Setting up a protected site for your VMware Cloud on AWS SDDC requires creating firewall rules for the DRaaS Connector.
As you set up the SDDC protected site, you must decide if you want VMware Cloud Disaster Recovery to create the firewall rules needed for the DRaaS Connector (recommended). Or, if you want to create the filewall rules manually.
If you allow VMware Cloud Disaster Recovery to automatically create firewall rules for your protected site, you must create a dedicated network segment created to use with the protected VMs on the SDDC.
- SDDC vCenter private IP address on TCP port 443
- Cloud Backup Site IP address on TCP port 1759
- SaaS Orchestrator IP address on TCP ports 22 (SSH) and 443
- VMware Cloud DR auto-support server on TCP port 443
You can open these ports by configuring firewall rules for the SDDC's Compute Gateway as described here: Add or Modify Compute Gateway Firewall Rules.
To allow inbound connections to your SDDC <SDDC vCenter private IP> on TCP port 443 (HTTPS) from the DRaaS Connector VMs, follow the instructions for configuring firewall rules for the SDDC Management Gateway here: Add or Modify Management Gateway Firewall Rules.