Ensure that you have met the following prerequisites before configuring Hybrid Linked Mode.

  • Ensure that your on-premises data center meets the following requirements.

    • Your on-premises vCenter Server system is running vSphere 6.5 patch d and later.

    • You can link only one on-premises vCenter Server system.

    • Your on-premises vCenter Server system is an embedded Platform Services Controller configuration.

  • Configure a management gateway IPsec VPN connection between your on-premises data center and cloud SDDC.

  • Ensure that you have network connectivity between your VMware Cloud™ on AWS management gateway and your on-premises ID source and SSO domain. If necessary, create firewall rules in the VMC Console as shown below.

    Use Cases

    Service

    Source

    Destination

    SDDC vCenter Server access

    HTTPS

    IP address or CIDR block from on-premises data center

    vCenter

    vCenter Single Sign-On access

    SSO

    IP address or CIDR block, either public or from an on-premises data center connected by a VPN tunnel

    vCenter

  • Ensure that an on-premises DNS server is configured for your management gateway so that it can resolve the FQDN for the identity source.

  • Ensure that your on-premises gateway or firewall allows access to the necessary ports from your SDDC for the following services.

    Service

    Ports

    On-premises vCenter Server

    443

    On-premises Platform Services Controller

    389, 636

    On-premises Active Directory server

    389, 636, 3268, 3269

    On-premises DNS

    53

  • Decide which of your on-premises users you want to grant Cloud Administrator permissions to. Add these users to a group within your identity source.

  • Ensure that you have login credentials for a user who has a minimum of read-only access to the Base DN for users and groups in your on-premises environment.

  • Ensure that you have the login credentials for your on-premises vSphere SSO domain.