SDDC network configuration summary

After configuring the network of the SDDC and configuring the network of VMware Cloud on AWS for pairing with remote VMware Cloud Director Availability sites, check the summary of the network configuration.

Management Gateway Firewall Rules


Name	Sources	Destinations	Services	Explanation
`vCenter Inbound From Trusted Management Sources Rule`	`Trusted Management Sources Group`	vCenter	HTTPS	Allows the trusted management sources accessing the management gateway vCenter Server for the deployment of the cloud appliances in the compute gateway.
`SNAT VCDA to vCenter Rule`	`SNAT VCDA Management Group`	vCenter	HTTPS	Allows the compute gateway source NAT accessing the management gateway vCenter Server for bridging the access from the compute gateway cloud VMware Cloud Director Availability appliances.
`VCDA Replicators to ESXi Rule`	`VCDA Replicators Management Group`	ESXi	HTTPS Provisioning & Remote Console	Allows all the Replicator Appliance instances writing in the destination ESXi datastore.

For information about creating these management firewall rules, see Prepare the SDDC in VMware Cloud on AWS for deployment and Configure the network of the SDDC in VMware Cloud on AWS.

Compute Gateway Firewall Rules


Name	Sources	Destinations	Services	Explanation
`VCDA Management from Trusted Compute Sources Rule`	`Trusted Compute Sources Group`	`VCDA Manager Compute Group`	`VCDA-Cloud-Service-Management` TCP (Source: Any \| Destination: 8046)	Allows the trusted compute sources accessing the management interface of the Cloud Service for completing the initial setup. Later, modifying the same rule allows access to all four types of management interfaces of VMware Cloud Director Availability. For more information, see Post-configure the SDDC networking in VMware Cloud on AWS.
`VCDA Appliances Outbound Compute Rule`	`VCDA Manager Compute Group` `VCDA Replicators Compute Group` `VCDA Tunnel Compute Group`	Any	Any	Allows the VMware Cloud Director Availability appliances to Internet for the external network traffic from the compute gateway.
`VCDA Pairing Compute Rule`	`VCDA Pairing Compute Group`	`VCDA Tunnel Compute Group`	`VCDA-Service-Endpoint` TCP (Source: Any \| Destination: 8048)	Allows the on-premises tenants and the remote cloud sites backed by VMware Cloud Director pairing with VMware Cloud Director Availability in VMware Cloud on AWS.

For information about creating these compute firewall rules, see Configure the network of the SDDC in VMware Cloud on AWS and Configure the SDDC network for pairing VMware Cloud Director Availability in VMware Cloud on AWS.