Ensure that you have met the following prerequisites before configuring Hybrid Linked Mode.
Ensure that your on-premises data center meets the following requirements.
Your on-premises vCenter Server system is running vSphere 6.5 patch d and later.
You can link only one on-premises SSO domain.
Configure a management gateway IPsec VPN connection between your on-premises data center and cloud SDDC.
Ensure that you have network connectivity between your VMware Cloud on AWS management gateway and your on-premises ID source and SSO domain. If necessary, create firewall rules in the VMC Console as shown below.
SDDC vCenter Server access
IP address or CIDR block from on-premises data center
vCenter Single Sign-On access
IP address or CIDR block, either public or from an on-premises data center connected by a VPN tunnel
Ensure that an on-premises DNS server is configured for your management gateway so that it can resolve the FQDN for the identity source.
Ensure that your on-premises gateway or firewall allows access to the necessary ports from your SDDC for the following services.
On-premises vCenter Server
On-premises Platform Services Controller
On-premises Active Directory server
389, 636, 3268, 3269
Decide which of your on-premises users you want to grant Cloud Administrator permissions to. Add these users to a group within your identity source.
Ensure that you have login credentials for a user who has a minimum of read-only access to the Base DN for users and groups in your on-premises environment.
Ensure that you have the login credentials for your on-premises vSphere SSO domain.