NSX on AWS looks similar to NSX-V, the difference between On-Prem version seems the installation, upgrades are done automatically, so the version used is fixed. Since it is automatically provisioned when the SDDC is deployed, there is no need of on-premise NSX (It has its own NSX Manager, Controller-Cluster, Edge and DLRs).
Vcenter features like HA, DRS, Vmotion, Stretched Cluster Vcenter across Availability zones, SRM is also available, so if a VM moves from on premise DC to Aws or between Aws Avalability zones, without changing the IP address it should continue to service similar to Cross-Vcenter NSX
Since it is available as a Service new feautures could be expected to be added to be on par (or some features only on aws cloud version), so updating frequently may be important,
Currently these services or features seems available:
L2 VPN
L3 VPN
Logical Switches
Logical Routers
dFW (Distributed Firewall)
In addition Amazon Services such as Elastic Load Balancing,
https://cloud.vmware.com/vmc-aws/faq#networking-security
What type of networking features can I configure?Among other things, you can:
In the current version dFW rules is not replicated automatically: (Could not find on the roadmap, could be important feauture for Hybrid Cloud with on premise NSX use case)
https://cloud.vmware.com/vmc-aws/roadmap
Will my security policy and services migrate when the VM is live migrated to the VMware Cloud on AWS SDDC using vMotion?
No. You are responsible for moving the security policy and services.
These links could be helpful:
https://cloud.vmware.com/vmc-aws
https://cloud.vmware.com/vmc-aws/resources
https://aws.amazon.com/vmware/faqs/
https://blogs.vmware.com/networkvirtualization/2017/12/vmware-sddc-nsx-expands-aws.html/
http://packetpushers.net/podcast/podcasts/datanauts-124-vmware-cloud-aws-sponsored/
http://frankdenneman.nl/2017/08/29/vmware-cloud-aws-technical-overview/
Networking in VMware Cloud on AWS
VMware Cloud on AWS is built around NSX. It’s optimized to provide VM networking in the Cloud SDDC, while abstracting the Amazon Virtual Private Cloud (VPC) networks. It enables ease of management by providing logical networks to VMs and automatically connecting new hosts to logical and VMkernel networks as clusters are scaled out. At initial availability, users connect to VMware Cloud on AWS via a layer 3 VPN connection. Future releases of VMware Cloud on AWS, however, will support AWS Direct Connect and allow cross-cloud vSphere vMotion operations.
An IPsec layer 3 VPN is set up to securely connect the on-premises vCenter Server instance with the management components running on the in-cloud SDDC cluster. A separate IPsec layer 3 VPN is set up to create connectivity between the on-premises workloads and the VMs running inside the in-cloud SDDC cluster. NSX is used for all networking and security and is decoupled from Amazon VPC networking. The compute gateway and DLR are pre-configured as part of the prescriptive network topology and cannot be changed by the customer. Customers provide only their own subnets and IP ranges.
NSX on AWS looks similar to NSX-V, the difference between On-Prem version seems the installation, upgrades are done automatically, so the version used is fixed. Since it is automatically provisioned when the SDDC is deployed, there is no need of on-premise NSX (It has its own NSX Manager, Controller-Cluster, Edge and DLRs).
Vcenter features like HA, DRS, Vmotion, Stretched Cluster Vcenter across Availability zones, SRM is also available, so if a VM moves from on premise DC to Aws or between Aws Avalability zones, without changing the IP address it should continue to service similar to Cross-Vcenter NSX
Since it is available as a Service new feautures could be expected to be added to be on par (or some features only on aws cloud version), so updating frequently may be important,
Currently these services or features seems available:
L2 VPN
L3 VPN
Logical Switches
Logical Routers
dFW (Distributed Firewall)
In addition Amazon Services such as Elastic Load Balancing,
https://cloud.vmware.com/vmc-aws/faq#networking-security
What type of networking features can I configure?Among other things, you can:
In the current version dFW rules is not replicated automatically: (Could not find on the roadmap, could be important feauture for Hybrid Cloud with on premise NSX use case)
https://cloud.vmware.com/vmc-aws/roadmap
Will my security policy and services migrate when the VM is live migrated to the VMware Cloud on AWS SDDC using vMotion?
No. You are responsible for moving the security policy and services.
These links could be helpful:
https://cloud.vmware.com/vmc-aws
https://cloud.vmware.com/vmc-aws/resources
https://aws.amazon.com/vmware/faqs/
https://blogs.vmware.com/networkvirtualization/2017/12/vmware-sddc-nsx-expands-aws.html/
http://packetpushers.net/podcast/podcasts/datanauts-124-vmware-cloud-aws-sponsored/
http://frankdenneman.nl/2017/08/29/vmware-cloud-aws-technical-overview/
Networking in VMware Cloud on AWS
VMware Cloud on AWS is built around NSX. It’s optimized to provide VM networking in the Cloud SDDC, while abstracting the Amazon Virtual Private Cloud (VPC) networks. It enables ease of management by providing logical networks to VMs and automatically connecting new hosts to logical and VMkernel networks as clusters are scaled out. At initial availability, users connect to VMware Cloud on AWS via a layer 3 VPN connection. Future releases of VMware Cloud on AWS, however, will support AWS Direct Connect and allow cross-cloud vSphere vMotion operations.
An IPsec layer 3 VPN is set up to securely connect the on-premises vCenter Server instance with the management components running on the in-cloud SDDC cluster. A separate IPsec layer 3 VPN is set up to create connectivity between the on-premises workloads and the VMs running inside the in-cloud SDDC cluster. NSX is used for all networking and security and is decoupled from Amazon VPC networking. The compute gateway and DLR are pre-configured as part of the prescriptive network topology and cannot be changed by the customer. Customers provide only their own subnets and IP ranges.