This chapter covers VMware Cloud on AWS, a hybrid cloud service that allows you to run VMware workloads on AWS bare-metal infrastructure. For the CLF-C02 exam, this service appears under Domain 3: Cloud Technology Services, Objective 3.1 (Define methods of deploying and operating in the AWS Cloud). While the exam focuses on high-level understanding rather than deep technical configuration, you must know what problem it solves, how it integrates with AWS, and its key use cases. This objective typically represents about 8-12% of the exam questions, and VMware Cloud on AWS is a niche but important topic that often trips up candidates who confuse it with native AWS services.
Jump to a section
Imagine your company owns a fully stocked warehouse (your on-premises data center) with all your inventory, packing stations, and shipping lanes. You've invested millions in this warehouse, and it runs your entire business. But now you want to expand into a new city without building another warehouse from scratch. AWS offers a 'moving truck' service called VMware Cloud on AWS. This truck is specially designed to carry your existing warehouse's racking system, workflow software, and even your floor plan—exactly as they are—and park it inside a giant, pre-built fulfillment center (the AWS global infrastructure). The truck is VMware's software-defined data center (SDDC) running on AWS bare-metal hosts. Your warehouse manager (vCenter) still controls everything; the forklifts (VMs) operate the same way, and your staff (IT team) uses the same tools. The key mechanism: the truck connects your original warehouse to the new one via a high-speed tunnel (AWS Direct Connect or VPN), so inventory can move seamlessly. You don't need to repack boxes (refactor applications) or retrain workers. You just pay for the truck's parking spot and fuel (compute and storage costs) by the hour. This is different from building a new warehouse using AWS's native shelving (EC2 instances) because you keep your existing warehouse management system (VMware tools) unchanged.
What Is VMware Cloud on AWS and What Problem Does It Solve?
VMware Cloud on AWS is a jointly engineered service from VMware and AWS that integrates VMware's Software-Defined Data Center (SDDC) components—vSphere, vSAN, NSX, and vCenter—with AWS's bare-metal infrastructure. It is designed for organizations that have heavily invested in VMware virtualization and want to migrate their on-premises VMware workloads to the cloud without refactoring applications, rewriting code, or retraining IT staff. The core problem it solves is the 'lift and shift' of VMware environments while preserving existing management tools, network configurations, and operational processes.
For the CLF-C02 exam, you are not expected to know how to configure NSX or vSAN, but you must understand that VMware Cloud on AWS is a service that runs on dedicated AWS hardware (bare-metal EC2 hosts) and is managed through the VMware vCenter console, not the AWS Management Console. This is a critical distinction: customers continue to use VMware tools they already know, but the underlying infrastructure is AWS.
How It Works — The Mechanism
VMware Cloud on AWS runs on AWS Nitro-based bare-metal instances in specific AWS Regions (currently 19 Regions as of 2025). Each SDDC cluster consists of multiple bare-metal hosts, each with a fixed configuration of compute, memory, and storage. The hosts are connected via a high-speed network that supports VMware NSX for networking and security, and vSAN for storage. The SDDC is deployed into an AWS Virtual Private Cloud (VPC) and uses an elastic network interface (ENI) to connect to other AWS services.
Key components: - vCenter: Central management for the SDDC. Customers use their existing vSphere client to manage VMs. - vSAN: Software-defined storage that aggregates local disks on the bare-metal hosts into a shared datastore. - NSX: Provides virtual networking and security, including distributed firewalls, load balancing, and VPN. - AWS Integration: The SDDC is connected to the customer's VPC via an ENI, allowing VMs to access AWS services like S3, RDS, or Lambda via private IP addresses. Direct Connect or VPN can extend on-premises networks.
Behind the scenes, AWS manages the bare-metal infrastructure and hypervisor, while VMware manages the SDDC software stack. Customers provision and scale clusters through the VMware Cloud Console or AWS Management Console (limited). Billing is through AWS, with a single invoice that includes both AWS infrastructure and VMware licensing.
Key Configurations and Pricing Models
VMware Cloud on AWS offers three host types based on the i3.metal and i3en.metal instance families: - i3.metal: 36 vCPUs, 512 GiB RAM, 10.8 TB NVMe SSD (2 x 1.9 TB + 1 x 7 TB). Used for general-purpose workloads. - i3en.metal: 48 vCPUs, 768 GiB RAM, 22.8 TB NVMe SSD (4 x 5.7 TB). For storage-intensive workloads. - i4i.metal: 48 vCPUs, 768 GiB RAM, 15 TB NVMe SSD (2 x 7.5 TB). For compute-intensive workloads (newer generation).
Pricing models: - On-Demand: Pay per host per hour. No upfront commitment. Suitable for short-term or burst workloads. - 1-Year Reserved: Discount of approximately 30% compared to On-Demand. - 3-Year Reserved: Discount of approximately 50%. - Conversion Reservations: Customers can convert existing VMware licenses (portable licenses) to reduce costs.
Additional costs: Data transfer out to the internet, storage beyond the host-local vSAN (using Amazon S3 or EFS via storage gateway), and AWS services consumed.
Comparison to On-Premises and Native AWS
vs. On-Premises: The main advantage is elasticity. You can scale clusters up or down in minutes without ordering hardware. You also avoid data center maintenance and get AWS's physical security. However, you still manage VMs and VMware stack, so operational overhead is similar.
vs. Native AWS (EC2 with VMware): If you run VMware on EC2 using a bring-your-own-license (BYOL) model, you manage the hypervisor yourself. VMware Cloud on AWS is a fully managed VMware environment—AWS and VMware handle the SDDC lifecycle. The exam tests the distinction: VMware Cloud on AWS is a managed service; running VMware on EC2 is not.
vs. AWS Outposts: Outposts bring AWS native infrastructure to your data center. VMware Cloud on AWS brings your VMware environment to AWS. The exam may ask which service is used for which direction of hybrid cloud.
When to Use VMware Cloud on AWS vs Alternatives
Use VMware Cloud on AWS when:
You have a large VMware footprint and want to migrate without refactoring.
You need consistent operational tools across on-premises and cloud.
You have compliance or licensing requirements that tie you to VMware.
You want to extend your data center to AWS for burst capacity, disaster recovery, or temporary workloads.
Do NOT use it when:
You are building a new cloud-native application (use EC2 or containers).
You want to minimize VMware licensing costs (consider native AWS services).
You need granular control over the underlying hypervisor (use EC2 bare metal with your own software).
For the exam, remember that VMware Cloud on AWS is a specific solution for VMware-centric organizations. It is not a general-purpose compute service like EC2.
Request a VMware Cloud on AWS SDDC
First, you must have an AWS account and a VMware Cloud on AWS account (linked through AWS Organizations). You navigate to the VMware Cloud on AWS console (accessible via AWS Management Console or directly). You select a supported AWS Region (e.g., us-east-1). You choose the number of hosts (minimum 2 for production, 1 for single-host test) and the host type (i3.metal, i3en.metal, or i4i.metal). You also specify the AWS VPC and subnet where the SDDC will be deployed. The SDDC creation process takes about 2-4 hours as AWS provisions the bare-metal hosts, installs the VMware software stack, and configures networking. Behind the scenes, AWS deploys the hosts into a dedicated cluster within its infrastructure, isolated from other customers.
Configure Networking with NSX
Once the SDDC is deployed, you use the VMware vSphere client (not AWS Console) to configure networking via NSX. You define logical switches, routers, and firewalls. You also set up connectivity to your on-premises data center using AWS Direct Connect or a VPN connection. The SDDC's management gateway (MGW) provides internet access for the vCenter and NSX Manager. The compute gateway (CGW) handles VM traffic. You can also create an AWS Direct Connect virtual interface to the SDDC's VPC for low-latency, private connectivity. This step is critical for hybrid scenarios because VMs in the SDDC need to communicate with on-premises resources and other AWS services.
Migrate Workloads Using VMware HCX
VMware Hybrid Cloud Extension (HCX) is the migration tool included with VMware Cloud on AWS. You install HCX appliances both on-premises and in the SDDC. HCX supports several migration types: bulk migration (cold migration using vSphere replication), near-zero downtime migration (vMotion over WAN), and disaster recovery. For bulk migration, you select VMs in the on-premises vCenter and schedule them to be replicated to the SDDC. Behind the scenes, HCX compresses and deduplicates data, transfers it over the network, and then activates the VMs in the cloud. For zero-downtime migration, HCX extends the Layer 2 network so that VMs retain their IP addresses and continue running during the cutover. This step is where the 'lift and shift' happens without refactoring.
Manage and Scale the SDDC
After migration, you manage VMs as you would on-premises: using the vSphere client. You can scale the SDDC by adding or removing hosts. To add a host, you go to the VMware Cloud console and request a new host. AWS provisions it and adds it to the cluster within minutes. vSAN automatically rebalances storage. You can also scale down by removing hosts, but you must ensure that VMs are migrated off the host first (via vMotion). The minimum cluster size is 2 hosts for production (to maintain vSAN quorum). For cost optimization, you can use reserved instances for steady-state workloads and on-demand for burst. You also monitor performance using VMware vRealize or AWS CloudWatch (limited integration).
Set Up Disaster Recovery with SRM
VMware Site Recovery Manager (SRM) can be used with VMware Cloud on AWS for disaster recovery. You configure protection groups that map on-premises VMs to recovery plans in the cloud SDDC. SRM automates failover and failback. Behind the scenes, SRM uses vSphere Replication to continuously replicate VM data to the SDDC's vSAN storage. During a disaster, you run the recovery plan, which powers on VMs in the cloud, updates DNS, and runs custom scripts. This allows RPOs of minutes and RTOs of hours. For the exam, know that SRM is a VMware product that integrates with AWS, but it is not an AWS service. AWS also offers native disaster recovery services like Elastic Disaster Recovery (DRS), which is a different solution.
Scenario 1: Data Center Exit for a Financial Services Company
A financial services firm has 500 VMs running on VMware vSphere in a co-location data center. Their lease is expiring, and they want to exit the data center within 12 months. They choose VMware Cloud on AWS to migrate their entire VMware environment without refactoring. The team uses HCX bulk migration to move VMs over a Direct Connect connection. They keep their existing vCenter and monitoring tools. Cost: They pay for 20 i3.metal hosts on a 1-year reserved instance, saving ~30% over on-demand. They also pay for data transfer out for backup to S3. The migration completes in 6 months, and they terminate the co-location contract. What could go wrong: If they underestimated the network bandwidth, the migration would be slow. They also need to ensure that the SDDC's vSAN capacity matches their storage needs—if they have VMs with high IOPS, they might need to add more hosts or use external storage.
Scenario 2: Burst Capacity for a Retail Company During Peak Season
A retail company runs its e-commerce platform on-premises VMware. During Black Friday, they need extra compute capacity to handle traffic spikes. They deploy a VMware Cloud on AWS SDDC with 10 hosts and use HCX to extend their Layer 2 network. They vMotion a subset of web servers to the cloud during the peak, then vMotion them back after. They pay only for the hours the hosts are running (on-demand). They also use AWS services like S3 for static assets and CloudFront for content delivery. Cost: For a 3-day peak, they might spend $10,000 on compute, but avoid over-provisioning on-premises hardware. What goes wrong: If they don't test the network latency, users might experience slowdowns. Also, if they forget to shut down hosts after the event, costs accumulate.
Scenario 3: Disaster Recovery for a Healthcare Provider
A healthcare provider needs a disaster recovery site for its VMware environment to meet HIPAA compliance. They deploy a small VMware Cloud on AWS SDDC (2 hosts) in a different AWS Region. They use VMware SRM to replicate critical VMs from their primary data center to the cloud. The SDDC is kept in a powered-on state but with minimal VMs running to save costs. During a disaster, they fail over to the cloud. The SDDC can be scaled up quickly if needed. Cost: The 2-host cluster costs about $50,000 per year (on-demand). They also pay for data replication traffic. What goes wrong: If they don't regularly test failover, the recovery plan may fail. Also, if the primary site and the SDDC are in the same AWS Region, a regional outage could affect both.
What CLF-C02 Tests on This Topic
The CLF-C02 exam covers VMware Cloud on AWS under Domain 3: Cloud Technology Services, Objective 3.1: 'Define methods of deploying and operating in the AWS Cloud.' You are expected to know:
The purpose of VMware Cloud on AWS (migrate VMware workloads without refactoring).
That it runs on AWS bare-metal hosts (not virtualized instances).
That it integrates with existing VMware tools (vCenter, vSphere, NSX).
Common use cases: data center extension, migration, disaster recovery.
That it is a jointly managed service by VMware and AWS.
The difference between VMware Cloud on AWS and running VMware on EC2 (the latter is not a managed service).
Common Wrong Answers and Why Candidates Choose Them
'VMware Cloud on AWS is a native AWS service for running any hypervisor.' This is wrong because VMware Cloud on AWS is specifically for VMware workloads, not any hypervisor. Candidates confuse it with EC2 bare metal, which can run any hypervisor.
'You manage VMware Cloud on AWS through the AWS Management Console.' Wrong. While you can view some information, full management is through the VMware vSphere client. Candidates assume all AWS services are managed via AWS Console.
'VMware Cloud on AWS is the same as AWS Outposts.' Wrong. Outposts bring AWS infrastructure to your data center; VMware Cloud on AWS brings your VMware environment to AWS. Candidates mix up the direction of hybrid cloud.
'VMware Cloud on AWS requires you to refactor your applications.' Wrong. The whole point is to migrate without refactoring. Candidates think cloud migration always requires re-architecture.
Specific Terms That Appear on the Exam
'Bare-metal hosts' (i3.metal, i3en.metal, i4i.metal)
'SDDC' (Software-Defined Data Center)
'HCX' (Hybrid Cloud Extension)
'vCenter', 'vSphere', 'NSX', 'vSAN'
'Direct Connect' (for hybrid connectivity)
'Lift and shift' migration
Tricky Distinctions
VMware Cloud on AWS vs. VMware on AWS (BYOL): The former is a managed service; the latter is a self-managed setup on EC2. The exam asks which is a managed service.
VMware Cloud on AWS vs. AWS Elastic Disaster Recovery: Both can be used for disaster recovery, but Elastic Disaster Recovery works with any OS, not just VMware. VMware Cloud on AWS is specifically for VMware environments.
Decision Rule for Multiple-Choice Questions
If a question asks about migrating VMware VMs without changes, look for 'VMware Cloud on AWS'. If it mentions 'refactoring' or 're-platforming', it's not VMware Cloud on AWS. If it mentions 'on-premises extension to AWS', consider both VMware Cloud on AWS and Outposts, but Outposts is for AWS-native services on-premises, while VMware Cloud on AWS is for VMware on AWS.
VMware Cloud on AWS is a managed service that runs VMware SDDC on AWS bare-metal hosts (i3.metal, i3en.metal, i4i.metal).
It enables lift-and-shift migration of VMware workloads to AWS without refactoring applications.
Management is done through VMware vSphere client, not the AWS Management Console (though limited info is visible).
Use cases include data center extension, disaster recovery, and temporary burst capacity.
Pricing is per host per hour with On-Demand, 1-Year, and 3-Year Reserved options.
It integrates with AWS services via VPC and supports Direct Connect for hybrid connectivity.
Do not confuse with AWS Outposts (which brings AWS to on-premises) or running VMware on EC2 (self-managed).
For CLF-C02, remember that VMware Cloud on AWS is for VMware-centric organizations and is a specific hybrid cloud solution.
These come up on the exam all the time. Here's how to tell them apart.
VMware Cloud on AWS
Runs VMware SDDC on AWS bare-metal hosts in AWS data centers.
Managed via VMware vCenter; uses VMware tools.
Best for migrating existing VMware workloads to AWS without refactoring.
Billing includes VMware licensing and AWS infrastructure.
Connectivity via Direct Connect or VPN to on-premises.
AWS Outposts
Runs AWS-native services (EC2, EBS, ECS) on hardware in your data center.
Managed via AWS Management Console; uses AWS tools.
Best for extending AWS infrastructure to on-premises for low-latency or data residency.
Billing is for AWS services consumed on Outposts hardware.
Connectivity via local network; integrates with AWS Regions.
Mistake
VMware Cloud on AWS runs on shared EC2 instances.
Correct
It runs on dedicated bare-metal hosts (i3.metal, i3en.metal, i4i.metal) that are not shared with other customers. These are single-tenant, physical servers.
Mistake
You can manage VMware Cloud on AWS entirely from the AWS Management Console.
Correct
While you can see some information in the AWS Console, full management (creating VMs, configuring networking) is done through VMware vSphere client or VMware Cloud Console.
Mistake
VMware Cloud on AWS requires you to rewrite your applications to run on AWS.
Correct
It is designed for lift-and-shift migrations. You do not need to refactor applications because the VMware stack is preserved.
Mistake
VMware Cloud on AWS is the same as running VMware on Amazon EC2.
Correct
Running VMware on EC2 requires you to install and manage the hypervisor yourself. VMware Cloud on AWS is a fully managed service where VMware and AWS manage the SDDC.
Mistake
VMware Cloud on AWS only supports VMware workloads, not native AWS services.
Correct
VMs in the SDDC can access native AWS services (like S3, DynamoDB, RDS) via the VPC connection. It integrates with the AWS ecosystem.
No, it is a jointly engineered service between AWS and VMware. It is available through AWS but is not a native AWS service like EC2 or S3. You can subscribe to it via AWS Marketplace or directly from VMware. On the exam, it is considered an AWS service because it runs on AWS infrastructure and is billed through AWS.
As of 2025, VMware Cloud on AWS is available in 19 AWS Regions, including US East (N. Virginia), US West (Oregon), Europe (Ireland, Frankfurt, London), Asia Pacific (Sydney, Tokyo, Singapore), and others. Not all Regions support it, so you need to check the AWS Region list. For the exam, know that it is available in many major Regions.
The minimum is 2 hosts for a production SDDC to maintain vSAN quorum and high availability. You can deploy a single-host SDDC for testing or development, but it will not have fault tolerance. The exam may test this as a specific value.
Storage is provided by VMware vSAN, which aggregates local NVMe SSDs on the bare-metal hosts into a shared datastore. You can also attach external storage via AWS Storage Gateway or use Amazon S3 for backups. vSAN provides encryption, deduplication, and compression. For the exam, know that storage is software-defined and local to the hosts.
VMware Cloud on AWS is a managed service where VMware and AWS manage the SDDC stack. You just manage VMs. VMware on AWS (BYOL) means you run VMware hypervisor on EC2 instances using your own licenses, and you are responsible for managing the hypervisor. The exam will test that VMware Cloud on AWS is a managed service.
Yes, you can use AWS Direct Connect to establish a dedicated private connection from your on-premises data center to the VPC where the SDDC is deployed. This provides lower latency and higher bandwidth than VPN. It is a common setup for hybrid cloud scenarios.
Yes, VMware HCX is included with VMware Cloud on AWS for migration. It supports bulk migration, near-zero downtime migration (vMotion over WAN), and disaster recovery. HCX is a key feature for migrating workloads.
You've just covered VMware Cloud on AWS — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?