Before you connect vRealize Automation to your VMware Cloud on AWS SDDC, you must configure networking and firewall rules for your SDDC.

Procedure

  1. If you haven't done so already, deploy your SDDC on VMware Cloud on AWS and make note of the management CIDR.
  2. Configure an IPsec VPN for the management gateway.

    See "Configuring VPNs and Gateways" in VMware Cloud on AWS Networking and Security.

    Important:

    To work with vRealize Products, the vCenter Server FQDN must resolve to a private IP address on the management network. Under Management Gateway, click DNS. and select Private IP resolvable from VPN.

  3. Configure a logical network and compute VPN.

    See "Configuring Compute Gateway Networking" in VMware Cloud on AWS Networking and Security.

  4. Configure additional firewall rules if necessary.

    The firewall rule accelerator creates all these rules for you. If you choose to create firewall rules manually, be sure to include the following rules on the Management Gateway and Compute Gateway firewalls.

    Table 1. Additional Management Gateway Firewall Rules

    Name

    Source

    Destination

    Service

    vCenter

    CIDR block of on-premises data center

    vCenter

    Any (All Traffic)

    vCenter Ping

    Any

    vCenter

    ICMP (All ICMP)

    On Premises to ESXi Ping

    CIDR block of on-premises data center

    ESXi Management Only

    ICMP (All ICMP)

    On Premises to ESXi Remote Console

    CIDR block of on-premises data center

    ESXi Management Only

    Remote Console (TCP 903)

    On Premises to ESXi Provisioning

    CIDR block of on-premises data center

    ESXi Management Only

    Provisioning (TCP 902)

    Note:

    The MGW VPN Wizard creates these firewall rules for you. If you used the Wizard to create your management VPN and gateway, you don't need to add any more management gateway firewall rules to get VMware Cloud on AWS to work with vRealize Products.

    Table 2. Additional Compute Gateway Firewall Rules

    Name

    Source

    Destination

    Service

    Ports

    On-Premises to SDDC VM

    CIDR block of on-premises data center

    CIDR block of SDDC logical network

    Any (All Traffic)

    Any

    SDDC VM to On-Premises

    CIDR block of SDDC logical network

    CIDR block of on-premises data center

    Any (All Traffic)

    Any