5 August 2025
Embedded Files
Introduction
Amazon Elastic VMware Service (EVS) is a fully managed, AWS-native service that enables customers to deploy and operate VMware Cloud Foundation (VCF) environments directly within their Amazon Virtual Private Cloud (VPC).
As of August 5, 2025, EVS is generally available and is designed to simplify migration, modernization, and hybrid cloud operations for VMware workloads.
EVS supports VCF 5.2.1, runs on EC2 i4i.metal bare-metal instances, and integrates natively with AWS services like IAM, CloudTrail, GuardDuty, and FSx for NetApp ONTAP.
Amazon EVS is now available in the following AWS regions:
US East (N. Virginia)
US East (Ohio)
US West (Oregon)
Europe (Frankfurt)
Europe (Ireland)
Asia Pacific (Tokyo)
Core Architecture & Components
Core Architecture & Components
1. VMware Cloud Foundation Stack
1. VMware Cloud Foundation Stack
EVS delivers a full-featured VCF stack, including:
vSphere 8.x: ESXi hypervisor with full administrative access
vSAN ESA: NVMe-backed storage using i4i.metal hosts for high-performance HCI
NSX-T 4.x: Advanced networking with Tier-0 and Tier-1 gateways, overlay networks, and microsegmentation
2. EVS Console
2. EVS Console
The EVS Console is a self-service interface integrated into the AWS Management Console. It provides:
Guided workflows for SDDC deployment
Host scaling and lifecycle automation
Network configuration and security rule management
Integration with VMware Cloud Builder for automated provisioning
3. Networking & Connectivity
3. Networking & Connectivity
EVS networking is built on NSX-T overlay technology, with support for hybrid integration via:
Elastic Network Interfaces (ENIs) for east-west traffic
Tier-0 Gateway: Handles north-south traffic; supports Active/Standby NSX Edge clusters
Tier-1 Gateway: Manages east-west traffic between segments
Hybrid Connectivity Options:
AWS Transit Gateway (TGW)
AWS Direct Connect
Site-to-Site VPN
AWS Cloud WAN for multi-region connectivity
4. Identity & Access Management
4. Identity & Access Management
EVS integrates with AWS IAM to provide:
Identity-based policies and ABAC
Service-linked roles for EVS operations
SSO/SAML Federation for vCenter access
Audit logging via CloudTrail and AWS Config
5. VMware HCX (Optional)
5. VMware HCX (Optional)
EVS supports VMware HCX for workload mobility, including:
Cold migration
Bulk migration
Live vMotion
Replication-assisted vMotion
WAN optimization and secure tunnels
Security Architecture
Security Architecture
EVS can employs a layered security model combining NSX-T and optional vDefend Advanced Threat Prevention:
NSX-T Security Features
NSX-T Security Features
Underlay Networking: Built on Amazon VPC and EVS VLAN subnets, managed by NSX-T
Overlay Networking: Logical switching and routing for EVS workloads
Tiered Gateways: Traffic routing and perimeter control via Tier-0 and Tier-1
Security Groups & Policies: Basic rule-based segmentation using NSX constructs
vDefend Add-On Capabilities
vDefend Add-On Capabilities
vDefend is a software-defined Layer 7 firewall solution that enhances NSX-T by adding:
Distributed Firewall (DFW): L2–L4 stateful traffic filtering between workloads
Microsegmentation: Fine-grained east-west isolation across applications
Tiered Gateway Enforcement: Policy-based control across T0/T1 boundaries
IDS/IPS: Inline threat detection and virtual patching
Identity Firewall: Access policies integrated with AD/LDAP
Application Layer Inspection: Deep packet inspection (DPI) with App-ID visibility
VM-Aware Malware Detection: AI/ML-driven sandboxing for threat prevention
These features enable defense-in-depth strategies for regulated workloads and mission-critical applications.
These features enable defense-in-depth strategies for regulated workloads and mission-critical applications.
What's Included in EVS
What's Included in EVS
Enterprise Use Cases
Enterprise Use Cases
EVS supports a wide range of strategic scenarios:
1. Data Center Exit / Migration
1. Data Center Exit / Migration
Lift-and-shift VMware workloads using HCX, preserving IPs and operational runbooks while accelerating migration timelines.
2. Disaster Recovery (DR)
2. Disaster Recovery (DR)
Use EVS as a DR target with pilot-light or warm-standby architectures, leveraging HCX replication and hybrid networking.
3. Application Modernization
3. Application Modernization
Gradually refactor legacy applications by colocating VMs with AWS-native services such as S3, Aurora, or Bedrock.
4. Dev/Test Environments
4. Dev/Test Environments
Provision on-demand SDDCs with full production parity, enabling agile development and testing workflows.
5. Compliance & Regulated Workloads
5. Compliance & Regulated Workloads
Deploy EVS in dedicated AWS-managed accounts with NSX segmentation and IAM auditing, suitable for finance, healthcare, and public sector.
6. Elastic Scaling
6. Elastic Scaling
Expand VMware footprint elastically for seasonal demand or project-based workloads, avoiding CapEx-heavy infrastructure.
Deployment Checklist
Deployment Checklist
Confirm EVS availability in target AWS region
Configure VPC CIDRs and Route Server endpoints
Acquire VCF license keys and Site ID from Broadcom
Reserve EC2 i4i.metal capacity (minimum 4 hosts)
Create IAM roles and permissions
Deploy EVS environment via Console or CLI
Establish hybrid connectivity (TGW, DX, VPN)
Migrate workloads using HCX
Conclusion
Conclusion
Amazon Elastic VMware Service (EVS) is a transformative offering that bridges the gap between traditional virtualization and cloud-native agility. It empowers enterprises to:
Preserve VMware investments and skillsets
Accelerate cloud adoption with minimal disruption
Enhance security and compliance posture
Simplify operations with AWS-native tooling
EVS is not just VMware in the cloud—it’s cloud-aligned VMware, purpose-built for modern enterprise IT.
Learn More
Learn More
Page updated
Google Sites
Report abuse