Configure the SDDC network for pairing
VMware Cloud Director
Availability in
VMware Cloud on AWS
VMware Cloud Director
Availability
in
VMware Cloud on AWS
After deploying and configuring
VMware Cloud Director
Availability
and the external access, the next step is
configuring from where VMware Cloud on AWS
allows establishing
pairings. Create an additional compute group with the public IP addresses allowed for
pairing and an additional firewall rule allowing the access from this new group to the
Public Service
Endpoint
.- Verify that before pairing, network port 3030/TCP from the remoteTunnel Applianceand the remoteOn-Premises to Cloud Director Replication Applianceto theReplicator ApplianceinVMware Cloud on AWSis allowed. For information about the required network ports, see https://ports.vmware.com/home/VMware-Cloud-Director-Availability.
- Verify thatVMware Cloud Director AvailabilityinVMware Cloud on AWSis configured. For more information, see Configure VMware Cloud Director Availability in VMware Cloud on AWS.
To allow pairing with
VMware Cloud Director
Availability
in VMware Cloud on AWS
, in
the compute group below add the public IP addresses of the Public Service
Endpoint
instances and the on-premises appliances.- Log in toVMware Cloud on AWSat https://vmc.vmware.com.
- In the VMC console, in the left pane clickSDDCs.
- Under the SDDC clickView Detailsand click theNetworking & Securitytab.
- To allow accessing thePublic Service Endpointcompute gateway service inVMware Cloud on AWS, create a compute group containing the remote sites IP addresses.
- On theNetworking & Securitytab, in the left pane under theInventorysection clickGroups.
- To create the compute group, under theCompute Groupstab, clickAdd Groupand enter a group name, for example enter.VCDA Pairing Compute Group
- To add trusted sites members to the compute group, under the Compute Members column, click theSet Memberslink.
- In theSelect Memberswindow, on theIP Addressestab enter the IP addresses of the following site members and clickApply.
- To allow each private cloud site backed byVMware Cloud Directorpairing, add thePublic Service Endpointof thepublic-IP-addressTunnel Appliancein the private cloud site.
- To allow each tenant pairing, add theof all theirpublic-IP-addressesOn-Premises to Cloud Director Replication Applianceinstances.
Adding or removing IP addresses from this compute group controls which remote cloud sites and on-premises tenants can establish pairing withVMware Cloud Director AvailabilityinVMware Cloud on AWS.BeforeVMware Cloud Director Availabilitypairs with another site, to allow the pair add the remote site IP address in theVCDA Pairing Compute Group. - To save the pairing compute group, clickSave.
- To allow access from the pairing compute group, create a compute gateway firewall rule.
- On theNetworking & Securitytab, in the left pane under theSecuritysection, clickGateway Firewall.
- On theCompute Gatewaytab, clickAdd Ruleand configure the following settings.NameEnter a name for the compute gateway firewall rule, for example enter.VCDA Pairing Compute RuleSourcesClickAnyin the Sources column, then in theSet Sourcewindow selectUser Defined Groups, select the pairing IP addresses compute group, for example select, and clickVCDA Pairing Compute GroupApply.DestinationsClickAnyin the Sources column, then in theSet Sourcewindow selectUser Defined Groups, select theTunnel ApplianceIP address compute group, for example select, and clickVCDA Tunnel Compute GroupApply.ServicesIn the Services column, clickAny, then in theSet Sourcewindow, select thePublic Service Endpointservice, for example selectand clickVCDA-Service-EndpointTCP (Source: Any | Destination: 8048)Apply.Applied ToAll UplinksActionAllowBy default, the new compute gateway firewall rule is enabled, allowing theTunnel AppliancePublic Service Endpointaccess from the pairing IP addresses compute group.
- To publish the new compute gateway firewall rule, clickPublish.The new rule receives an integer ID value, used in the log entries that it generates.
VMware Cloud Director
Availability
in
VMware Cloud on AWS
allows pairing with On-Premises to Cloud
Director Replication Appliance
instances and with VMware Cloud Director
Availability
instances in private cloud
sites backed by VMware Cloud Director
.- Tenants can now configure and pair theirOn-Premises to Cloud Director Replication Applianceand migrate their workloads toVMware Cloud on AWS. For more information, see Configure and Pair the On-Premises to Cloud Director Replication Appliance.
- You can now pair private cloud sites and migrate cloud workloads toVMware Cloud on AWS. For more information, see Pair VMware Cloud Director Cloud Sites.
- You can allow administrative operations by using the management interfaces of the services ofVMware Cloud Director Availability. For more information, see Post-configure the SDDC networking in VMware Cloud on AWS.