After configuring the network of the SDDC and configuring the network of VMware Cloud on AWS for pairing with remote VMware Cloud Director Availability sites, check the summary of the network configuration.

Management Gateway Firewall Rules

Name Sources Destinations Services Explanation
vCenter Inbound From Trusted Management Sources Rule Trusted Management Sources Group vCenter HTTPS Allows the trusted management sources accessing the management gateway vCenter Server for the deployment of the cloud appliances in the compute gateway.
SNAT VCDA to vCenter Rule SNAT VCDA Management Group vCenter HTTPS Allows the compute gateway source NAT accessing the management gateway vCenter Server for bridging the access from the compute gateway cloud VMware Cloud Director Availability appliances.
VCDA Replicators to ESXi Rule VCDA Replicators Management Group ESXi
  • HTTPS
  • Provisioning & Remote Console
Allows all the Replicator Appliance instances writing in the destination ESXi datastore.

For information about creating these management firewall rules, see Prepare the SDDC in VMware Cloud on AWS for deployment and Configure the network of the SDDC in VMware Cloud on AWS.

Compute Gateway Firewall Rules

Name Sources Destinations Services Explanation
VCDA Management from Trusted Compute Sources Rule Trusted Compute Sources Group VCDA Manager Compute Group VCDA-Cloud-Service-Management TCP (Source: Any | Destination: 8046) Allows the trusted compute sources accessing the management interface of the Cloud Service for completing the initial setup.

Later, modifying the same rule allows access to all four types of management interfaces of VMware Cloud Director Availability. For more information, see Post-configure the SDDC networking in VMware Cloud on AWS.

VCDA Appliances Outbound Compute Rule
  • VCDA Manager Compute Group
  • VCDA Replicators Compute Group
  • VCDA Tunnel Compute Group
Any Any Allows the VMware Cloud Director Availability appliances to Internet for the external network traffic from the compute gateway.
VCDA Pairing Compute Rule VCDA Pairing Compute Group VCDA Tunnel Compute Group VCDA-Service-Endpoint TCP (Source: Any | Destination: 8048) Allows the on-premises tenants and the remote cloud sites backed by VMware Cloud Director pairing with VMware Cloud Director Availability in VMware Cloud on AWS.

For information about creating these compute firewall rules, see Configure the network of the SDDC in VMware Cloud on AWS and Configure the SDDC network for pairing VMware Cloud Director Availability in VMware Cloud on AWS.