Your web browser doesn't support some required capabilities.

This interactive demo works best with the latest version of Chrome, Firefox, or Safari.


An error occurred. Please reload the page or download again from the VMware Demo Library:

For VMware partners:

For VMware employees:


Visit the VMware Demo Library
to get more demos!

For VMware partners:

For VMware employees:


Unable to initialize the simulation player:

This demo file may be incomplete or damaged. Please reload the page or download again from the VMware Demo Library:

For VMware partners:

For VMware employees:


This is an interactive demo

Drive it with your mouse, your finger, or just use the arrow keys.

Use Learn mode to learn the demo. The orange boxes show where to click.

Use Present mode to hide the orange boxes and notes.

Click a Shortcut to jump to a specific part of the demo.

Hide notes
Restore notes
Open notes window
Increase font size
Decrease font size

There are multiple ways to activate Virtual Edge on AWS. This lab focus is to use the manual way for activating an edge.


Summary Steps: 

Step 1: From AWS Console, Create VPC, Subnets, Routing Table.

Step 2: From NSX SD-WAN Orchestrator UI, Create and Configure an site.

Step 3: From AWS marketplace, Create and Deploy an instance of Virtual Edge.  This step will use the Cloud Init file. 

Use the VPC, Subnets, Routing table defined in the previous step.

Detailed Steps: 

Step 1: From AWS Console, Create VPC, Subnets, Routing Table.

  • From the browser, open the AWS Console. 
    • click on the AWS console in the browser window.
  • Use the Login Credentials. For this lab, credentials are auto populated. 
    • click on the login screen to continue
    • click on Sign-In
    • This will give access to AWS services.

Start by

Step 1a.Creating VPC
Step 1b. Subnet->Public and Private Subnet
Step 1c. Route Table->Assign Subnets to Route Table
Step 1d. Internet Gateway
Step 1e. Create Default Routes for Public and Private subnets. 

Step 1a. VPC: Let's start by creating VPC

  • click on VPC.
  • click on VPC's to continue
  • click Create VPC
  • click and give a Name tag to the VPC. For this Lab, use name as "NSX_SDWAN_VPC"
  • click on IPV4 and assign a CIDR block to the VPC. 
    for this lab, use
    click on "Yes Create" to create the VPC.

Step 1b. Subnet: 
Create Public and Private Subnet. 
Public Subnet=
Private Subnet=

  • click on Name tag and assign the name to the Public Subnet. 
    Use name as NSX_SDWAN_Subnet_Public
  • Make sure the correct VPC is assigned to the subnet. In this case, NSX_SDWAN_VPC is used. 
  • IPV4 for Public is
  • click on "Yes Create"

  • Now Create Private Subnet. 
  • click on Create Subnet
  • click on name tag to create Private Subnet. Use the name NSX_SDWAN_Subnet_Private
  • click and assign the VPC from the drop down
  • click on the IPV4 to assign the IPV4 range for Private subnet. 

  • Subnet UI shows Public and Private subnets.


(3) Route Table : Create Route table for each subnet, in this case, Public and Private Route table.

  • Create Route Table by giving a name to the route table.
  • Let's us create Public Route table.
  • Assign the VPC from the drop down.
  • click Yes Create.

    Do the same for Private Route table. 

  • Create Private Route table 
  • Assign the VPC from drop down
  • click Yes Create.

(4) Internet Gateway :

Create Internet gateway from Public side of the edge device to access internet. This is required from the Edge device WAN side to connect to the Orchestrator on the Internet.

  • Give a name to the IGW (Internet Gateway) NSX_SDWAN_IGW
  • click create and
  • click close
  • Now, assign the IGW to the VPC. 
  • click Action and attach to the VPC from the drop down
  • click attach.

(5) Assign Subnets to the Routing table. 
Private subnet will be assigned to the Private Routing table and Public subnet will be assigned to the Public subnets.

Assign the Private subnet to private route table. 

  • click on the Private subnet
  • click on Subnet Association
  • click Edit
  • click the checkbox for the private subnet. 
  • click save. 

    This will assign the private subnet to the Private router. This is for the LAN side of the Virtual Edge.

Do the same for the Public subnet. Assign the Public subnet to the Public router. This is for the WAN side of the Virtual edge.

  • click on the Public Subnet.
  • click on Subnet Association
  • click Edit 
  • click the checkbox for the Public subnet
  • click Save.

Let us confirm the subnets and route table. 

(6) Assign Default Routes for the subnets to the router. Router is the default gateway for the Public and Private Subnet. 

For Public Subnet, --> Public Subnet

For Private Subnet, default route will be added when the private interface is added from the NSX SDWAN Orchestrator (VCO). This step is performed after the Virtual edge is activated. 

For now , use the default gateway for the public side of the network

  • for configuring the default route, click and type
  • click and use the drop down to selec the IGW interface.
  • save changes.

Now, move on to the NSX SDWAN Orchestrator and create the Site. 

Step 2: From NSX SD-WAN Orchestrator UI, Create and Configure an site.

Steps involved from the Orchestrator UI are 

Step 2a. Create a Site

Step 2b. Configure a Site

1. Create a Site 

  • click on New Edge 
  • click Name, Give a name, in this case use 
  • click Model, From the drop down, use the model as Virtual Edge
  • click Profile, For the profile, use the Quick Start profile
  • click Create

2. Configure a Site

  • click Devices
  • click Edit for the VLAN, assign IP address. This IP address is for the Management of edge device. 
  • click Edge LAN IP address and type in , CIDR 24.
  • click Update VLAN
  • Now, lets configure the GE2 interface as WAN interface 
  • click edit for GE2
  • click Override Interface checkbox
  • click to change the interface type from Switched to Routed. 
  • click and select Routed from drop down.
  • Make sure the WAN overlay check box is enabled.
  • click and disable the NAT direct Traffic
  • click Update GE2
  • click save changes to save the settings. 


This will create an Activation link. This activation link will be used later for the cloud init file. Also, later on , GE3 will be used as a LAN interface. End user will come back and configure the LAN interface. 


Step 3: From AWS marketplace, Create and Deploy an instance of Virtual Edge.  This step will use the Cloud Init file. 

Step 3a: Launch Instance from AWS MarketPlace

Step 3b: Configure Velocloud Virtual instance on AWS. 

Step 3c: Configure Cloud Init file for the Virtual Instance. 

Step 3d: Assign Elastic IP to the WAN interface eth1.

Step 3e. Configure LAN interface on AWS and SD-WAN orchestrator. Also, configure the default gateway for LAN interface in AWS instance. 

Step 3f. Verify the interfaces on the AWS edge device from SDWAN orchestrator

Step 3g. Disable the Source/destination check for AWS instance and for all the interfaces configured. (eth0,eth1 and eth2)


Step 3a: Launch Instance from Marketplace

  • click the browser tab to access AWS console
  • click Launch Instance
  • click AWS MarketPlace
  • from the search bar , type in Velocloud
  • click Select
  • click Continue
  • select the c4.xlarge instance type for this demo.

Step 3b: Configure Velocloud Virtual Intance. 

In this step, Use the VPC, subnet which was created in previous steps. 

  • Click network and select the VPC "NSX_SDWAN_VPC"
  • select the Public Subnet. This subnet will be used for WAN interface and also be used to do the activation by getting in touch with orchestrator
  • click Subnet and select Public Subnet NSX_SDWAN_Subnet_Public
  • scroll down and add a new interface. this interface is the WAN interface and is going to be part of WAN interface. 
  • click Add Device
  • Eth1 is the WAN interface and should be part of WAN interface. This corresponds to GE2 on Velocloud Virtual Edge. 
  • click and select Public subnet for eth1

Step 3c: Cloud Init file for the Instance

In this step, end user will use the activatation key generated from the orchestartor to create a cloud init file. 

  • click to open a new text file (use notepad)
  • make sure to use the format shown in this demo for the cloud init file
  • Add VCO dns or IP address. copy paste the activation Key.
  • copy paste the text file content to the AWS Console (Advance Details). 
  • click copy from text editor 
  • click paste on to the AWS Console.
  • next step is to copy paste the Activation key from Orchestrator.
  • click on the browser tab with Orchestrator to get the activation link
  • Select activation key, copy from Orchestrator and paste to the AWS instance Advance details to complete the Cloud Init file.
  • click Review and Launch Instance
  • Use the default Security Group 
  • Optional step, Add tags. 
  • click Launch
  • select the security key as per your enterprise setup. 
  • click on Acknowledge checkbox and 
  • click launch instance
  • Click Services 
  • click EC2
  • click running instances and look for the instance you configured.
  • click on the instance 

Step 3d. Elastic IP to the WAN interface. 

For this, assign an elastic ip to the WAN interface eth1 from AWS console. This interface binds to Virtual Edge Ge2 interface. 

  • click on Eth1
  • click on Interface ID
  • click Elastic IP 
  • click Allocate New Address
  • click Allocate
  • click close
  • Now that the Elastic IP address is avaible, lets go and assign this Elastic ip to Eth1 WAN interface.
  • click Action
  • click Associate Address 
  • click Associate to Private IP Address 
  • click the Instance comsole monitor and Orchestrator to check the progress of the Virtual edge getting instantiated. 

  • From the AWS Console, Add the interface for LAN (eth2) and configure the default route for the private subnet. Private subnet is for the LAN side network. 

  • click Network interface
  • click Create Network Interface
  • type in a name = NSX_SDWAN_LAN_Interface
  • click select Subnet as NSX_SDWAN_Subnet_Private
  • select the security Group 
  • click yes create
  • Now that the LAN interface is created, let us attach the interface to the instance. 
    Before adding LAN interface , instance has eth0 and eth1(WAN). 
    After adding the LAN interface , instance will have total of 3 interfaces 
    eth0 Mgmt , Eth1 WAN and Eth2 as LAN. 
  • Now that the AWS side is configured, lets populate the LAN side IP subnet 172.16.10.x to the Orchestrator. 

Step 3e. From the SDWAN Orchestrator, LAN side interface needs to be configured. this is done when the edge is successfully activated. Once the Edge is activated successfully, Configure the LAN side of the Virtual Edge. 

  • click Configure Edges
  • click devices 
  • GE3 will be configured as LAN interface. 
  • click disable WAN overlay for GE3 , enable Advertise and disable the NAT Direct Traffic
  • click on update GE3
  • click Save Changes.
  • Now that we have added the GE3 ( Eth2 ) LAN interface to the Edge device, this new interface needs to be recognzied. Reboot the edge device from SD-WAN orchestrator.
  • click Remote Action
  • click Reboot
  • click Yes

    Now configure the LAN interface default gateway from the AWS console.
  • Click the browser tab to access the AWS console. 
  • EC2-> Select the AWS instance AWS Virtual Edge A

  • Eth2 (Ge3) is the LAN interface. End user needs to copy the Interface ID and use this interface ID as default gateway for the LAN subnet. 

  • click Eth2
  • click and select the Interface ID. Copy the interface ID
  • click copy
  • Access the Route table. 
  • click VPC
  • click Route Table and select the Private side of the route table. Private route table in this case is the LAN side subnet. 
  • click Routes
  • click Edit
  • Add another Route 
  • click destination and type
  • click local and paste the interface ID
  • Save Changes.

  • click Private Route Table NSX_SDWAN_RouteTable_Private
  • click Routes
  • click Edit
  • click Add another route
  • Add and add the default gateway as the Private LAN IP

Step 3f. Verify the interfaces from SDWAN Orchestrator. 

  • click on Orchestrator tab
  • click on Monitor->Events and check for GE2 and GE3 Interfaces. These interfaces are now added and configured. 

Step 3g. As a last step, make sure the disable the Source/destination check on the AWS instance and also from all the configured interfaces (eth0, eth1 and eth2)

  • disable the Source/destination for the instance. 
  • click the instance
  • click networking 
  • click Change source/dest check
  • click Yes disable
  • Now, do the same for all the interfaces


How likely is it that you would recommend this demo to a friend or colleague?
Not at all likely Extremely likely
Thanks, we appreciate your feedback!
Copyright © 2018 VMware, Inc. All rights reserved.