To facilitate the connection between a VMware Cloud on AWS cloud account that you create in VMware Aria Automation and your VMware Cloud on AWS SDDC, you must use a cloud proxy if your source SDDC resides outside of a US region.

You can create a cloud proxy before you create a cloud account or during the process of creating a cloud account.

In this procedure, you create a cloud proxy first. Then you create a cloud account and associate the cloud account to that cloud proxy.

Unless otherwise indicated, the step values that you enter in this procedure are for this example workflow only.

Prerequisites

Note: If your VMware Cloud on AWS SDDC resides on a vCenter server in a data center within the United States (US Region), you can deploy and use an Automation Assembler agent in your SDDC, rather than an API token and an intermediary cloud proxy as described in this topic.

Noten: If you are creating a VMware Cloud on AWS cloud account in a VMware Aria Automation on AWS GovCloud (US) environment, see Getting Started with VMware Aria Automation on AWS GovCloud (US). Documentation about related products is available at the VMware vRealize Cloud Universal on AWS GovCloud (US) product documentation landing page.

  • Verify that you have VMware Cloud on AWS CloudAdmin credentials for the target SDDC in vCenter. See Credentials required for working with cloud accounts in VMware Aria Automation.
  • Verify that you have the cloud administrator user role in VMware Aria Automation. See What are the VMware Aria Automation user roles.
  • Verify that the required SDDC gateway firewall rules are configured in the VMware Cloud on AWS console. The gateway firewall rules enable the cloud proxy VA to communicate with the VMware Cloud on AWS SDDC. See Configure a basic VMware Cloud on AWS workflow in VMware Aria Automation.
  • To support the cloud proxy, you need access to the following domains.
    • ci-data-collector.s3.amazonaws.com – Enables Amazon Web Services S3 access for cloud proxy OVA download.
    • symphony-docker-external.jfrog.io – Enables JFrog Artifactory to access Docker images.
    • console.cloud.vmware.com – Enables the Web API and cloud proxy service connection to the VMware Cloud service.
    • data.mgmt.cloud.vmware.com – Enables the data pipeline service connection to VMware Cloud services for secure data communication between cloud and on-premises elements. For Non-US regions, substitute the region value. For example, for the UK, use uk.data.mgmt.cloud.vmware.com and for Japan, use ja.data.mgmt.cloud.vmware.com. Other Non-US region values include sg (Singapore), br (Brazil), and ca (Canada).
    • api.mgmt.cloud.vmware.com – Enables the Web API and cloud proxy service connection to the VMware Cloud service. For Non-US regions, substitute the region value. For example, for the UK, use uk.api.mgmt.cloud.vmware.com and for Japan, use ja.api.mgmt.cloud.vmware.com. Other Non-US region values include sg (Singapore), br (Brazil), and ca (Canada).
  • Before you add a VMware Cloud on AWS cloud account, configure management gateway firewall rules in the VMware Cloud on AWS console to support cloud proxy communication.
    • Allow network traffic to ESXi for HTTPS (TCP 443) services to the discovered IP address of the cloud proxy.
    • Allow network traffic to vCenter for ICMP (All ICMP), SSO (TCP 7444), and HTTPS (TCP 443) services to the discovered IP address of the cloud proxy.
    • Allow network traffic to the NSX Manager for HTTPS (TCP 443) services to the discovered IP address of the cloud proxy.

If you are using a static IP address for the cloud proxy, you can create firewall rules that limit network traffic for the target vCenter and NSX Manager either before or after you deploy the cloud proxy.

For more information, see Understanding the VMware Cloud services cloud proxy.

Procedure

  1. Log in to Automation Assembler and click Infrastructure > Connections > Cloud Proxies.
  2. Click New Cloud Proxy to open the Install Cloud Proxy OVF deployment page.

    The cloud proxy UI page.

  3. Click Download OVA.
    The supplied VMware-Cloud-Services-Data-Collector.ova file is downloaded.
  4. Rename the downloaded OVA vCenter1_vmc_va.ova.
  5. Navigate to your vSphere Web Client data center, click the name of your vCenter cluster, and select Deploy OVF Template.
  6. Enter the vCenter1_vmc_va.ova OVA filename and location as prompted.
  7. When asked to enter the key or token, return to the Install Cloud Proxy page and click Copy.
  8. Return to the vSphere Web Client and paste the copied key value as prompted to run the cloud proxy virtual appliance.
  9. In Automation Assembler, wait for a connection to be made with your vSphere Web Client and then click Done.

    It might take several minutes to connect.

What to do next

To verify that the cloud proxy is running, see Verify that a cloud proxy is running on a target virtual machine.

You can now create the VMware Cloud on AWS cloud account. See Create a VMware Cloud on AWS cloud account in VMware Aria Automation in the workflow.