You can restrict access to the vCenter Server and NSX Manager based on the source public IP addresses you explicitly add using the VMware Cloud on Dell EMC Console. Specify the IP allowlist for vCenter and NSX Manager across VMware Cloud on Dell EMC SDDCs within the organizations to which the SDDCs belong.

The IP allow list that you specify is applicable only when vCenter and NSX Manager are accessed through the Internet.

Note: You can find your /32 IP address at https://ifconfig.me/ or https://ip.me/.

Procedure

  1. Log in to the VMware Cloud Services Console at https://console.cloud.vmware.com/csp/gateway/discovery.
  2. Launch the VMware Cloud on Dell EMC service.
  3. Click on the left pane.
    The Service Settings page appears.
  4. Click Edit.
  5. Enter the publicly allowed IP addresses in CIDR format, separated by commas, in the text box.
    The IP addresses that you provide apply the access restrictions to all the VMware Cloud on Dell EMC SDDCs within the organization irrespective of the physical location of the SDDCs. You can add or delete the IP address based on your requirement.
    Ensure that the IP allowlist meets the following requirements:
    • CIDR format: <0-255>.<0-255>.<0-255>.<0-255>/<0-32>.
    • CIDR includes the network address only.
      For example, if you own a /24 public subnet 100.1.1.0/24 and you configure 100.1.1.30 as your public IP address, then you have the following options to specify your IP allowlist:
      • Add the network address 100.1.1.0/24 as your IP allowlist, which permits any IP address within the /24 range to access the vCenter Server.
      • Add the network address 100.1.1.30/32 as your IP allowlist, which permits only this IP address to access the vCenter Server.
    • The CIDR notations are not duplicate.
    • The CIDR notations are not private, multicast, loopback, or link-local addresses.
    • The CIDR notations are not any of the reserved IP addresses as presented in the following table.
      IP Address Type Reserved IP Address
      Private 10.0.0.0 through 10.255.255.255
      172.16.0.0 through 172.31.255.255
      192.168.0.0 through 192.168.255.255
      Multicast 224.0.0.0 through 239.255.255.255
      Link-local 169.254.0.0 through 169.254.255.255
      Loopback 127.0.0.0 through 127.255.255.255
  6. Click Save.

Results

vCenter Server and NSX Manager are accessible only through the IP allowlist that you added.