When using VMware Cloud on AWS cloud accounts in your vRealize Automation Cloud environment, you must create a network connection and configure rules to support communication between your SDDC in vCenter and VMware Cloud on AWS cloud accounts in vRealize Automation Cloud.

Configure needed connections and rules to support SDDC communication.

In the SDDC's VMware Cloud on AWS console, you must configure management rules to support cloud proxy communication. You must also configure the needed firewall rules that support access to required ports and protocols.

To use VMware Cloud on AWS in Cloud Assembly, you must create compute gateway rules that support outbound access to the following allowed URLs:
  • ci-data-collector.s3.amazonaws.com – enables Amazon Web Services S3 access for cloud proxy OVA download.
  • symphony-docker-external.jfrog.io - allows JFrog Artifactory to access Docker images.
  • data.mgmt.cloud.vmware.com - enables the data pipeline service connection to VMware Cloud services for secure data communication between cloud and on-premises elements. For non-US regions, substitute the region value. For example, for the UK, use uk.data.mgmt.cloud.vmware.com and for Japan, use ja.data.mgmt.cloud.vmware.com.
  • api.mgmt.cloud.vmware.com – enables the Web API and cloud proxy service connection to the VMware Cloud service. For non-US regions, substitute the region value. For example, for the UK, use uk.data.mgmt.cloud.vmware.com and for Japan, use ja.api.mgmt.cloud.vmware.com.
  • console.cloud.vmware.com – enables the Web API and cloud proxy service connection to the VMware Cloud service. For non-US regions, substitute the region value. For example, for the UK, use uk.console.cloud.vmware.com and for Japan, use ja.console.cloud.vmware.com.

This procedure is performed by a vCenter administrator using VMware Cloud on AWS administrator credentials in the SDDC's VMware Cloud on AWS console.

  1. Deploy the cloud proxy before proceeding with the next step. See Create and deploy a cloud proxy for a VMware Cloud on AWS cloud account in vRealize Automation Cloud.
  2. Open the Networking & Security tab in the VMware Cloud on AWS console on the SDDC.
  3. Configure needed firewall rules.
    You must configure management gateway firewall rules in the SDDC's VMware Cloud on AWS console to support communication between the cloud and on-premises components. The rules must be in the Management Gateway firewall rules section. Create the firewall rules by using options on the Networking & Security tab in the SDDC console.
    • Limit network traffic to ESXi for HTTPS (TCP 443) services to the discovered IP address of the cloud proxy.
    • Limit network traffic to vCenter for ICMP (All ICMP), SSO (TCP 7444), and HTTPS (TCP 443) services to the discovered IP address of the cloud proxy.
    • Limit network traffic to the NSX-T Manager for HTTPS (TCP 443) services to the discovered IP address of the cloud proxy.
  4. Create a management rule to allow outbound access to the following URLs:
    • ci-data-collector.s3.amazonaws.com
    • symphony-docker-external.jfrog.io
    • data.mgmt.cloud.vmware.com

      For non-US regions, substitute the region value. For example, for the UK, use uk.data.mgmt.cloud.vmware.com.

    • api.mgmt.cloud.vmware.com

      For non-US regions, substitute the region value. For example, for the UK, use uk.api.mgmt.cloud.vmware.com.

    • console.cloud.vmware.com

      For non-US regions, substitute the region value. For example, for the UK, use uk.console.cloud.vmware.com.