Depending on your hyperscale cloud provider, the SDDC Management Gateway blocks traffic to all or many management network destinations from all sources. Some hyperscale cloud providers enable access to vCenter Server and NSX Manager through a jump host or other means. See the documentation of your hyperscale cloud provider for details. For other management network destinations, or in cases where the hyperscale cloud provider does not enable another means of accessing vCenter Server and NSX Manager, you must add management gateway firewall rules that allow only secure traffic from trusted sources.

You can use any of these connection types to connect to the SDDC vCenter Server:
  • Configure a VPN Connection Between Your SDDC and On-Premises Data Center

    This option provides encrypted connectivity between your enterprise and the SDDC.

  • Configure a dedicated high bandwidth, low latency connection between your SDDC and on-premises data center.

  • Access the SDDC management network over the public internet and rely on management gateway firewall rules to prevent access by untrusted sources. This option may be appropriate for some use cases but is inherently less secure than the others.

    See Add or Modify Management Gateway Firewall Rules in the VMware Cloud on Public Cloud Networking and Security for details on how to create a firewall rule that allows secure access the SDDC vCenter Server.

  • If you cannot manage your SDDC outside of the hyperscale cloud provider network, you can access the SDDC through a jump server located in the hyperscaler native cloud instance. See the hyperscale cloud provider documentation for more information.