Setting up a protected site for your VMware Cloud on AWS SDDC requires creating firewall rules for the DRaaS Connector.

As you set up the SDDC protected site, you must decide if you want VMware Cloud Disaster Recovery to create the firewall rules needed for the DRaaS Connector (recommended). Or, if you want to create the filewall rules manually.

If you allow VMware Cloud Disaster Recovery to automatically create firewall rules for your protected site, you must create a dedicated network segment created to use with the protected VMs on the SDDC.

If you wish to create your own firewall rules to allow the DRaaS Connector to communicate with your SDDC, follow these guidelines:
  • SDDC vCenter private IP address on TCP port 443
  • Cloud Backup Site IP address on TCP port 1759
  • SaaS Orchestrator IP address on TCP ports 22 (SSH) and 443
  • VMware Cloud DR auto-support server on TCP port 443
Note: See Service Public IP Addresses for how to find VMware Cloud Disaster Recovery public IP addresses.
Note: VMware Cloud Disaster Recovery does not support an internet proxy server between the DRaaS Connector and the cloud.

You can open these ports by configuring firewall rules for the SDDC's Compute Gateway as described here: Add or Modify Compute Gateway Firewall Rules.

To allow inbound connections to your SDDC <SDDC vCenter private IP> on TCP port 443 (HTTPS) from the DRaaS Connector VMs, follow the instructions for configuring firewall rules for the SDDC Management Gateway here: Add or Modify Management Gateway Firewall Rules.