Follow this workflow to configure networking in your SDDC using NSX-T. Assign NSX Service Roles to Organization MembersGrant users in your organization the NSX Admin service role to allow them to view and configure features on the Networking & Security tab. Configure AWS Direct Connect for VMware Cloud on AWSIf traffic between your on-premises network and your SDDC requires higher speeds and lower latency than you can achieve with a connection over the public Internet, you can configure VMware Cloud on AWS to use AWS Direct Connect. Configure a VPN Connection Between Your SDDC and On-Premises Data CenterConfigure a VPN to provide a secure connection to your SDDC over the public Internet or AWS Direct Connect. Route-based and policy-based VPNs are supported. Either type of VPN can connect to the SDDC over the Internet. A route-based VPN can also connect to the SDDC over AWS Direct Connect. Configure Compute Gateway and Workload NetworkingCompute gateway networking includes a compute network with one or more segments and the DNS, DHCP, and firewall configurations that manage network traffic for workload VMs. It can also include a layer 2 VPN and extended network that provides a single broadcast domain that spans your on-premises network and you SDDC workload network. Managing Workload ConnectionsWorkload VMs connect to the Internet by default. NAT rules and distributed firewall rules give you fine-grained control over these connections.