Before you connect vRealize Automation to your VMware Cloud on AWS SDDC, you must configure networking and firewall rules for your SDDC.
Procedure
- If you haven't done so already, deploy your SDDC on VMware Cloud on AWS and make note of the management CIDR.
- Configure an IPsec VPN for the management gateway.
See "Configuring VPNs and Gateways" in VMware Cloud on AWS Networking and Security.
Important:To work with vRealize Products, the vCenter Server FQDN must resolve to a private IP address on the management network. Under Management Gateway, click DNS. and select Private IP resolvable from VPN.
- Configure a logical network and compute VPN.
See "Configuring Compute Gateway Networking" in VMware Cloud on AWS Networking and Security.
- Configure additional firewall rules if necessary.
The firewall rule accelerator creates all these rules for you. If you choose to create firewall rules manually, be sure to include the following rules on the Management Gateway and Compute Gateway firewalls.
Table 1. Additional Management Gateway Firewall Rules Name
Source
Destination
Service
vCenter
CIDR block of on-premises data center
vCenter
Any (All Traffic)
vCenter Ping
Any
vCenter
ICMP (All ICMP)
On Premises to ESXi Ping
CIDR block of on-premises data center
ESXi Management Only
ICMP (All ICMP)
On Premises to ESXi Remote Console
CIDR block of on-premises data center
ESXi Management Only
Remote Console (TCP 903)
On Premises to ESXi Provisioning
CIDR block of on-premises data center
ESXi Management Only
Provisioning (TCP 902)
Note:The MGW VPN Wizard creates these firewall rules for you. If you used the Wizard to create your management VPN and gateway, you don't need to add any more management gateway firewall rules to get VMware Cloud on AWS to work with vRealize Products.
Table 2. Additional Compute Gateway Firewall Rules Name
Source
Destination
Service
Ports
On-Premises to SDDC VM
CIDR block of on-premises data center
CIDR block of SDDC logical network
Any (All Traffic)
Any
SDDC VM to On-Premises
CIDR block of SDDC logical network
CIDR block of on-premises data center
Any (All Traffic)
Any