A connection must be established between your Amazon Web Services (AWS) network and your on-prem NSX-T Data Center appliances.
You must have already installed and connected NSX Manager with CSM in your on-prem deployment.
Connect your AWS account with on-prem NSX Manager appliances using any of the available options that best suit your requirements.
Configure your VPC with subnets and other requirements for NSX Cloud.
Connect your AWS account with your on-prem NSX-T Data Center deployment
Every public cloud provides options to connect with an on-premises deployment. You can choose any of the available connectivity options that suit your requirements. See AWS reference documentation for details.
You must review and implement the applicable security considerations and best practices by AWS; see AWS Security Best Practices.
Configure your VPC
You need the following configurations:
six subnets for supporting PCG with High Availability
an Internet gateway (IGW)
a private and a public route table
subnet association with route tables
DNS resolution and DNS hostnames enabled
Follow these guidelines to configure your VPC:
Assuming your VPC uses a /16 network, for each gateway that needs to be deployed, set up three subnets.Important:
If using High Availability, set up three additional subnets in a different Availability Zone.
Management subnet: This subnet is used for management traffic between on-prem NSX-T Data Center and PCG. The recommended range is /28.
Uplink subnet: This subnet is used for north-south internet traffic. The recommended range is /24.
Downlink subnet: This subnet encompasses the workload VM's IP address range, and should be sized accordingly. Bear in mind that you may need to incorporate additional interfaces on the workload VMs for debugging purposes.
Label the subnets appropriately, for example, management-subnet, uplink-subnet, downlink-subnet,because you will need to select the subnets when deploying PCG on this VPC.
Ensure you have an Internet gateway (IGW) that is attached to this VPC.
Ensure the routing table for the VPC has the Destination set to 0.0.0.0/0 and the Target is the IGW attached to the VPC.
Ensure you have DNS resolution and DNS hostnames enabled for this VPC.