If you are installing VMware Cloud Gateway for VMware Cloud Foundation+, verify that your environment meets all requirements for the installation of VMware Cloud Gateway in an on-premises VMware Cloud Foundation instance.

Deployment Overview

You deploy VMware Cloud Gateway in the management domain of the VMware Cloud Foundation instance. VMware Cloud Gateway pulls inventory data from SDDC Manager and the vCenter Server instances for the workload domains and sends it to the cloud. See What is VMware Cloud Foundation+?.

You can allocate one VMware Cloud Gateway instance to exactly one VMware Cloud Foundation instance. You cannot connect one VMware Cloud Gateway instance to VMware Cloud Foundation and vCenter Server at the same time.

For information about the features and the software and infrastructure components of a VMware Cloud Foundation instance, see Getting Started with VMware Cloud Foundation.

Figure 1. VMware Cloud Gateway Deployment in VMware Cloud Foundation+
Cloud Gateway is in the management domain together with SDDC Manager, vCenter Server and NSX components. Cloud Gateway is connected to VMware Cloud.

Network Communication Between VMware Cloud Gateway and VMware Cloud

VMware Cloud Gateway and VMware Cloud communicate as follows:

  • VMware Cloud Gateway requires outbound Internet connectivity to communicate with VMware Cloud. The communication is secured using transport-level security (TLS 1.2 and later) and application-level security by using secure tokens.
  • The reverse communication from VMware Cloud to VMware Cloud Gateway is achieved through the messaging channel. VMware Cloud would not have a direct line of sight to the VMware Cloud Gateway instances that are deployed in your on-premises environment. Whenever a VMware Cloud service communicates with VMware Cloud Gateway to perform an action, it publishes the message to the message broker channel in the cloud.
  • VMware Cloud Gateway contains a message broker agent that periodically pulls the messages that are intended for it from the message broker channel over HTTPS. When VMware Cloud Gateway receives a message, the gateway services process the message and update the status to the cloud services.

Therefore, the communication from VMware Cloud Gateway to VMware Cloud is always northbound. The reverse communication is achieved by VMware Cloud Gateway periodically polling for messages.

This communication pattern makes the VMware Cloud Gateway deployment easier because you do not have to install it in a DMZ network or make it available over the Internet. VMware Cloud Gateway can run behind firewalls, and be allowed to establish outbound Internet connections to endpoints and ports that are required for VMware Cloud Foundation+.

Environment Requirements

  • VMware Cloud Gateway for VMware Cloud Foundation+ is compatible with VMware Cloud Foundation 4.5.x and VMware Cloud Foundation 5.0.

    Mixed licensing mode is supported for VMware Cloud Foundation 4.5.2.

  • You must have an active VMware Cloud Foundation+ subscription applied to your Organization in VMware Cloud services.

  • Your Customer Connect account must be assigned the Organization Owner role in your Organization.

  • For cloud-connected subscription mode, a new deployment of VMware Cloud Foundation must be running in subscription-ready mode. For mixed licensing mode, a new deployment must be running in perpetual licensing mode. See Deployment Overview of VMware Cloud Foundation.

  • The management cluster of the VMware Cloud Foundation instance must be in a healthy status.

  • You can connect up to a certain number of workload domains, including the management domain, to the cloud.
    VMware Cloud Foundation Deployment Maximum Number of Cloud-Connected Workload Domains
    An on-premises deployment, upgraded to version 4.5.x of VMware Cloud Foundation You can connect to 8 workload domains.

    For VMware Cloud Foundation 4.5, by default, a VMware Cloud Gateway instance can be connected to up to four workload domains including the management domain. For information on how to raise this limit to eight workload domains, see VMware Knowledge Base article 89558.

    For VMware Cloud Foundation 4.5.1 or VMware Cloud Foundation 4.5.2, you can directly connect a VMware Cloud Gateway instance to up to eight workload domains including the management domain.

    An on-premises deployment, upgraded to version 5.0 of VMware Cloud Foundation You can connect up to 16 workload domains.

    By default, a VMware Cloud Gateway instance can be connected to up to eight workload domains, including the management domain. For information on how to raise this limit to 16 workload domains, see VMware Knowledge Base article 89558

    For information about upgrading to version 4.5.x or version 5.0 of VMware Cloud Foundation, see the VMware Cloud Foundation Lifecycle Management documentation.

Hardware Requirements

Before you deploy the appliance of VMware Cloud Gateway, verify that the management domain of the VMware Cloud Foundation instance has enough compute resource for VMware Cloud Gateway. The default size of the VMware Cloud Gateway VM below supports a default limit of eight cloud-connection workload domains.
Table 1. Virtual Hardware Requirements
Virtual Hardware Minimum Requirement
vCPUs 8
Memory 28 GB
Storage 224 GB

Network Requirements

  • Allocate a static IP address for VMware Cloud Gateway in the management network.

  • Configure forward and reverse DNS records for VMware Cloud Gateway, assigning the records to the child domain for the region.

  • Set up external connectivity for VMware Cloud Gateway to VMware Cloud on outbound port 443.

  • Ensure that the time is in sync between SDDC Manager, vCenter Server instances, NSX Local Manager instances, and VMware Cloud Gateway, and also between VMware Cloud Gateway and VMware Cloud (https://time.vmware.com).

  • The maximum latency between VMware Cloud Gateway and VMware Cloud, and between VMware Cloud Gateway and vCenter Server and SDDC Manager cannot exceed 300 msec roundtrip.

System Requirements for the VMware Cloud Gateway Installer

You run the VMware Cloud Gateway GUI or CLI installer from a network client machine that is running on a Windows, Linux, or Mac operating system of a supported version.

Table 2. System Requirements for the GUI and CLI Installers
Operating System Supported Versions Minimum Hardware Configuration for Optimal Performance
Windows
  • Windows 10, 11
  • Windows 2016 x64 bit
  • Windows 2019 x64 bit
  • Windows 2022 x64 bit
4 GB RAM, 2 CPU having 4 cores with 2.3 GHz, 32 GB hard disk, 1 NIC
Linux
  • SUSE 15
  • Ubuntu 18.04, 20.04, 21.10
4 GB RAM, 1 CPU having 2 cores with 2.3 GHz, 16 GB hard disk, 1 NIC
Note: The CLI installer requires a 64-bit OS.
Mac
  • macOS 10.15, 11, 12
  • macOS Catalina, Big Sur, Monterey
8 GB RAM, 1 CPU having 4 cores with 2.4 GHz, 150 GB hard disk, 1 NIC

Web Browser Requirements

  • Google Chrome 89 or later
  • Mozilla Firefox 80 or later
  • Microsoft Edge 90 or later

User Account Requirements

Verify that the administrator account for connecting the VMware Cloud Foundation deployment to VMware Cloud Gateway is configured in the following way:

  • On each vCenter Server instance, the account is a member of the Administrators vCenter Single Sign-on group, has the Administrator role and is assigned global permissions.
  • In SDDC Manager, the account has the Admin role.