Before you undertake any network design, you must always consider the business requirements and use cases. Your chosen network design will be largely influenced by the chosen use cases.
For customers that need to maintain the same IP addresses after they’ve migrated workloads to VMware Cloud on AWS, they can use the NSX Layer 2 VPN functionality.
NSX has offered a L2VPN capability for several years. A L2VPN enables customers to stretch networks between two different sites, over a public or private network (with no requirements on MTU).
VMware Cloud on AWS uses NSX to provide L2VPN features in your cloud SDDC.
The Management Domain is protected by a Management Gateway [MGW], which is an NSX Edge Security gateway that provides north-south network connectivity for the vCenter Server and NSX Manager running in the SDDC.
A common use case for VMware Cloud on AWS is to leverage for Disaster Recovery. Many of my customers either don’t have a Disaster Recovery strategy or simply struggle to justify running a ‘ghost’ DC, just in case a disaster were to happen. The way Disaster Recovery is offered today within VMware Cloud on AWS is through an add-on (VMware Site Recovery) that leverages vSphere Replication and vSphere Recovery Manager.
A number of our customers want to leverage VMware Cloud on AWS to expand into a new market. As the VMC SDDC can be deployed in a matter of hours, it allows customers to enter a new market without having to commit CAPEX. A side benefit of using VMC for this use case is that, if the market expansion were to fail, customers can exit the market as fast as they entered it (they are not left with racks of hardware).
In the July 2018 release of VMware Cloud on AWS was introduced Route-based VPN as part of the NSX-T roll-out. Route-Based VPN provides vast improvements from the traditional Policy-Based VPN.