Networking and Connectivity

Networking for VMware Cloud on AWS

• Deploy networks and define subnets and gateway for virtual machines resided in Cloud SDDC.
• You can create L2, L3, and Isolated Networks.
• You can use for enabling DHCP for network segments.
• You can also use for DHCP Relay.
• You can create multiple DNS zones in NSX.
• Provides distributed Routing.
• It provides Source NAT (SNAT) to all workloads in Cloud SDDC to enable Internet access.
• By default, internet is blocked at Edge firewall, but you can enable it if required.

Networking for On-Premises

• Direct connect to forward all the traffic between On-Prem to Cloud SDDC.
• Provides Policy-based IPSEC VPN capability to connect to on premises, VPCs, or other SDDCs.
• Provides Route-based IPSEC VPN to connect to on premises, VPCs, and other SDDCs. BGP is utilized to automatically learn networks and can be used to provide;
• An active/standby VPN connectivity model for additional redundancy.
• ECMP VPN connectivity model to provide additional bandwidth and redundancy.
• Provides L2VPN to extend L2 domain from On-premises to Cloud SDDC without IP address change.
• HCX can also be used to extend L2 network between on-premises to Cloud SDDC.
• Connect to AWS Transit Gateway.
• Connects to AWS offerings such as EC2, S3, RDS.

Security

• Provides Edge firewall for Compute and Management Gateway.
• Provides NSX Distributed Firewall for Cloud SDDC.
• Provides protection for east/west traffic within SDDC.
• Enables Micro-Segmentation to protect workloads.
• Provides grouping objects for Edge firewall and DFW.
• Provides Role Based Access Control (RBAC).

Operations

Provides below features for operational tasks.

• Port Mirroring
• IPFIX
• DFW IPFIX
• NSX APIs

All these capabilities from Networking and Connecitivity, Security, and Operations are listed in below table.