Before you connect vRealize Automation to your VMware Cloud™ on AWS SDDC, you must configure networking and firewall rules for your SDDC.

Procedure

  1. If you haven't done so already, deploy your SDDC on VMware Cloud™ on AWS and make note of the management CIDR.
  2. Configure the VPN for the management gateway as described in Create a Management VPN.
  3. Configure a management gateway firewall rule to allow traffic to vCenter Server as described in Set Management Gateway Firewall Rules.
  4. Create a logical network as described in Create a Logical Networkand note its CIDR.
  5. Configure a VPN for the compute gateway as described in Create a Compute VPN.

    Specify the CIDR of the logical network you created in the previous step.

  6. Configure additional management gateway firewall rules.

    Name

    Source

    Destination

    Service

    vCenter Ping

    Any

    vCenter

    ICMP (All ICMP)

    On Premises to ESXi Ping

    CIDR block of on-premises data center

    ESXi Management Only

    ICMP (All ICMP)

    On Premises to ESXi Remote Console

    CIDR block of on-premises data center

    ESXi Management Only

    Remote Console (TCP 903)

    On Premises to ESXi Provisioning

    CIDR block of on-premises data center

    ESXi Management Only

    Provisioning (TCP 902)

  7. Configure additional compute gateway firewall rules.

    Name

    Source

    Destination

    Service

    Ports

    On-Premises to SDDC VM

    CIDR block of on-premises data center

    CIDR block of SDDC logical network

    Any (All Traffic)

    Any

    SDDC VM to On-Premises

    CIDR block of SDDC logical network

    CIDR block of on-premises data center

    Any (All Traffic)

    Any

  8. Modify DNS settings so that the vCenter Server FQDN resolves to a private IP as described in Set Management Gateway DNS.