Ensure that you have met the following prerequisites before configuring Hybrid Linked Mode.
The following prerequisites are common to both linking from the Cloud Gateway Appliance and from the cloud SDDC.
Ensure that your on-premises data center and your cloud SDDC are synchronized to an NTP service or other authoritative time source. When using Hybrid Linked Mode, VMware Cloud on AWS can tolerate a time skew of up to ten minutes between the on-premises data center and the cloud SDDC.
Configure a management gateway IPsec VPN connection between your on-premises data center and cloud SDDC.
The maximum latency between your cloud SDDC and on-premises data center must be 100 msec roundtrip.
Decide which of your on-premises users you want to grant Cloud Administrator permissions to. Add these users to a group within your identity source. Ensure that this group has access to your on-premises environment.
Ensure that you have login credentials for a user who has a minimum of read-only access to the Base DN for users and groups in your on-premises environment.
Ensure that an on-premises DNS server is configured for your management gateway so that it can resolve the FQDN for the identity source.
Ensure that your on-premises gateway or firewall allows access to the necessary ports from your SDDC for the following services.
On-premises vCenter Server
On-premises Platform Services Controller
On-premises Active Directory server
389, 636, 3268, 3269
Ensure that you have the login credentials for your on-premises vSphere SSO domain.
Prerequisites for Linking with Cloud Gateway Appliance
The following prerequisites apply only to linking with the Cloud Gateway Appliance.
Ensure that the NTP server or other time synchronization method that you plan to use for the Cloud Gateway Appliance is in sync with the time for the machine from which you plan to run the installer. If the time between the two systems differs by more than 10 minutes, the installation fails.
Your on-premises environment is running vSphere 6.5 update 2 or vSphere 6.7. You can link only one on-premises SSO domain and one cloud SDDC.
Ensure that you have network connectivity between your VMware Cloud on AWS management gateway and your on-premises SSO domain and on-premises identity source.
Ensure that your on-premises Platform Services Controller is configured to use HTTPS port 443. If the Platform Services Controller is configured to use another port, Cloud Gateway Appliance deployment does not work.
Verify that the host on which you intend to the install the Cloud Gateway Appliance appliance meets the following hardware requirements
Prerequisites for Linking from the Cloud SDDC
The following prerequisites apply only to linking from the cloud SDDC.
Your on-premises vCenter Server system is running one of the following:
vSphere 6.0 Update 3 patch c and later.
Hybrid Linked Mode supports on-premises vCenter Server systems running 6.0 Update 3 patch c and later with either embedded or external Platform Services Controller (both Windows and vCenter Server Appliance). vCenter Server systems with external Platform Services Controller instances linked in Enhanced Linked Mode are also supported, up to the scale limits documented in https://www.vmware.com/pdf/vsphere6/r60/vsphere-60-configuration-maximums.pdf.
vSphere 6.5 patch d and later.
You can link only one on-premises SSO domain.
Run the Connectivity Validator tests to check that network connectivity is correctly established for Hybrid Linked Mode. See Validate Network Connectivity for Hybrid Linked Mode.