Before you start working in Cloud Assembly, you must gather information about your public and private cloud accounts. Use this checklist to help you begin adding your cloud resources.

Before you onboard with Cloud Assembly

To...

You need...

Sign up for and log in to Cloud Assembly

A VMware ID.

  • Set up a My VMware account by using your corporate email address.

Connect to VMware Cloud services

HTTPS port 443 open to outgoing traffic with access through the firewall to:

  • *.vmwareidentity.com

  • gaz.csp-vidm-prod.com

  • *.vmware.com

Add an Amazon Web Services cloud account

Provide a power user account with read and write privileges.

  • 20-digit Access Key ID and corresponding Secret Access Key

Add a Microsoft Azure cloud account

Provide an account with read and write privileges.

  • Subscription ID

    Allows you access to your Microsoft Azure subscriptions

  • Tenant ID

    The authorization endpoint for the Active Directory applications you create in your Microsoft Azure account

  • Client application ID

    Provides access to Microsoft Active Directory in your Azure individual account

  • Client application secret key

    The unique secret key generated to pair with your client application ID

The following permissions are needed for creating and validating Microsoft Azure cloud accounts:

  • Microsoft Compute

    • Microsoft.Compute/virtualMachines/deallocate/action

    • Microsoft.Compute/virtualMachines/delete

    • Microsoft.Compute/virtualMachines/powerOff/action

    • Microsoft.Compute/virtualMachines/read

    • Microsoft.Compute/virtualMachines/restart/action

    • Microsoft.Compute/virtualMachines/start/action

    • Microsoft.Compute/virtualMachines/write

    • Microsoft.Compute/availabilitySets/write

    • Microsoft.Compute/availabilitySets/read

    • Microsoft.Compute/availabilitySets/delete

    • Microsoft.Compute/disks/delete

    • Microsoft.Compute/disks/read

    • Microsoft.Compute/disks/write

  • Microsoft Network

    • Microsoft.Network/loadBalancers/backendAddressPools/join/action

    • Microsoft.Network/loadBalancers/delete

    • Microsoft.Network/loadBalancers/read

    • Microsoft.Network/loadBalancers/write

    • Microsoft.Network/networkInterfaces/join/action

    • Microsoft.Network/networkInterfaces/read

    • Microsoft.Network/networkInterfaces/write

    • Microsoft.Network/networkInterfaces/delete

    • Microsoft.Network/networkSecurityGroups/join/action

    • Microsoft.Network/networkSecurityGroups/read

    • Microsoft.Network/networkSecurityGroups/write

    • Microsoft.Network/networkSecurityGroups/delete

    • Microsoft.Network/publicIPAddresses/delete

    • Microsoft.Network/publicIPAddresses/join/action

    • Microsoft.Network/publicIPAddresses/read

    • Microsoft.Network/publicIPAddresses/write

    • Microsoft.Network/virtualNetworks/read

    • Microsoft.Network/virtualNetworks/subnets/delete

    • Microsoft.Network/virtualNetworks/subnets/join/action

    • Microsoft.Network/virtualNetworks/subnets/read

    • Microsoft.Network/virtualNetworks/subnets/write

    • Microsoft.Network/virtualNetworks/write

  • Microsoft Resources

    • Microsoft.Resources/subscriptions/resourcegroups/delete

    • Microsoft.Resources/subscriptions/resourcegroups/read

    • Microsoft.Resources/subscriptions/resourcegroups/write

  • Microsoft Storage

    • Microsoft.Storage/storageAccounts/delete

    • Microsoft.Storage/storageAccounts/listKeys/action

    • Microsoft.Storage/storageAccounts/read

    • Microsoft.Storage/storageAccounts/write

Add a Google Cloud Platform cloud account

Provide an account with read and write privileges.

Add an NSX-T cloud account

Provide an account with read and write privileges.

  • NSX-T and vCenter Server Enterprise Administrator role

  • NSX-T and vCenter Server administrator access credentials

  • NSX-T IP address or FQDN.

  • Permissions required to install a cloud proxy on the vCenter Server instance that manages this NSX-T instance

Add an NSX-V cloud account

Provide an account with read and write privileges.

  • NSX-V and vCenter Server Enterprise Administrator role

  • NSX-V IP address or FQDN

  • Permissions required to install a cloud proxy on the vCenter Server instance that manages this NSX-V instance

Add a VMware Cloud on AWS cloud account

Provide an account with read and write privileges.

  • Use the cloudadmin@vmc.local account or any user account in the CloudAdmin group

  • NSX Enterprise Administrator role if using NSX-T with VMware Cloud on AWS

  • Administrator access to your organization's VMware Cloud on AWS SDDC environment

  • The VMware Cloud on AWS API token for your VMware Cloud on AWS environment in your organization's VMware Cloud on AWS service

  • Administrator access to the vCenter that is used by your target VMware Cloud on AWS SDDC

  • vCenter IP address or FQDN.

  • Permissions required to install a cloud proxy on the vCenter Server

For additional details about the permissions needed to create and use VMware Cloud on AWS cloud accounts, see Privileges Reference for CloudAdmin and CloudGlobalAdmin in the VMware Cloud on AWS product documentation.

Add a vCenter cloud account

Provide an account with read and write privileges.

  • vCenter Server Enterprise Administrator account/role

  • vCenter IP address or FQDN

  • Permissions required to install a cloud proxy on the vCenter Server

Required attributes and permissions for vCenter are:

  • Datastore

    • Allocate Space

    • Browse Datastore

  • Folder

    • Create Folder

    • Delete Folder

  • Global

    • Manage Custom Attributes

    • Set Custom Attributes

  • Network

    • Assign Network

  • Permissions

    • Modify Permission

  • Resource

    • Assign VM to Res Pool

    • Migrate Powered Off Virtual Machine

    • Migrate Powered On Virtual Machine

  • Virtual Machine - Inventory

    • Create from existing

    • Create New

    • Migrate Powered On Virtual Machine

    • Move

    • Remove

  • Virtual Machine - Interaction

    • Configure CD Media

    • Console Interaction

    • Device Connection

    • Power Off

    • Power On

    • Reset

    • Suspend

    • Tools Install

  • Virtual Machine - Configuration

    • Add Existing Disk

    • Add New Disk

    • Add or Remove

    • Remove Disk

    • Advanced

    • Change CPU Count

    • Change Resource

    • Device Extend Virtual Disk Settings

    • Disk Change Tracking

    • Memory

    • Modify Device Settings

    • Rename

    • Set Annotation

    • Settings

    • Swapfile Placement

  • Virtual Machine - State

    • Create Snapshot

    • Remove Snapshot

    • Revert to Snapshot

  • Content Library - Content Library Administrator

    • Add library item

    • Create local library

    • Create subscribed library

    • Delete library item

    • Delete local library

    • Delete subscribed library

    • Download files

    • Evict library item

    • Evict subscribed library

    • Probe subscription information

    • Read storage

    • Sync library item

    • Sync subscribed library

    • Type introspection

    • Update configuration settings

    • Update files

    • Update library

    • Update library item

  • Tags - Tagging Admin

    • Assign or Unassign vSphere tag

    • Create a vSphere tag

    • Create a vSphere tag category

    • Delete vSphere tag

    • Delete vSphere tag category

    • Edit vSphere tag

    • Edit vSphere tag category

    • Modify UsedBy field for category

    • Modify UsedBy field for tag