Before you install VMware Cloud Gateway, understand the network communication between VMware Cloud Gateway and VMware Cloud and ensure that your vSphere environment meets all the VMware Cloud Gateway requirements.

Understand the Network Communication Between VMware Cloud Gateway and VMware Cloud

VMware Cloud Gateway and VMware Cloud communicate as follows:

  • VMware Cloud Gateway requires outbound internet connectivity to communicate with VMware Cloud. The communication is secured using transport-level security (TLS1.2 and above) and application-level security (using secure tokens).
  • The reverse communication from VMware Cloud to VMware Cloud Gateway is achieved through the messaging channel. VMware Cloud would not have a direct line of sight to VMware Cloud Gateway instances that are deployed in your on-prem environment. Whenever a VMware Cloud service communicates with VMware Cloud Gateway to perform any action, it publishes the message to the message broker channel in the cloud.
  • VMware Cloud Gateway contains a message broker agent that periodically pulls the messages from the cloud that are intended for itself from the message broker channel over an HTTPS communication. When VMware Cloud Gateway receives the message, the gateway services process the message and update the status to the cloud services.

Therefore, the communication from VMware Cloud Gateway to VMware Cloud is always northbound. The reverse communication is achieved by VMware Cloud Gateway periodically polling for messages.

This communication pattern makes the VMware Cloud Gateway deployment easier because you do not have to install it in a DMZ network or make it available over the internet. VMware Cloud Gateway can run behind firewalls, and be allowed to establish outbound internet connections to endpoints and ports that are required for vSphere+.

vSphere Requirements

Ensure that your vSphere environment meets the version requirements for vSphere+, see vSphere+ Requirements.

Minimum Hardware Requirements

The following hardware requirements are for a single instance of VMware Cloud Gateway. The number of instances you must install depends on the number of vCenter instances you want to subscribe to vSphere+. You can connect up to 8 vCenter instances on each VMware Cloud Gateway instance.

Table 1. Virtual Hardware Requirements
Virtual Hardware Minimum Requirement
vCPUs 8
Memory 28 GB
Storage 224 GB

System Requirements for the VMware Cloud Gateway Installer

To ensure optimal performance of the GUI and CLI installers, use a client machine that meets the minimum hardware requirements.

Table 2. System Requirements for the GUI and CLI Installers
Operating System Supported Versions Minimum Hardware Configuration for Optimal Performance
Windows
  • Windows 10, 11
  • Windows 2016 x64 bit
  • Windows 2019 x64 bit
  • Windows 2022 x64 bit
 4 GB RAM, 2 CPU having 4 cores with 2.3 GHz, 32 GB hard disk, 1 NIC
Linux
  • SUSE 15
  • Ubuntu 18.04, 20.04, 21.10
 4 GB RAM, 1 CPU having 2 cores with 2.3 GHz, 16 GB hard disk, 1 NIC
Note: The CLI installer requires a 64-bit OS.
Mac
  • macOS 10.15, 11, 12
  • macOS Catalina, Big Sur, Monterey
 8 GB RAM, 1 CPU having 4 cores with 2.4 GHz, 150 GB hard disk, 1 NIC

Supported Guest Operating Systems

You can use any of the following guest operating systems to run the VMware Cloud Gateway ISO installer:

  • Windows 10 or later (32-bit and 64-bit)
  • Linux
  • MacOS

Browser Requirements

  • Google Chrome 89 or later
  • Mozilla Firefox 80 or later
  • Microsoft Edge 90 or later
Note: Later versions of these browsers are likely to work, but have not been tested.

Network Requirements

  • Ensure that the time is in sync between the vCenter and VMware Cloud Gateway, and also between VMware Cloud Gateway and VMware Cloud (https://time.vmware.com).
  • Verify that the network latency from VMware Cloud Gateway to VMware Cloud and from VMware Cloud Gateway to vCenter is not more than 300 ms.
  • Add the VMware Cloud Gateway FQDN in your DNS server, and configure forward and reverse DNS lookups.
  • If you use a proxy server to connect to the Internet, keep the following proxy details handy:
    • Proxy server IP address or hostname
    • Port number
    • User name and password to authenticate to the proxy server
  • VMware Cloud Gateway does not support IPv6. Ensure that the vCenter is not configured with an IPv6 address.

Port Requirements

For VMware Cloud Gateway to communicate with VMware Cloud and the vCenter, ensure that the following firewall ports are open.

Source Destination Port Purpose
User's Web browser VMware Cloud Gateway 5480 and 5484 Gathering support bundle
User's Web browser

  • https://vmc.vmware.com/

  • https://console.cloud.vmware.com/

  • *vmwareidentity.com
  • gaz.csp-vidm-prod.com
 443 Access to VMware Cloud
VMware Cloud Gateway vCenter 5480 Access to vCenter appliance management system
VMware Cloud Gateway vCenter 7444 Access to VMware Single Sign-On
VMware Cloud Gateway vCenter 443 Access to vCenter
VMware Cloud Gateway vCenter 2020 Access to the vCenter Authentication Framework RPC port to fetch trusted root certificates.
VMware Cloud Gateway VMware Cloud

Allow the following domains:

  • https://vmc.vmware.com/

  • https://console.cloud.vmware.com/

  • https://th.vmwarevmc.com/

  • sre.vmc.vmware.com

  • https://data.mgmt.cloud.vmware.com/

  • https://docker.vmc.vmware.com/

  • https://vcgw-updates.vmware.com/

  • https://scapi.vmware.com/

  • *.gw.us.vmc.vrops-cloud.com

  • gw.us.vmc.vrops-cloud.com

443 Access to VMware Cloud
VMware Cloud Gateway time.vmware.com UDP 123 To periodically check whether the time is synced with the NTP server.
vCenter VMware Cloud Gateway 5010-5019 Log collection
Figure 1. Port Requirements for vSphere+
Diagram showing the ports required to install vCenter Cloud Gateway