05/07/2022 Star Hand Avoiding common pitfalls, AWS Certification Exam, Compliance concepts, Division of responsibility, Exams of Microsoft, Landing zone concepts

Purchasing and onboarding – Appendix: Preflight before Onboarding

In this chapter, we will cover the most important configuration items you need when you deploy the SDDC and configure a hybrid cloud environment.

You will find a detailed description of the configuration steps and items from previous chapters of this book.

Purchasing and onboarding

When purchasing the service and preparing for the first SDDC deployment, you need to choose a couple of options. These options may have a large impact on the further operations of the service, so make sure your choices are well thought out, as you will not be able to change some of them moving forward.

Purchasing and funding

When purchasing the service, you can select one of the following options:

A direct VMware purchase
AWS resell
Purchasing through a Managed Service Provider (MSP)

VMware Cloud on AWS supports all three routes to the market. Depending on your purchase strategy, you may find one or other better suited to your needs.

Note

Some services available for VMware Cloud on AWS can only be purchased directly from VMware, for example, Microsoft host-based licenses for workloads on VMware Cloud on AWS.

When purchasing from VMware, you can choose how you want to pay for the service:

VMware Purchasing Programs: You can select from a different range of programs, most of them offering so-called Credits. You can use credits toward payment for VMware Cloud on AWS. Consult a VMware sales representative to get more details about available programs. (More details on VMware Purchasing Programs can be found here: https://customerconnect.vmware.com/web/vmware/spp-landing.)
Pay by invoice: You can activate pay by invoice using the VMware Cloud Console.
Pay with a credit card: Applicable for small purchases up to $25,000.

Consumption options

When deploying VMware Cloud on AWS SDDC, you have a choice between the following:

Subscription: Your commitment to buy a certain amount of host capacity for a defined period. When purchasing a subscription, you select the AWS Region, host type, and the number of hosts. You can pay upfront or monthly. If purchasing from VMware or AWS, you can select the following:
- Flexible subscription: The terms of the subscription (number of hosts, region, host types) can be changed over time (limitations apply)
- Standard subscription: The terms of the subscription are fixed and cannot be changed
On-demand: You can run VMware Cloud on AWS SDDC using on-demand prices. You are free to select the region, host type, and the number of hosts.

Typically, a standard 3-year term subscription is the most cost-effective option, while on-demand prices are the highest. Depending on your use case, one or another option might work better. In our experience, a flexible subscription is the right balance between flexibility and cost savings.

30/05/2022 Star Hand AWS Certification Exam, Division of responsibility, Landing zone concepts

FAQ – Knowing the Best Practices, FAQs, and Common Pitfalls

In this section, we will cover the most common questions we get from organizations that are interested in VMware Cloud on AWS. You can also find the comprehensive FAQs list published on the VMware Tech Zone website (https://vmc.techzone.vmware.com/vmware-cloud-aws-frequently-asked-questions).

How is VMware Cloud on AWS different from “just” a vSphere deployment?

VMware Cloud on AWS includes not only vSphere, but also vSAN and NSX, providing an all-in-one solution for organizations’ needs. VMware Cloud on AWS is offered as a service, in contrast to an on-premises vSphere deployment, removing the burden of lifecycle management from IT teams.

How does VMware Cloud on AWS fit into the “public cloud first” strategy?

VMware Cloud on AWS provides enterprises with a quick, secure, and scalable option to mass migrate thousands of applications to the public cloud. VMware Cloud on AWS offers a lot of native public cloud benefits, including elastic capacity, without the need to refactor or rearchitect applications.

What are the key technical differentiators of VMware Cloud on AWS?

VMware Cloud on AWS helps you quickly deploy a vSphere-based SDDC on the public cloud, simplifying hardware and infrastructure management. The ability to flexibly manage capacity with eDRS and provide native AZ resiliency with stretched clusters are key technical differentiators of VMware Cloud on AWS SDDCs.

How does VMware Cloud on AWS enforce security for my workloads?

Migrating enterprise line-of-business applications to a public cloud infrastructure might raise a lot of security questions. VMware Cloud on AWS provides a secure way to deploy, operate, and decommission applications in the public cloud with the help of VMware NSX. VMware Cloud on AWS ensures security on the hardware (encryption in transit, self-encrypted NVMe drives, etc.) and infrastructure level (vSAN datastore encryption is always on, NSX firewalls are activated by default and configured to drop all incoming traffic, etc). VMware Cloud on AWS uses the shared responsibility model (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmc-aws/vmware-shared-responsibility-model-overview-vmware-cloud-on-aws.pdf) to provide transparency in achieving security and compliance for your workload.

How can I get started?

VMware Cloud on AWS is easy to deploy (https://vmc.techzone.vmware.com/vmc-aws-quick-start) – you can create a new SDDC with just a couple of clicks and, in two hours, enjoy full-featured VMware Cloud on AWS SDDC functionality. You can use the free trial program (https://www.vmware.com/products/vmc-on-aws/free-trial.html) to get to know VMware Cloud on AWS right now!

Summary

In this chapter, we focused on defining best practices when planning, designing, and operating a cloud environment based on VMware Cloud on AWS. As well as best practices, it’s also important to learn about and understand examples of suboptimal design choices and their potential influence on the infrastructure. Reviewing the most common questions and answers will help you summarize the most important points about VMware Cloud on AWS.

In the next chapter, we will review some configuration examples.

30/12/2021 Star Hand AWS Certification Exam, Compliance concepts, Division of responsibility, Exams of Microsoft

Avoiding common pitfalls – Knowing the Best Practices, FAQs, and Common Pitfalls

In the previous section, we were focused on how to do things right. However, it’s also important to highlight the most common scenarios, configurations, and design decisions where a resulting configuration proved to be ineffective and error-prone.

Compute

Compute resources provide the necessary CPU and memory resources for virtual machines. Let’s review the most common misconfigurations and/or suboptimal design choices:

Sizing

It’s often the case that VMware Cloud on AWS SDDCs are either undersized or oversized. Undersized environments lead to low performance and a bad user experience, while oversized environments are expensive in terms of cost per VM. Opting for a right-sizing exercise and expanding on-premises vSphere environments as an afterthought may result in running into extended procurement cycles. However VMware Cloud on AWS benefits from the flexible and elastic capacity of public clouds. Paired with the right Elastic DRS policy, organizations can achieve cost savings by leveraging the scale-in option of the Elastic DRS policy, and performance burst, if required, by scaling out their cluster when demand grows. We recommend using custom Elastic DRS policies, which give you much better control not only over the storage resources, but also CPU and memory.

Host type

Another common misconfiguration we observe a lot is selecting the wrong host type. We observe most issues with configurations involving the i3.metal host type. i3.metal might be suitable for running general-purpose workloads, but its outdated CPU (Broadwell) and lack of hyperthreading (and as a result, its low amount of CPU resources) makes resource contention very possible, especially with entry-level clusters (https://vmc.techzone.vmware.com/resource/entry-level-clusters-vmware-cloud-aws). A two-host i3.metal cluster is limited to 35 simultaneously running VMs, as most of the CPU resources are allocated to management VMs. Such a cluster might be suitable as a management cluster but should not be considered for production implementation. i3.metal End of Sale (EoS) naturally eliminates this problem; however, you still might be tempted to take i3.metal using an on-demand subscription for your ongoing project to profit from the cost. We strongly recommend not doing so at this point and consider i4i.metal, which has a much more powerful and modern CPU.

SDDC upgrade and lifecycle management

Most of the observed issues are tied with the wrong expectations: VMware releases a new SDDC software bundle every 6 months. This bundle is based on the latest vSphere + NSX version at the release time. With all the excitement, there are a couple of issues to underline:

Do not expect your SDDC to be upgraded overnight. For a brownfield (existing) SDDC, the estimated upgrade time is 6+ months. Depending on the complexity of your SDDC, it may be more.
- Version inconsistency: VMware Cloud on AWS SDDCs always use the latest available build for deployment. You cannot specify a build version when deploying your SDDC. Current bundles use vSphere 8, while your on-premises environment might be still on vSphere 7. It may have a negative effect on reverse migration, potential incompatibility with management/automation/monitoring tools, and prevent you from raising the virtual hardware level of the VMs you migrate to the cloud.
Configuration management

VMware Cloud on AWS is offered as a managed service. Most ESXi/vSphere cluster/vCenter configurations are predefined and cannot be changed. If your applications or automation tools depend on a particular advanced setting, make sure to clarify the configuration before deployment. You would not be able to change the value after deployment.

06/11/2021 Star Hand AWS Certification Exam, Division of responsibility, Exams of Microsoft, Landing zone concepts

Day 2 operations – Knowing the Best Practices, FAQs, and Common Pitfalls

The Day 2 operations of the infrastructure is one of the key elements of a successful implementation. Often, underestimating Day 2 operations leads to a suboptimal solution design, which is hard to maintain, leading to dissatisfaction. Day 2 operations is the phase when your team will spend most of the time working with the environment.

As a best practice, your architecture should be built with the primary focus on the Day 2 operations:

Ensure you engage the IT operations team when presenting key design decisions.
Plan to train the IT operations team on the new technologies.
Include runbook updates as a part of your design implementation.
Explain the key lifecycle management changes when moving to VMware Cloud on AWS.
Validate current monitoring/backup/automation tools for compatibility. Recommend updating or switching to other tools if necessary.

VMware Cloud on AWS can streamline the Day 2 operations of the environment:

Infrastructure lifecycle management (https://vmc.techzone.vmware.com/resource/infrastructure-lifecycle-management-done-you-vmware-cloud-aws) is covered by the vendor – VMware
Log management/operations/automation tools in the VMware Aria product portfolio are available as integrated services that ease deployment and integrations
Many complex Day 2 operations procedures are offered as additional, non-billable services – cluster conversion, capacity management, and advanced network troubleshooting

However, VMware Cloud on AWS also differs from an on-premises vSphere environment in a few key ways:

Most of the infrastructure-level settings (ESXi host, vSphere cluster, vCenter) are predefined by VMware and cannot be changed. The settings’ values may be different from what you are using in your environment.
The permission model does not allow full access to the environment, including vCenter, ESXi, and NSX manager. This may limit some operations and/or optimization you are performing in your on-premises environment.
Backup compatibility: VMware requires each vendor of a backup solution to undergo a certification process to validate the compatibility with VMware Cloud on AWS. Make sure your current backup solution is certified or you will need to plan a transition to a different product/vendor. You can check the following kb article outlining certification for various backup solutions (https://kb.vmware.com/s/article/76753).

Make sure to address key Day 2 operations challenges in the design phase. It’s not helpful if you find out your backup vendor is incompatible after workload migration!

Contract documentation

VMware offers VMware Cloud on AWS as a managed service. As a consumer of cloud services, you should double-check all the relevant contract documentation before making a purchase decision. VMware has simplified and consolidated access to contract documentation on a separate web page (https://www.vmware.com/agreements.html). Use this page to look for terms and agreements for VMware products and services. For VMware Cloud on AWS, we recommend you review the following set of documents:

VMware Cloud Service Guide (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/agreements/vmware-cloud-services-guide.pdf): This guide defines the terms applicable to all cloud services provided by VMware. The guide has a separate section dedicated to VMware Cloud on AWS, covering the requirements for an AWS account, details of Microsoft product licensing, PCI compliance, capacity requirements, and much more. This guide is your first port of call to understand some of the configurations and options available with VMware Cloud on AWS.
Service Level Agreement (SLA): The SLA document serves as a basis for understanding availability with VMware Cloud on AWS. This document outlines the availability commitments, SLA events, requirements, and the definition of SLA Credits (https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/vmw-cloud-aws-service-level-agreement.pdf).