Ensure that you have met the following prerequisites before configuring Hybrid Linked Mode.
The following prerequisites are common to both linking from the Cloud Gateway Appliance and from the cloud SDDC.
- Configure a connection between your on-premises data center and the SDDC. You can use Direct Connect, a VPN, or both. See Configure AWS Direct Connect for VMware Cloud on AWS and Configure a VPN Connection Between Your SDDC and On-Premises Data Center in the VMware Cloud on AWS Networking and Security guide.
- Regardless of the type of connection you choose, the vCenter FQDN must resolve to a private IP address. This is not the default configuration. See Set vCenter Server FQDN Resolution Address for more information.
- Ensure that your on-premises data center and your cloud SDDC are synchronized to an NTP service or other authoritative time source. Hybrid Linked Mode can tolerate a time skew of up to ten minutes between the on-premises data center and the cloud SDDC.
- The maximum latency between your cloud SDDC and on-premises data center cannot exceed 100 msec roundtrip.
- Decide which of your on-premises users will have Cloud Administrator permissions. Add these users to a group within your identity source. Ensure that this group has access to your on-premises environment.
Prerequisites for Linking with Cloud Gateway Appliance
The following prerequisites apply when linking with the Cloud Gateway Appliance.
- Install the Cloud Gateway Appliance as described in Install the vCenter Cloud Gateway Appliance from the Graphical Installer.
- Your on-premises environment is running vSphere 6.5 patch d or later.
- Ensure that the Cloud Gateway Appliance and your vCenter Server instances can reach each other over your network. Ensure that the following firewall ports are open.
Source Destination Port Purpose User's web browser Cloud Gateway Appliance 5480 Gathering support bundle Cloud Gateway Appliance On-premises vCenter Server 7444 Access to VMware Single Sign-On Cloud Gateway Appliance On-premises vCenter Server 443 Hybrid Linked Mode Cloud Gateway Appliance On-premises Platform Services Controller 443, 389 Hybrid Linked Mode Cloud Gateway Appliance Cloud SDDC vCenter Server 443 Hybrid Linked Mode Cloud Gateway Appliance Cloud ESXi host 902 Virtual Machine Console Cloud Gateway Appliance On-premises Active Directory server (ports dependent on your usage) 389, 636, 3268, 3269 Identity source Cloud Gateway Appliance https://vcgw-updates.vmware.com/ 443 Hybrid Linked Mode Linking, Cloud Gateway Auto-update
The following figure shows the ports required to be open for linking with the Cloud Gateway Appliance.
Prerequisites for Linking from the Cloud SDDC
The following prerequisites apply when linking from the cloud SDDC.
- Your on-premises vCenter Server system is running one of the following:
- vSphere 6.0 Update 3 patch c and later.
- vSphere 6.5 patch d and later.
- Ensure that you have the login credentials for your on-premises vSphere SSO domain.
- Ensure that you have login credentials for a user who has a minimum of read-only access to the Base DN for users and groups in your on-premises environment. This is used when adding an identity source.
- Ensure that an on-premises DNS server is configured for your management gateway so that it can resolve the FQDN for the identity source and on-premises systems.
- Ensure that your on-premises gateway or firewall allows access to the necessary ports from your SDDC for the following services.
Source Destination Ports Purpose Cloud SDDC On-premises vCenter Server 443 Hybrid Linked Mode Cloud SDDC On-premises Platform Services Controller 389, 443 Hybrid Linked Mode Cloud SDDC On-premises Active Directory server (ports dependent on your usage) 389, 636, 3268, 3269 Identity Source Cloud SDDC On-premises DNS 53 Resolving FQDN of on-premises vCenter Server and Active Directory Server Cloud SDDC On-premises ESXi host 902 Virtual Machine Console
The following figure shows the ports that are required to be open for linking from the cloud SDDC.
- Run the Connectivity Validator tests to check that network connectivity is correctly established for Hybrid Linked Mode. See Validate Network Connectivity for Hybrid Linked Mode.