Use this procedure to link the Cloud Gateway Appliance to your cloud SDDC using Hybrid Linked Mode.

Note: The instructions in this section apply to version 1.11 and later of the SDDC software.

Prerequisites

  • You must have Administrator privileges in your on-premises environment in order to perform this task.

Procedure

  1. In a web browser, go to https://gw-address:5480/gw-platform/ where gw-address is the IP address or FQDN of the appliance.
  2. On the Multi-vCenter Connect card, click Get Started.
  3. Log in with your Cloud Gateway Appliance credentials.
  4. Enter the credentials for the cloud vCenter Server.
    Option Description
    vCenter Server Enter the FQDN of the vCenter Server instance in your cloud SDDC.
    Username Enter the username for the Cloud Administrator.
    Password Enter the password for the Cloud Administrator.
  5. Enter your on-premises SSO settings.
    Option Description
    Platform Services Controller Enter the IP address or fully qualified domain name of the Platform Services controller in your on-premises environment.
    HTTPS Port Enter the HTTPS port used by the Platform Services Controller.
    Single Sign-On User Name Enter the Single Sign-On administrator user name. The application determines the correct domain name.
    Single Sign-On Password Enter the Single Sign-On administrator password.
    Configuring SSO takes approximately 2-3 minutes.
  6. Select whether to join the Cloud Gateway Appliance to your Active Directory domain.
    Option Description
    Skip If you are using Active Directory with LDAP, and your Active Directory server is already joined to the on-premises vCenter Server, select Skip to skip this step of the process.

    If your Active Directory server is not joined to the on-premises vCenter Server or if your Active Directory server uses IWA (regardless of whether or not it is joined to the on-premises vCenter Server, select Join.

    Join Enter the following parameters:
    1. In the Domain text box, enter an Active Directory domain name. For example, mydomain.com.
    2. Optionally, in the Organizational Unit text box, provide the full OU LDAP FQDN. For example, OU=Engineering,DC=mydomain,DC=com.
    3. In the Username text box, enter the user name for the Active Directory administrator in User Principal Name (UPN) format. For example, example@mydomain.com.
    4. In the Password field, enter the password for the Active Directory administrator.

    If your Active Directory server uses IWA, click Restart Gateway. After the appliance restarts, click Get Startedon the Multi-vCenter Connect card and log in again before proceeding.

  7. Add the groups you have defined in your on premises environment to serve as cloud administrator groups.
    1. Select the on-premises identity source.
    2. Enter the name of the administrator group in the search box and select the group.
  8. Click Configure.
    The linking process requires a few minutes to complete.

What to do next

When the linking process is complete, choose one of the following:
  • Click Launch vSphere Client to view and manage your on-premises and cloud SDDCs.
  • Click Go Back to Cloud Gateway to return to the Cloud Gateway management UI.
Note: Linking from the Cloud Gateway Appliance grants the selected AD group or groups cloud administrator access to the SDDC. If you want to configure a user or group with a lesser level of access, you must add the identity source directly to your SDDC as described in Add an Identity Source to the SDDC LDAP Domain.

After you have added the identity source to the SDDC, you must assign the permissions you want to grant to the users and/or groups as described in https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-A0F6D9C2-CE72-4FE5-BAFC-309CFC519EC8.html. After you have configured the identity source in the SDDC, users' permissions are based solely on what is configured in the SDDC. If you don't configure permissions for these users in the SDDC, they will experience issues when viewing the SDDC inventory from the vSphere Client UI on the Cloud Gateway Appliance.