The SDDC NSX Manager is accessible at a public IP address reachable by any browser that can connect to the Internet. Click OPEN NSX MANAGER on the SDDC Summary page.
The SDDC NSX Manager also has a private IP address on the management network, which is protected by the management gateway (MGW). By default, the MGW blocks traffic to all management network destinations, including NSX, from all sources. To access the local NSX Manager at its private IP address, you must add management gateway firewall rules that allow only secure traffic from trusted sources. You can use any of the following connection types to connect to the SDDC NSX Manager at a private IP address:
- Configure AWS Direct Connect Between Your SDDC and On-Premises Data Center
This option provides a dedicated connection between your enterprise and the SDDC. It can be combined with an IPsec VPN to encrypt traffic.
- Configure a VPN Connection Between Your SDDC and On-Premises Data Center
This option provides an encrypted connection between your enterprise and the SDDC.
If you can't use Direct Connect or a VPN, you can access the local NSX manager over the Internet at its public IP address. All traffic to the local NSX Manager public IP is encrypted and authenticated, which minimizes the risk of tampering with this connection or its traffic outside of your private network. The Settings tab for your SDDC provides connection and authentication details for connecting to the local NSX manager.
In an SDDC where VMware Tanzu Kubernetes Grid has been enabled, NSX Manager can display a Load Balancers tab. Services from this load balancer are available only to Tanzu Kubernetes Grid workloads. See VMware Knowledge Base article 86368 for more information.
Prerequisites
- An NSX service role is required for users to access NSX manager using SSO authentication (either the "Private URL (Log in through VMware Cloud Services)" or "Public URL" and/or when using the "Open NSX Manager button").
- When accessing the NSX Manager directly using either of the NSX Manager URLs, a VMware Cloud on AWS Service Role such as Administrator or Administrator (Delete Restricted ) is not required as long as the user has one of the NSX roles mentioned in Assign Roles to an Organization Member.
- When accessing the NSX Manager using "Private URL (Log in through NSX Manager credentials)", it is also possible to assign NSX roles to LDAP users or groups in the NSX Manager directly, or by using the predefined system roles. Predefined system roles do not require a VMware Cloud on AWS or NSX role assigned to the user in the CSP if the user has been granted a role directly from NSX Manager.