A new SDDC includes a logical network (the management network) and an NSX Edge gateway that controls access to the network. To provide secure communications between this network and your on-premises management network, use the Configure MGW VPN wizard to create virtual private networks (VPNs) in each location, and configure the management gateway to connect them.
The wizard guides you through the steps to create a VPN in the SDDC, configure the management gateway with firewall rules, and specify DNS server addresses for the management network. Your networking team can configure the on-premises end of the management VPN using information you download from the SDDC, then connect it to the SDDC through the management gateway and test network connectivity
In addition to creating a management VPN, you can also create a compute VPN and an AWS Direct Connection between your on-premises data center and AWS services. For information about how to create these connections, see the Networking and Security Guide.