Domain Name System (DNS) is a critical component of any IT infrastructure as it provides hostname-to-IP address resolutions that applications heavily rely on to establish connectivity with other systems and workloads in the organization. Organizations running VMware Cloud on AWS workloads can implement a hybrid DNS solution using fully managed native services such as AWS-managed Microsoft AD and Amazon Route 53 from AWS. Figure 8.8 illustrates the integration of VMware Cloud on AWS workloads with AWS-managed Microsoft AD.
Figure 8.8 – Amazon-managed Microsoft AD integration with VMware Cloud on AWS
AWS Directory Service is a managed service providing directories containing organizational information, including users, groups, and computers. Using AWS Directory Service, organizations can reduce the burden of management tasks, freeing up more time and resources for their business. Organizations can also use AWS Directory Service to provide DNS resolution. The AWS Directory Service IP address can be the DNS forwarder on the VMware Cloud on AWS SDDC environment.
Integrating an Amazon Route 53 inbound Resolver endpoint
Amazon Route 53 is a DNS service that is highly available and scalable. Amazon Route 53 Resolver can respond recursively to DNS queries for public records, Amazon VPC-specific DNS names, and Amazon Route 53 private-hosted zones. The inbound Resolver endpoints can enable DNS queries to an Amazon VPC from another Amazon VPC or VMware Cloud on AWS SDDC segments, or from an on-premises environments. Figure 8.9 illustrates the integration of VMware Cloud on AWS workloads with an Amazon Route 53 Resolver inbound endpoint.
Figure 8.9 – Amazon Route 53 Resolver inbound endpoint integration with VMware Cloud on AWS
The Amazon Route 53 service provides a managed DNS resolver through a Route 53 inbound endpoint, an alternative option for providing DNS resolution to VMware Cloud on AWS environments. The endpoint has the same DNS view as the VPC it resides in, enabling private hosted zone name resolution, internet name resolution, and customizable name resolution through forwarding rules.
Organizations can provision an inbound endpoint directly within the connected VPC, which can have multiple ENIs, each with a unique IP address. To ensure high availability, using at least two ENIs in different AZs is recommended. Each ENI can handle up to 10,000 queries per second, and additional ENIs can be added to scale out.