VMC on AWS Firewall Rules for Cold Migration
Ensure that the following firewall rule are configured in the VMC Console.
|Provide access to vCenter Server from the on premises.
Use for general vSphere Client access as well as for monitoring vCenter Server
|remote (on-premises) vSphere Client IP address||vCenter||HTTPS|
|Allow outbound vCenter Server access to on-premises vCenter Server.||vCenter||remote (on-premises) vCenter Server IP address||Any (All Traffic)|
|Allow SSO vCenter Server||remote (on-premises) Platform Services Controller IP address||vCenter||SSO (TCP 7444)|
|ESXi NFC traffic||remote (on-premises) ESXi VMkernel networks used for NFC.||ESXi||Provisioning (TCP 902)|
|Allow outbound ESXi access to on-premises ESXi||ESXi||remote (on-premises) ESXi management VMkernel networks||Any (All Traffic)|
On-Premises Firewall Rules for Cold Migration
Ensure that the following firewall rules are configured in your on-premises firewall.
|On-premises to vCenter Server||Allow||remote (on-premises) vSphere Client subnet||VMware Cloud on AWS vCenter Server IP address||HTTPS||443|
|Remote to ESXi provisioning||Allow||remote (on-premises) subnet||TCP 902||902|
|Cloud SDDC to on-premises vCenter ServerAllow||Allow||CIDR block for cloud SDDC management network||On-premises vCenter Server, PSC, Active Directory subnet||HTTPS||443|
|Cloud SDDC toESXi Remote Console||Allow||CIDR block for cloud SDDC management network||VMware Cloud on AWS vCenter Server IP address|
|Cloud SDDC to Remote LDAP (Required for HLM only)||Allow||CIDR block for cloud SDDC management network||Remote LDAP Server||TCP||389, 636|