If the SDDC you want to add for recovery is PCI-hardened, you must create a firewall rule to allow the cloud file system to connect with the SDDC.
A PCI-hardened SDDC is configured with limited network access. To allow the VMware Cloud DR cloud file system to connect to a PCI-hardened SDDC for recovery, you must create a management gateway firewall rule that allows the cloud file system access the NSX-MANAGER on the SDDC.
Before you can create this firewall rule, you need the two IP addresses of the cloud file system. You can obtain the cloud file system IP addresses by first attempting to add the PCI-hardened SDDC to VMware Cloud DR, which will fail. When this operation fails, an event is generated that lists the IP addresses of the cloud file system.
For example, you can see the two cloud file system IP addresses in this event:
You will add these two IP addresses to the firewall rule on the SDDC. Once the firewall rule is created to allow the cloud file system to access the PCI-hardened SDDC, you can add the SDDC for recovery.
- Log in to VMware Cloud Services at https://console.cloud.vmware.com.
- Click recovery SDDC card and click View Details. , then pick the
- Click the Networking & Security tab.
- On the SDDC Networking at Security tab, select Gateway Firewall, and then click the Management Gateway tab.
- Click the Add Rule button.
- Enter a name for the rule, such as CloudDR-Access-NSX.
- Click the pencil icon in the Source field in the firewall rule.
- In the Set Source dialog box, select the User Defined Groups option. You need to create a group because the cloud file system has two IP addresses.
- Click the Add Group button.
- Enter a group name, such as CloudDR-Access.
- Under Compute Members, click the Set button.
- Enter both cloud file system IP addresses separated by a space.
- Click Save, and then click Apply.
- When you return to the firewall rule table, click the small pencil icon in the Destination field.
- In the Set Destination dialog box, select the System Defined Groups option.
- Next, select the NSX Manager destination, and then click Apply.
- In the firewall rule table, click the small pencil icon in the Services field.
- Select both services listed in the field (HTTPS and ICMP).
- When the rule is configured, click the Publish button.
What to do next
You can now add the PCI-dardened SDDC for recovery.