculate your total cost of ownership (TCO) for these workloads and compare it with an on-premises virtual environment.The tool will calculate the number of hosts and clusters required to support your workload to run on a VMware Cloud on AWS SDDC.

What is the VMware Site Recovery service?

VMware Site Recovery brings trusted replication, orchestration and automation technologies to VMware Cloud on AWS to protect applications in the event of site failures.The service is built on an industry-leading recovery plan automation solution that includes VMware Site Recovery Manager™ and native hypervisor-based replication via VMware vSphere® Replication™.The service provides an end-to-end disaster recovery solution that can help reduce the requirements for a secondary recovery site, accelerate time-to-protection, and simplify disaster recovery operations.

What is TRIM/UNMAP?

Trim/Unmap is a vSAN feature that allows the guest OS to issue trim/unmap commands so that vSAN can remove unused blocks.This benefits thin provisioned VMDKs as unused blocks can be reclaimed automatically.This is an opportunistic space efficiency feature that can deliver much better storage capacity utilization in vSAN environments.

What is Tunnel Status Monitor?

Tunnel status monitor allows you to see granular information about the traffic through the tunnel with any errors.This information is useful while troubleshooting or monitoring IPsec and L2 VPN tunnels.

What is vCenter Hybrid Linked Mode?

The Cloud Gateway currently allows you to link your on-premises SSO domain to a single cloud SDDC.

Can I connect a VPN to the VTGW instead of a DXGW for my on-premises environment?

No, you cannot use a VPN to connect to the VTGW.

Can I connect SDDCs from different Orgs to the same AWS account?

This is not currently supported.

Can I continue using HCX, Site Recovery and/or vRealize Automation Cloud in a PCI DSS Compliant SDDC?

No, these Add-ons are not currently PCI compliant.

Can I convert a non-stretched cluster to a stretched cluster?

No.The decision to deploy a stretched or a non-stretched cluster is made when the SDDC is created and cannot be changed afterwards.

Can I convert my standard 2-host SDDC into a Single Host SDDC?

No, a Single Host SDDC must be created as a single host.You cannot scale down from a 2 host to Single Host SDDC.

Can I create my own custom roles in the vCenter running in VMware Cloud on AWS?

Yes, you can create custom roles in addition to the CloudAdmin role that is provided out of the box.Users that have the Authorization.ModifyRoles privilege can create/update/delete roles.Users with the Authorization.ModifyPermissions privilege can assign roles to users/groups.

Can I create stretched clusters and non-stretched clusters in the same SDDC?

No.Cluster types cannot be mixed.An SDDC can only have stretched clusters or non-stretched clusters.

Can I downgrade a stretched cluster SDDC to a single AZ SDDC?

No.Enabling stretched cluster is a deployment time decision.You cannot downgrade a stretched cluster to a non-stretched cluster.

Can I enable FW logging for Compute Gateway, Management Gateway, and Distributed Firewall?

Yes.You can enable logging for Compute and Management gateway, and DFW rules.

Can I expand my storage without adding additional hosts?

No.You will have to add additional hosts to increase your storage capacity.

Can I extend the lifetime of my Single Host SDDC beyond 30 days?

No, but you may create a new Single Host SDDC as long as you are under your Single Host SDDC limit.

Can I have more than one stretched cluster?

You can create multiple stretched clusters in an SDDC deployed on i3.Metal or i3en.Metal instances.

Can I increase or decrease the size of my cluster after I provision an SDDC on VMware Cloud on AWS GovCloud (US)?

Yes, you can add and/or remove hosts on-demand as long as the minimum cluster size is three hosts.

Can I increase or decrease the size of my cluster after I provision an SDDC on VMware Cloud on AWS?

Yes.You can add additional hosts on-demand.You can also remove hosts on-demand down to the minimum of three ESXi hosts.

Can I limit the scope of a Firewall rule?

The Firewall or Distributed Firewall scope can now more specific with the "Applied-To" feature.Users can now apply a security rule to a specific group instead of across all the workloads.

Can I manage both my existing data center VMware vSphere VMs and my VMware Cloud on AWS GovCloud (US) instances in a single view?

You will need vSphere version 6.5 and vCenter Server 6.5 or later running in your data center for single pane of glass management of resources on-premises and in the cloud.If you do not have VMware vSphere 6.5 or later running in your on-premises environment, you will need to run multiple vCenter instances to manage your environment: one vCenter instance on-premises and one vCenter instance in VMware Cloud on AWS GovCloud (US).

Can I manually override the function of Automatic adjustment of vSAN policy and set my own policy?

Yes, you can override this function of Automatic adjustment of vSAN policy and set your own policies.

Can I migrate existing vSphere VMs to my VMware Cloud on AWS GovCloud (US) deployment?

Yes.There are multiple ways to migrate existing vSphere VMs to VMware Cloud on AWS GovCloud (US) such as cold migration, live migration of vSphere VMs via vMotion etc.

Can I migrate workloads from a single AZ cluster to a stretched cluster?

You can use HCX to migrate workloads from a single AZ cluster to an on-premises data center and then migrate the workloads from on-premises into the stretched cluster.

Can I protect a mix of multiple on-premises sites and VMware Cloud on AWS SDDCs to a single VMware Cloud on AWS SDDC?

Yes, this is supported.Please refer to the VMware Site Recovery documentation for details about the various configuration types supported and procedures to deploy such multi-site topologies.

Can I provision an SDDC with more hosts than the number of hosts in my 1-year or 3-year subscription?

Yes.This is considered overage usage.

Can I purchase a single VMware Site Recovery term subscription that covers VMware Cloud on AWS hosts as well as VMware Site Recovery service charges?

No, VMware Cloud on AWS host subscriptions and VMware Site Recovery subscriptions are separate.

Can I purchase additional 1-year and 3-year subscriptions? Will additional subscriptions align their start and end dates (co-term)?

Yes, you may purchase additional subscriptions.Each subscription will have its own start and end date, i.e.no co-term.

Can I reconfigure the Traffic Group/ Prefix List/ Association Map?

Reconfiguration of the prefix list being used by an association map is not possible.We recommend customers either create a new prefix list with the changes required and apply it in place of the current one, or remove the association map, update the prefix list and re-apply the association map.

Can I rename the hosts in my SDDC on VMware Cloud on AWS GovCloud (US)?

The names for the hosts are generated automatically and cannot be changed.In addition, if a host is replaced, there is no guarantee that the hostname will be the same.You should modify any scripts and other tools so that they do not rely upon fixed hostnames.

Can I rename the hosts in my SDDC on VMware Cloud on AWS?

The names for the hosts are generated automatically and cannot be changed.In addition, if a host is replaced, there is no guarantee that the host name will be the same.You should modify any scripts and other tools so that they do not rely upon fixed hostnames.

Can I retrofit my current SDDC to use partition placement?

No.Existing SDDCs will benefit from partition placement over time, as hosts are added and removed.

Can I run a Single Host SDDC indefinitely?

A Single Host SDDC will be deleted after 30 days.All data on the SDDC will be lost.You can scale up a Single Host SDDC into a 2 host SDDC and retain all your data.A 2 host SDDC is not time-bound.

Can I run nested ESXi VMs on VMware Cloud on AWS for testing and training purposes?

VMware does not support nested ESXi VMs running on VMware Cloud on AWS.

Can I scale down from 3+ hosts back to 2-hosts?

No.For the time being, a customer cannot scale down from a 3-host full Production SDDC to a 2-host cluster.

Can I scale the hosts in my VMware Cloud on AWS GovCloud (US) cluster?

Yes, additional hosts can be added to a VMware Cloud on AWS GovCloud (US) cluster using the VMware Cloud Portal user interface.

Can I scale up from 2-hosts to 3-hosts?

Yes.Not only does the 2-host cluster offer the Default Elastic DRS Policy, but manual scale-up is also available.

Can I split my Windows Server SPLA License across multiple hosts?

No.Windows Server Licenses provided by Microsoft are only provided on a per-host basis.Each license can only be assigned to a single physical VMware Cloud on AWS host and all hosts in the cluster must be licensed.

Can I still use vSAN storage in an SDDC that has external NFS datastores?

Yes.The VMware Cloud on AWS vSAN local storage is still available when external storage is attached.

Can I storage vMotion workloads between the Faction backed datastores and the VMC vSAN backed datastores?

Yes.Storage vMotion is supported.

Can I supply my own Windows Server and SQL Server Binary?

Yes.You can transfer your Windows Server and SQL Server binary as a VM, VM Template, or OVF.VMware will provide the customer with a script to activate the VM.

Can I turn on or turn off vSAN Encryption selectively?

Similar to De-duplication & Compression, vSAN encryption at rest cannot be turned on or off for individual clusters; it is a cluster-wide setting that is always on by default when a cluster is provisioned in the SDDC.

Can I turn on or turn off vSAN encryption selectively?

Similar to D&C (Deduplication & Compression), vSAN encryption at rest cannot be turned on or off for individual clusters.It is a cluster-wide setting that is always on by default when a cluster is provisioned in the SDDC.

Can I update a single AZ SDDC to a "Stretched" SDDC?

No.Stretched cluster is a deployment time decision.You cannot upgrade a non-stretched cluster to a stretched cluster.

Can I upgrade from Single Host to a production SDDC?

Yes.

Can I use a Stretched Clusters with the 2-host cluster?

No.Stretched Clusters are not yet available for the 2-host cluster.

Can I use all of the Optimized EDRS policies with the 2-host cluster?

No.Only the Default Storage EDRS policy is currently available.

Can I use any hybrid storage (Flash + Spinning Disk) for VMware Cloud on AWS GovCloud (US)?

We currently do not offer a hybrid storage solution.All hosts are equipped with NVME Storage.

Can I use any hybrid storage (Flash + Spinning Disk)?

We currently do not offer a hybrid storage solution.All i3.metal and i3en.metal hosts are equipped with NVME SSD Storage.

Can I use AWS Elastic File System (EFS) volumes as vSphere datastores?

Yes, you can mount Amazon EFS to their VMware VM’s running on VMware Cloud on AWS GovCloud (US).

Can I use both DHCP Server for some Logical segments and DHCP Relay for other Logical segments?

No, either native DHCP capabilities can be used or DHCP Relay.User’s will not be able to use DHCP Relay if there are any network segments using native DHCP capabilities; the respective network segments will have to be deleted first.

Can I use existing Horizon perpetual licenses for a Horizon on VMware Cloud on AWS deployment?

Horizon perpetual licenses do not entitle you to run Horizon on VMware Cloud on AWS.You will be required to purchase a Horizon subscription license or Workspace ONE Enterprise subscription license in order to run Horizon on VMware Cloud on AWS.

Can I use Jumbo Frames over VPN?

No, only traffic over Direct Connect can leverage Jumbo Frames.

Can I use Multi Edge SDDC with a 2 host SDDC?

Due to the host requirements for Multi Edge SDDC, 2 node SDDCs are not capable of supporting Multi Edge SDDC and in most cases, don’t generate enough traffic to really need it.

Can I use my existing Windows Server licenses in VMware Cloud on AWS GovCloud (US)?

Yes.Please consult your Microsoft Product Terms for more details and any restrictions.

Can I use my Windows Server Licenses in VMware Cloud on AWS?

Yes, you can bring your own licenses.Please consult your Microsoft Product Terms for more details and any restrictions.

Can I use Public ASN with a new Direct Connect Private VIF connection?

No, you cannot use Public ASN value while configuring the BGP Local ASN on VMware Cloud on AWS SDDC.

Can I use the vCenter Server in my SDDC to manage my on-premises ESXi hosts?

Yes, with Hybrid Linked Mode, you can connect your vCenter server running in VMware Cloud on AWS to your on-premises vCenter server to get a single inventory view of both your cloud and on-premises resources.

Can I use the VM-Host affinity policy to address my software licensing needs?

It depends.VM-Host affinity is a preferential policy.Please discuss with your ISV vendor whether preferential policies are acceptable as per the terms of your licensing agreements.

Can I use VMware Horizon VDI workloads with the 2-host cluster?

Yes, Horizon VDI workloads are supported by the 2-host cluster.

Can I use VMware Site Recovery on the Single Host SDDC offering?

Yes, the full set of capabilities of VMware Site Recovery is available for use as an add-on purchase to the Single Host SDDC starter configuration that serves as a low-cost option for you to jump-start your hybrid cloud disaster recovery solution.However, due to the time-bound nature and lower data durability of the Single Host SDDC offering, we recommend that you do not switch to using this as the primary disaster recovery solution for all of your on-premises workloads until you have successfully scaled up the environment to a 3 host SDDC.

Can I use VMware Site Recovery with VMware Cloud Director service?

VMware Site Recovery is not supported for use with VMware Cloud Director service.

Can I utilize a credit card to pay for a 2-host cluster?

Yes, you can.Credit card users cannot create more than one SDDC or add an additional 2-host cluster or a 3-host cluster SDDC.For more details on credit card payments, please look at the “Credit Card Payment” section of the FAQs.

Can I utilize AWS Transit Gateway in VMware Cloud on AWS?

VMware Transit Connect establishes network connectivity among SDDCs by leveraging an AWS Transit Gateway.It creates a VMware Managed Transit Gateway (VTGW) for SDDC Group Communication.

Can I utilize Disaster Recovery as a Service (DRaaS) with a 2-host cluster?

Yes, you can.DRaaS is validated for any SDDC with 2 or more hosts.

Can I view management objects?

Yes, you can only view management objects.You can assign the read only role to the management objects for other users and groups as well.

Can I vMotion from VMware Cloud on AWS back to on-premises?

Yes, you can vMotion from VMware Cloud on AWS back to on-premises as long as the on-premises hosts are compatible.Enhanced vMotion Compatability (EVC) mode does not work across clusters and there is a possibility that, while in VMware Cloud on AWS, the VM goes through a power cycle and begins running on a new hardware version in VMware Cloud on AWS.In such scenarios, the host on-premises might be on an older version and live migration will not be supported.

Can I upgrade or downgrade the Microsoft licenses purchased from VMware on the VMware Cloud on AWS?

Yes.There are two ways to "upgrade/downgrade"; by edition and by version.Customers can upgrade to the latest version as the SPLA covers VMware for the latest version.An example is that the customer can upgrade from SQL Server Enterprise 2017 to SQL Server Enterprise 2019, as it becomes available.The customer can also "downgrade" editions as well, on the SPLA licenses VMware provides.For example, an end-user can "downgrade" from Windows Server 2019 Datacenter Edition to Windows Server 2019 Standard Edition, as down-grade rights are included.However, VMware is only allowed to sell the higher-priced "Datacenter" edition at this time.

Can IPSEC VPN be used as backup to Direct Connect Private VIF?

Yes, this is supported with Route Based IPSEC VPN.

Can my Connected VPC that is part of my SDDC also connect to the VTGW?

Yes, Connected VPC can utilize VTGW for communication.The Connected VPC will use the VPC attachment for communications to the SDDC it is associated to.The Connected VPC would use the VTGW attachment to communicate with other SDDCs in the SDDC Group.

Can native AWS services be used with vRealize Automation Cloud?

Yes, vRealize Automation Cloud has the ability to incorporate or use native AWS services, such as AWS CFTs, RDS, Lambda, etc.

Can one seller's subscription cover other sellers too?

No, A subscription can only cover hosts within that seller.Example: If you have 2 SDDCs with 4 hosts each, 1 with VMware, 1 with AWS, and a three-year term subscription for four hosts with VMware as the seller.In that case, the 4 host SDDC with AWS as the seller would be charged on demand.

Can the 60-day timeframe be extended since I was unable to utilize the $2000 USD charge?

No.

Can the collector OVA be deployed on an extended segment in VMware Cloud on AWS?

The Collector OVA can be deployed only on native VMware Cloud on AWS segments.Note: Deploying the collector on extended L2 segments is not supported.

Can the customers move their subscriptions from one seller to another?

No.This is not possible.

Can the default Distributed Firewall policy be changed?

Users can now easily change the default DFW behaviour from its default blocklist model (allowing all the traffic through and denying specific traffic with the security rules) to allowlist model (only allowing specific traffic through the security rules and dropping everything else).

Can the SDDCs reside in different regions?

Yes, the SDDCs can reside in any region where VMware Cloud on AWS is available.

Can this be done via UI or it is an API only feature?

Both.There is an edit setting attribute at a per-VM level that can be changed to set the specific EVC mode.But it can also be automated and set for a batch of VMs via a script that uses the API.

Can VMs be migrated using vMotion across vCenters in a linked SDDC?

vMotion (Hot migration) of a VM across linked vCenters in the SDDC group will not work because VMware Transit Connect only creates L3 connectivity between the group members.

Can VMware access my SDDC and Customer Content?

All cloud service providers need to have the necessary access to support their infrastructure.To protect against abuse, VMware has access control, logging, monitoring, and policies in place to ensure the security of our customers’ content.The VMware cloud on AWS Site Reliability Engineering (SRE) team is responsible for the availability, security, integrity and performance of the service.VMware’s support operations are focused on supporting the service and the underlying physical and virtual infrastructure, and the functionality of the virtual appliances used to run the virtual infrastructure contained within the "Mgmt-ResourcePool" in the Software Defined Data Center (SDDC).Although very rare, the SRE team may be required to respond to a ticket for a problem in a customer SDDC.Typically, this is required to diagnose and resolve problems related to the application of patches and upgrades of a customer SDDC.Automated runbooks have been developed that address issues that have been previously encountered which can be used to resolve problems without requiring the SRE team to access to the customer’s environment.Execution of these automated runbooks is logged and can be traced to the specific individual who ran them.In cases where an automated remediation is unavailable and access to a customer SDDC is required, a senior VMware engineer with the appropriate credentials, training and background checks can gain access to a customer environment via a Delegated Access mechanism.Delegated Access is only granted to a very select and tightly controlled number of VMware engineers.The Delegated Access process requires the engineer with the appropriate permissions and training to authenticate using Multi-Factor Authentication (MFA) to a system that generates a one-time use certificate and credentials that are user-specific and good for only eight hours of access to a specific SDDC.For security and auditing purposes, this access must be tied to a system generated or customer generated support ticket.Since VMware Cloud on AWS gives customers access to vCenter and the virtual infrastructure management system, customers have unprecedented visibility into any activity performed on their virtual infrastructure.All activities performed by VMware using Delegated Access are logged in the customer’s vCenter logs and are visible to the customer.These activities should not require access to the Compute-ResourcePool, where customer virtual machines are managed.Customers who are concerned about VMware accessing their information can take additional security measures and ingest the vSphere logs into their own SIEM tools to continuously monitor for any such activity.VMware Engineers cannot copy, move or export customer VMs out of the customer environment since the only Management Gateway connections that exist are established in the VMware Cloud on AWS console by the customer between their VMware Cloud on AWS SDDC and their own data centers.There are no connections from the SDDC to another vSphere environment or datastore that VMware personnel have access to, therefore, there is no destination available to which a copy of a virtual machine can be stored.Creation of a new Management Gateway by a VMware Engineer would be visible to the customer in their Activity Logs.VMware’s Security Operations Center (SOC) continuously monitors for any VMware employees access to a customer’s SDDC and any suspicious activities are investigated by the Incident Response Team.VMware has strict data handling policies and these policies include termination for mishandling of sensitive data.The SOC is organizationally separate from the VMware Cloud on AWS Engineering and SRE teams and has independence from the business unit to ensure regulatory compliance.Finally, VMware Engineers cannot access the customer virtual machines via the console interface since they will not have the necessary credentials to log into the customer owned virtual machines.These credentials are created and managed by customers and only the customer can provide a VMware Engineer with an account.Given the importance of the Delegated Access process, this process and the security controls associated with it have been extensively reviewed by our third-party auditors as part of our compliance programs.

Can VMware HCX be used for migration of Tanzu Application Service instances to VMware Cloud on AWS?

VMware HCX live migrations are not supported for TAS migrations to VMware Cloud on AWS.

Can workloads running in a VMware Cloud on AWS GovCloud (US) instance integrate with AWS services?

Yes.VMware Cloud on AWS GovCloud (US) SDDC is directly connected to your VPC using Elastic Network Interface (ENI) and therefore has access to AWS services.Virtual machine workloads can access public API endpoints for AWS services such as AWS Lambda, Amazon Simple Queue Service (SQS), Amazon S3 and Elastic Load Balancing, as well as private resources in the customer’s Amazon VPC such as Amazon EC2, and data and analytics services such as Amazon RDS, Amazon DynamoDB, Amazon Kinesis and Amazon Redshift.Customers can now enjoy the newest generation of VPC Endpoints designed to access AWS services while keeping all the traffic within the AWS network.

Can workloads running in a VMware Cloud on AWS SDDC integrate with AWS services?

Yes.VMware Cloud on AWS SDDC is running directly on AWS elastic bare metal infrastructure, which provides high bandwidth, low latency connectivity to AWS services.Virtual machine workloads can access public API endpoints for AWS services such as AWS Lambda, Amazon Simple Queue Service (SQS), Amazon S3 and Elastic Load Balancing, as well as private resources in the customer’s Amazon VPC, such as Amazon EC2, and data and analytics services such as Amazon RDS, Amazon DynamoDB, Amazon Kinesis and Amazon Redshift.You can also now enjoy Amazon Elastic File System (EFS) for fully managed file service to scale the file-based storage automatically to petabyte scale with high availability and durability across multiple availability zones and the newest generation of VPC Endpoints designed to access AWS services while keeping all the traffic within the AWS network.

Can you describe the operations and support models for VMware Cloud on AWS GovCloud (US)?

VMware provides a 24×7 command center that supports the service along with site reliability teams and engineering teams that are on-call supporting the service.Service operational readiness and live service operations and support are key activities for the service teams.VMware will actively monitor and maintain the SDDC components and IaaS infrastructure to ensure customers receive a high-quality service experience.In addition, fleet SDDC lifecycle management will enable efficient and reliable operations at scale.

Can you describe the operations and support models for VMware Cloud on AWS?

VMware provides a 24×7 command center that supports the service along with site reliability teams and engineering teams that are on-¬call supporting the service.Service operational readiness and live service operations and support are key activities for the service teams.VMware will actively monitor and maintain the SDDC components and IaaS infrastructure to ensure customers receive a high¬-quality service experience.In addition, fleet SDDC lifecycle management will enable efficient and reliable operations at scale.

Can you monitor VMware Cloud on AWS objects in near real-time with vRealize Operations Cloud?

Yes, with a simple one-click, vRealize Operations Cloud enables near real-time monitoring.20 second granularity captures alerts with metrics and events and allows observation of data through dashboards and metric charts.

Can you purchase third-party solutions on VMware Cloud Marketplace?

No, not at this time.Currently, VMware Cloud Marketplace enables the use of third-party solutions in a bring-your-own-license (BYOL) model.While users will be able to search for, browse, and filter for a third-party solution in the Marketplace catalog, they would need to already have the license key from the third-party vendor in order to utilize commercial third-party solutions on the SDDC(s) of their choice.

Can you tell me more about the VMware-supplied VM?

The VMs will be packaged as an OVF (Open Virtual Format) which can be included in the customer’s Content Library.As part of initial deployment, the VM will be activated and the VM is now ready for customer use.

Can you use APIs or automation like PowerCLI or Terraform to configure a PCI SDDC?

Yes.Terraform and APIs can be used to configure a PCI SDDC.

Do 1-year and 3-year subscriptions auto-renew at the end of the term?

No, subscriptions do not auto-renew.Customers can purchase additional subscriptions at any time.

Do 1-year and 3-year subscriptions auto-renew at the end of the term?

No, subscriptions do not auto-renew.vCenter Hybrid Linked Mode (HLM) allows you to link the Cloud vCenter (VMware Cloud on AWS) to your on-premises vCenter to provide a Hybrid management interface across Cloud and on-premises resources.With HLM, you can view and manage the on-premises and Cloud vCenters from a single pane of glass and perform hybrid operations such as workload mobility across the two environments.For more details, please refer to the VMware Cloud on AWS Getting Started Guide here.

What is VMware Cloud Director service?

VMware Cloud Director service is a SaaS service, running on top of VMware Cloud on AWS, hosted, and managed by VMware for cloud providers.VMware Cloud Director service enables cloud providers to build a custom branded, multi-tenant, self-service cloud management platform.

What is VMware Cloud on AWS GovCloud (US)?

VMware Cloud on AWS GovCloud (US) is a jointly engineered secure, scalable cloud service that brings VMware’s rich Software-Defined Data Center software to the AWS GovCloud (US) Region.VMware Cloud on AWS GovCloud (US) integrates VMware’s compute, storage and network virtualization products (VMware vSphere, VMware vSAN and VMware NSX) along with VMware vCenter Server management, optimized to run on dedicated, elastic, bare-metal AWS infrastructure.With the same architecture and operational experience on-premises and in the cloud, IT teams can now quickly derive instant business value from use of the AWS and VMware hybrid cloud experience.

What is VMware Cloud on AWS Migration Assessment?

The Migration Assessment enables cloud administrators to calculate the capacity and cost required to migrate workloads from private clouds to VMware Cloud on AWS.

What is VMware Cloud on AWS?

VMware Cloud™ on AWS brings VMware’s enterprise-class SDDC software to the AWS Cloud with optimized access to AWS services.Powered by VMware Cloud Foundation, VMware Cloud on AWS integrates our compute, storage and network virtualization products (VMware vSphere®, vSAN™ and NSX®) along with VMware vCenter management, optimized to run on dedicated, elastic, bare-metal AWS infrastructure.

What is VMware HCX?

VMware HCX (formerly known as Hybrid Cloud Extension and NSX Hybrid Connect) is a SaaS offering that provides application mobility and infrastructure hybridity across different vSphere versions, on-premises and in the cloud.

What is VMware SD-WAN by VeloCloud?

VMware SD-WAN by VeloCloud is a global service that delivers high-performance, reliable branch access to cloud services, private data centers, and SaaS-based enterprise applications.SD-WAN increases bandwidth economically by aggregating WAN circuits of any type, providing faster response even for single application flows.Data plane function and orchestration are delivered in the cloud to provide direct and optimized access to cloud as well as on-premises resources.You can deploy a branch in minutes with VMware SD-WAN Edge activation from the cloud.Automatic WAN circuit discovery and monitoring eliminate link-by-link and branch-by-branch configuration.

What is VMware Transit Connect?

VMware Transit Connect is a high bandwidth, low latency connectivity feature for SDDC Groups.It provides network-level connectivity among SDDC Group members by leveraging an AWS Transit Gateway (TGW) in the AWS region.It also enables network connectivity to AWS VPCs and on-premises/colo data centers (via a Direct Connect Gateway).

What is VMware vRealize Network Insight Cloud?

VMware vRealize Network Insight Cloud helps customers build an optimized, highly available and secure network infrastructure across multi-cloud environments.It accelerates micro-segmentation deployment, minimizes business risk during application migration and enables customers to confidently manage and troubleshoot application networking and security across their on-premises and VMware Cloud on AWS environments.vRealize Network Insight Cloud is available in following two form factors, both with the same scale and features: 1.VMware vRealize Network Insight – A perpetual on-premises form factor.It is available in two editions – Advanced and Enterprise.VMware Cloud on AWS monitoring is supported in the Enterprise edition.2.Network Insight VMware Cloud Service – A subscription-based SaaS form factor.For more information on vRealize Network Insight, click here For more information on Network Insight VMware Cloud Service, click here.

What is VMware vRealize Operations Cloud?

vRealize Operations Cloud is a cloud management platform that delivers self-driving operations from applications to infrastructure.Powered by AI, vRealize Operations Cloud delivers continuous performance optimization, efficient capacity and cost management, intelligent remediation, and integrated compliance as a VMware Cloud service, beginning with the v8.1 release.

What is vRealize Automation (vRA) Add-on for VMware Cloud on AWS?

The new vRealize Automation Cloud Add-on tile on VMware Cloud on AWS console streamlines vRealize Automation Cloud on-boarding for VMware Cloud on AWS customers.It enables automated workload provisioning by setting up a self-service infrastructure for developers and manage it with governance policies for better insight and control.

What is vSphere vMotion between on-premises and VMware Cloud on AWS and what does it require?

VMware vSphere® vMotion® enables live migration of running (powered on) VMs from your on-premises host to a host in VMware Cloud on AWS with zero downtime for the application (<1sec switchover time), continuous service availability and complete transaction integrity.This feature is now available for VMware Cloud on AWS.Furthermore, by enabling certain advanced configuration, vMotion can be enabled across different vSphere Distributed Switch versions.Requirements include: • AWS Direct Connect (over Private VIF) and NSX Layer 2 VPN must be set-up.It is not supported without either of these.• On-premises vSphere version must be on 6.0u3 or above.• Sustained bandwidth of 250 Mbps or more is required (for optimal performance).• vSphere Distributed Switch versions 5.0/5.5 will not be supported and migration of VMs hosted on 5.0/5.5 will be blocked.

What logs does VMware collect and what is VMware monitoring?

VMware Cloud on AWS logging and monitoring systems cover the SaaS infrastructure (VMware Cloud on AWS Console) and the Software Defined Data Center (SDDC) to ensure the availability, performance, and security of the service.VMware does not monitor customers’ workloads or the contents of their network traffic.To ensure the availability and performance of the VMware Cloud on AWS service, the Site Reliability Engineering team collects logs from many sources and employs multiple monitoring and alerting solutions to notify our engineers when the service is not operating normally and could impact a customer’s experience.The tools used for monitoring and logging are continuously evolving to improve the detection and response time of production issues, however, they include the use of VMware’s Log Intelligence and VMware Tanzu Observability products and third party products and services and are used to do event monitoring, metrics collection, log aggregation, telemetry reading and white box testing.Some of the areas that the VMware SRE team monitors include: a.The physical infrastructure including CPU, Memory, storage and networking availability, utilization and performance.b.The virtual infrastructure components and services for availability and responsiveness, including ESXi, Virtual Center, NSX appliances and AWS services.c.System events like host disconnects, port disconnects, HA fail-overs, and hypervisor crashes.d.Response times for VMware Cloud on AWS and Virtual Center APIs.To ensure the security of the service VMware monitors for security events involving the underlying infrastructure servers, storage, networks, and information systems used in the delivery of the service.The contents of customers’ virtual machines and contents of customers’ network traffic are not monitored.The VMware Security Operations Center (SOC) continuously aggregates logs, events and alerts into a centralized SIEM system that is monitored 24×7.The logs collected and the tools used for security monitoring are continuously evolving to improve the security of the VMware Cloud on AWS service.The logs come from multiple sources including Intrusion Detection and Prevention Software (IDS/IPS), firewalls, vulnerability scanners, file Integrity monitoring systems, anti-virus solutions, access control systems, vSphere, and AWS Services like Cloudtrail, VPC Flow Logs, GuardDuty etc.The SOC looks for abuse, port scans, brute force attempts, DDOS attacks, access control violations, unusual activities, unauthorized changes, data breaches, malicious insider activity, Hyperjacking etc.The AWS Security team also monitors the AWS infrastructure and has a direct line of communication with the VMware SOC if they detect any suspicious activity.

What network bandwidth will be available to the ESXi hosts?

ESXi hosts are connected to an AWS VPC via AWS Elastic Networking Adapter (ENA) that support throughput up to 25 Gbps.

What Network Time Protocol Server (NTP) is used by VMware Cloud on AWS?

VMware Cloud on AWS uses the Amazon Time Sync Service to keep all logs globally synchronized.

What on-premises vCenter versions and topologies are supported in vCenter HLM?

HLM supports on-premises vCenter running 6.0 U3c and later with embedded or external PSC (both Windows and vCSA).On-premises vCenters with external PSCs linked in Enhanced Linked Mode are also supported, up to the scale limits documented 6.

What on-premises versions of vSphere are supported with Cloud Motion with vSphere Replication?

This feature requires vSphere version 5.5 or higher on-premises.

What other certifications is VMware Cloud on AWS GovCloud (US) pursuing?

VMware plans to pursue a Provisional Authority from the Defense Information Systems Agency (DISA) to run Impact Level (IL) 4/5 workloads, we plan to complete its U.S.International Traffic in Arms Regulation (ITAR) training and ensure ITAR compliance and we expect that we will leverage our FedRAMP efforts to comply with Criminal Justice Information Services (CJIS).

What Personally Identifiable Information (PII) is collected by VMware Cloud on AWS and how is it used?

The only Personally Identifiable Information (PII) that the VMware Cloud on AWS service collects is the customer administrators’ first name, last name, email address and IP address.This information is required in order to operate the VMware Cloud on AWS service and for security and support purposes – e.g.logging who created/deleted an SDDC, added/removed a host, changed a firewall rule, copied a virtual machine, etc.The PII collected by the VMware Cloud on AWS service is used exclusively for the purposes outlined in the VMware Products and Services Privacy Notice.VMware may require additional account information to be provided in connection with the creation or administration of a customer account, including names, usernames, phone numbers, email addresses, and billing information.This is managed by VMware back office systems and VMware handles account information in accordance with our Privacy Notice.

What privileges can a user assign to a new custom role within vCenter?

If the user has the privileges to modify roles, they can create/modify/delete custom roles that have privileges lesser than or equal to their current role.You may be able to create roles that have privileges greater than CloudAdmin but you will not be able to assign the role to any users or groups.

What products does VMware support under the SPLA license?

Currently, Windows Server and SQL Server are offered by VMware.

What protocol is supported for Route Based VPN?

Standard eBGP protocol is supported.

What provisions are available to rotate the keys used for data at rest encryption in VMware Cloud on AWS?

Customers have the option to change the KEK (Key Encryption Key) either through vSAN API or through the vSphere UI.This process is called shallow rekey.Note, shallow rekey doesn’t change the Disk Encryption Key (DEK) or the Customer Master Key(CMK).Changing the Disk Encryption Key (DEK) and Customer Master Key (CMK) is not supported.In rare situations, if there is a need to change the DEK or CMK, users have the option to set up a new cluster with new CMK and storage vMotion the data from the existing cluster.

What provisions are available to rotate the keys?

You have the option to change the KEK (Key Encryption Key) either through vSAN API or through the vSphere UI.This process is called rekey.Note, shallow rekey doesn’t change the Disk Encryption Key (DEK) or the Customer Master Key (CMK).Changing the DEK and CMK is not supported.In rare situations, if there is a need to change the DEK or CMK, users have the option to set up a new cluster with new CMK and can Storage vMotion the data from existing cluster.

What regions are available to run PCI compliant workloads on VMware Cloud on AWS?

PCI SDDC’s are available on the following VMware Cloud on AWS regions: AWS US East (N.Virginia), AWS US West (Oregon), AWS Europe (Ireland), AWS Asia Pacific(Sydney), AWS Europe(London), AWS Europe(Frankfurt).

What roles/permissions are required for user to be added in VMware Cloud on AWS data sources?

1.VMware Cloud on AWS vCenter – CloudAdmin 2.VMware Cloud on AWS NSX Policy Manager – NSXCloudAdmin or NSXCloudAuditor (read-only user).• The user needs to have role of either NSXCloudAdmin in order to enable DFW IPFIX on VMware Cloud on AWS NSX Policy Manger.• A user with Cloud Auditor role has read-only privileges and would not be able to perform tasks like enable/disable DFW IPFIX.

What routes are advertised from the VMware Cloud on AWS SDDC?

Management Infrastructure and Logical segment CIDRs are advertised to the on-premises BGP Peer.

What security and compliance certifications have the vRealize Automation Cloud achieved?

CSA Self-Assessment and GDPR are supported.

What server profiles does the sizing and assessment tool recommend?

Currently, the tool recommends "Fixed Server" profile based on the i3 and i3en instance types.In the future, as VMware Cloud on AWS supports more instance and profile types, the recommendation will account for this and recommend the most optimized profile and instance type for your environment.

What service level agreement (SLA) do you offer for a Single Host SDDC?

We offer no SLA for the Single Host SDDC.In case of a component or host failure, you may lose your data.

What Service Level Agreements does the VMware Cloud on AWS GovCloud (US) service support?

The VMware Cloud on AWS service is expected to be highly available, however Service Level Agreements (SLAs) are not guaranteed until General Availability.At General Availability, it is expected that the SLAs will match the commercial service.

What storage options are available for VMware Cloud on AWS GovCloud (US)?

VMware Cloud on AWS GovCloud (US) includes VMware’s vSAN storage technology that provides a single name space shared datastore (vSAN datastore) for VM storage.Each SDDC cluster will utilize an “all flash” vSAN storage solution built on NVMe backed instance storage that offers high performance, and low latency.

What sub-processors does VMware Cloud on AWS use?

VMware Cloud on AWS utilizes other companies to provide certain services on its behalf.The list of sub-processors who may process Customer Content (as defined in the Terms of Service) are listed in our VMware Cloud on AWS Sub-Processors list.As set forth in the Data Processing Addendum, VMware has adequate data transfer mechanisms in place with each sub-processor.There are currently two categories of companies on this list of sub-processors.The first category is the cloud infrastructure provider which manages the physical hardware used to deliver the cloud service.Since Customer Content physically resides on hardware operated by the third-party infrastructure provider, that party qualifies as a sub-processor even though there are no circumstances where the infrastructure provider actually accesses Customer Content.The second category of sub-processors provides supporting functionality for the VMware Cloud on AWS service (e.g., in-product chat, CRM/Customer Success Management, customer surveys, etc.).None of these companies ever have access to Customer Content unless the customer explicitly enters or uploads screenshots containing sensitive information (passwords, Personally Identifiable Information (PII), Personal Health Information (PHI), credit card numbers, etc.) into these product interfaces.In most cases this would be considered Confidential Information, but VMware’s privacy team has taken a very conservative approach and has identified this category of service providers as sub-processors in order to ensure that our customers have complete transparency and the most stringent privacy protections.If you would like to receive notification of updates to this sub-processor list, please register here.Notifications are sent at least 30 days prior to the changes taking effect unless the customer have the ability to choose to use a new feature powered by the sub-processor (e.g., a new AWS region becomes available), in which case the VMware Cloud on AWS Sub-Processor list is updated concurrently with the release of the new feature.

What support would I get with this offering?

Single Host SDDC receives the same unlimited 24/7 VMware Global Support Services as well as 24/5 live chat support via the VMware Cloud on AWS Console and via vSphere Client.

What support would I get with this offering?

The 2-host cluster receives unlimited 24/7 VMware Global Support Services as well as 24/5 live chat support via the VMware Cloud on AWS Console and via vSphere Client.

What thresholds are used with EDRS Rapid Scale Out?

EDRS Rapid Scale Out maximum thresholds are the same as the thresholds for the EDRS performance policy.The minimum thresholds are 0%; this means scale-in must be performed manually.

What type of port mirroring is supported in VMware Cloud on AWS?

VMware Cloud on AWS supports Encapsulated Remote SPAN.

What type of SDDCs can I deploy for solution validation and development?

As a partner, you can deploy either a 3-host or 4-host SDDC or participate in the Single Host SDDC program.As a Technology Partner, we provide you access to the VMware Cloud on AWS service at a discount for development and validation purposes only.

What type of storage can I use with my SDDC on VMware Cloud on AWS?

With the i3.metal host instance, each ESXi host comes with NVMe SSD storage.A 3 ESXi host cluster running vSAN provides approximately 15 TiB usable storage and 4 ESXi host cluster running vSAN provides approximately 21 TiB usable storage, with all virtual machines protected against a single host failure (FTT=1).With the i3en.Metal host instance, each ESXi host comes with NVMe SSD Storage as well.A 3 host ESXi cluster running vSAN provides approximately 60 TiB of usable storage.Please note that exact usable storage will vary depending on the type of workload.All virtual machines are protected against a single host failure (FTT=1).

What type of traffic should be considered a good use case for Multi Edge SDDC ?

While Multi Edge SDDC works with many different types of traffic, we’ve found that services like data backup, database synchronization and file storage are well suited for mapping into a Traffic Group and taking advantage of the increased network capacity.

What version of VMware Cloud on AWS supports this feature of 'Automatic adjustment of vSAN policy'?

‘Automatic adjustment of vSAN policy’ feature is supported from v1.

What version of VMware vSphere do I need in my on-premises environment?

With vSphere 6.0 or later running in your on-premises environment, you can move workloads to and from VMware Cloud on AWS GovCloud (US) by doing cold migration of VMs.No conversion or modification is necessary.

What VMware SDDC products do I need to have on-premises for VMware Cloud on AWS GovCloud (US)?

The more software-defined you are with VMware technologies on-premises, the more value you can derive out of VMware Cloud on AWS GovCloud (US).With this release, we have now expanded support for on-premises vCenter running vSphere 6.0u3 patch c or later.However, you can still move workloads to and from VMware Cloud on AWS GovCloud (US) by doing cold migrations of the VMs.No conversion or modification is required.You can also just run VMware Cloud on AWS GovCloud (US) standalone with only a web browser.

What VMware SDDC products do I need to have on-premises for VMware Cloud on AWS?

The more software-defined you are with VMware technologies on-premises, the more value you can derive out of VMware Cloud on AWS.With this release, we have now expanded support for on-premises vCenter running VMware vSphere® 6.0u3 patch c or later.However, you can still move workloads to and from VMware Cloud on AWS by performing cold migrations of the VMs.No conversion or modification is required.You can also just run VMware Cloud on AWS standalone with only a web browser.Please refer to the VMware Compatibility Guide for more information.(https://www.vmware.com/resources/compatibility/search.

What was announced by Microsoft in Aug 2019 with regard to its product licenses on dedicated hosted cloud services including VMware Cloud on AWS?

Microsoft announced that on October 1, 2019, the licensing terms for its products deployed on dedicated hosted cloud services will change.This change in Microsoft licensing affects customers planning to move and/or deploy Windows Server and Microsoft SQL Server workloads to non-Azure clouds including VMware Cloud on AWS.

What was announced with respect to VMware Cloud on AWS and VMware Tanzu Kubernetes Grid?

Now, VMware Tanzu Kubernetes Grid supports VMware Cloud on AWS.This enables customers to deploy their SDDC in the cloud, with the required components needed to architect and scale Kubernetes to fit their needs.VMware Tanzu Kubernetes Grid is a certified Kubernetes runtime with secure access to open source technologies, including Kubernetes, cluster lifecycle management (Cluster API), and container image management (Harbor).With Tanzu Kubernetes Grid running on VMware Cloud on AWS, customers can deploy, scale and manage Kubernetes clusters in the cloud.This establishes a reliable foundation for cloud-native application management and application modernization.

What would be the impact on vRealize Network Insight or vRealize Network Insight Cloud service if the vCenter or NSX Manager is not available temporarily for any reason?

The relevant data from vCenter and NSX Manager would not be available for that duration.There won’t be any other impact on vRealize Network Insight or vRealize Network Insight Cloud service due to this scenario.The vRealize Network Insight or vRealize Network Insight Cloud service will start showing a relevant error message against the unavailable vCenter and NSX Manager for that duration.Note: vRealize Network Insight or vRealize Network Insight Cloud service have no impact on VMware Cloud on AWS lifecycle events such as upgrades.

When deploying Horizon across both on-premises and VMware Cloud on AWS in CPA configuration, does the Horizon version on-premises have to match the Horizon version on VMware Cloud on AWS?

No that is not necessary.As long as the version of Horizon running on-premises is v7.0 and above, it can be put into the same CPA configuration as a Horizon running on VMware Cloud on AWS.

When do charges for VMware Cloud on AWS service start?

Charges begin when you start consuming VMware Cloud on AWS instances – specifically when you start provisioning your SDDC through the console or the API.

When do charges for VMware Cloud on AWS service stop?

You will stop being charged when you no longer consume any VMware Cloud on AWS instances – specifically after your SDDC has been deleted.

When I specify the lower number of CPU cores, does it impact the performance?

Yes.Reducing core count affects the compute performance of all workloads on the host and increases the likelihood of system performance degradation.For example, vCenter and vSAN overhead can become more noticeable, and operations such as adding clusters and hosts can take longer to complete.

When is partition placement activated?

VMware Cloud on AWS automatically enables partition placement groups during new SDDC, cluster, and host provisioning operations.

When should I change my VMware HCX FQDN resolution to private?

Private IP address resolution is useful when users connect to HCX manager either via VPN or via Direct Connect (DX).

When will CloudHealth Hybrid be generally available?

CloudHealth Hybrid is generally available Friday, November 1st, 2019.However, the VMware Cloud on AWS support is only in private beta.Customers can request early access by emailing cloudhealth-hybrid@groups.vmware.

When will eDRS scale up?

eDRS will automatically scale up when your cluster reaches a capacity threshold.The system automatically monitors your current capacity and your capacity trend to make a decision to add more capacity to your cluster.

When will eDRS scale up?

eDRS will automatically scale up when your cluster reaches a capacity threshold.The system automatically monitors your current capacity and your capacity trend to make a decision to add more capacity to your cluster.

Where can I find more information about vRA Add-on?

The VMware Documentation site has detailed documentation on activating and exploring quick cloud setup for VMware Cloud on AWS.

Where can I find more information on Horizon on VMware Cloud on AWS?

You can find overview information on our Horizon website.You can also read our announcement blog and our preview blog.A recorded demo video is available here.

Where can I find pricing for VMware HCX for VMware Cloud on AWS?

VMware HCX is included with all VMware Cloud on AWS SDDC targets.

Where can I find Software Development Kits (SDKs) and code samples for using the VMware Cloud on AWS Service APIs?

You are free to purchase additional subscriptions at any time.Any workloads running at the end of the subscription term will be billed at an on-demand rate.

Do any resources get provisioned once I purchase a 1-year and 3-year subscription?

No, provisioning is independent of purchasing a subscription.A subscription is a financial commitment.

Do I also need to purchase AWS Support for VMware Cloud on AWS GovCloud (US) service?

No, VMware Cloud on AWS GovCloud (US) is supported by VMware.However, you can choose to purchase AWS support for the additional AWS services you use that are not provided by VMware Cloud on AWS GovCloud (US).

Do I get a price discount on the hosts with lower CPU core count?

No, changing the number of cores does not affect the price of the host.

Do I get a refund if I don't use all the capacity covered under my 1-year or 3-year subscription?

No, by purchasing a subscription you make a financial commitment to VMware.How much of it you end up using is up to you.

Do I get a separate maintenance notification for the vCenter Cloud Gateway updates?

No, you get a notification for the Cloud SDDC maintenance window, which also serves as notification for the Cloud Gateway update.

Do I have to be logged in to use VMware Cloud on AWS Migration experience?

No.VMware Cloud on AWS Migration experience is available to anyone.Users do not need to be logged in or to have a VMware Cloud on AWS account.However, users do need to be logged in to track the progress of their migration.Users will also have to create a VMware Cloud on AWS Organization and log in as they work through the steps required to create an SDDC.

Do I have to connect all my SDDCs to an AWS account?

Each SDDC must be connected to a separate AWS account.It is possible to defer account linking for Single Host SDDCs for up to 30 days, but it is not possible to scale-up your Single Host SDDC to a four host configuration without connecting to an AWS account.

Do I have to connect my Single Host SDDC to an AWS account?

It is possible to defer account linking for Single Host SDDCs for up to 30 days, but it is not possible to scale-up your Single Host SDDC to a four host configuration without connecting to an AWS account.

Do I have to purchase the vRealize Log Insight Cloud service to see the packet logs?

Yes.

Do I have to use VMware Cloud on AWS Migration experience to migrate to VMware Cloud on AWS?

No.VMware Cloud on AWS Migration experience consolidates information about moving workloads to VMware Cloud on AWS and creates a central hub of information and tools.

Do I need a specific version of NSX deployed in my on-premises data center to pair it with VMware Site Recovery on NSX-T SDDC in VMware Cloud on AWS?

In order to pair your on-premises data center with VMware Site Recovery on NSX-T SDDC in VMware Cloud on AWS, the on-premises data center should either be upgraded to Site Recovery Manager 8.1.2, which supports NSX-T or if you have an older version of Site Recovery Manager on your on-premises data center, then you should have NSX-v or no NSX deployed.VMware Site Recovery Manager inter-operates with NSX-T in on-premises environments since version 8.1.2.For more details, see the VMware Site Recovery Manager 8.1.2 Release Notes.

Do I need NSX on-premises to use NSX L2 VPN between on-premises and VMware Cloud on AWS GovCloud (US)?

No.You do not need NSX on-premises to use L2 VPN.There are two components of L2 VPN – a client-side component and a server-side component – the server side is running in VMware Cloud on AWS GovCloud (US).In order to configure an L2 VPN between on-premises and VMware Cloud on AWS GovCloud (US), you must configure the client-side component on-premises.If you do not have NSX on-premises, you can download a standalone NSX edge and configure the client side of L2VPN.

Do I need NSX on-premises to use NSX L2 VPN between on-premises and VMware Cloud on AWS?

No.You do not need NSX on-premises to use L2 VPN.There are two components of L2 VPN – a client side component and a server side component – with the server side running in VMware Cloud on AWS.In order to configure an L2 VPN between on-premises and VMware Cloud on AWS, you must configure the client side component on-premises.If you do not have NSX on-premises , you can download a standalone NSX edge and configure the client side of L2VPN.

Do I need to access region specific endpoints to access my SDDCs?

No, you use the same endpoints to access the VMware Cloud on AWS API and VMware Cloud on AWS Console regardless of the region your SDDCs are in.

Do I need to access region specific endpoints to access my SDDCs?

No, you use the same endpoints to access the VMware Cloud on AWS GovCloud (US) API and VMware Cloud on AWS GovCloud (US) Console regardless of the region your SDDCs are in.

Do I need to access region-specific endpoints to access my SDDCs?

No, you use the same endpoints to access the VMware Cloud on AWS API and VMware Cloud on AWS Console regardless of the region your SDDCs are in.

Do I need to add AD over LDAP to the cloud vCenter to configure HLM with the Cloud Gateway?

No, the Cloud Gateway allows you to map on-premises AD groups to the Cloud SDDC.The on-premises AD groups will be assigned CloudAdmin role in the cloud SDDC.Note that this does not allow users from those AD groups direct authentication to the cloud SDDC but enables them to manage the cloud SDDC resources from the Cloud Gateway.

Do I need to buy VMware Cloud on AWS separately as well?

Yes, you need to buy a VMware Cloud on AWS Service as normal, through a commit contract in the MSP program and delivered by Cloud Provider Hub.Additionally, you also need to buy VMware Cloud Director service under the MSP program.

Do I need to enable FW on Compute Gateway (CGW)?

No.You are not required to create FW policy for the overlay to management appliance communication on a compute gateway.

Do I need to install a Data Collector to get audit and security logs into vRealize Log Insight Cloud?

No, audit and security logs are automatically forwarded from VMware Cloud on AWS to your instance of vRealize Log Insight Cloud without the need of a Cloud Data Collector.

Do I need to modify firewall policy to allow SDDCs that are a member of a SDDC Group to communicate?

Yes, firewall policy must be updated to allow SDDCs that are in a group to communicate.The SDDC Grouping construct enables network connectivity but does not dictate security policy.The SDDC group does automatically create groups that can be used to simplify the definition of security policy.

Do I need to use a specific version of vSphere and vSphere Replication in my on-premises data center to take advantage of the new feature "Seamless Disk Resizing"?

Yes, you need to deploy version 7.0 (or later) of vSphere and version 8.3 (or later) of vSphere Replication in your on-premises datacenter to take advantage of the new feature "Seamless Disk Resizing".

Do my workloads get automatically re-balanced onto the new host?

Yes.

Do my workloads get automatically re-balanced onto the new host?

Yes.DRS will automatically re-balance your workloads.

Do the automatically created groups get updated as networks are added or removed from my SDDCs?

Yes, the automatically created groups reflect the current state of networks.

Do the SDDCs within a group have to be at a certain version for linking to work within an SDDC Group?

All the SDDCs within a group should be minimally at version 1.12 for vCenter linking to work.The feature will not be enabled on the group if any SDDC is older than 1.

Do you need to upgrade a three host SDDC in order to move to four hosts?

No.Unlike Single Host, a three host SDDC is a full production SDDC.You can simply add a host to scale up just like any production SDDC.

Do you support ESXi as a guest now?

We support ESXi as a guest in this special case.Because the witness does not run any guest workloads, we are able to support virtualized ESXi for this purpose only.

Do you support Private or Public ASN with Direct Connect Private VIF?

By default public ASN is used.However, if you need to utilize private ASN, you can work with support team for that configuration.

Does a subscription auto-renew upon expiration?

Unless you purchase a new subscription, upon expiration of a committed subscription term, if you continue to use the Service Offering after expiration of your committed subscription term, all services will continue to operate on an on-demand basis, and you will be billed at the then current on-demand rate for those services until you cancel your on-demand use.

Does CloudHealth Hybrid provide reporting by LOB and showback for VMware Cloud on AWS?

CloudHealth Hybrid can support reporting and showback for VMware Cloud on AWS but can’t do so by LOB until Perspectives support is added.CloudHealth Hybrid does support LOB reporting and showback for vSphere.

Does CloudHealth Hybrid support VMware Cloud on AWS if the customer bought via the AWS Marketplace?

No.If a customer purchases VMware Cloud on AWS from the AWS Marketplace, their bill will appear in their AWS Marketplace, not their VMware Cloud Service Provider bill.

Does Deduplication & Compression work with vSAN Encryption?

vSAN encrypts all data at rest both in the caching and capacity tiers, while preserving the storage efficiencies from deduplication and compression.

Does Direct Connect support management appliances and workload traffic?

Yes.With NSX-T, SDDCs management appliances and workload traffic is carried over DX Private VIF.Management appliances and workload network routes are published to on-premises over existing BGP sessions.As long as the BGP configuration on the on-premises router allows these new routes, you will have the connectivity for these traffic types.

Does i3en support Custom Core Counts?

Yes, i3en will support physical custom core counts of 8, 16, 24, 30, 36 and 48.

Does Multi Edge SDDC require additional compute resources?

Yes, each Traffic Group configured will require 2 additional hosts in the VMC Management cluster to dedicate to the networking services.

Does Multi Edge SDDC work with all of my SDDC’s traffic?

While Multi Edge SDDC works with all types of IP traffic from workloads, there are some specific flows that are not able to take advantage of Multi Edge SDDC.These specific flows are flows that use Network Address Translation (NAT) including S3, VPN traffic and traffic using an AWS Direct Connect.Management VMs and ESXi hosts are not able to take advantage of Multi Edge SDDC.All of these flows will continue to traverse the default edge.

Does NSX-T continue to support policy-based VPN?

Yes, policy based VPN is supported, but we recommend users to transition to route based VPN.

Does NSX-T support Ikev2?

Yes, we now support both IKev1 and Ikev2.

Does NSX-T support redundant tunnels?

Yes.There is support for redundant tunnels.User can establish these tunnels across the different endpoint devices on-premises.

Does Route Based IPSEC VPN support ECMP?

Yes, Route Based IPSEC VPN supports both Active/Standby and ECMP.

Does the 2-host cluster support Custom Core Counts?

No.Custom Core Counts are not supported in 2-host SDDC cluster.

Does the VMware Cloud on AWS GovCloud (US) service have a FedRAMP Authority to Operate (ATO)?

No.VMware Cloud on AWS GovCloud (US) does not currently have a FedRAMP ATO.We are pursuing a FedRAMP High ATO and expect to obtain it around the middle of 2019.

Does vMotion traffic flow over L2 VPN tunnel?

No.vMotion traffic doesn’t flow through L2 VPN tunnel.This tunnel is for the VMware Cloud on AWS VMs to communicate to on-premises resources.vMotion traffic flows through the AWS Direct Connect (Private VIF).

Does VMware Cloud on AWS GovCloud (US) plan to build a FedRAMP Moderate offering?

At this time, VMware is evaluating the demand for a FedRAMP Moderate offering running on AWS GovCloud US East/West.

Does VMware Cloud on AWS have a Business Continuity and Disaster Recovery Plan?

VMware’s executive leadership sponsored the launch of an Enterprise Resiliency program in 2015 focused on improving the company’s resiliency and preparedness toward potentially business-disrupting events.The Enterprise Resiliency Program brings together the company’s business continuity, disaster recovery, emergency response, and crisis management programs under a common governance framework.The program focuses on aligning key stakeholders and driving development of business continuity plans, emergency management, and response plans to address identified risks and ensure that VMware is adequately prepared for a critical business disruption so that its people, processes, systems, facilities, and other assets are able to respond, recover, and resume operations safely and efficiently; and make sure that there is effective communication with all stakeholders.For VMware Cloud on AWS, Crisis Management, Business Continuity and Disaster Recovery plans are reviewed on an annual basis and undergo regular testing.Testing of the plans include everything from evaluations using a variety of disrupting scenarios including infrastructure issues, malware attacks, system corruption, insider threats, natural disasters etc.to global integrated exercises to identify any gaps in documentation or processes.In the event of a disruption, VMware employees will be dedicated to restoring customer services as quickly as possible.Teams are globally located and can continue operations in the event the primary offices are unavailable.Procedures are also in place to relocate employees if needed.A Pandemic Plan that is aligned with the guidelines of the World Health Organization has been implemented across VMware.

Does VMware Cloud on AWS provide DHCP Relay functionality?

Yes, VMware Cloud on AWS provides both native DHCP capabilities and DHCP Relay.

Does VMware Cloud on AWS support two different endpoints in the SDDC?

No.Support is only available for one endpoint in active-standby mode.

Does VMware HCX need VMware NSX on-premises?

It is not required if the destination environment is an HCX-enabled public cloud.NSX is needed if the destination vSphere environment is also private/on-premises.Optionally, NSX can be installed in the source environment to access the NSX Logical Switch Network Extension feature.

Does VMware HCX support multisite interconnect? What are good usage scenarios of it?

Yes.VMware HCX supports multisite interconnect.Here are few use cases: • Consolidate small DCs to VMware Cloud on AWS • Extend to multiple VMware Cloud on AWS with separate geo-locations.

Does VMware HCX support NSX-T SDDCs?

VMware HCX supports all capabilities in both NSX-v and NSX-T SDDCs.NSX-T SDDCs also support the ability to leverage the DX Private VIF option for the VMware HCX interconnects.If you are leveraging the Internet and would like to shift your HCX interconnects to the Private VIF option, please reach out to VMware via support to get assistance in switching the interconnect configuration.

Does VMware perform vulnerability and penetration testing?

VMware has a comprehensive vulnerability management program that includes regular internal and third-party security assessments to continuously improve our cloud platform security controls and processes, and to meet the requirements of the VMware Cloud on AWS compliance programs.Industry standard practice and VMware corporate policy does not allow sharing vulnerability and penetration reports or the findings with our customers.Sharing security testing reports would result in disclosing potential service vulnerabilities to customers before they have been remediated.The vulnerability management program, the reports and the handling of issues found are carefully reviewed by our third-party auditors as part of our compliance programs.

Does VMware supplied licenses provide the Unlimited virtualization benefit?

Yes, VMware supplied licenses include the unlimited virtualization benefit both for Windows Server and SQL Server.You can run an unlimited number (up to technical maximum) of VMs with Windows Server and/or SQL Server on a fully licensed cluster of ESXi hosts.

Does VMware support other products under the SPLA license beyond Windows Server and SQL Server?

Various Microsoft products have either License Mobility rights (from on-premise licenses) or can be purchased via a set of SPLA partners.

Does vRealize Network Insight Cloud integrate with Migration Assessment?

VMware vRealize Network Insight Cloud integration to Migration Assessment is optional.This integration provides application dependency visibility and estimated egress costs for moving applications to VMware Cloud on AWS, thereby helping to create a more effective migration plan.

For Policy based VPN, can I create just one tunnel to carry all traffic?

Yes, you may create one tunnel for all traffic.All management and workload subnets must be advertised.

From where can I acquire ISV licenses?

VMware Cloud on AWS operates on a Bring Your Own License (BYOL) model.You can procure your licenses through the channels you normally use or desire and utilize those licenses on dedicated VMware Cloud on AWS hosts.

How are host failures handled?

VMware Cloud on AWS is able to quickly react to a hardware failure by inserting a new server into your cluster when a fault is detected.Because VMware Cloud on AWS is running vSAN, the VMs are protected and vSphere HA will automatically restart any VM’s which were running on the failed server.

How are Management Packs licensed on vRealize Operation Cloud for VMware Cloud on AWS?

Native Management Packs will be available out of the box.For third party Management Packs, customers will need to bring your own license (BYOL) and a vRealize Operations Cloud SRE will install them.

How are my subscriptions affected by an automated scale up event?

We do not automatically add subscriptions to your account.Because scale up events may represent temporary spikes, we do not recommend that you automatically buy a new subscription every time a scale up event causes a host to be added to your SDDC.For most customers, it is more cost effective to buy additional host subscriptions after you have established that baseline capacity.Normally, you want to review your capacity requirements by looking backwards 30 to 60 days and then buy subscriptions based on your minimum capacity requirement for that period.This ensures that you are only buying subscriptions you actually need.

How are my subscriptions affected by an automated scale up event?

We do not automatically add subscriptions to your account.Because scale up events may represent temporary spikes, we do not recommend that you automatically buy a new subscription every time a scale up event causes a host to be added to your SDDC.For most customers, it is more cost effective to buy additional host subscriptions after you have established that baseline capacity.Normally, you want to review your capacity requirements by looking backwards 30 to 60 days and then buy subscriptions based on your minimum capacity requirement for that period.This ensures that you are only buying subscriptions you actually need.

How are slack space requirements enforced if I turn on eDRS?

eDRS is aware of vSAN and ESXi capacity requirements and will automatically add or remove hosts to be certain that your SDDC remains healthy.eDRS is the best way to ensure that your SDDC is sized correctly at all times.

How are the interactions between the various policies handled?

In the current implementation there is no conflict detection.This means that if a user configures two policies that conflict with each other, no user error or warning will be generated.DRS will enforce all the policies in the best manner it can, as described below.

How are the traffic charges handled when a Private VIF is connected to VMware Cloud on AWS SDDC?

AWS Direct Connect traffic charges will be applied to the VMware Cloud on AWS account.You will see those charges on your VMware Cloud on AWS bill.

How are VMware Cloud on AWS GovCloud (US) SDDCs connected to my on-premises environment?

When you deploy an SDDC using VMware Cloud on AWS GovCloud (US), it is configured with two networks: a management network and a compute network.The management network handles network traffic for the SDDC hosts, vCenter Server, NSX Manager, and other management functions.The compute network handles network traffic for your workload VMs.Two VMware NSX edge devices serve as gateways for the VMware virtualized networking environment.The Management Gateway (MGW) connects the SDDC management infrastructure to your on-premises environment.The Compute Gateway (CGW) provides connectivity for all workload virtual machines.Traffic can be directed to your on-premises environment using a L3 VPN connection or to your AWS VPC via an Elastic Network Interface (ENI).

How are vRealize Network Insight and vRealize Network Insight Cloud service sold for VMware Cloud on AWS monitoring?

vRealize Network Insight and vRealize Network Insight Cloud SaaS are licensed on a per processor basis.Each VMware Cloud on AWS host has two processors, so two per processor licenses of vRealize Network Insight/vRealize Network Insight Cloud SaaS are required to monitor each VMware Cloud on AWS host.The Enterprise edition of vRealize Network Insight supports monitoring for VMware Cloud on AWS.

How can Cloud Motion with vSphere Replication help with cloud migrations?

Cloud motion with replication simplifies migration planning and operations in three ways: • Traditionally, you would have to plan for a maintenance window wherein applications would be rebooted.Maintenance windows are fairly tedious to manage and maintain and there is additional complexity when dealing with application reloads/reboots.With Cloud Motion, migrations can be done at scale from source to VMware Cloud on AWS without scheduling any maintenance windows.• Cloud Motion eliminates detailed analysis, dependency mappings and elongated migration planning projects.• Cloud Motion lets you schedule the failover.This enables predictability as to when the application will migrate.In the case of vMotion, there is no predictability since the VMs would move as soon as the vMotion related activities were done.The combination of live migrations at scale with a predictable schedule brings in a paradigm shift in the migration process planning and operations.

How can customers get support for TKG on VMware Cloud on AWS?

Customers can get support for Tanzu Kubernetes Grid on VMware Cloud on AWS through a combination of VMware Cloud on AWS Support and Customer Reliability Engineering.VMware Cloud on AWS customers using Tanzu Kubernetes Grid Plus have an option to open support issues with VMware Cloud on AWS Support team first which will then be escalated to the Customer Reliability Engineering team.Customers can also reach out directly to the Customer Reliability Engineering team.Customer Reliability Engineering team provides 24/7 business critical and break fix support.Please see KB 78173 for more details on what the Customer Reliability Engineering team supports.

How can I access third party content?

Access third party content through the VMware Solutions Exchange, but please note that not all solutions are directly integrated with VMware Cloud on AWS.

How can I configure DHCP Relay?

This can be configured under Networking & Security tab under System?DHCP.

How can I enable partition placement groups in my SDDC?

Partition placement groups are enabled automatically in every region and availability zone.There are no configuration options for partition placement groups.

How can I find the API for VMware Cloud on AWS?

From within the VMware Cloud on AWS Console you will be able to access the RESTful APIs by accessing the Developer Center tab and API Explorer, from within this area you can browse the publicly available APIs and try these out for your given resources.

How can I get access to VMware Cloud on AWS for development or testing?

With the latest release, VMware Cloud on AWS is available in 3 host and single host configurations.The single host configuration is ideal for partners that want a low-cost environment for developing/testing their own solution or for customer POCs.Single host configurations have some limitations.

How can I get support for RedHat Enterprise Linux on VMware Cloud on AWS?

VMware Cloud on AWS is a RedHat Certified Cloud Service Provider that allows customers to bring their existing RedHat Enterprise Linux licenses to VMware Cloud on AWS.

How can I get support for RedHat OpenShift Container Platform on VMware Cloud on AWS?

VMware Cloud on AWS is a RedHat Certified Cloud Service Provider that allows customers to bring their existing RedHat OpenShift Container Platform licenses to VMware Cloud on AWS.Please follow the guidance from RedHat on how to enable this here.

How can I get support for Tanzu Application Service deployment on VMware Cloud on AWS?

You can continue to follow the existing Tanzu Application Service support model.

How can I learn more about VMware Cloud Director service?

For more information on VMware Cloud Director service, please visit our website here.For further inquiries, please reach out to cloudproviders@vmware.

How can I learn more about VMware Cloud Marketplace?

For more information on VMware Cloud Marketplace, please visit our website here.For further inquiries, please reach out to VMwareCloudMarketplaceTeam@groups.vmware.

How can I on-board virtual machines to my SDDC on VMware Cloud on AWS?

You have several ways to onboard VMs.One way is to use an on-premises content library and publish it to your VMware Cloud on AWS SDDC (which would attach as a subscriber) and either synch on content immediately or on-demand.You can also create a local content library in your VMware Cloud on AWS SDDC and upload your ISOs and OVAs to that repository to use.Third, you can import a template and use PowerCLI to create new VMs in bulk.From within the VMware Cloud on AWS Console you will be able to access code samples and SDKs by using the Developer Center tab which has links to the supported SDK’s and code samples made available from VMware and the community.

Where can I get more information on CloudHealth Hybrid?

You can learn more about CloudHealth Hybrid here.For further questions, please email to cloudhealth-help@vmware.

Where can I go to get support for VMware SD-WAN?

When encountering issues with the integration of VMware SD-WAN with VMware Cloud on AWS, please contact VMware Global Support Services (GSS), and they will work with you to reach a resolution and engage the appropriate resources.

Where can I take advantage of the chat support feature?

In-service chat support is available for all features of VMware Cloud on AWS, including hybrid solutions such as vCenter Hybrid Linked Mode and vCenter Cloud Gateway.Chat support is available 24×5 in English across all global regions but is not currently available for on-premises-only solutions.

Where can the "Service Operations Data" and "Usage Data" be accessed from?

This information may be accessed by engineering, operations or support teams distributed globally.

Where can these collector tools be deployed?

Customers can choose to deploy these tools within a VMware Cloud on AWS SDDC or on-premises.

Where do the Packet Logs forwarded?

Packet Logs are forwarded to the Log Intelligence service.

Where is "Customer Content" physically located?

VMware Cloud on AWS is deployed in AWS data centers in multiple regions throughout the world.You select the AWS region where your SDDC will be deployed, and your Customer Content will persist in that data center.

Where is "Service Operations Data" and "Usage Data" physically located?

The Service Operations Data and the Usage Data, including customer SDDC configuration information,persists in the AWS US-West (Oregon) data center location, but may be replicated to other AWS regions to ensure availability of the VMware Cloud on AWS service.

Where is the external storage located?

External storage is provided as cloud storage by the Managed Service Provider (MSP) in several worldwide locations.Check with the Managed Service Provider (MSP) on supported locations.

Where is the Single Host SDDC available today?

The Single Host SDDC is available across all the supported regions where VMware Cloud on AWS is available today.

Where is VMware Cloud on AWS available today?

The service is newly available in AWS Europe (Stockholm) region.In addition, the service is also available in AWS US East (N.Virginia), AWS US East (Ohio), AWS US West (N.California), AWS US West (Oregon), AWS Canada (Central), AWS Europe (Frankfurt), AWS Europe (Ireland), AWS Europe (London), AWS Europe (Paris), AWS Asia Pacific (Singapore), AWS Asia Pacific (Sydney), AWS Asia Pacific (Tokyo), AWS Asia Pacific (Mumbai) Region, AWS South America (Sao Paulo), AWS Asia Pacific (Seoul) and AWS GovCloud (US West) regions.

Where is VMware Cloud on AWS GovCloud (US) available today?

The service is available exclusively in AWS GovCloud (US-West).VMware expects to make the service available in AWS GovCloud (US-East) based on customer demand.

Where is VMware Site Recovery available today?

The service is available in all regions where VMware Cloud on AWS is available, including AWS GovCloud (US) region.

Where should the firewall policy be implemented?

Firewall policy must be implemented on the Management Gateway (MGW).

Which APIs are currently in preview?

The /networks resources and any APIs under this resource are currently marked as preview and may change in the future.

Which auditor is VMware using for the PCI Audit?

Coalfire is VMware Cloud on AWS PCI Auditor.

Which credit/debit cards can I use to purchase Single Host?

You can use your personal or corporate Mastercard, Visa, American Express, Discover, JCB or Diners Club credit cards.Please note, however, that Discover, JCB and Diners Club are only supported in certain countries.You may also use a debit card as long as it is Mastercard, Visa or American Express.

Which Managed Service Providers (MSPs) offer external storage with VMware Cloud on AWS?

Faction and Rackspace are currently supported Managed Service Providers (MSPs) that offer external storage for VMware Cloud on AWS.

Which version of Horizon will support VMware Cloud on AWS?

Full Clone desktop pool and manual RDSH farms will be supported starting with Horizon 7.5 and onwards.We are working towards additional support options.

Which version of VMware ESXi is available on VMware Cloud on AWS?

The version of ESXi running on VMware Cloud on AWS is optimized for cloud operations and is compatible with the standard vSphere releases.ESXi running on VMware Cloud on AWS may have a more frequent update cadence so that you can take advantage of regular service enhancements.

Which version of VMware Tools is available for my VMs running on VMware Cloud on AWS GovCloud (US)?

VMware will provide installers for a designated release of VMware Tools for all supported guest operating systems and will update those from time to time.You have the option of using a different version of VMware Tools than the one shipped with VMware Cloud on AWS to ensure there is a standardized version between their on-premises and VMware Cloud on AWS environment.You can either upload the desired VMware Tools ISO to vSphere Datastore or use Guest Operating System tools to deploy the desired VMware Tools version using Microsoft Windows SCCM, Linux apt-get, etc.

Which version of VMware Tools is available for my VMs running on VMware Cloud on AWS?

VMware will provide installers for a designated release of VMware Tools for all supported guest operating systems and will update those from time to time.You have the option of using a different version of VMware Tools than the one shipped with VMware Cloud on AWS to ensure there is a standardized version between your on-premises and VMware Cloud on AWS environment.You can either upload the desired VMware Tools ISO to vSphere Datastore or you can use Guest Operating System tools to deploy the desired VMware Tools version using Microsoft Windows SCCM, Linux apt-get, etc.

While configuring the port mirroring session what sources can users select?

User may select one or multiple virtual machines as a source.

Who can use VMware Cloud on AWS GovCloud (US)?

VMware Cloud on AWS GovCloud is only accessible to vetted U.S.entities and root account holders who must confirm they are U.S.Persons to gain access to these regions.VMware Cloud on AWS GovCloud customers and partners must obtain an AWS GovCloud account from AWS in order use this instance of the VMware service.

Who delivers billing and support for VMware Cloud on AWS GovCloud (US)?

VMware will sell, deliver and support VMware Cloud on AWS GovCloud (US).Billing for the VMware Cloud on AWS GovCloud (US) service will be directly billed to you by VMware.You will only receive a bill from AWS directly for AWS native services used in your own AWS accounts.

Who is responsible for conducting maintenance updates on my SDDC software running in VMware Cloud on AWS GovCloud (US)?

Maintenance for an SDDC running on VMware Cloud on AWS GovCloud (US) is performed by VMware.

Who is responsible for conducting maintenance updates on my SDDC software running in VMware Cloud on AWS?

Maintenance for an SDDC is performed by VMware.

Who is responsible for deploying and managing Horizon infrastructure on VMware Cloud on AWS?

You are responsible.The workflows of deploying and managing Horizon infrastructure is the same as on-premises.SDDC infrastructure and hardware management is the responsibility of VMware.

Who is responsible for deploying and managing TKG clusters on VMware Cloud on AWS?

Customers are responsible for deploying and managing TKG clusters on VMware Cloud on AWS.The workflows for deploying and managing TKG infrastructure are the same as those for on-premises.VMware is responsible for the management of SDDC software components and the IaaS infrastructure resources.

Who is responsible for supporting customers when they have issues?

VMware will provide VMware Global Support Services (GSS) and Customer Success team support for customers.You will be able to contact GSS via phone, chat feature in the service portal.VMware’s service operations team will handle escalations.

Who is responsible for supporting customers when they have issues?

VMware will provide VMware Federal Global Support Services (GSS) and Customer Success team support for customers.Customers will be able to contact GSS via phone, chat feature in the service portal.VMware’s service operations team will handle escalations.

Who owns Customer Content?

You always retain ownership of your Customer Content.VMware will not access or use your Customer Content for any purpose except as necessary to provide the VMware Cloud on AWS Service to you and as set forth and permitted in our Terms of Service with you.

Why Do We Need Metal Packaging Token Tokens?

Besides the obvious reason that by holding MPT tokens we are actually helping the environment, and therefore the well-being of our planet, Metal Packaging Token tokens will be tradeable on (decentralized) exchanges.This means holders can trade them for EOS or other cryptocurrencies.Via this route, a cash-out in fiat currencies will, of course, also be possible.

Why does VMware SD-WAN solution matter to me?

VMware provides hybrid and multi-cloud capacity while VMware SD-WAN provides the fabric between clouds.As customers leverage more of VMware Cloud on AWS, SD-WAN will offer the optimal connectivity VMware Cloud on AWS.

Why does vSAN require slack space?

Like any storage system, vSAN uses slack space to maintain the health of the system.This space is used for re-balancing objects, performing operations like deduplication and for recovering from hardware failures.

Why must ALL VMs encounter an SLA Event in order for it to count towards receiving a SLA Credit?

Although a single VM losing network connectivity or access to storage is a serious problem, it is not considered to be an SLA Event since the SLA is designed to cover infrastructure availability.It would be highly unlikely that a single VM in a cluster would lose network connectivity or access storage while other VMs can successfully send/receive packets or perform read/write operations.If vSAN is not available, all VMs in the SDDC will lose access to storage.The same holds true for the NSX service – all of the VMs in the SDDC will lose connectivity.In VMware’s experience, a single VM losing connectivity or storage access it is caused by an invalid configuration setting affecting the specific VM.If a customer believes it has experienced an SLA Event that affects a single VM, the customer should contact VMware to assist in the investigation.

Why must the duration of an SLA Event be 4 minutes before it counts towards receiving a SLA Credit?

Service availability impacting events can cause serious problems even if they only last a couple of seconds.However the VMware Cloud on AWS SLA requires an SLA event to exceed 4 minutes for both technical and practical reasons.1.There are situations that a customer can create that can make a component appear to be unavailable, such as bandwidth or IOPS saturation, maximum utilization of system resources, or DR fail-overs.Typically these conditions remedy themselves relatively quickly but it could appear to a customer or monitoring tool that the component is down.Through operational experience, VMware has determined that a four minute window helps to avoid reporting false outages caused by these situations.2.The monitoring tools used by VMware poll the critical components frequently, but it is not practical to poll every instance of every component, every second.Therefore, VMware needs a window during which multiple availability tests can be run across components and on each component more than once to determine that there is an actual SLA Event.3.If a component fails, it switches over to a redundant or backup instance or is remediated by an automated system – typically within seconds.However, recovery of a workload and system after the component is restored can take several minutes (workloads restarted, traffic rerouted etc.).This recovery is not counted as an SLA Event unless the recovery time exceeds four minutes.

Why should I use VMware Cloud on AWS GovCloud (US)?

VMware Cloud on AWS GovCloud (US) provides a consistent and interoperable infrastructure and services between VMware-based data centers and the AWS cloud, which minimizes the complexity and associated risks of managing diverse environments.VMware Cloud on AWS GovCloud (US) offers native access to AWS services and innovation that extends the value of enterprise applications over their lifecycle.With the same architecture and operational experience on-premises and in the cloud, IT teams can now quickly derive instant business value from use of the AWS and VMware hybrid cloud experience.

Will customers be able to disable the feature of forwarding packet logs to vRealize Log Insight Cloud service?

Yes, you can enable or disable the ingestion of packet logs in the vRealize Log Insight Cloud UI.

Will customers have access to VMware Cloud on AWS Firewall packet logs?

Yes, packet logs are forwarded to the vRealize Log Insight Cloud service.

Will customers need to buy any additional VMware Cloud on AWS licenses in order to deploy a PCI Compliant SDDC?

No, the published pricing for bare metal VMware Cloud on AWS hosts is all that is required from a cost perspective.There are no additional charges for PCI SDDCs.

Will default logical network be created for one node SDDC?

Yes.Default logical network will be created in one node SDDC.Customers must make sure that there is no overlap with CIDR 192.168.1.

Will eDRS just keep adding hosts? Are there any limits to that?

No, eDRS will not add hosts sequentially.eDRS is throttled to prevent runaway cluster scaling.The system is also monitored by our operations team to ensure that scale operations are conducted correctly.

Will eDRS just keep adding hosts? Are there limits?

No, eDRS will not add hosts sequentially.eDRS is throttled to prevent runaway cluster scaling.The system is also monitored by our operations team to ensure that scale operations are conducted correctly.

Will eDRS scale my clusters down also?

Yes.When your cluster is lightly loaded, eDRS will also scale down automatically.

Will eDRS scale my clusters down also?

Yes.When your cluster is lightly loaded, eDRS will also scale down automatically.

Will Horizon on VMware Cloud on AWS be at feature parity with Horizon on-premises?

The Horizon architecture is exactly the same whether it’s running on-premises or on VMware Cloud.However, there are certain Horizon features we do not plan to support on VMware Cloud on AWS: • View Composer / Linked Clones o This applies to both Linked Clone VDI pool as well as Linked Clone RDSH farms.Customers using Linked Clones on-premises will be asked to use Instant Clones on VMware Cloud.

Will I be able to see the BGP routes advertised from on-premises over VPN?

Yes.In the Route based VPN tab, users can now click on "View Routes" to see the advertised networks from on-premises.Users also have choice to "download routes".

Will I be able to use VMware’s Storage Policy Based Management (SPBM) to provision and manage storage for virtual machine applications?

Yes.You have the flexibility to create specific policies catering to your application needs, including RAID levels, checksum, object space reservation, and IOPS limit.You can apply these policies at the individual vdisk level, or you can choose the default vSAN Datastore policy for simplicity.

Will I need an AWS GovCloud (US) account for VMware Cloud on AWS GovCloud (US) service?

Yes, you will need an active AWS GovCloud (US) customer account that will be linked to the VMware Cloud on AWS GovCloud (US) service.If you don’t have an existing AWS GovCloud customer account, you will be asked to create one as part of the onboarding process.One of the key benefits of this offering is seamless integration with other AWS services such as Amazon S3, Redshift and other Amazon EC2 instances.VMware will bill you for what you use in the VMware Cloud on AWS GovCloud (US) and separately, AWS will bill the customer for any AWS services they use within their own AWS GovCloud (US) account.

Will my card be charged any amount when adding the card as a payment method?

No.We verify to ensure your credit card is valid, but the validation is done with a zero-dollar value authorization.

Will my security policy and services migrate when the VM is live migrated to the VMware Cloud on AWS SDDC using vMotion?

No.You are responsible for moving the security policy and services.

Will NSX L2 VPN layer 2 network extension work with any other vendor device?

No.You need an NSX standalone edge that you can download separately or have NSX on-premises.

Will PCI Compliant SDDCs be upgraded similar to standard SDDC's?

Yes.Just like standard SDDCs provisioned on 1.14 or later, patching and upgrading will be automatically handled by the VMware Operations team via standard lifecycle processes.

Will the vRealize Network Insight Cloud collector automatically restart after a service outage (let's say upgrade)?

Yes.

Will VMware bill me for hosts added automatically?

Yes.You are billed for all hosts in your environment per running host hour.

Will VMware bill me for hosts added automatically?

Yes.You are billed for all hosts in your environment per running host hour.

Will VMware Cloud on AWS GovCloud (US) be running on a nested ESXi architecture?

No.ESXi runs directly on bare metal without the use of nested virtualization, while still participating in Amazon VPC networking.

Will VMware ever add hosts to my cluster without my permission?

Yes.As part of our responsibility for maintaining your working SDDC, we may add additional hosts to your SDDC if the health of this SDDC is in danger.Generally, this only occurs when your datastore fills up to an unsafe level.As per our SLA, we require 25% "slack space" in order to support your SDDC.

Will VMware ever add hosts to my cluster without my permission?

Yes.As part of our responsibility for maintaining your working SDDC, we may add additional hosts to your SDDC if the health of this SDDC is in danger.Generally, this only occurs when your datastore fills up to an unsafe level.As per our [SLA,] (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/vmw-cloud-aws-service-level-agreement.pdf) we require 25% "slack space" in order to support your SDDC.

Will you continue to support existing Direct Connect Private VIF configuration that uses Public ASN?

Yes.We will continue to support existing Direct Connect configurations.

With Custom CPU Core Count, can I specify the lower number of CPU cores for my initial SDDC cluster (Cluster 0)?

No, this is for additional clusters only.Cluster 0 must have all cores enabled.

With multi-cluster support, can I remove the original cluster created when the SDDC was created?

No.Only additional clusters can be removed.You must have one cluster in your SDDC and this cluster must be the original cluster deployed when the SDDC was created.

With multi-cluster support, how do I move VM's to the new cluster?

Once the new cluster is provisioned, you can cold migrate or vMotion VMs to this cluster via vCenter the same way you would move VMs on premises.

With NSX-T, do I only have to establish one VPN tunnel for Management and workload traffic?

Yes.With NSX-T, user needs to establish just one tunnel.

With partition placement groups automatically enabled, what happens when a host is removed or replaced?

When a host is removed, the preference is to remove a host that is not inside a partition; new hosts are added into partitions whenever possible.In this way, SDDCs will benefit from more partitions over time.

With this added flexibility, do I now have access to the entire inventory tree?

Yes, you now have access to the entire inventory tree.However, in order to limit contention across the VMs that you create, we strongly recommend that you continue to use the Compute Resource Pool as the location to create your VMs.

Would customers need a Multi-org setup after enabling two sellers?

More than one org is not needed to support multiple Sellers of Record and it is not encouraged to have more than one org with VMware Cloud on AWS SDDCs.

Would I get notified when hosts are added to my SDDC automatically?

Yes, you will get notified via email and in-console notification right after hosts are added.

History of Metal Packaging Token

Fourth, to migrate individual virtual machines from your on-premises vCenter Server to your VMware Cloud on AWS SDDC you can perform a cold migration, with a powered-off virtual machine, or vMotion of a live virtual machine.

How can I pay for the new region?

You can use a fund with SPP or HPP credits or a credit card.

How can I purchase Single Host SDDC Offering?

There are three payment methods available for the service.You can choose to pay for the service via credit card, by invoice, or you can purchase Subscription Purchasing Program (SPP) credits or Hybrid Purchasing Program (HPP) credits and redeem those credits on the service.

How can I purchase Tanzu Application Service for VMware Cloud on AWS?

Tanzu Application Service is a separate purchase from your VMware Cloud on AWS subscription.

How can I purchase the 2-host cluster?

The 2-host cluster can be purchased in the same manner as any other SDDC and can be spun up in just hours in a similar fashion to the Single Host SDDC and 3-host SDDC.Once provisioned, it can be scaled up in a matter of minutes to a 3-host SDDC.

How can I purchase the service?

Please contact your VMware account team.You can purchase either Subscription Purchasing Program (SPP) credits or Hybrid Purchasing Program (HPP) credits and redeem those credits on the service.Please refer to the following websites for more details on these credit programs: SPP Program Guide HPP Program Guide You can also use your credit card or pay by Invoice for the service.

How can I purchase the VMware Cloud on AWS GovCloud (US) service?

VMware Cloud on AWS GovCloud (US) is available on-demand or in 1-year and 3-year subscriptions.Please contact your VMware account team or VMware partners for more information.

How can I request approval for penetration testing applications and systems in my SDDC?

VMware has a comprehensive vulnerability management program that includes third-party vulnerability scanning and penetration testing.VMware conducts regular security assessments to maintain VMware Cloud on AWS compliance programs and continuously improve cloud platform security controls and processes.While the requirements to conduct penetration testing vary by industry compliance regulations, customer environments benefit greatly with penetration testing to measure the security effectiveness within their virtual infrastructure (SDDCs) and applications.To notify VMware that you plan to conduct penetration testing, please use this Request Form to provide us relevant information about your test plans.VMware will respond with an approval by email.Penetration testing must be conducted in accordance with our Penetration Testing Rules of Engagement.

How can I use API Explorer with NSX-T APIs?

Go to API Explorer, which can be found under the Developer Center.From API Explorer, select your Organization and SDDC, and you will see both "NSX VMC Policy" API and "NSX VMC AWS Integration" API.Click on the one you would like to use.You will see a list of relevant NSX APIs.You can put in the requested information and click the Execute button to execute the API.

How can I utilize Groups?

Inventory Groups make it easier to create and apply security policies.Users can create Groups using Virtual Machine name, tag, OS name, logical segment and IP set as membership criteria.It’s particularly useful for customers that need the ability to dynamically micro-segment virtual machines based on these criteria.Nesting go Groups is supported – users can now create groups nested inside other groups (also called ‘nested groups’).This gives users the ability to apply security policies encompassing wider groups but also more granular rules.This enables administrators to have security policies as close as business and compliance policies.The scale has also significantly increased: users can now manually add 500 VMs to a group, instead of the previous limitation of 5 VMs.

How can I utilize Jumbo Frames?

VMware Cloud on AWS supports Jumbo Frames for networking traffic on Direct Connect.To fully benefit from Jumbo Frames and avoid fragmentation, you must ensure that the Direct Connect interface MTU is set equal to the end to end path MTU from your SDDC to your Data Center over Direct Connect.On the AWS Account, the Direct Connect private VIF must be created with this MTU size.On the SDDC, the Intranet uplink MTU must be set to 8900.

How can I view partitions for my SDDC?

Partition placement is not configurable or viewable by customers.

How can VM template support in VMware Cloud on AWS Content Library help me?

VM templates enable consistency and ease of VM content management.You can add a VM template to Content Library, delete it, rename it, update Notes, or create a new VM from it.• To create or add a template to Content Library, select a VM, click Clone, and select an option to clone it into a library as a VM template.Note: the library has to be local (not published).• To create a VM from a VM template in Content Library, simply select a VM template, click New VM from this Template, and follow the steps in a wizard.The wizard is similar to the one that you are familiar with using for OVF templates or outside of Content Library.

How do I access the Audit and Security Logs?

From the VMware Cloud Console simply click open on the vRealize Log Insight Cloud panel.The security and audit logs for your VMware Cloud on AWS instance will be available for query.

How do I access the Migration Assessment?

VMware Cloud on AWS customers can access the Migration Assessment via Cost Insight through the CSP console.No separate activation for Cost Insight is needed.

How do I access the VMware Cloud on AWS sizing and assessment tool?

You can access the tool without any credentials.However, to complete the TCO, you must register with an email address and use those credentials to log into the tool.

How do I activate vRealize Log Insight Cloud?

In the VMware Cloud Console select Open from the vRealize Log Insight Cloud panel.You will be asked to accept the activation.Once you have accepted the activation you will receive a 30-day free trial of vRealize Log Insight Cloud.

How do I activate vRealize Network Insight Cloud service?

Here is the procedure: 1.Click the activation link in your invitation mail.2.Sign up for VMware Cloud.a.If you have a VMware ID, follow the steps to sign up to VMware Cloud with your VMware ID credentials.b.If you do not have a VMware ID, follow the steps to create your My VMware account, and sign up to VMware Cloud.3.Log in to VMware Cloud with your VMware ID.If you are not redirected to the VMware Cloud Service Portal (CSP) page, go to this link.Click the vRealize Network Insight Cloud tile on the CSP page.4.Login to the Network Insight service using your My VMware Credentials.

How do I add a credit card as a payment method?

You can add a credit card during the initial onboarding or add it via the Cloud Console.

How do I configure ECMP with IPSEC VPN?

There is no ECMP setting to enable.If there are multiple VPN tunnels, all VPNs tunnels will be used.Whether a tunnel is active/standby for routes is controlled via BGP metric from on-premises or the other side.

How do I configure my SDDC’s traffic to use Multi Edge SDDC?

Multi Edge SDDC uses Source Based Routing to network traffic flows.To identify traffic, configure a prefix-list of subnets or IP addresses to use the Traffic Group and then associate the prefix-list to the Traffic Group.

How do I configure the vCenter Cloud Gateway to link the on-premises data center to the cloud SDDC?

During the installation of the vCenter Cloud Gateway, you configure it to join your on-premises SSO domain.The next step in the installation process is to link to the cloud SDDC by configuring vCenter Hybrid Linked Mode (HLM).

How do I connect my SDDC to a different AWS account?

When creating your SDDC, select Connect to a New AWS Account from the Choose an AWS Account drop down in step number one of creating an SDDC.

How do I connect to the vCenter Server in my SDDC on VMware Cloud on AWS GovCloud (US)?

By default, there is no external access to the vCenter Server system in your SDDC on VMware Cloud on AWS GovCloud (US).Open access to your vCenter Server system by: • Configuring a firewall rule to allow access to the vCenter Server system.

How do I connect to the vCenter Server in my SDDC on VMware Cloud on AWS?

By default, there is no external access to the vCenter Server system in your SDDC on VMware Cloud on AWS.Open access to your vCenter Server system by: • Configuring a firewall rule to allow access to the vCenter Server system.• Configuring an IPsec VPN or Direct Connect between your on-premises data center and your SDDC to access the vCenter privately.vCenter is also accessible privately from the linked VPC and from a compute VM in the SDDC.

How do I continue accessing vRealize Automation Cloud after the trial period offered by vRA Add-on is over?

Before the trial period is over and data is lost, customer should contact VMware account team to become a paid subscriber.

How do I control my budget with eDRS?

When configuring eDRS you configure the minimum and maximum allowed cluster size.eDRS will only scale within the limits you set.

How do I control my budget with eDRS?

When configuring eDRS, you configure the minimum and maximum allowed cluster size.eDRS will only scale within the limits you set.

How do I control my licensing, while leveraging Custom CPU Core Count capability?

To preserve the number of licensed CPU cores, it is highly recommended that you leverage VMware Cloud on AWS Compute Policies (Simple VM-Host Affinity) to tag all applicable VMs and all the original hosts in the cluster, so that the compute policy can keep these VMs on those hosts.During regular VMware Cloud on AWS patch and upgrade operations, an additional host is added to a cluster.Therefore, you need to include the license for this additional host in your initial licensing contract, making it N+1 since day one.

How do I create a subscription for 1-year and 3-year subscription options?

After you land on the VMware Cloud on AWS Console, you can click on the “subscription” tab in the navigation bar to create a subscription.Once the subscription is created, you can start enjoying the discounted rate for the number of hosts that you purchase.Please note that the subscription is charged upfront or monthly to your payment method.

How do I enable EDRS Rapid Scale Out?

EDRS Rapid Scale-Out is enabled through the UI as a new EDRS policy type or via the edrs-policy API.

How do I enable EDRS Rapid Scale Up?

EDRS Rapid Scale Up is enabled via the edrs-policy API.

How do I get access to vRealize Network Insight?

You can download vRealize Network Insight platform and collector OVA under All Downloads section of your My VMware account.For an evaluation license, go to the My Evaluation section of your My VMware account.For vRealize Network Insight perpetual license, reach out to your VMware sales team.

How do I get application logs in addition to security logs from VMware Cloud on AWS?

Currently, in order to get additional logs, such as application logs, you must deploy a Cloud Data Collector into your VMware Cloud on AWS instance and point your applications to the data collector for ingestion into vRealize Log Insight Cloud.The data collector is a lightweight OVA which can be installed following the normal OVA vCenter deployment process.Instructions to download and deploy the data collector are available invRealize Log Insight Cloud under the Data Collector information page.

How do I get more information about VMware HCX?

Learn more here.Try the Hands-on-Lab for VMware HCX.

How do I get notified about a security incident with the VMware Cloud on AWS Service?

If the VMware Security Operations Center (SOC) detects or is notified by AWS about suspicious activity that potentially affects the VMware Cloud on AWS service or one of its customers, the VMware Incident Response team immediately investigates to determine if a security incident occurred.If VMware has reasonable suspicion or confirmation of a security incident that affects a customer, the VMware Incident Response team and the VMware Cloud on AWS Operations team will contact the customer directly via email from vmc-services-notices@vmware.com to the email addresses of all organization owners.

How do I get started with VMware Cloud on AWS GovCloud (US)?

VMware Cloud on AWS GovCloud (US) is available through VMware and its many partners in the VMware Partner Network.You can get started [here.] (https://cloud.vmware.

How do I get support for onboarding to VMware Cloud on AWS?

Technical support is provided through the chat widget in lower right corner after you create an Org and provision an SDDC.

How do I get support when validating my solution on VMware Cloud on AWS?

Partners have been given access to the DCPN (Developer center partner network) and can communicate with the VMware team by submitting DCPN cases in the DCPN projects as below: • For technical issues, submit DCPN Case in this DCPN project -> priv–cloud-permissions-partner_TR • For program issues, submit DCPN Case in this DCPN project -> priv–cloud-permissions-partner_PR.• Use your myvmware.com account/password to log into VMware{code} and DC Partner Network.

How do I get technical support for vRealize Automation Cloud?

VMware Cloud on AWS users can avail of all support channels from VMware if they run into any issue.If the Level 1 triage deems this to be related to vRealize Automation Cloud, the case will be internally routed to vRealize technical support.

How do I get this vRA Add-on if I am a VMware Cloud on AWS user?

Each VMware Cloud on AWS SDDC is eligible for vRealize Cloud trial activation.You will be able to see the vRealize Cloud Activation tile on your VMware Cloud on AWS console.If you don’t see the tile, you may have to contact your org’s admin.

How do I get vRealize Network Insight Cloud service support?

After you have activated the vRealize Network Insight Cloud service and are logged in to the service console, use In-Service chat support by clicking on the Chat Button at the bottom right corner of the screen.

How do I install a patch for VMware Cloud on AWS GovCloud (US) service?

VMware handles all patching and updates for VMware Cloud on AWS GovCloud (US) service.

How do I install a patch?

VMware handles all patching and updates.

How do I install Horizon on VMware on AWS?

The installation of Horizon on VMware on AWS is similar to installing Horizon on-premises.More details will be provided in the Horizon 7.5 product documentation.

How do I know a product offering is supported by a seller?

A list of VMware product offerings supported by AWS and VMware within the VMC Console or elsewhere on a VMware property is available here.

How do I manage resources on VMware Cloud on AWS GovCloud (US)?

You can use the same management tools you use today.A vCenter Server instance is deployed as part of every VMware Cloud on AWS GovCloud (US) SDDC.You may connect to this vCenter Server instance to manage their VMware Cloud on AWS GovCloud (US) clusters.A VMware Cloud Web Console is provided which allows for common tasks such as add/remove hosts, configure firewalls and other basic networking settings.It is important to note that tools that require plug-ins or extensive vSphere permissions may not function properly in VMware Cloud on AWS GovCloud (US).VMware Cloud on AWS GovCloud (US) uses a least privilege security model in which the customer (and therefore their tools) do not have full administrative access.

How do I prevent VMware from adding hosts to my SDDC?

Generally, we advise customers to monitor their capacity and take action when the system passes 70% capacity.At that point, some customer action should be taken.If you take corrective action at 70%, automated remediation by VMware will not occur.

How do I prevent VMware from adding hosts to my SDDC?

Generally, we advise customers to monitor their capacity and take action when the system passes 70% capacity.At that point, some customer action should be taken.If you take corrective action at 70%, automated remediation by VMware will not occur.

How do I provision an SDDC in a newly available region?

Select the newly available region when creating your SDDC.It is that simple.You can provision an SDDC in a newly available region in a similar manner to the way you provision an SDDC in other available regions.The region selector will now have another option for the new region.The SDDCs you create in the new region will appear on your dashboard along with your other SDDCs.Further, you can contain SDDCs from different regions.

How do I purchase external storage?

External storage as well as the VMware Cloud on AWS SDDC is purchased through the Managed Service Provider (MSP).

How do I request a SLA Credit?

To request an SLA Credit for VMware Cloud on AWS, you must file a support request at https://my.vmware.com within sixty (60) days after the suspected SLA Event.Dates and times of the SLA event(s) Org ID SDDC ID Description of the event and any related support incident ticket numbers.VMware will review the request and issue an SLA Credit when VMware validates the SLA Event based on VMware’s data and records.

How do I scale up to a production SDDC?

You can simply click on the "Scale Up" button to scale up to the standard production SDDC service.Your data will be retained.If you want to contact our sales team, please reach out to us via the chat service.

How do I select IO profiles which are not listed on the sizing and assessment tool?

The IO profiles are tied to underlying VMware Cloud on AWS performance data.To get the most optimized performance, select the ratio closest to the ratio that you require.

How do I self-onboard to the VMware Cloud on AWS service?

Here is a video with onboarding checklist and step by step instructions to self-onboard on VMware Cloud on AWS.Please check it out.

How do I set up VMware SD-WAN?

If you have access to both the VMware SD-WAN Orchestrator and your VMware Cloud Console, please follow the deployment guide located at the VMware SD-WAN Documentation site located here.

How do I sign up for Network Insight VMware Cloud Service?

You can sign up for vRealize Network Insight Cloud service here • You will be offered a 30-day free trial initially.After the trial period is over, you will be charged as per your chosen subscription plan.• You sign up for vRealize Network Insight Cloud service with your MY VMware ID.If you do not have a My VMware account, please create one before the sign up by going to this link Alternatively, you can ask your VMware sales team to submit a vRealize Network Insight Cloud access referral on your behalf.

How do I sign up for the service?

Please contact your VMware account team, VMware Partner Network, AWS account team or AWS partner network.

How do I sign up for the VMware Cloud on AWS GovCloud(US) service?

Please contact your VMware account team or VMware partners for more information.

How do I sign up for VMware HCX?

VMware HCX was made available in December 2017.This service is now included with your VMware Cloud on AWS subscription.To activate, login to VMware Cloud Services portal at https://cloud.vmware.com and enable HCX for your VMware Cloud on AWS SDDCs.VMware HCX is integrated with vSphere web client so you can use the same management environment for day to day operations.

How do I use Custom CPU Core Count feature?

Go to the VMware Cloud on AWS Console, click on your SDDC and select Add Cluster action.Under the section Cluster to Be Added you will see that you can specify the Number of CPU Cores Per Host.

How do you achieve resiliency for the L2 VPN Client?

Users can choose to deploy two standalone edge devices and configure them as active and standby for resiliency.

How does Automatic adjustment of vSAN policy benefit me?

VMware Cloud on AWS provides a 99.9% availability commitment as per the SLA.If an SLA event occurs i.e.a service component is unavailable, you will be eligible for SLA credits, provided that your cluster meets certain protection requirements that are set by storage policies.By allowing VMware Cloud on AWS to automatically set these policies for you, the criteria required to be eligible for these credits is already taken care of while ensuring that your clusters have the optimal level of protection.

How does Cloud Native Storage work?

Cloud Native Storage (CNS) comprises of two parts: A Container Storage Interface (CSI) plugin for K8s and the CNS Control Plane within vCenter.There is nothing to install or configure within the service to get this integration working.Simply deploy Kubernetes with the vSphere CSI.

How does CloudHealth collect cost data for VMware Cloud on AWS?

CloudHealth collects cost data from the customer’s VMware Cloud Service Provider (CSP) bill.

How does CloudHealth connect to VMware vSphere and VMware Cloud on AWS environments for asset collection?

CloudHealth Hybrid connects to VMware environments the same way as CloudHealth Data Center.With agentless integration into VMware vSphere environments or an agent-based approach for physical machines, customers can track usage, inventory, CPU, memory and disk metrics.Using a secure aggregator (with or without a proxy), CloudHealth connects via API to the customer’s vSphere and VMware Cloud on AWS environments (using a read-only VMware vCenter account).Every 15 minutes CloudHealth collects configuration information about all VMs and every 60 mins it collects VM metrics.

How does Compute Policy differ from DRS rules?

Given the granular cluster level at which DRS operates, it becomes difficult to manage, replicate and update the static rules (laid down in the beginning) as the underlying infrastructure grows (number of VMs, hosts, applications).Similarly, the intent (the why and what) for which the rules were created is lost over a period of time.To get around this, Compute Policy provides a higher level of abstraction to capture the customer intent at a SDDC level rather than at a cluster level at which DRS operates.As a result, a single policy can apply to multiple clusters within the SDDC at the same time.It aims to provide a framework to not only allow placement and load balancing decisions for VMs, but also to handle entire workloads.

How does connectivity between the overlay network and the NSX management appliances work with NSX-T?

By default the Compute Gateway and Management Gateways are connected through a logical segment.You can control communication through the firewall policy on the Management Gateway.

How does data at rest encryption work in VMware Cloud on AWS GovCloud (US)?

Customer data at rest will be natively encrypted by vSAN.vSAN will use AWS Key Management Service (KMS) to generate the Customer Master Key (CMK).While CMK is acquired from AWS, two additional keys are generated by vSAN.Those keys are an intermediate key, referred as Key Encryption Key (KEK) and Disk Encryption Key (DEK).The CMK wraps the KEK and the KEK in turn wraps the DEK.The CMK never leaves AWS control.Encryption and decryption of the KEK is offered via standard AWS API call.One CMK and one KEK is required per cluster and one DEK for every disk in the cluster.

How does data at rest encryption work in VMware Cloud on AWS?

With the latest release, all customer data at rest will be natively encrypted by vSAN.vSAN will use AWS Key Management Service to generate the Customer Master Key (CMK).While CMK is acquired from AWS, two additional keys are generated by vSAN.Those keys are an intermediate key, referred as Key Encryption Key (KEK) and Disk Encryption Key (DEK).The Customer Master Key (CMK) wraps the Key Encryption Key (KEK), and the Key Encryption Key (KEK) in turn wraps the Disk Encryption Key (DEK).The CMK never leaves AWS control.Encryption and decryption of the Key Encryption Key (KEK) is offered via standard AWS API call.One Customer Master Key (CMK) and one Key Encryption Key (KEK) is required per cluster and one Disk Encryption Key (DEK) is required for every disk in the cluster.

How does data encryption at rest work on VMware Cloud on AWS?

Customer data at rest is natively encrypted by vSAN.vSAN uses AWS Key Management Service to generate the Customer Master Key (CMK).While CMK is acquired from AWS, two additional keys are generated by vSAN.Those keys are an intermediate key, referred as Key Encryption Key (KEK) and Disk Encryption Key (DEK).

How does Deduplication & Compression work in VMware Cloud on AWS?

Deduplication removes redundant data blocks, whereas compression removes additional redundant data within each data block.These techniques work together to reduce the amount of physical storage required to store the data.VMware vSAN applies deduplication followed by compression as it moves data from the cache tier to the capacity tier.

How does eDRS affect my bill?

You are billed per host per hour on VMware Cloud on AWS.eDRS simply changes the number of hosts you have running in your SDDC.It is the same as if you manually added hosts to your SDDC.

How does eDRS affect my bill?

You are billed per host per hour on VMware Cloud on AWS GovCloud (US).eDRS simply changes the number of hosts you have running in your SDDC.It is the same as if you manually added hosts to your SDDC.

How does EDRS decide to scale out when capacity (Storage/CPU/Memory) exceeds a threshold in only one of the Availability Zones?

EDRS monitors utilization in each Availability Zone.A scale-out event is triggered when a threshold is exceeded in either Availability Zone.Scale-in, on the other hand, occurs only when utilization goes below the threshold in both Availability Zones.

How does per-VM EVC interact with cluster EVC while they co-exist?

Cluster EVC is not enabled in VMware Cloud on AWS.Only Per-VM EVC will be able to be set.

How does Tanzu Kubernetes Grid support for VMware Cloud on AWS relate to vSphere with Kubernetes?

vSphere 7 with Kubernetes is available through VMware Cloud Foundation.It delivers the essential services that power Hybrid Infrastructure Services.The Hybrid Infrastructure services and Tanzu Kubernetes Grid Service are part of the VMware Cloud Foundation Services, available through VMware Cloud Foundation 4.Read more about it in this blog.vSphere 7 with Kubernetes will be available on VMware Cloud on AWS in the future.Customers who want to get started with Kubernetes and containers on VMware Cloud on AWS can get started with Tanzu Kubernetes Grid.Customers are responsible for deploying and managing TKG clusters on VMware Cloud on AWS.

How does the Disable DRS vMotion policy work?

This policy indicates that DRS would not migrate or load balance a virtual machine away from the host on which it was powered-on, except for the case when the host is being put into maintenance mode.This policy can be useful for applications that may be sensitive to vMotions, (e.g., large real-time/latency sensitive transactional databases or VoIP applications.The VMs subjected to this policy are identified using vSphere tags, and this policy is not applicable for a power-on operation.However, once a VM is powered on, and is subjected to this policy, it will not be moved to remediate a VM-Host affinity or VM-VM Anti-affinity policy.

How does the resource utilization plan impact my sizing exercise?

In a real-world deployment, not all VMs run at the same utilization.The resource utilization plan takes this into consideration by ensuring that you allocate different percentages of utilization to groups of VMs running your applications.By using the resource utilization plan (RUP), you can modify the overcommit in the advanced settings tab, located in the additional information section of the workload profile.Modify the values to more closely meet your desired consolidated state, (e.g., changing % VMs value to 100% and run at 80% would mean that you are anticipating a net utilization cluster wide of 80%.

How does the TRIM/UNMAP feature work?

The guest OS will issue these commands automatically and will continue to run in the background until all the unused blocks are reclaimed.

How does the vCenter Cloud Gateway get updated?

The vCenter Cloud Gateway gets automatically updated following the VMware Cloud on AWS SDDC updates.It periodically checks against the cloud version and auto-updates when a new version is available.

How does the VM-VM Affinity policy work?

Enforcing a VM-VM affinity policy means that DRS will try to ensure that it keeps each VM that has the policy’s VM tag on the same host.This affinity relation between the VMs will be considered by DRS during VM power-on, host maintenance mode and load balancing.

How does the VM-VM Anti-Affinity policy work?

Enforcing a VM-VM anti-affinity policy implies that DRS will try to ensure that it keeps each VM (that has the policy’s VM tag) on different hosts.This anti-affinity relation between the VMs will be considered by DRS during VM power-on, host maintenance mode and load balancing.If a VM is involved in a VM-VM anti-affinity policy, then DRS will always prefer those candidate hosts which do not have any powered-on VM that has the policy’s VM tag.

How does VMware Cloud Director service enable multi-tenancy on VMware Cloud on AWS?

VMware’s flagship cloud services platform, Cloud Director, delivers multi-tenant resource pooling: Cloud Director helps create virtual datacenters from common or distributed infrastructure to cater to heterogeneous enterprise customer needs.With Cloud Director service, a cloud provider can host and serve multiple customers from a single VMware Cloud on AWS SDDC.

How does VMware Cloud Marketplace relate to VMware Solutions Exchange (VSX)?

VSX is a repository of technology solutions that complement, integrate or interoperate with VMware’s portfolio of products.On the other hand, VMware Cloud Marketplace is an engineered, curated and managed marketplace where users can discover and enable deployment of third-party and open-source solutions directly from their VMware platform environment.

How does VMware Cloud on AWS comply with the California Consumer Privacy Act (CCPA)?

The California Consumer Privacy Act (“CCPA”), which comes into effect on January 1, 2020, applies to businesses that provide services to consumers in California.It gives individuals certain rights regarding the processing of their personal data.Under the CCPA, VMware acts as a “service provider” with respect to any Personal Data contained within Customer Content, and we will not access or use the Customer Content for any purpose except as necessary to provide the VMware Cloud on AWS service, and as set forth and permitted in our Terms of Service.VMware will assist you, as a customer, in responding to data subject access requests under the CCPA as set forth in our Data Processing Addendum.

How does VMware Cloud on AWS comply with the EU General Data Protection Regulation (GDPR)?

Under the EU General Data Protection Regulation (“GDPR”), VMware is the “processor” with respect to any Personal Data that may be contained within the Customer Content.VMware’s obligations and commitments as a processor under GDPR are set forth in VMware’s Data Processing Addendum.VMware has achieved Binding Corporate Rules (“BCR”) approval for Personal Data it processes.Evidence of approval of VMware’s BCRs is available on the European Commission’s website.

How does VMware Cloud on AWS notify customers about a Material Degradation of either the Service or Service Offering Documentation?

In the unlikely event that VMware makes a material, detrimental change to the Service Offering or the Service Offering Documentation, VMware will notify you prior to the effective date of that change.Notification of a Material Degradation of the service or Service Offering Documentation will be sent from the email ID vmc-services-notices@vmware.com to the email addresses of all organization members and organization owners.

How does VMware Cloud on AWS notify customers about changes to the VMware Cloud on AWS service?

Updates to the VMware Cloud on AWS service may include new functionality, bug fixes and new operational enhancements, patches include bug fixes and security patches.Detailed information about the contents of an update can be found on the Release Notes page: https://docs.vmware.com/vmc/releasenote.Communication about new releases are sent from the email ID vmc-services-notices@vmware.com to the email addresses of all organization members and organization owners.

How does VMware Cloud on AWS segregate customers' environments?

VMware Cloud on AWS has three independent and comprehensive isolation layers in place to segregate customers’ environments.A Software Defined Data Center (SDDC) is deployed in a dedicated AWS Virtual Private Cloud (VPC) that is owned by an AWS Account created exclusively for the customer.Amazon Accounts and Amazon VPC’s are the mechanisms implemented by AWS to logically isolate sections of the AWS Cloud for each customer.Each SDDC is deployed on dedicated bare metal hardware – providing physical isolation between customers’ environments.Dedicated hardware means that customers do not share the physical processor, memory or storage with anyone else.VMware vSphere is deployed in each SDDC which allows customers to logically isolate their Customer Content by creating resource pools and configuring vSphere permissions to control who has access to Customer Content within their own organization.

How does VMware ensure that third-party solutions on VMware Cloud Marketplace are validated to work on VMware Cloud on AWS?

All deployable third-party solutions on VMware Cloud Marketplace must receive certifications appropriate for the VMware platform on which they are validated.

How does VMware notify me about planned or unplanned SDDC Maintenance?

VMware is responsible for managed delivery of Software Defined Data Center updates and emergency patches.This involves maintaining consistent software versions across the SDDC fleet with continuous delivery of features and bug fixes.Detailed information about the SDDC upgrade and maintenance process is available in SDDC Upgrades and Maintenance page.Typical updates are scheduled based on SDDC regions, outside business hours and are not workload impacting.Major updates occur approximately once a quarter with patch bundles in between.Updates may include new functionality, bug fixes and new operational enhancements, patches include bug fixes and security patches.VMware attempts to provide update notifications several weeks in advance but at a minimum will provide 24 hours of notice.VMware Cloud on AWS has multiple notification mechanisms used to contact customers regarding maintenance and uses all of them to ensure customers are informed about any activity that may affect their use of the service.1.Within the VMware Cloud on AWS Console is a multi-channel notification service that is used to notify customers for important events.Customers can subscribe to the notification webhook for the events.2.Maintenance activities are published on the VMware Cloud on AWS status page – https://status.vmware-services.io/.Customers can subscribe to updates on this page and email notifications will be sent by noreply@vmware-services.io.3.Maintenance communications are sent from the email ID vmc-services-notices@vmware.com to the email addresses of all organization members and organization owners.Additional information about the contents of an update can be found on the Release Notes page: https://docs.vmware.

How does VMware notify me about the status of service availability issues?

VMware Cloud on AWS has multiple notification mechanisms used to contact customers about individual service availability issues.Depending on the scope and severity of the issue one or multiple mechanisms may be used.For service availability issues that affect multiple customers, VMware Cloud on AWS maintains a publicly available status page – https://status.vmware-services.io/.Information about the availability of VMware Cloud on AWS service, components and supported AWS Regions is published here along with status updates of current availability issues and information on past incidents.For issues that affect a single customer, VMware uses the Notification Service within the VMware Cloud on AWS console (Customers can subscribe to the notification webhook for the events.) and the VMware Cloud Operations team will send availability communications from the email ID vmc-services-notices@vmware.com to the email addresses of all affected organization members and organization owners.

How does VMware protect "Customer Content"?

VMware maintains an information security management program that is aligned with the ISO 27001 standard (as applicable), which is reviewed at least annually to ensure appropriate controls, practices and procedures are in place.

How does VMware protect customer data in VMware Cloud on AWS GovCloud (US)?

VMware Cloud on AWS GovCloud (US) is designed with multiple layers of protection.The service inherits the physical and network security controls from the AWS infrastructure and adds dedicated compute and storage along with the security capabilities derived from vSphere, vSAN and NSX.The VMware Cloud on AWS GovCloud (US) infrastructure is monitored 24×7 and regularly tested for security vulnerabilities and hardened to enhance security.

How does VMware protect customer data in VMware Cloud on AWS?

VMware Cloud on AWS is designed with multiple layers of protection.The service inherits all of the physical and network protections of the AWS infrastructure and adds dedicated compute and storage along with the security capabilities built into vSphere, vSAN and NSX.All data transmitted between your customer site and the service can be encrypted via VPN.All data between the VMware Cloud on AWS service and your SDDCs is encrypted.Data at rest is encrypted.The VMware Cloud on AWS infrastructure is monitored and regularly tested for security vulnerabilities and hardened to enhance security.

How has VMware’s relationships with AWS changed as new partnerships have emerged?

There are no changes in our partnerships with either AWS or any of our hyperscale cloud partners.AWS remains VMware’s preferred public cloud partner for all vSphere-based workloads, and VMware Cloud on AWS is VMware’s preferred solution for public cloud infrastructure as a service supporting VMware workloads.That said, VMware believes in and supports customer choice in the cloud.The expanded set of relationships we’ve built with all major hyperscale cloud providers gives customers the freedom to choose the VMware-based cloud offering the best suites to meet their application or business needs.

How is Availability calculated?

Availability in a given billing month is calculated according to the following formula: “Availability” = ([total minutes in a billing month – total minutes Unavailable] / total minutes in a billing month) x 100 Unavailability and SLA Events Example: For a billing month of August 20th -September 20th there are 44640 total minutes ((44640 total minutes – 5 minutes that a Service Component is Unavailable) / 44640) x 100 = 99.98879% Available The total minutes that the service component is Unavailable for a particular SLA Event is measured from the time that the SLA Event has occurred, as validated by VMware, until the time that the SLA Event is resolved such that the service component is no longer Unavailable If the Availability of the service component is less than the associated Availability Commitment, then you may request an SLA Credit.

How is Cloud Motion with vSphere Replication different that existing HCX migration options?

Previously, there were two ways to migrate with HCX: 1.vMotion-based — vMotion based migration is live (no downtime) but is serial in nature.Due to vSphere concurrency and cross-cloud limitations, only a handful of VMs could be vMotioned.at the same time.While vMotion is a live migration option, it did not support large scale mobility 2.Warm migration — Warm migration is a large-scale migration where VMs can move at scale, but the migration needs a VM reboot.Cloud Motion with vSphere Replication combines the best of both worlds.VMs are replicated to the destination using replication technology, and once the VMs are replicated, the final migration is done via vMotion.This enables large scale migration without the need for reboot.This feature lets you move applications at scale live, without any reboot or reload.

How is Data Encrypted on VMware Cloud on AWS GovCloud (US)?

All data-in-transit between the customer site and the service can be transmitted over a Direct Connect and/or encrypted via VPN.Data at rest is encrypted by VMware vSAN encryption which is FIPS 140-2 compliant and leverages the FIPS 140-2 compliant AWS KMS service.VMware vSAN stores customer data on local self-encrypting NVMe Drives.

How is host retirement handled?

AWS may schedule servers for retirement in cases where there is an unrecoverable issue with the underlying hardware.When VMware receives a retirement request from AWS, VMware handles the server failure in the same manner as it does any other host failure by removing the failed host from your cluster and inserting a new server in its place.Because VMware Cloud on AWS is running vSAN, the VMs are protected.

How is it determined that a Service Component is Unavailable?

A service component will be considered “Unavailable” if VMware’s monitoring tools determine that the Service Component is not performing as described in the Service Level Agreement (SLA).For instance, For the SDDC Infrastructure, if none of your VMs can access storage for four consecutive minutes this would be considered an SLA event.

How is maintenance handled?

Please refer to our question in the Service Operation section about SDDC maintenance.

How is overage calculated? What is the overage rate? When will I be billed for overages?

We look at the number of hosts used in your organization per hour in each region and we subtract the total committed hosts in all your subscriptions for the specific region.The remainder is the overage.Overage usage is billed at on-demand rates per VMware Cloud on AWS pricing.Overages are billed in arrears and will be reflected in your invoice, which you receive after your billing date.

How is per-VM EVC different from cluster EVC?

As the name suggests, per-VM EVC abstracts this setting from a cluster to a VM level.By doing so, the EVC mode now can persist through a power cycle of the VM.

How is Single Host SDDC priced?

Single Host SDDC is available on-demand only at $7/host/hour.Please visit the pricing page for the latest information on pricing.

How is the 2-host cluster priced?

The cost per host is the same as the 3+ host pricing.For a cluster, this means that the 2-host cluster results in a 33% lower cost of entry with a persistent, full production environment.

How is the SLA Credit issued?

SLA Credits will be issued to the person or entity that VMware invoices for VMware Cloud on AWS, as a separate credit memo that can be applied towards a future VMware Cloud on AWS invoice.

How is the TRIM/UNMAP feature enabled for my SDDC?

As this feature is being released as a preview, we will enable the feature on a per cluster basis, based on your preference.Please contact your account team to have this feature enabled for your cluster.

How is traffic flow controlled over the tunnel?

Traffic flow is controlled through the BGP parameters on the remote endpoint devices.The example for the BGP parameters include: AS Path, BGP weights, MED.

How is usage determined for the vRealize Automation Cloud bundle?

Usage is on a per node per month metric.A node is defined as a cloud instance (AWS EC2 and virtual machine).

How is VMware Cloud Director service billed?

VMware Cloud Director service is billed based on the number of ESXi host cores under management.It can be purchased on-demand or in a subscription.

How is VMware Cloud on AWS GovCloud (US) deployed?

VMware Cloud on AWS GovCloud (US) infrastructure runs on dedicated, single tenant host clusters within a dedicated AWS VPC associated with a single AWS account.Each host is equivalent to an Amazon EC2 I3.metal instance (2 sockets with 18 cores per socket, 512 GiB RAM, and 15.2 TB Raw SSD storage).Each host is capable of running many VMware Virtual Machines (tens to hundreds depending on their compute, memory and storage requirements).Clusters can range from a minimum 3 hosts up to a maximum of 16 hosts per cluster.A single VMware vCenter server is deployed within each SDDC environment.

How is VMware Cloud on AWS GovCloud (US) priced?

VMware Cloud on AWS GovCloud (US) is available on-demand or in 1-year and 3-year subscriptions.

How is VMware Cloud on AWS priced?

VMware Cloud on AWS is available on-demand or in 1 year and 3 year subscriptions.Please visit the pricing page for the latest information on pricing.

How is VMware Site Recovery service packaged and priced?

VMware Site Recovery is a separate, add-on service that is priced and charged separately from VMware Cloud on AWS.Please visit the pricing page for the latest information on pricing.The list price of VMware Site Recovery includes the Site Recovery Manager and vSphere Replication components for both the VMware Cloud on AWS SDDC instance and the on-premises data center.The pricing also includes support.

How long does a scale-down operation take?

This depends on how heavily loaded your host is.A lightly loaded host will take only a few minutes to remove from the cluster.A very heavily loaded host could take many hours.In the case of eDRS, we only remove hosts which are lightly loaded so we expect this operation to be on the lower end of this spectrum.However, your actual evacuation time largely depends on how many VM’s are running and how much data must be evacuated from the host so your times will vary.

How long does a scale-down operation take?

This depends on how heavily loaded your host is.A lightly loaded host will take only a few minutes to remove from the cluster.A very heavily loaded host could take many hours.In the case of eDRS, we only remove hosts which are lightly loaded so we expect this operation to be on the lower end of this spectrum.However, your actual evacuation time largely depends on how many VM’s are running and how much data must be evacuated from the host so your times will vary.

How long does it take for a 1-year or 3-year subscription to activate? How will I know the subscription is active?

It takes up to 30 minutes for a subscription to activate.The subscription status will indicate that it is active.

How long does VMware retain "Service Operations Data" and "Usage Data"?

VMware retains information that we collect in connection with the customer’s use of the VMware Cloud on AWS service for as long as is needed to fulfill the obligations of the VMware Cloud on AWS Terms of Service or where we have another business or legal reason to do so.When we have no justifiable business need to process this information, we will either delete or anonymize it, or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store the information and isolate it from any further processing until deletion is possible.

How many 2-host clusters can I provision?

You may provision as many 2-host clusters per organization as you wish.However, only one 2-host cluster can be provisioned per SDDC, and it must be the first cluster provisioned per SDDC.You can mix an SDDC with a 2-host cluster with other 3+ host clusters, but you cannot currently add a 2 host cluster to an existing 3+ host SDDC.You cannot have an SDDC with a 2-host cluster and a Single Host SDDC.

How many AZs can I stretch my cluster across?

Two.When you provision your SDDC, select your AZ just the way you do now.The only change is that you then select a second AZ.Using this information, we automatically deploy your SDDC and stretch your clusters across these two AZs.

How many default sections are created in the DFW?

There are 4 default sections : Emergency, Infrastructure, Environment, and Application.

How many desktops can I run on a VMware Cloud on AWS host?

Each host has 2 CPUs, 36 cores, 512GB RAM, NVMe attached flash storage (3.6 TB cache plus 10.7 TB raw capacity tier).How many VMs you can run on the host will depend on the configuration of each VM.For detailed sizing, please refer to the VMware Cloud on AWS Sizer.

How many ESXi hosts do I need (minimum) in VMware Cloud on AWS?

The minimum size SDDC that you can create in VMware Cloud on AWS is one host with the Single Host SDDC.However, one host SDDCs have a limited SLA and are not for production use.The smallest production SDDC that we support is three hosts.With our Single Host SDDC starter configuration, you can create single host SDDC environments.For more details, refer to the Single Host SDDC FAQ section.

How many failures can be tolerated in an AZ?

This depends on your SPBM settings.By default, VMs are configured to survive the failure of all the hosts in a single AZ without data loss.

How many hosts could be selected for ERDS scale out per cluster?

You can select 4,8 or 12 hosts to be deployed in parallel.

How Many L2 VPN tunnels you can create through VMware Cloud on AWS console?

You can create only one L2 VPN tunnel.

How many networks can you extend over one NSX L2 VPN tunnel?

You can extend 100 logical networks if using Standalone Edge or 16 if using Autonomous Edge.

How many networks can you extend over one NSX L2 VPN tunnel?

You can extend up to 25 layer 2 networks.

How many on-premises vCenters can be linked to the cloud SDDC using the vCenter Cloud Gateway?

The vCenter Cloud Gateway allows you to link a single on-premises SSO domain to the cloud SDDC.All vCenters in the same on-premises SSO domain (Enhanced Linked Mode) are automatically linked to the cloud SDDC when you configure HLM.

How many policies can I create?

Compute Policy can support a total of 20 policies per SDDC.

How many SDDCs will customers need for Development, Production, and PCI workloads?

VMware recommends deploying separate SDDCs for Development, Production, and PCI workloads.This helps limit the PCI audit scope to PCI Production systems and minimize the costs associated with maintaining PCI compliance.

How many Single Host SDDCs can I provision?

You may provision no more than one Single Host SDDC at a time.For selected partners, you can have up to two SDDCs at a time.

How many Traffic Groups can I have in my SDDC?

As of version 1.12 we support 4 Traffic Groups in addition to the default edge.

How many VM’s can I run on a 2-node Cluster?

While a 2-node cluster supports the same number of VM’s per host as any other configuration, due to Admission Control, a 2-node cluster can power on no more than 36 workload VMs at a time.This is to ensure vSphere HA will be able to restart any running workload in the event of a failure.

How many VPN tunnels are supported?

16 tunnels are supported.You can request for additional tunnels.

How many workload profiles can I create and customize in the sizing and assessment tool?

You can create between 1-10 workload profiles to simulate a mixed workload environment.We have included workflows for some common workloads such as VDI, databases and general-purpose workloads to simplify this process.

How many zones are supported?

5 zones are supported.

How much does external storage cost?

Please check with the Managed Service Provider (MSP) on pricing.

How much does it cost to run Stretched Clusters?

There are no additional charges to use the Stretched Clusters feature.Stretched Clusters Cross-AZ charges are also waived for up to 10 petabytes of Cross-AZ traffic per month.Usage will be monitored and for instances where a customer’s usage exceeds this limit, VMware reserves the right to inform the customer of the issue and charge the full amount.

How much does VMware Cloud on AWS Migration experience cost?

VMware Cloud on AWS Migration experience is free.It is a guide that walks you through the process of migrating workloads from your on-premises data center to VMware Cloud on AWS.The tools you use and the infrastructure you consume along the way to create your cloud environment will have their own pricing.

How much does vRealize Log Insight Cloud cost?

You can see pricing for vRealize Log Insight Cloud from the vRealize Log Insight Cloud Services home page.

How much external storage can I get?

Three NFS datastores are attached to an SDDC.The size of the datastores depends on the Managed Service Provider (MSP) offering.Check with the Managed Service Provider (MSP).

How much storage is saved with the Deduplication & Compression feature in VMware Cloud on AWS?

Storage savings resulting from Deduplication & Compression is highly dependent on the workload data.

How often will VMware perform maintenance on my SDDC on VMware Cloud on AWS GovCloud (US)?

Due to the nature of software updates, this can and will be done on an as-needed basis.For planning purposes, VMware anticipates monthly updates to infrastructure during the initial rollout and expects to transition to quarterly updates as the service matures.

How often will VMware perform maintenance on my SDDC on VMware Cloud on AWS?

Due to the nature of software updates, this can and will be done on an as-needed basis.For planning purposes, VMware anticipates monthly updates to infrastructure.

How quickly does eDRS scale my cluster?

It takes about 10-15 minutes to add a host to an existing cluster.eDRS will make a scaling recommendation approximately every five minutes.

How quickly does eDRS scale my cluster?

It takes about 10-15 minutes to add a host to an existing cluster.eDRS will make a scaling recommendation approximately every five minutes.

How quickly does VMware respond to Security Vulnerabilities?

The VMware Security Response Center (VSRC) leads the analysis and remediation of software security issues in VMware products and services.VSRC works with internal teams, customers and the security research community to address these issues and provide customers with actionable security information in a timely manner.VSRC tracks internally discovered vulnerabilities, directly receives external reports, and monitors the ecosystem for discussions of security issues in VMware products and services.After validating a report, VSRC works with the VMware Cloud on AWS team to share with our customers the details of the security issue, any mitigation options and the plans to address the root cause.The VSRC team concurrently works with the VMware Engineering teams to develop a solution and schedule releases that address the issue.The VMware Cloud on AWS team provides customers with regular updates on the security issue until the issues has been resolved.Upon closure, all security issues are tracked and publicly disclosed by the VSRC team via a VMware Security Advisory.For further details on the process and VMware’s commitment to customers, see the VMware Security Response Policy.

How to enable DFW IPFIX?

Please refer to this link to learn more about how to enable DFW IPFIX.

How to get data if there is wrong/mismatched configuration of NSX Manager and vCenter?

If an incorrect VMware Cloud on AWS NSX Manager is configured with a VMware Cloud on AWS vCenter, then critical data required for Flows and Topology to function correctly would be missing.In such cases, the remediation would be to delete the incorrectly added VMware Cloud on AWS NSX Manager data source and add a new VMware Cloud on AWS NSX Manager data source using the correct VMware Cloud on AWS vCenter and NSX Manager.

How to obtain credentials for vCenter?

Please refer to this link to understand how to obtain credentials for vCenter.

How to obtain CSP refresh token for NSX Manager?

Please refer to this link to learn more about how to obtain CSP refresh token for NSX Manager.

How will customers be charged for this service?

This service is delivered, sold and supported by VMware and VMware will send you a bill each month.You will get a single bill that includes the total charges for using the VMware Cloud on AWS GovCloud (US) service including the VMware SDDC software and the underlying AWS resources.Note that for any AWS GovCloud (US) resources that you directly provision using an AWS Console or AWS API (i.e., without using VMware management, APIs or orchestration tools), will be billed directly through your AWS account.

How will I be charged for this service?

This service is delivered, sold and supported by VMware and you will be charged directly by VMware.You will get a single bill that includes the total charges for using this service, including the VMware SDDC software and the underlying AWS resources.Note that for any AWS resources that you directly provision using an AWS Console or AWS API (i.e., without using VMware management, APIs or orchestration tools), you will be billed directly through your AWS account.

How would I forward requests to DNS servers deployed in VMware Cloud on AWS as well as on-premises DNS servers?

You can configure up to 5 DNS zones.Out of those, one should be with on-premises domain (FQDN) pointing to on-premises DNS server.

I bought a 3-year monthly billed subscription, but my CPP credit fund will expire after 1 year, what should I do?

Please reach out to sales or your customer success representative to ensure you have enough credits for the appropriate 1 or 3-year commitment duration.

I have not received the invoice for the $2000 USD charge, whom do I engage to get the invoice?

Please reach out to our support team.See information here about how to access our support team via the VMware Cloud on AWS console.

I heard about the Single Host SDDC starter configuration – how is that priced?

Please refer to the Single Host SDDC FAQ section, as well as the pricing page, for more details.

I used my credit card to sign up for the service and was charged $2000 USD, can I get a refund?

No, the charge is non-refundable and the credit is valid for 60 days.

I’m a credit card customer and I transitioned to Subscription Purchase Program (SPP) credits, what do I need to do?

You can change your payment method in the CSP portal as described here.Please note that you will be charged on the payment method that was defaulted when the bill was generated.

If a customer migrates their VMs into a PCI Compliant SDDC, does that mean that their VMs/Applications are automatically also PCI Compliant?

No.The Whitepaper: Migrating PCI Workloads to VMware Cloud on AWS illustrates how the Shared Responsibility Model relates to PCI compliance.The responsibilities are shared between VMware and Customers.VMware is responsible for maintaining PCI compliance of the VMware Cloud on AWS cloud service and cloud platform.Similarly, customer workloads running in VMware Cloud on AWS must pass an entirely separate PCI assessment solely managed by the customer.Customers must hire a Qualified Security Assessor (QSA) to assess and verify their PCI SDDC configuration and must verify that the workloads are PCI compliant.

If an AWS region goes down or loses connectivity, will I still be able to access the VMware Cloud on AWS Console, APIs and vCenter Server?

The VMware Cloud on AWS Service, Console and APIs are all located in the AWS US West (Oregon) Region.Only a complete failure of this region would result in a service disruption to the VMware Cloud on AWS Service, Console and APIs.If the region that your SDDCs are deployed in goes down, then you will not have access to vCenter Server and the ability to perform actions on the impacted SDDCs.

If an AWS region goes down or loses connectivity, will I still be able to access the VMware Cloud on AWS GovCloud (US) Console, APIs and vCenter Server?

The VMware Cloud on AWS GovCloud (US) Service, Console and APIs are all located in AWS GovCloud (US) West.Only a complete failure of this region would result in a service disruption to the VMware Cloud on AWS GovCloud (US) Service, Console and APIs.If the region that your SDDCs are deployed in goes down, then you will not have access to vCenter Server and the ability to perform actions on the impacted SDDCs.

If customer’s business requirements get changed, can they revert back to the previous non-PCI compliant configuration?

Yes, this can be done but not through the VMC console.Please contact VMware Support to make this request.

If I know that I am about to bring up a large number of workloads suddenly, as in the case of a DR event, should I rely on eDRS?

No.Because eDRS is throttled, it’s not designed for very sudden load spikes such as caused by a DR event.In this case, you should script the host addition process as part of your DR runbook.After the DR workload is started, you can rely on eDRS to maintain the correct number of hosts in your cluster.

If I know that I am about to bring up a large number of workloads suddenly, as in the case of a DR event, should I rely on eDRS?

No.Because eDRS is throttled, it’s not designed for very sudden load spikes such as caused by a DR event.In this case, you should script the host addition process as part of your DR runbook.After the DR workload is started, you can rely on eDRS to maintain the correct number of hosts in your cluster.

If there is an Availability issue, does the entire Service Offering fail?

The architecture of VMware Cloud on AWS is distributed and designed to be highly available.Availability of the components of the VMware Cloud on AWS Console is separate, and completely independent from the availability of the SDDC Infrastructure and the availability of the SDDC Management.The Management and Infrastructure of one SDDC is independent from that of other SDDCs in separate AWS Availability Zones.For instance, the VMware Cloud on AWS Console could be unavailable, but customers can still log into Virtual Center and manage their workloads.Virtual Center could be temporarily unavailable, but customer workloads would continue to run unaffected, or the NSX Management interface could be unavailable, but virtual networking would continue to operate and the NSX APIs could continue to be available.Additionally, a specific AWS Availability Zone could be experiencing availability issues but SDDCs running in other AWS Regions or AWS Availability Zones should be unaffected.An availability issue in one SDDC does not affect any other SDDC unless both SDDCs are located in the same AWS datacenter or Availability Zone (AZ) and the Availability issues is caused by a widespread problem with the AWS infrastructure.

If two tunnels are established, can traffic flow through both tunnels?

No.The traffic can flow only through one tunnel.

If VMware scales up my cluster due to health concerns, will they then scale it back down?

The best way to ensure that we automatically scale your cluster up or down is to enable eDRS.If eDRS is not enabled, we will only add hosts in an emergency and we will not remove those hosts if usage later drops.So, the only way to ensure that VMware is monitoring your cluster size is to enable eDRS.

If VMware scales up my cluster due to health concerns, will they then scale it back down?

The best way to ensure that we automatically scale your cluster up or down is to enable eDRS.If eDRS is not enabled, we will only add hosts in an emergency and we will not remove those hosts if usage later drops.So, the only way to ensure that VMware is monitoring your cluster size is to enable eDR.

In what regions is Horizon on VMware Cloud on AWS available?

Horizon on VMware Cloud on AWS is available in all the same regions that VMware Cloud on AWS is available.

In which regions is the 2-host cluster available today?

The 2-host cluster is available in all commercial global AWS Regions where VMware Cloud on AWS is available today for the Amazon EC2 i3.metal instance type, except in the AWS GovCloud (US-West) region.

In which regions is VMware Cloud Director service available?

For initial availability, VMware Cloud Director service is only available in US West (Oregon) region.Although the Cloud Director Instances are deployed in US West (Oregon) region, they can connect to VMware Cloud on AWS SDDC’s that are within 150ms of latency.For example, an SDDC in VMware Cloud on AWS US East and US West datacenters can be associated into a VMware Cloud Director Instance for a customer, allowing them to rapidly expand resources into a new region or availability zone.In the future, VMware Cloud Director service will be available in the EU and APJ Regions.

Is 'Multiple Sellers in one org' feature available for all customers?

It is available for any VMware Cloud on AWS commercial customer that has two sellers established.Please consult with your account team prior to setting up and using multiple sellers and have them contact product management resources as necessary.

Is ability to ingest firewall packet logs into vRealize Log Insight Cloud feature a paid feature or a free feature?

The ability to ingest firewall packet logs into vRealize Log Insight Cloud is a paid feature.

Is Account Linking Required?

Account linking is required.One of the major benefits of using VMware Cloud on AWS is the access to native AWS services (EBS, RDS, Lambda etc.).Linking accounts early in the provisioning processes ensures that a VMware Cloud on AWS account has been configured correctly to enable access to native AWS services before workloads are migrated and created and configuration changes become more difficult.

Is creating a fund equivalent to creating a subscription?

No, adding a fund and creating a subscription are two separate disjoint activities.Customers shouldn’t be in the notion that adding new funds would get translated to subscriptions.They would need to create subscriptions in VMC Console.

Is data encrypted on vSAN storage?

Yes, data is encrypted at rest by vSAN Encryption and again on each self-encrypting NVMe flash device backing the vSAN datastore in each host.

Is eDRS turned on by default?

No.Because eDRS can increase your bill by adding hosts to your cluster, it is off by default.You can use the VMware Cloud UI or API to turn this feature on.

Is eDRS turned on by default?

No.Because eDRS can increase your bill by adding hosts to your cluster, it is off by default.You can use the VMware Cloud UI or API to turn this feature on.

Is encrypted vMotion supported from on-premises to VMware Cloud on AWS?

Yes, encrypted vMotion would simply work out-of-box.No new set-up action is required, as long as the on-premises environment has the feature supported.

Is Enhanced vMotion Compatibility (EVC) setting available for VMware Cloud on AWS?

EVC is disabled in VMware Cloud on AWS.All hosts in VMware Cloud on AWS are homogeneous and hence a compatibility check is not required.

Is Horizon part of VMware Cloud on AWS?

No.Horizon is software that can be deployed by you on the IaaS (infrastructure-a-Service) VMware Cloud on AWS.Ultimately you will be responsible for their Horizon infrastructure, even though your SDDC infrastructure will be managed by VMware.

Is it possible to configure custom cpu cores with multiple stretched clusters?

Yes.Custom CPU cores can be configured in an SDDC that has two or more stretched clusters.However, custom CPU cores cannot be configured in the first stretched cluster.

Is Microsoft software supported on VMware Cloud on AWS?

VMware will provide commercially reasonable assistance with installation, configuration, and troubleshooting.In some cases, when Support doesn’t have dedicated skilled experts, they may refer you to Microsoft for more assistance.Microsoft Support is not included.

Is my data Encrypted at Rest?

VMware Cloud on AWS provides customers with multiple layers of encryption to protect their Content.Self-Encrypting Drives The i3.metal instances used by VMware Cloud on AWS each contain eight local self-encrypting NVME drives.The Self-Encrypting Drives (SED) use AWS 256-bit XTS encryption and the keys for these drives are securely generated by the firmware on the drive itself.This process is handled by the AWS API interface that VMware calls when allocating or de-allocating hosts to a cluster.Encryption keys are generated in the SED controller and they never leave the drive.Whenever a host machine is removed from a cluster the data encryption keys used by the self encrypting drives are destroyed.This cryptographic erasure ensures that there is no Customer Content on the drives before returning the server to the pool of available hardware.VMware vSAN Encryption VMware Cloud on AWS utilizes VMware vSAN for all Content storage.VMware vSAN is a software-defined storage (SDS) product developed by VMware that pools together direct-attached storage devices across a VMware vSphere cluster to create a distributed, shared data store.VMware vSAN implements storage protection policies to ensure data is tolerant to the failure of one or more physical drives and hosts in a cluster.VMware vSAN also de-duplicates, compresses and encrypts data.vSAN Encrypts data with an XTS AES 256 cipher using Intel AES-NI hardware acceleration, in both the cache and capacity tiers of vSAN datastores.VMware has integrated VMware vSAN with the AWS Key Management Service, (KMS) to provide customers with a highly secure, highly-available and cost-effective method of generating encryption keys.The AWS KMS service uses FIPS 140-2 validated hardware security modules (HSMs) to protect the confidentiality and integrity of all customer keys.Whenever desired, VMware Cloud on AWS customers can rotate the key encryption keys through the vSAN API or the vSphere user interface.In-Guest Encryption Customers may also choose to implement encryption or security software within their guest operating system or applications.This enables a customer to use the same security software they use in their own data centers and utilize their own Key Management Infrastructure.

Is my data Encrypted in Transit?

All access to the VMware Cloud on AWS console and the VMware Virtual Center Web Client is protected using TLS 1.2.Connection to these interfaces via all earlier protocols has been disabled.All data to and from VMware Cloud on AWS and the customer’s data center can be encrypted via an IPSec VPN.In the VMware Cloud on AWS Console, the customer is can configure either a Policy-Based or Route-Based VPN.The default encryption mechanism is AES-256.and the customer is in control of the pre-shared keys.VMware Cloud on AWS has enabled Encrypted vMotion by default for all migrations of a virtual machine between hosts within an SDDC.Encrypted vMotion relies on the AES-GCM (Advanced Encryption Standard / Galois Counter Mode) encryption algorithms to provide complete confidentiality, integrity, and authenticity of the data transferred.

Is my SDDC software backed up before the SDDC maintenance updates?

VMware will backup vCenter and NSX Manager prior to installing control plane updates.VMware will be able to restore from these backups as needed.VMware will not backup customer VMs, as these are the responsibility of the customer.

Is my SDDC software backed up before the SDDC maintenance updates?

VMware will backup vCenter and NSX Manager prior to installing control plane updates.VMware will be able to restore from these backups as needed.VMware will not backup your VMs, as these are the responsibility of the customer.

Is Tanzu Kubernetes Grid a part of VMware Cloud on AWS?

No.

Is the "Service Operations Data" and "Usage Data" aggregated and anonymized?

VMware Cloud on AWS provisions a Software Defined Data Center for each customer.This architecture requires that VMware retains the Service Operations Data and Usage Data from the dedicated environments in its original form with identifying customer and user information such as Org ID, SDDC ID, and email address of the administrator who added a host or changed a firewall rule.The non-aggregated data is only used by VMware for the purposes outlined in the VMware Products and Services Privacy Notice.Unless explicit permission is granted to VMware by the customer, Service Operations Data and Usage Data is never shared outside of VMware, its affiliates and suppliers without being anonymized and aggregated e.g, "215 customers are using this feature", or "4 customers have experienced this problem".

Is the ASN common to all Private VIF attached to VMware Cloud on AWS SDDC?

Yes, the ASN is common to all the Private VIFs attached to the SDDC.

Is the underlying EC2 infrastructure hosting ESXi dedicated to each customer or is it a shared, multi-tenant infrastructure?

VMware Cloud on AWS GovCloud (US) infrastructure runs on dedicated, single-tenant bare metal infrastructure for each customer.

Is there a performance impact due to Deduplication & Compression?

Although vSAN Deduplication & Compression are very efficient, users may experience some impact.For most workloads the impact is minimal.

Is there a performance impact when running VMs in a stretched cluster?

Yes.Because we are performing synchronous writes across two AZs there is additional overhead in write transactions.This is the case in any stretched cluster implementation.

Is there any functional difference between a three host and a four host SDDC?

Yes.Because you only have three hosts, you cannot implement a "RAID 5" SPBM policy.That requires a minimum of four hosts.The only storage redundancy you can choose is RAID 1.

Is there any performance impact as a result of turning on encryption?

vSAN encryption uses an XTS AES 256 cipher and leverages the Intel AES-NI hardware for industry leading encryption with minimal impact on performance.In most cases, we do not expect any impact on CPU overhead, IOPS or latency.During extreme encryption operations, we have seen consumption of up to 1 CPU core overhead per host and up to 5% drop in IOPs and latency.

Is there any planned downtime during maintenance updates for SDDC software running on VMware Cloud on AWS GovCloud (US)?

Yes, during the control plane phase of the SDDC maintenance update, access to vCenter will be removed.Once the control plane phase is finished, access will be restored.

Is there any planned downtime during maintenance updates for SDDC software?

Yes, during the control plane phase of the SDDC maintenance update, access to vCenter will be removed.Once the control plane phase is finished, access will be restored.

Is there connectivity from the AWS VPC to vCenter and ESX host?

With NSX-T, there is connectivity from AWS VPC to components behind management gateway.From the EC2 instance deployed in AWS VPC users can reach vCenter.

Is there granularity to select only one vNIC of a virtual machine as part of the port mirror session?

No.There is no granularity to select a vNic of a virtual machine.All vNics traffic will be port mirrored.

Is there localized language support for the international regions?

VMware Cloud on AWS now supports language and regional format settings in French, Spanish, Korean, Simplified Chinese and Traditional Chinese, in addition to German, Japanese, and English.These languages are supported in the VMware Cloud on AWS Console and in Cloud Service Platform features such as Identity & Access Management, Billing & Subscriptions, and some areas of the Support Center.You can change your display language before you login to the VMware Cloud on AWS console or in your account settings.

Is there special pricing for partners selling the single-host SDDC configuration?

Yes, VMware is offering special, limited time pricing to partners for single host SDDC configuration.This low-cost offering is ideal for partners to develop their own solutions or for customer POCs.This offering is not designed to be resold to customers for production use.The single host SDDC configuration has a 30-day timeout window.Please log in here if you are a TAP partner, or here if you are a RTM partner for more details on pricing.

Is this service running nested virtualization?

No, ESXi is running directly on bare-metal AWS infrastructure – there is no nested virtualization.

Is VM-Host Affinity a mandatory or preferential policy?

Mandatory policies are not available in a VMware Cloud on AWS environment.As a result, VM-Host affinity is a preferential policy.

Is VM-Host Anti-Affinity a mandatory or preferential policy?

Mandatory policies are not available in a VMware Cloud on AWS environment.As a result, VM-Host anti-affinity is a preferential policy.

Is VMware Cloud Marketplace specifically designed for VMware Cloud on AWS?

No.VMware Cloud Marketplace is intended to integrate with all VMware platforms.Currently, the Marketplace is integrated with VMware Cloud on AWS as well as four other VMware platforms.Further integrations are planned.

Is VMware Cloud on AWS GovCloud (US) FedRAMP Ready?

Yes, VMware Cloud on AWS GovCloud (US) is FedRAMP Ready.Learn more about it [here.] (https://marketplace.fedramp.

Is VMware Cloud on AWS SDDC's PCI Compliant?

The VMware Cloud on AWS cloud platform has successfully been assessed to meet PCI compliance as a level 1 service provider.

Is VMware Site Recovery available on other public clouds?

VMware Site Recovery is only available on the VMware Cloud on AWS infrastructure stack.

Must the on-premises versions of vSphere, vCenter and Site Recovery Manager match those deployed in VMware Cloud on AWS?

No.VMware Site Recovery was designed to provide flexibility in the versions of the components deployed by a customer in their on-premises datacenter and those deployed and managed by VMware in VMware Cloud on AWS.VMware Site Recovery is compatible with N-1 version of Site Recovery Manager and vSphere Replication on the paired on-premises datacenter.For example, if the current version of VMware Site Recovery is 8.3, the supported versions for Site Recovery Manager and vSphere Replication on the paired on-premises datacenter is 8.2 and later.

Printing with Seed Paper?

Tips and tricks for getting the best quality printing results with seed paper.

RE: METAL PACKAGING TOKEN (MPT) || ¿Por qué reciclaje de metal?

Que excelente artículo @mariichuy, me encanta ver cuánto investigas para dar un aporte bien sustentado.

Want Daily MPT Price Updates?

This site is protected by reCAPTCHA and the Google  Privacy Policy and  Terms of Service apply.

What (service level agreement) SLA do you offer for the 2-host cluster?

The 2-host cluster size is full production-ready everywhere it is available and has the same SLA as our 3+ host cluster sizes.

What about the witness?

In addition to the hosts you request, we always provision one additional ESXi host in the case of stretched cluster to act as a witness node.This is to prevent issues such as split brain in the case of a network partition.You will see this host in the UI, but it will not be a member of the cluster and you cannot run guest VM’s on that host.This host is a special version of ESXi that runs as a guest.This allows us to charge less for the service since the witness ESXi does not consume an entire physical host.

What additional VMware tools are available in VMware Cloud on AWS?

VMware makes the following optional downloadable tools available at no charge: DCLI and Content Onboarding Assistant.

What are collector tools?

Collector tools perform flow analysis and reports information about the health and performance of the applications.These are sometimes called as application monitoring tools.Customers can configure 4 collector tools.

What are dedicated hosts?

The hardware in your cluster is dedicated for your use.The hardware is only replaced when necessitated by hardware failure or host retirement.

What are DNS Zones?

DNS Zones allows users to specify different DNS servers based on different domains (FQDN).

What are my financing options for subscriptions?

You can either pay upfront and in full or monthly.In both financing options, the commitment is for either 1- or 3-year terms.

What are my options for acquiring the Windows and SQL Server software binaries from VMware?

A customer has three options:  A VMware-supplied Windows Server VM (with and without SQL Server) packaged as an OVF, Microsoft ISO binaries to allow the customer to provide their own VMs or migration of a customer-supplied VM image for use on VMware Cloud on AWS.

What are my options for certifying or validating my solution on VMware Cloud on AWS?

Technology Partners can begin the process by contacting VMware (vmcisv@vmware.com) to begin the process.Once validated, a solution is registered on VMware Solution Exchange.

What are my options for integrating with my enterprise’s AD?

We recommend that you deploy an Active Directory server in your VMware Cloud on AWS environment, and link it with your on-premises Active Directory.While you can certainly extend your on-premises Active Directory to your Horizon on VMware Cloud on AWS deployment, the latency may be unacceptable.

What are my options to buy Windows Server and SQL Server Licenses from VMware?

Licenses are offered on a per-host basis.A Windows Server License will allow a customer to deploy an unlimited number of Windows Server Datacenter editions VMs on a VMware Cloud on AWS host.A SQL Server License will allow a customer to deploy an unlimited number of SQL Server licenses on a VMware Cloud on AWS host.A customer must license all hosts in a cluster.Licenses are billed on a calendar month basis based on the maximum number of hosts that were deployed on that month.

What are simple mode NSX API?

In VMware Cloud on AWS, NSX provides simplified consumption of the networking and security functionality – the set of NSX APIs related to this is referred to as simple mode NSX APIs.With these APIs, you can automate: • Networking and security functions exposed in the VMware Cloud on AWS Console • Day 0 tasks include establishing IPSec VPN tunnel, configuring firewall policies to allow vCenter access • Day 2 tasks include creating a new logical switch, configuring firewall policies to allow access to the Internet, configuring DNS and NAT etc.Customers can choose VMware Cloud on AWS endpoint over the public internet or NSX manager endpoint over private connection for automation.

What are Stretched Clusters for VMware Cloud on AWS?

Stretched clusters facilitate zero RPO infrastructure availability for mission-critical applications.This enables you to failover workloads with zero RPO within clusters spanning two AWS Availability Zones (AZs).It also enables developers to focus on core application requirements and capabilities, instead of infrastructure availability.With this feature, you can deploy a single SDDC across two AZs.Utilizing vSAN’s stretched cluster feature, it allows us to guarantee synchronous writes across two AZs in a single SDDC cluster.This feature also extends workload logical networks to support vMotion between AZs.In the case of an AZ failure, vSphere HA will attempt to restart your VMs on the surviving AZ.

What are the bandwidth considerations across the NSX L2 VPN tunnel?

Maximum bandwidth supported across an NSX L2 VPN tunnel is 750 Mbps.

What are the benefits for the customers when they get access to the packet logs?

You get the ability to analyze and troubleshoot application flows through visibility into packets matching specific NSX firewall rules.

What are the benefits of connecting to an AWS account?

Establishing a connection to an AWS account creates a unique high-bandwidth, low-latency connection between your SDDC and your AWS resources, and allows consuming AWS services with no cross-AZ charges.By delaying account linking, you will not be able to choose which availability zone (AZ) your SDDC will be deployed in.

What are the benefits of using vRealize Log Insight Cloud?

What are the benefits of using vRealize Log Insight Cloud? • Increased Security – Monitor VMware Cloud on AWS deployments for potential security breaches or internal misuses of infrastructure.• Demonstrate Compliance – Comply with regulations and federal laws for auditing requirements.• Detailed Insight – Gain visibility into activities in your VMC deployment, including which users performed what actions and when.

What are the business continuity solutions VMware is offering to help customers amid COVID-19 crisis?

To help customers in this crisis situation, VMware is offering a variety of business continuity solutions and special offers.

What are the current limitations of Custom CPU Core Count capability?

Here is the list of specific points about the custom CPU core count capability: • This is for additional clusters only.Cluster 0 must have all cores enabled.• This is an at "Add Cluster" deployment time decision only.This cannot be changed post deployment.• All hosts in the cluster must have the same number of CPU cores, including Add/Remove Host operations.

What are the current support hours for VMware Cloud on AWS GovCloud (US)?

During Initial Availability, VMware expects to provide a white-glove service to onboard customers.Each customer will be provided with a team consisting of members of our Solutions Engineering, Customer Success, Global Support and Product Management organizations to ensure the onboarding process goes smoothly.The service is monitored 24x7x365 and any production issues will be addressed immediately.After onboarding, customer support is handled by the VMware Federal Global Support and Services organization and customers can call in for support during business hours M-F 9AM-5PM EST.Customer Support will be extended to 24×7 at General Availability of the service.

What are the different destination devices?

Packets can be mirrored to tools like wireshark for troubleshooting or tools like IDS/IPS for security analysis.

What are the different settings available in the sizing and assessment tool?

Cluster settings: • CPU headroom reserved cores in the event of a spike in workload activity to avoid latency.This option allows you to reserve cores in the event of steady state as well as failures.• Host failure scenario is the equivalent of a N+1 scenario where the logic accounts for an additional host for redundancy.Advanced Settings: • Resource utilization plan (RUP): Refer to above question on "resource utilization plan" and how it impacts your sizing exercise.

What are the different ways to orchestrate vMotion between on-premises and VMware Cloud on AWS?

Single VM vMotion: • UI – Hybrid Linked Mode needs to be set-up for orchestrating vMotion via the HTML5 client.• PowerCL – Support via API directly with PowerCLI.Bulk vMotion: • UI – Hybrid Cloud Extension can enable bulk migration through UI.• PowerCLI – Sample scripts here, to allow bulk migration scenarios.

What are the features included in the 2-host cluster?

Features included in the 2-host cluster are the same as a 3+ host Production SDDC, with the exception of Optimized Elastic DRS policies (optimize for cost, optimize for performance and rapid scale-out) and Stretched Clusters.

What are the features included in the Single Host SDDC?

Features that do not require more than one host are included in the Single Host SDDC offering, including hybrid operations between on-premises and VMware Cloud on AWS.However, any operations or capabilities that require more than one host would not work.For example, High Availability (HA) and stretched clusters across two AWS AZ.Due to the nature of single host, the FTT=0, meaning that if your host fails, your data would be lost.VMware does not currently offer patching or upgrades to a Single Host SDDC.Single Host SDDC highlights: • Accelerated onboarding • Migration capabilities between on-premises and VMware Cloud on AWS – VMware HCX for large-scale rapid migration, VMware vMotion for live migration and lastly cold migration.• Seamless high-bandwidth, low latency access to native AWS services • Disaster Recovery – Evaluate VMware Site Recovery, the cloud-based DR service optimized for VMware Cloud on AWS.VMware Site Recovery is purchased separately as an add-on service on a per-VM basis.• Expert support – Single Host SDDC receives the same unlimited 24/7 VMware Global Support Services as well as 24/5 live chat support • Hybrid Linked Mode support – Single logical view of on-premises and VMware Cloud on AWS resources • All-Flash vSAN storage – All Flash vSAN configuration, using flash for both caching and capacity, delivers maximum storage performance.

What are the features included in VMware Cloud on AWS GovCloud (US)?

Please visit the VMware Cloud on AWS GovCloud page for the most comprehensive and updated feature list [here.] (https://cloud.vmware.

What are the features included in VMware Cloud on AWS?

Please visit the Roadmap page for the latest information on features.

What are the hardware specifications for VMware Cloud on AWS GovCloud (US) hosts?

The VMware Cloud on AWS GovCloud (US) minimum standard cluster configuration contains three hosts.Each host is an Amazon EC2 I3.metal instance.These hosts have dual 2.3 GHz CPUs (custom-built Intel Xeon Processor E5-2686 v4 CPU package) with 18 cores per socket (36 cores total), 512 GiB RAM, and 15.2 TB Raw NVMe storage.

What are the management and compute gateways?

When you deploy an SDDC in VMware Cloud on AWS, it is configured with two networks: a management network and a compute network.The management network handles network traffic for the SDDC hosts, vCenter Server, NSX Manager, and other management functions.The compute network handles network traffic for your workload VMs.The gateways allow users to access these networks from Internet, on-premises , and connected AWS VPC.The NSX edge acts as the gateway.

What are the minimum or maximum number of VMs I can have in a VMware Site Recovery term subscription?

You can purchase any number of VMs between 1 to 10,000 per VMware Site Recovery term subscription.

What are the payment options for 1-year and 3-year subscriptions?

You have to pay upfront in full for 1-year or 3-year subscriptions or through monthly installments for 1-year and 3-year term commitment.

What are the pre-requisites for connecting to your VMware Cloud on AWS SDDCs with AWS Direct Connect using a private VIF?

You must have established AWS Direct Connect link from on-premises data center to an AWS region.Then create a private VIF and assign the ownership to your VMware Cloud on AWS SDDC.Accept the attachment to the private VIF through the VMware Cloud on AWS Console.

What are the pre-requisites for connecting to your VMware Cloud on AWS SDDCs with AWS Direct Connect using a public VIF?

You must have established AWS Direct Connect link from an on-premises data center to an AWS region.You need to create a public VIF and have to establish IPSec VPN tunnel to the SDDC over the public VIF.There is no configuration required on the VMware Cloud on AWS Console.You need to ensure that you can route your IPSec VPN gateway traffic over the public VIF.

What are the pre-requisites to onboard a data source in vRealize Network Insight Cloud?

Before you onboard a data source with NIaaS, you need to download data collector OVA file from the NIaaS service and deploy the OVA in your SDDC through the SDDC vCenter.Also, have certain information about your public and private cloud accounts available.Use this checklist to help you get set up before your onboarding call with the VMware Cloud services team.

What are the primary use cases for Multi Edge SDDC ?

The primary use cases for Multi Edge SDDC are for traffic flows between the SDDC and destinations connected to a VMware Transit Connect network such as another SDDC, native AWS VPCs and on-premises.Additionally, services in the Connected VPC can take advantage of Multi Edge SDDC’s increased capacity.

What are the requirements for per-VM EVC to work?

Per-VM EVC requires HW version 14.Further, a VM needs to be powered-off for the feature to be enabled.

What are the RTO and RPO of the VMware Cloud on AWS Service?

In the event of a disaster, VMware Cloud on AWS has automated systems, business continuity plans, operational procedures and run books in place to restore service as quickly as possible.The scenarios covered include everything from component Availability issues, malware attacks and insider threat scenarios to natural disasters that require the VMware Cloud on AWS Console to be restored in a new AWS region and responding to AWS Infrastructure failures where the AWS RTO exceeds a couple of hours or is unknown.There are, however, an incalculable number of events or circumstances that could result in a significant business disruption and their impact may vary in size, scope, duration, severity, and geographic location.As well, significant business disruptions may result in degrees of harm to human life and regional / national infrastructure (power, transportation, communications, etc…) which could impact VMware’s recovery efforts.While we are diligent in our efforts to plan for unexpected events, it is impossible to consider every possible scenario and develop detailed responses to each of these events.To this end, VMware, in its sole discretion, reserves the right to flexibly respond to any disruption in a situation-specific and prudent manner.There are no guarantee or warranty regarding the actions or performance of VMware, its services, systems, or its personnel in the event of a significant business disruption.In the event of an actual declared disaster (including a force majeure event), and that disaster is not fully addressed in the Company’s Business Continuity/Disaster Recovery Plan, VMware will use commercially reasonable efforts to restore the VMware Cloud on AWS service as quickly as possible.VMware Cloud on AWS backs up system configuration data every 4 hours and has a target Recovery Point Objective (RPO) of 4 hours.The information that is backed up includes the configuration and settings that define a customer organization.In a catastrophic event, any organizations created or configuration settings changed since the last backup will be lost.VMware does not back up customer workloads.In the event of a catastrophic loss of the physical environment hosting a customers’s SDDC, the customers will need to select a new AWS Availabiltiy Zone to re-create their SDDC and restore their workloads from their own backup.Depending on the nature of the disaster, recover time is typically a couple of hours.VMware Cloud on AWS has a Recovery Time Objective (RTO) of 24 hours for foreseeable disasters.

What are the special offers for business continuity solutions that VMware Cloud on AWS is offering to its customers?

For a limited time, VMware is offering special offers for business continuity solutions with VMware Cloud on AWS to help our customers to get through this crisis.

What are the terms of service for third party software and how is third party software supported on VMware Cloud on AWS?

Third party ISV software is handled on third party terms.

What are the use cases that are suitable for external storage access from a VMware Cloud on AWS based guest operating system?

Storage provided from an EC2 based virtual storage array to a VMware Cloud on AWS guest OS is ideal for a variety of use cases including; test and development, elasticity for big data workloads and user/home directories.Both block and file protocols are supported.Note that access to external storage is only available from the VMware Cloud on AWS guest operating system.VMware Cloud on AWS cluster datastore access to external storage is not supported.

What are the vRealize Automation Cloud services?

The vRealize Automation Cloud services are a bundle of three individual services: • Cloud Assembly – Orchestrates and expedites infrastructure and application delivery in line with DevOps principles.• Code Stream – Speeds software delivery and streamlines troubleshooting with release pipelines and analytics.• Service Broker – Aggregates native content from multiple cloud and platforms into a single catalog with role-based policies.

What are usage scenarios for VMware HCX?

Here are few examples: • Extend on-premises data centers to cloud • Enable SDDC transformation • Live and bulk VM migration • Uuse ongoing hybridity for application landscape transparency and distributed app components.

What aspects does the seller concept apply to?

An organization can have two sellers today – AWS and VMware.They can choose the seller while creating new subscriptions and SDDCs.

What Audit and Security logs are available to VMware Cloud on AWS Customers?

Audit and Security Logs are available via the Log Intelligence interface available for use with VMware Cloud on AWS.With Log Intelligence these logs can be queried, alerts can be created and the logs can be forwarded to an on-premises or cloud instance of a SIEM tool.The logs include activities such as the creation, deletion or modification of SDDCs, Virtual Machines, Firewall Rules, VPNs, NATs and logical networks as well as Virtual Machine activities and information like the number of failed logins to the VMware Cloud on AWS service.Firewall packet logs can also be forwarded to the Log Intelligence service to enable customers to analyze and troubleshoot application flows through visibility into packets matching specific NSX firewall rules.

What AWS regions support external storage?

External storage is offered in select regions that are in close proximity to Managed Service Provider (MSP) cloud storage.Check with the Managed Service Provider (MSP) on supported regions.

What AWS services are supported on vRealize Operations Cloud on VMware Cloud on AWS?

As a native solution to vRealize Operations Cloud, the management pack for AWS utilizes AWS Cloudwatch to collect operations data for AWS services including EC2, EBS, ASG, EMG and others to provide pre-configured dashboards, alerts, and reports.

What BGP Local ASN Configuration do I need with AWS Direct Connect Private VIF?

Direct Connect connection to SDDC now uses BGP Local ASN as 64512.This BGP local ASN is editable and any private ASN from the range 64512 – 65534 can be used.

What can I not do with a VM template in Content Library?

You can’t add a VM template into a published library, because the synchronization (data distribution) between Published and Subscribed libraries for VM templates is not supported yet.Also, you can’t convert a VM template into a VM via Content Libraries; however, the same template with all capabilities is available for you in vCenter Server Inventory/Folders.

What compliance certifications and attestations does VMware Cloud on AWS have?

VMware is committed to delivering a cloud service that meets a comprehensive set of international and industry-specific security and compliance standards.VMware adheres to very rigorous secure development and operational standards and actively conducts third-party audits in order to expand the list of certifications, attestations and adoptions of frameworks.The current list of certifications and attestations that the VMware Cloud on AWS service has achieved is published here.Compliance certificates and auditor’s reports not published on this page can be obtained from your VMware account representative.

What compliance certifications has VMware Cloud on AWS achieved?

VMware Cloud on AWS has been independently verified to comply with ISO 27001, ISO 27017, ISO 27018, SOC 2, HIPAA, Cloud Security Alliance (CSA) and Cyber Essentials.VMware Cloud on AWS also complies with the General Data Protection Regulation (GDPR).

What connectivity differences are there in a PCI Compliant SDDC?

Customers can use the same connectivity options available to a standard SDDC.You can choose Direct connect, VPN, connected VPC, and transit connect.

What connectivity models are supported with Transit Connect?

VMware Transit Connect supports SDDC to SDDC communications within the same region, SDDC to Native customer-owned AWS VPC communications within the same region, and SDDC to on-premises networks using an AWS Direct Connect Gateway (DXGW).

What Corporate Security Policies does VMware have in place?

The VMware Chief Information Security Officer is responsible for defining and implementing our corporate security program and its associated policies and procedures.The corporate policies and procedures are proprietary and confidential and are not shared publicly.The policies were built in alignment with NIST and ISO 27002 standards.Policies are reviewed and revised as necessary on an as-needed basis and at least annually.the policies are made available for reference to all employees and contract resources via VMware’s intranet and critical portions of the policies are included in mandatory annual training.VMware Corporate Policies and Procedures include: Acceptable Use Policy Authentication & Password Policy Access Control Policy Backup Policy Business Continuity Policy Change Management Policy Data Classification Policy Encryption Policy Human Resources Information Security Policy Incident Management Policy Information Security Governance Policy Infrastructure Security Policy IT Asset Management Policy Mobile Device Policy Monitoring and Logging Policy Operations Security Policy Physical & Environmental Security Policy Production Control Policy Remote Access Policy Security Compliance Policy System Acquisition, Development & Maintenance Policy Third Party Management Policy Vulnerability Management Policy The contents of these policies, along with the maintenance and implementation of the policies within the VMware Cloud on AWS Service are reviewed by our third-party auditors as part of our compliance programs.

What currencies are supported for purchasing VMware Cloud on AWS?

The following six currencies are now supported on VMware Cloud on AWS: USD, GBP, EURO, JPY, AUD and CNY.You can transact in these currencies and run your workloads in one of the AWS regions where VMware Cloud on AWS is available.

What do I do if my VMware Cloud on AWS host term subscription ends before their VMware Site Recovery term subscription ends?

Currently, the two term subscriptions are independent of one another.Since VMware Site Recovery is an add-on, you will need to have VMware Cloud hosts to use it.If the host term ends before the VMware Site Recovery term, and you still want to protect workloads, you will need to buy a new host subscription, or pay for the hosts at the on-demand rates.

What do I need to do if I want to change existing Direct Connect Private VIF configuration from Public to Private ASN ?

You have to first delete the Direct Connect Private VIF connection with public ASN.Then you can choose a Private ASN number from the range 64512-65534 and enter it in the BGP Local ASN field in VMware Cloud on AWS.After that, take the configured Private ASN number and AWS account ID and go to AWS account to create a new Hosted Private VIF with these values.

What do I need to do in order to protect more than 500 VMs per site?

If you are replicating from or to one or more on-premises sites, you must deploy at least one additional vSphere Replication Server on each site where the total number of incoming or outgoing replications exceeds 500.Please consult the VMware Site Recovery documentation for guidance on how to deploy these additional components.You may also have to modify your on-premises firewall configuration to allow incoming/outgoing traffic to or from the additional vSphere Replication Server(s).On the other hand, to replicate more than 500 VMs to or from a VMware Cloud on AWS SDDC, you do not need to install or configure any additional components.When the number of replications in a VMware Cloud on AWS SDDC reaches a certain default threshold, the VMware Site Recovery service will automatically add an additional vSphere Replication Server to the SDDC and seamlessly extend the existing vSphere Replication firewall configuration of that SDDC to the new server.

What do I need to do to enable Multi Edge SDDC?

The requirements for enabling Multi Edge SDDC are to have Large SDDC appliances and SDDC version 1.12 or higher.

What do I need to get started with VMware SD-WAN?