computeSAA-C03

VMware Cloud on AWS: The Hybrid Cloud Bridge

Run VMware workloads natively on AWS bare-metal infrastructure without refactoring

Updated 2026-02-21

Overview

VMware Cloud on AWS is a jointly engineered service by VMware and AWS that enables organizations to run VMware's SDDC (Software-Defined Data Center) software stack — including vSphere, vSAN, and NSX — directly on dedicated, bare-metal AWS infrastructure. It allows seamless migration of on-premises VMware workloads to AWS without modifying applications, using familiar VMware tools and operational processes. The service is managed by VMware and deeply integrated with native AWS services through ENI-based connectivity in the customer's VPC.

Accelerate data center evacuation, disaster recovery, and cloud migration for VMware-based workloads without the cost or risk of re-platforming applications

Use When

Data center extension or evacuation: Rapidly migrate VMware VMs to AWS without refactoring when facing lease expirations or capacity constraints
Disaster Recovery: Use VMware Site Recovery Manager (SRM) or VMware HCX to replicate on-premises VMware environments to AWS as a DR target, replacing costly secondary data centers
Burst capacity: Extend on-premises VMware clusters into AWS to handle temporary compute spikes without purchasing additional on-premises hardware
Cloud migration bridge: Use as a stepping stone to gradually modernize VMware workloads into native AWS services (EC2, RDS, etc.) over time

Avoid When

Net-new cloud-native applications: If building from scratch, use native AWS services (EC2, ECS, Lambda) for better cost efficiency and elasticity — VMware Cloud on AWS adds unnecessary licensing overhead
Non-VMware workloads: If your on-premises environment runs on Hyper-V, KVM, or bare metal without VMware, there is no lift-and-shift benefit — use AWS MGN (Application Migration Service) instead
Cost-sensitive small workloads: Minimum cluster sizes and host-based pricing make this expensive for small deployments; native EC2 is far more economical for modest compute needs

Key Features

vSphere (Compute Virtualization)

Full vSphere stack including vCenter Server, ESXi hosts, and DRS (Distributed Resource Scheduler) for workload balancing

vSAN (Hyper-Converged Storage)

Software-defined storage using NVMe SSDs on i3/i3en bare-metal hosts; eliminates need for external SAN/NAS

NSX-T (Network Virtualization)

Micro-segmentation, logical routing, and distributed firewall capabilities for east-west traffic security

VMware HCX (Workload Migration)

Enables live vMotion migration of VMs from on-premises to VMware Cloud on AWS without downtime — key exam scenario for migration questions

VMware Site Recovery (DR)

Integrates with VMware Site Recovery Manager (SRM) for automated failover/failback; replaces costly secondary data centers

Native AWS Service Integration

Direct ENI connectivity to VPC enables access to S3, RDS, DynamoDB, ELB, and 200+ AWS services with low latency

AWS Direct Connect Integration

On-premises to VMware Cloud on AWS connectivity can use Direct Connect for dedicated, consistent bandwidth

Elastic DRS (Autoscaling)

Elastic DRS can automatically add or remove hosts based on workload demand, enabling true cloud elasticity for VMware workloads

vSphere with Tanzu (Kubernetes)

Run containerized workloads alongside VMs using Tanzu Kubernetes Grid on VMware Cloud on AWS

Managed Service (patching/upgrades)

VMware manages the SDDC infrastructure including ESXi upgrades, vCenter patches, and hardware maintenance — reduces operational burden

Multi-AZ SDDC Stretched Clusters

Stretched clusters span two AWS Availability Zones for active-active workload distribution and zero-RPO/RTO storage protection

On-Demand Pricing

Hosts can be provisioned on-demand for flexibility, though at a premium compared to reserved pricing

1-Year and 3-Year Reserved Pricing

Significant discounts available for committed 1 or 3-year terms — critical for cost-optimization exam questions

Integration Patterns

Cloud Storage Tiering / Backup Target

high freq

VMware Cloud on AWSAmazon S3

VMware workloads running in the SDDC use the ENI connection to write backups, snapshots, or cold data directly to S3 buckets in the connected VPC — enabling cost-effective storage tiering without leaving the AWS network

Dedicated Hybrid Connectivity

high freq

VMware Cloud on AWSAWS Direct Connect

On-premises VMware environments connect to VMware Cloud on AWS via AWS Direct Connect for consistent, low-latency bandwidth — critical for live vMotion migrations and real-time data replication scenarios

Lift-and-Shift with Managed Database

high freq

VMware Cloud on AWSAmazon RDS

VMware application VMs migrate to the SDDC while their databases are simultaneously modernized onto Amazon RDS — a common phased migration pattern that reduces risk while gaining cloud-native database benefits

Live Migration (vMotion) Over Direct Connect

high freq

VMware Cloud on AWSVMware HCXAWS Direct Connect

The gold-standard migration pattern: HCX provides the migration orchestration layer, Direct Connect provides the bandwidth, and VMware Cloud on AWS is the destination — enables zero-downtime VM migrations at scale

Encrypted On-Premises Connectivity

medium freq

VMware Cloud on AWSAWS Site-to-Site VPN

Organizations without Direct Connect use Site-to-Site VPN to securely connect their on-premises VMware environment to VMware Cloud on AWS for migration or hybrid operations — lower cost but variable latency

Gradual Modernization / Refactoring

medium freq

VMware Cloud on AWSAmazon EC2

VMware workloads run in the SDDC while teams gradually refactor individual application components onto native EC2 instances — the ENI connectivity allows both environments to communicate seamlessly during the transition

Multi-VPC / Multi-Account Connectivity

medium freq

VMware Cloud on AWSAWS Transit Gateway

Transit Gateway connects the VMware Cloud on AWS SDDC (via its VPC ENI) to multiple VPCs across accounts and regions — enabling enterprise-scale hub-and-spoke network architectures for large migrations

Service Limits & Quotas

LimitValueNote

Service Quotas Documentation

Not explicitly enumerated in the AWS General Reference quota page for VMware Cloud on AWS N/A

Unlike most AWS services, VMware Cloud on AWS quotas are not surfaced in Service Quotas console and cannot be adjusted via AWS Support — they are managed through VMware's customer portal

Minimum Cluster Size (Starter)

1 host i3.metal or i3en.metal host

The 1-host option was introduced later; historically only 3-host minimum was available. Exam questions may test whether you know 1-host is NOT suitable for production HA

Minimum Cluster Size (Production)

3 hosts hosts per cluster

Commonly confused with EC2 placement groups which have different minimum node requirements

Maximum Cluster Size

Up to 16 hosts per cluster hosts per cluster

Not explicitly confirmed in the fetched live docs — use qualitative awareness; do not cite a specific number unless confirmed in exam prep materials

AWS Regions Available

Available in select AWS regions regions

Region availability is controlled jointly by VMware and AWS; it is not the same as standard AWS service regional availability

Connectivity to AWS VPC

1 ENI (Elastic Network Interface) per SDDC ENI

Many candidates assume VPN or Direct Connect is required for SDDC-to-VPC communication; the ENI provides direct, private connectivity without additional networking services

Pricing Model

Per-host, per-hour (On-Demand) or per-host reserved (1-year / 3-year commitment)

Pricing is based on the number of AWS bare-metal hosts consumed, billed per host per hour for on-demand or at a discounted rate for 1-year or 3-year reserved commitments — similar in concept to EC2 Reserved Instances
The minimum billable unit is one host — even a single-host Starter SDDC incurs full host charges, making it expensive for very small workloads
VMware software licensing (vSphere, vSAN, NSX) is included in the host price — there is no separate VMware license cost, which simplifies procurement and eliminates BYOL complexity
AWS data transfer charges apply for data moving between the VMware Cloud SDDC and AWS services or the internet — the ENI connection to the VPC itself does not incur additional networking fees beyond standard AWS data transfer rates
3-year reserved pricing offers the greatest discount and is the recommended choice for stable, long-running production workloads from a cost-optimization perspective
Elastic DRS (auto-scaling hosts) uses on-demand pricing for dynamically added hosts, so burst capacity costs more per host than reserved baseline capacity

Exam Tips

criticalLift-and-shift migration strategy

When a scenario describes migrating VMware workloads to AWS without re-platforming or refactoring, VMware Cloud on AWS is ALWAYS the correct answer — not EC2, not ECS, not AWS MGN

criticalSDDC to VPC connectivity architecture

The ENI connection between the SDDC and the customer VPC is the architectural key — it enables native AWS service access (S3, RDS, etc.) without VPN or internet routing. Exam questions about SDDC-to-AWS connectivity should point to ENI, not Direct Connect

criticalVMware-based disaster recovery

For Disaster Recovery scenarios involving VMware on-premises environments, VMware Cloud on AWS with VMware Site Recovery (SRM) or HCX is the preferred answer — it eliminates the need for a secondary physical data center

critical

Any scenario mentioning 'migrate VMware workloads to AWS without refactoring or re-platforming' = VMware Cloud on AWS. Full stop.

critical

The ENI (not Direct Connect, not VPN) connects the SDDC to the customer VPC, enabling native AWS service access — this is the unique architectural differentiator of the service

critical

Production SDDCs require minimum 3 hosts for vSAN redundancy and HA — a 1-host Starter SDDC is evaluation only and will fail HA/DR scenario requirements

importantShared responsibility model

Remember that VMware Cloud on AWS is a MANAGED service — VMware manages the SDDC infrastructure (ESXi, vCenter, NSX, vSAN). Customers manage their VMs and workloads. This shared responsibility model differs from self-managed VMware on EC2

importantCost optimization for long-running workloads

For cost-optimization questions, 3-year reserved host pricing provides the maximum discount for stable VMware workloads — treat this like EC2 Reserved Instances in your decision framework

importantHigh availability and fault tolerance

Stretched Clusters across two AZs provide active-active workload distribution with zero-RPO storage protection — use this for exam questions asking about highest availability for VMware workloads on AWS

importantMigration tooling

VMware HCX is the migration tool bundled with VMware Cloud on AWS that enables bulk migration, cold migration, and live vMotion of VMs — when an exam question asks HOW workloads move from on-premises VMware to AWS without downtime, the answer involves HCX

Good to KnowElasticity and auto-scaling

Elastic DRS (Elastic Distributed Resource Scheduler) enables automatic host scaling — this is VMware Cloud on AWS's answer to EC2 Auto Scaling. Exam questions about handling variable VMware workload demand should reference Elastic DRS

Common Misconceptions & Traps

Common Mistake

VMware Cloud on AWS is just VMware software installed on regular EC2 instances

Correct

VMware Cloud on AWS runs on DEDICATED BARE-METAL AWS infrastructure (i3.metal, i3en.metal hosts) — not on EC2 instances. The hypervisor runs directly on physical hardware, providing the full performance and compatibility of on-premises VMware

This distinction matters for exam questions about performance, licensing, and architecture. Running VMware on EC2 (DIY) is a completely different, unsupported approach that lacks the joint engineering, managed operations, and native AWS service integration of the official service

Common Mistake

You need AWS Direct Connect to connect VMware Cloud on AWS to other AWS services like S3 or RDS

Correct

The SDDC connects to the customer's VPC via a dedicated ENI (Elastic Network Interface), providing direct, private, low-latency access to all native AWS services without requiring Direct Connect or VPN for VPC connectivity. Direct Connect is only needed for on-premises to SDDC connectivity

This is a critical architectural misunderstanding. The ENI is what makes VMware Cloud on AWS genuinely integrated with AWS — not just co-located. Exam questions about accessing AWS services from VMware workloads should trigger 'ENI in the VPC' as the answer

Common Mistake

A single-host SDDC is suitable for production workloads because it's cheaper

Correct

A single-host 'Starter' SDDC does NOT provide vSAN data redundancy (requires minimum 3 hosts for RAID-1/FTT=1 protection) and does not support vSphere HA. It is explicitly designed for evaluation and development only — production workloads require a minimum of 3 hosts

Cost-optimization exam questions may tempt candidates to choose 1-host configurations. The correct answer always requires 3 hosts for any production HA/DR scenario. Choosing 1 host for production is an architectural failure mode

Common Mistake

VMware Cloud on AWS requires separate VMware software licenses (BYOL)

Correct

VMware software licensing (vSphere Enterprise Plus, vSAN, NSX) is INCLUDED in the per-host pricing. There is no Bring Your Own License (BYOL) model — the bundled licensing is one of the key value propositions of the service

Candidates familiar with on-premises VMware licensing assume they need separate VMware licenses. This misconception leads to incorrect total cost of ownership calculations in exam scenarios. The all-inclusive pricing model simplifies procurement and is a differentiator

Common Mistake

VMware Cloud on AWS is managed entirely by AWS, just like RDS or ECS

Correct

VMware Cloud on AWS is a JOINTLY managed service — AWS provides and manages the bare-metal infrastructure, while VMware manages the SDDC software stack (vCenter, ESXi, NSX, vSAN). It is NOT an AWS-native managed service and is not accessible via the standard AWS Console the same way EC2 or RDS are

This affects the support model (VMware Support, not just AWS Support), the operational tools (vCenter, not AWS Console), and the responsibility boundaries. Exam questions about who is responsible for SDDC software updates should answer 'VMware' not 'the customer' or 'AWS'

Common Mistake

AWS Application Migration Service (MGN) and VMware Cloud on AWS solve the same problem

Correct

AWS MGN (formerly CloudEndure) replicates and converts workloads to run natively on EC2 — it RE-PLATFORMS the OS to run without VMware. VMware Cloud on AWS PRESERVES the VMware environment as-is. Use MGN when you want to eliminate VMware; use VMware Cloud on AWS when you want to keep VMware

This is a classic exam distractor. The key differentiator is whether the organization wants to maintain VMware tooling and processes (VMware Cloud on AWS) or modernize to native AWS compute (MGN/EC2). The scenario will hint at this through phrases like 'without changing operations' or 'familiar VMware tools'

Memory Tricks

🧠

SDDC = 'Same Day Data Center' — VMware Cloud on AWS lets you extend your data center to AWS on the same day without rebuilding anything

🧠

ENI = 'Every Native Integration' — the single ENI is your gateway to every native AWS service from within the SDDC

🧠

HCX = 'Hands-off Cross-platform eXtension' — HCX moves your VMs to AWS so you don't have to touch them (zero-downtime vMotion)

🧠

3-Host Rule: 'Three's Company for Production' — always need 3 hosts minimum for vSAN redundancy and vSphere HA in production

🧠

Remember the joint management model as 'VMware drives the software bus, AWS owns the road (hardware)'

CertAI Tutor · SAA-C03 · 2026-02-21

Ready to test your knowledge?

Practice SAA-C03 exam questions with AI-powered explanations — free to start.

VMware Cloud on AWS: The Hybrid Cloud Bridge

Overview

Key Features

Integration Patterns

Service Limits & Quotas

Pricing Model

Exam Tips

Common Misconceptions & Traps

Memory Tricks

Ready to test your knowledge?

Related Cheat Sheets