Please enable Javascript for better experience...
VMC on AWS - NSX Core Capabilities in VMware Cloud on AWS
By Pranay Jha | Sep 25, 2020 | In Articles | Total Views [ 219 ]
(0 Like)

Networking and Connectivity

Networking for VMware Cloud on AWS

  • Deploy networks and define subnets and gateway for virtual machines resided in Cloud SDDC.
  • You can create L2, L3, and Isolated Networks.
  • You can use for enabling DHCP for network segments.
  • You can also use for DHCP Relay.
  • You can create multiple DNS zones in NSX.
  • Provides distributed Routing.
  • It provides Source NAT (SNAT) to all workloads in Cloud SDDC to enable Internet access.
    • By default, internet is blocked at Edge firewall, but you can enable it if required.

Networking for On-Premises

  • Direct connect to forward all the traffic between On-Prem to Cloud SDDC.
  • Provides Policy-based IPSEC VPN capability to connect to on premises, VPCs, or other SDDCs.
  • Provides Route-based IPSEC VPN to connect to on premises, VPCs, and other SDDCs. BGP is utilized to automatically learn networks and can be used to provide;
    • An active/standby VPN connectivity model for additional redundancy.
    • ECMP VPN connectivity model to provide additional bandwidth and redundancy.
  • Provides L2VPN to extend L2 domain from On-premises to Cloud SDDC without IP address change.
    • HCX can also be used to extend L2 network between on-premises to Cloud SDDC.
  • Connect to AWS Transit Gateway.
  • Connects to AWS offerings such as EC2, S3, RDS.


  • Provides Edge firewall for Compute and Management Gateway.
  • Provides NSX Distributed Firewall for Cloud SDDC.
    • Provides protection for east/west traffic within SDDC.
    • Enables Micro-Segmentation to protect workloads.
  • Provides grouping objects for Edge firewall and DFW.
  • Provides Role Based Access Control (RBAC).


Provides below features for operational tasks.

  • Port Mirroring
  • NSX APIs

All these capabilities from Networking and Connecitivity, Security, and Operations are listed in below table.



Networking and Connectivity

  •         Policy Based IPSEC VPN
  •         Route Based IPSEC VPN with Redundancy
  •         ECMP for Route Based IPSEC VPN
  •         Rote Based IPSEC VPN as Standby for Direct Connect
  •         L2VPN
  •         Direct Connect Private VIF for all traffic
  •         Native AWS Services Access – Connected VPC
  •         Distributing Routing
  •         Network Segment Creation from Console
  •         DHCP and DHCP Relay
  •         NAT
  •         DNS Zones


  •         Distributed Firewall
  •         Edge Firewall
  •         Security Groups (IP Address, VM Instance, VM Name, Security Tags)
  •         Role Based Access Control (RBAC)


  •         Port Mirroring
  •         IPFIX
  •         DFW IPFIX
  •         NSX-T APIs – Public and Private Endpoints
  •         NSX-T APIs – API Explorer Integration

Thanks for visiting here. Share this article if you found it useful.
Like Facebook Page
Connect to twitter
Subscribe my Channel
Connect over Linkedin
Share this on Social Media

About the Author

Pranay Jha
Pranay Jha
Founder, Contributer

Public profile: user/profile/99900000

Follow me

facebook linkedin twitter G+ VMTN youtube

Thank you for visiting my profile. I am Pranay Jha, bring along a total of 11+ years of extensive experience with me in Information Technology sector for organizations from small business to large enterprises, wherein my current assignment I am associated with IBM as a Technical Solution Architect for Virtualization platform. I am vExpert x 3 (16/17/18), VCIX-DCV, VCAP5/6-DCD, VCAP5-DCA, VCP7-CMA, VCP5/6-DCV, VCA-DCV, VCA-Cloud, VSP, VCE-CIA, MCITP, MCSE, MCSA(Messaging). I am also an Independent blogger and founder of and I can be reached via email at or Direct Message via Contact Us form.

Please SignUp/Login to comment...

Or comment as anonymous...
* Name
* Email ID
Facebook Likes