Announcing VMware Cloud on AWS: Advanced subscription tier


VMware Cloud on AWS has been helping customers accelerate their cloud transformation journey in faster, safer, and most cost-effective manner. By releasing new sets of features and capabilities on a regular basis, we have been enhancing the service for the past 6+ years. And today, we are very excited to announce that now you can make cloud management more efficient with enterprise capabilities of VMware Aria products, and you can strengthen the security posture of your cloud environment with advanced networking and security features included in the base VMware Cloud on AWS service out of the box.

So let’s look at what it means for customers. First, let’s understand some of the key challenges customers are facing while operating in the public cloud.

Today’s public cloud operating challenges:

Migrating and delivering existing applications from a public cloud infrastructure presents most organizations with several challenges:

  • Skills and Expertise: Successfully managing public cloud infrastructure requires skilled IT professionals who understand cloud technologies, automation tools, and best practices. Finding and retaining experienced cloud engineers and architects can be a challenge in a highly competitive market.
  • Security and Compliance: Public cloud infrastructure introduces unique security challenges. Organizations need to ensure the confidentiality, integrity, and availability of their data and applications in the face of ever-evolving threats. Implementing robust security controls, managing access permissions, and complying with industry-specific regulations can be complex in an environment controlled by a provider.
  • Performance and Scalability: Achieving optimal performance and scalability in public clouds requires careful design and configuration. Organizations need to ensure that their applications can handle varying workloads and scale dynamically. Balancing performance requirements with cost considerations can be a challenge.
  • Cost Optimization: Public cloud infrastructure consumed in a pay-as-you-go model, involves monitoring and managing resource utilization, selecting the right pricing models, and implementing cost-saving measures such as instance resizing, automated scaling, and planning reserved instances.
  • Monitoring and Management: Managing and monitoring public cloud resources across a large-scale infrastructure is complex. IT teams must monitor resource utilization, track performance metrics, identify bottlenecks, and respond to incidents in a timely manner. Integrating cloud monitoring with existing on-premises systems adds an additional layer of complexity.

Solution: VMware Cloud on AWS

VMware Cloud on AWS has been designed to overcome the operational challenges of public cloud infrastructure by leveraging existing skills, tools, and processes that organizations have been using on-premises. In addition, over the past several years, VMware has provided the option to purchase VMware Aria products and services as add-on options for VMware Cloud on AWS, addressing the unique challenges of operating applications with enterprise requirements in a public cloud environment. Furthermore, VMware has also provided an option to purchase NSX Advanced Firewall add-on to enhance the security posture of VMware Cloud on AWS. Customers who have opted for these solutions have already experienced the advantages of VMware’s enterprise-grade management and security in tackling the distinct challenges of the public cloud.

With VMware Cloud on AWS: Advanced subscription tier, VMware is now extending these benefits out of the box to all new VMware Cloud on AWS deployments! VMware Cloud on AWS: Advanced subscription tier is a natural evolution of the current VMware Cloud on AWS with enriched features.

VMware Cloud on AWS: Advanced: Key additional enterprise capabilities:

In summary, the key enterprise capabilities newly added to the VMware Cloud on AWS service with Advanced subscription tier are:

  • Modern, self-service infrastructure automation to streamline IT processes and deliver a DevOps-ready automation platform
  • AI-powered operations management to optimize performance and improve efficiency.
  • Faster troubleshooting with deep operational visibility and intelligent log analytics
  • Hardened security with advanced networking and security capabilities such as Context-aware microsegmentation (L7 DFW AppID), Distributed FQDN allowlisting, User Identity-based Firewall (IDFW)
  • Seamless networking with NSX+ Policy Management

So, What’s included in VMware Cloud on AWS: Advanced host purchase?

With the purchase of VMware Cloud on AWS: Advanced subscription tier host, customers will get:

  • VMware SDDC software
  • Bare metal AWS EC2 instance
  • vCenter Management
  • VMware HCX
  • Tanzu services

AND NOW

  • VMware Aria Automation
  • VMware Aria Operations
  • VMware Aria Operations for Logs
  • VMware Aria Migration (30 days free trial)
  • Advanced security capabilities: Context-aware microsegmentation (L7 DFW AppID), Distributed FQDN allowlisting, User Identity-based Firewall (IDFW),
  • NSX+ Policy Management

Please note:

  • VMware Cloud on AWS: Advanced subscription tier will be available on i3en.metal and i4i.metal instance types only.
  • VMware Cloud on AWS: Advanced subscription tier is targeted to become available by the end of VMware’s Q3’Fiscal Year 2024 (3rd Nov, 2023).
  • Once VMware Cloud on AWS: Advanced subscription tier becomes available, all new deployments (new SDDCs) of VMware Cloud on AWS- i3en.metal/i4i.metal host types will include advanced cloud management, networking and security features available in VMware Cloud on AWS: Advanced tier
  • Existing deployments (existing SDDCs) will get these advanced cloud management, networking and security features over time.
  • The pricing for VMware Cloud on AWS: Advanced subscription tier is same as previously offered VMware Cloud on AWS subscription pricing.

To learn more, please check out the Frequently Asked Questions page. For any further questions, please contact your VMware representative.

Now, let’s look at some details of these additional enterprise cloud management and advanced networking and security capabilities:

  1. Advanced hybrid cloud management with VMware Aria

VMware Aria products help customers accelerate the cloud adoption by combining SaaS and on-premises capabilities for automation, operations, log analytics and cost optimization. With a common operating model across on-premises and cloud environments, VMware Aria serves as a single pane of glass management, providing complete visibility across the entire hybrid cloud environment.

Here are some details about VMware Aria products:

  • VMware Aria Automation: It delivers a modern, self-service infrastructure automation platform for both traditional and cloud native workloads. With VMware Aria Automation, you can reduce the complexity of your IT environment, streamline IT processes and deliver a DevOps-ready automation platform. It enables automated workload provisioning by setting up a self-service infrastructure for developers and managing it with governance policies for better insight and control. It also delivers Infrastructure as Code-based automation for provisioning and management of SDDCs on VMware Cloud on AWS.
  • VMware Aria Operations: VMware Aria Operations is a unified, AI-powered self-driving IT operations management platform for private, hybrid and multi-cloud environments. It delivers continuous performance optimization, efficient capacity management, proactive planning, intelligent remediation, and integrated compliance powered by AI and predictive analytics.
  • VMware Aria Operations for Logs: It delivers centralized log management, deep operational visibility, and intelligent analytics for troubleshooting and auditing across private, hybrid and multi-cloud environments.
  • VMware Aria Migration (Free 30-day Trial): VMware Aria Migration helps create a readiness assessment for moving workloads to VMware Cloud on AWS. To understand the TCO impact, customers can use machine learning algorithms that will reduce the time and effort required to scope a migration that groups their VMs into applications. Also, they can use the cost-benefit analysis of VMware Cloud on AWS compared to running the application on-premises to justify the migration. With VMware Aria Migration, customers will be able to quickly receive migration assessments for workloads up to 2,000 VMs based on an inventory-based evaluation from their vCenter(s) using application discovery. Now, with VMware Cloud on AWS: Advanced subscription tier, customers will be able to try VMware Aria Migration for FREE for 30 days. Sign up and learn more here

2. Advanced security capabilities:

  • Context-aware micro-segmentation (L7DFW AppID): With this capability, customers can create micro-segmentation security policies at more granular level for specific application after determining which workloads comprise application and what network traffic is necessary for application and restrict any other traffic thus reducing the attack surface.
  • Distributed FQDN Filtering: With this capability, security administrators can define firewall rules that explicitly provide access to a set of FQDNs and can control or restrict access to remote services and sites.
  • User Identity-based Firewall (IDFW): With this capability, customers can create firewall rules based on Active Directory or LDAP user groups in order to provide granular access control to applications.

3. Advanced networking:

  • NSX+ Policy Management: NSX+ Policy Management delivers consistent networking and security policies for NSX deployments on-premises and in public cloud. Administrators can deploy and manage multi-tenant policies at scale across multi-site and multi-region deployments from a centralized cloud console, speeding up application and network deployment using a common policy framework and built-in operations and monitoring. Please note that NSX+ Policy management will become available with VMware Cloud on AWS SDDC 1.24 and will have minimum 1280 core buy requirement.

And why are these capabilities important from customers’ point of view? What are some of the key benefits for customer? Let’s look at those now.

Key benefits of additional enterprise cloud management, networking and security capabilities:

Improvements in operational efficiency:

  • Cost Optimization:  Customers can use VMware Aria Operations to gain visibility into cloud expenses, enabling resource allocation and scaling, leveraging cost-saving options, providing optimization recommendations, automating cost-saving processes, and facilitating cost allocation and budgeting. These capabilities empower organizations to make data-driven decisions, optimize resource utilization, and reduce unnecessary cloud expenses.
  • Performance Optimization:  Customers can use VMware Aria Operations to monitor workload performance and alert for issues, analyze performance, automate and orchestrate workload scaling, and support performance testing. These capabilities empower organizations to proactively monitor and optimize their cloud infrastructure, resulting in possible enhanced application performance, improved user experience, and better utilization of resources.
  • Faster Time to Resolution:  Customers can use VMware Aria Automation to accelerate time to market by simplifying workloads deployment, automating and orchestrating application delivery or IT configuration tasks, and by leveraging comprehensive governance and compliance support. These benefits help organizations optimize workload provisioning, operations, improve efficiency, and maintain governance and compliance in their public cloud deployments.
  • Lower downtime:  Customers can use VMware Aria Automation, Aria Operations, Aria Operations for Logs for automated monitoring and alerting, auto-scaling and elasticity, automated remediation and self-healing, configuration management and automated DevOps practices. These capabilities enable organizations to proactively address issues, minimize the impact of failures, and ensure high availability of applications and services in the cloud environment.

Hardened security:

  • Granular resource isolation: VMware NSX with context-aware microsegmentation provides a higher level of security by isolating and protecting individual applications or application components. It allows organizations to define granular security policies specific to each application, which helps in minimizing the attack surface and prevent lateral movement within the network. In the event of a security breach, the impact can be contained within the affected application segment, limiting the potential damage.
  • Stronger policy enforcement: VMware distributed FQDN in firewall rules offers granular control, dynamic rule updates, improved user experience, enhanced security, scalability and flexibility, compliance and policy enforcement, and integration with DNS-based threat intelligence. These benefits help organizations strengthen their network security, protect against threats, and ensure appropriate access to resources while maintaining a high level of control and flexibility.
  • Reduced risk of unauthorized access: VMware User-Identity Firewall offers benefits such as user-centric access control, alignment with the zero-trust model, adaptive access policies, enhanced visibility and auditing, and integration with other NSX security capabilities. By focusing on user identities and their access privileges, identity firewalls strengthen network security, reduce the risk of unauthorized access, and provide a more flexible and dynamic approach to access control.
  • Simplified security management: VMware NSX with context-aware microsegmentation, security policies are tied directly to the application, making security management more streamlined. Instead of managing complex network rules, administrators can focus on defining and enforcing policies at the application layer. This simplifies security operations, reduces the risk of misconfigurations, and makes it easier to maintain a secure environment as applications evolve or new applications are deployed.
  • Higher flexibility and agility: VMware NSX with context-aware microsegmentation allows for greater flexibility and agility in deploying and managing applications. As applications become more distributed and dynamic, traditional network-based segmentation can become restrictive. Context-aware segmentation enables organizations to apply security controls regardless of the underlying network infrastructure, making it easier to migrate applications across different environments (e.g., on-premises, cloud, containers) without compromising security.
  • Enabled Zero-Trust architecture: VMware NSX context-aware microsegmentation aligns with the principles of Zero Trust architecture, where every communication and access request is verified and authenticated, regardless of the network location. By implementing fine-grained security policies at the application level, organizations can adopt a Zero Trust approach, ensuring that only authorized traffic is allowed and reducing the risk of lateral movement or privilege escalation by attackers.
  • Improved incident response and forensics: In the event of a security incident, VMware NSX context-aware microsegmentation provides better visibility and control over application traffic. Security teams can quickly identify affected applications, isolate compromised components, and conduct forensics at a granular level. This improves incident response capabilities and reduces the time to detect, investigate, and remediate security issues within specific application segments.

Seamless Networking:

  • Faster application and network infrastructure deployment: VMware NSX+ policy management provides a uniform policy framework, consistent networking and security controls, and automation delivered from a centralized cloud console. With consistent policy management, you can extend policies and rules across sites and use multi-tenancy and VPC constructs to deliver a self-service environment for application teams. You can also monitor network components such as Local NSX Managers and Edge nodes for availability, resources, and performance, deploy instant software updates and security patches, and access compatibility and version recommendations from the NSX+ dashboard.

What’s Next:

VMware Cloud on AWS: Advanced is targeted to become available by the end of VMware’s Q3’Fiscal Year 2024 (3rd Nov, 2023). Check out the FAQs to learn more. If you have any further questions about VMware Cloud on AWS: Advanced, please contact your VMware representative.

Meanwhile, if you would like to learn more about VMware Cloud on AWS, please check out the resources below:

Resources:

For more information related to VMware Cloud on AWS, here are some more learning resources for you:



Source link