Amazon EVS: The Complete Professional Prerequisite Guide
Amazon Elastic VMware Service (EVS) enables organizations to run VMware Cloud Foundation (VCF) directly on AWS bare-metal infrastructure. For a successful VCF bring-up, the AWS "underlay" must be precisely architected to handle management, storage, and workload traffic across a complex VLAN structure.
This guide provides the exhaustive checklist for networking, DNS, and IP pool planning required for a production-ready EVS Software-Defined Data Center (SDDC).
1 Phase 1: Bare-Metal Readiness
1.1 Validating Instance Quotas
Amazon EVS utilizes the **i4i.metal** instance type. A minimum of **4 nodes** is required for the initial VCF management domain cluster. Ensure your AWS Service Quotas for Running Dedicated i4i.metal Hosts is set to at least 4 per region before proceeding.
2 Phase 2: Multi-VLAN Networking (Underlay)
A production EVS environment requires **10 dedicated VLANs/Subnets**. These ranges must be non-overlapping and reserved within your VPC CIDR (typically a /16).
| VLAN Name | Description | Required Size | Recommended CIDR |
|---|---|---|---|
| Management | ESXi Hosts, vCenter, SDDC Manager | Min /24 | 10.0.10.0/24 |
| vMotion | Live VM Migration Traffic | Min /24 | 10.0.11.0/24 |
| vSAN | Software-Defined Storage Traffic | Min /24 | 10.0.12.0/24 |
| Host Overlay (TEP) | NSX Host Geneve Encapsulation | Min /24 | 10.0.13.0/24 |
| Edge Overlay | NSX Edge Geneve Encapsulation | Min /24 | 10.0.14.0/24 |
| Uplink 1 | North-South Traffic (Tier-0) | Min /27 | 10.0.15.0/27 |
| Uplink 2 | North-South Traffic (Tier-0 Redundancy) | Min /27 | 10.0.15.32/27 |
| Service Access | AWS Route Server & DNS Resolver endpoints | Min /28 | 10.0.1.0/24 |
| HCX Management | (Optional) HCX Cloud Manager | Min /28 | 10.0.20.0/28 |
| HCX Interconnect | (Optional) HCX Migration Traffic | Min /28 | 10.0.21.0/28 |
3 Phase 3: Route 53 DNS & Management Resolution
VCF is highly sensitive to name resolution. You must provision Forward (A) and Reverse (PTR) records for every management appliance and host before the bring-up process begins.
| Component | Forward FQDN (Example) | Reverse Record (PTR) |
|---|---|---|
| Cloud Builder | cloud-builder.vcloudone.internal | 10.0.10.9 |
| SDDC Manager | sddc-manager.vcloudone.internal | 10.0.10.10 |
| vCenter Server | vcenter.vcloudone.internal | 10.0.10.11 |
| NSX Manager 01 | nsx-mgr-01.vcloudone.internal | 10.0.10.12 |
| NSX Manager 02 | nsx-mgr-02.vcloudone.internal | 10.0.10.13 |
| NSX Manager 03 | nsx-mgr-03.vcloudone.internal | 10.0.10.14 |
| NSX Edge 01 | nsx-edge-01.vcloudone.internal | 10.0.10.21 |
| NSX Edge 02 | nsx-edge-02.vcloudone.internal | 10.0.10.22 |
| ESXi Host 01-04 | esxi-0[1-4].vcloudone.internal | 10.0.11.21-24 |
| HCX Manager | (Optional) hcx.vcloudone.internal | 10.0.20.10 |
4 Phase 4: VPC Route Server & BGP
4.1 BGP Peering Configuration
The **VPC Route Server** acts as the BGP bridge between the NSX overlay and the AWS VPC routing table. Associate the Route Server with your evs-underlay-vpc and configure peering with the NSX Edges (using ASN 65000 for the Edge cluster and 64512 for the Route Server).
Important: Enable **Route Propagation** on your VPC Main Route Table so that VMware workload segments are reachable from AWS native services.
Automation: Advanced Terraform Deployment
The following template automates the VPC, Service Access Subnet, Inbound Resolver, and VPC Route Server setup required for EVS.
# 1. Create Base VPC Underlay
resource "aws_vpc" "evs_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
}
# 2. Inbound DNS Resolver for SDDC Components
resource "aws_route53_resolver_endpoint" "evs_dns" {
direction = "INBOUND"
security_group_ids = [aws_security_group.dns_sg.id]
ip_address { subnet_id = aws_subnet.service_access.id; ip = "10.0.1.100" }
ip_address { subnet_id = aws_subnet.service_access.id; ip = "10.0.1.110" }
}
# 3. VPC Route Server for NSX Edge Peering
resource "aws_vpc_route_server" "evs_rs" {
amazon_side_asn = 64512
}
resource "aws_vpc_route_server_peer" "nsx_edge_01" {
route_server_id = aws_vpc_route_server.evs_rs.route_server_id
peer_address = "10.0.10.251"
bgp_options { peer_asn = 65000 }
}
Download Enterprise EVS Kit
Access the full modular Terraform project for DNS, Peering, IAM, and Networking.
Download Deployment Project (.zip)