SDDC network configuration summary
After configuring the network of the SDDC and configuring the network of
VMware Cloud on AWS
for pairing with remote VMware Cloud Director
Availability
sites, check the
summary of the network configuration.Management Gateway Firewall
Rules
Name | Sources | Destinations | Services | Explanation |
|---|---|---|---|---|
vCenter Inbound From Trusted Management Sources
Rule | Trusted Management Sources Group | vCenter | HTTPS | Allows the trusted management sources accessing the management
gateway vCenter Server for the deployment of the cloud appliances
in the compute gateway. |
SNAT VCDA to vCenter Rule | SNAT VCDA Management Group | vCenter | HTTPS | Allows the compute gateway source NAT accessing the management
gateway vCenter Server for bridging the access from the compute
gateway cloud VMware Cloud Director
Availability appliances. |
VCDA Replicators to ESXi Rule | VCDA Replicators Management Group | ESXi |
| Allows all the Replicator
Appliance instances writing in
the destination ESXi
datastore. |
For information about creating these
management firewall rules, see Prepare the SDDC in VMware Cloud on AWS for deployment and Configure the network of the SDDC in VMware Cloud on AWS.
Compute Gateway Firewall
Rules
Name | Sources | Destinations | Services | Explanation |
|---|---|---|---|---|
VCDA Management from Trusted Compute Sources
Rule | Trusted Compute Sources Group | VCDA Manager Compute Group | VCDA-Cloud-Service-Management TCP (Source: Any
| Destination: 8046) | Allows the trusted compute sources accessing the management
interface of the Cloud Service for completing the initial setup. Later, modifying the
same rule allows access to all four types of management
interfaces of VMware Cloud Director
Availability . For more information,
see Post-configure the SDDC networking in VMware Cloud on AWS. |
VCDA Appliances Outbound Compute Rule |
| Any | Any | Allows the VMware Cloud Director
Availability appliances to Internet for the
external network traffic from the compute gateway. |
VCDA Pairing Compute Rule | VCDA Pairing Compute Group | VCDA Tunnel Compute Group | VCDA-Service-Endpoint TCP (Source: Any |
Destination: 8048) | Allows the on-premises tenants and the remote cloud sites backed
by VMware Cloud Director
pairing with VMware Cloud Director
Availability in VMware Cloud on
AWS . |
For information about creating these
compute firewall rules, see Configure the network of the SDDC in VMware Cloud on AWS and Configure the SDDC network for pairing VMware Cloud Director Availability in VMware Cloud on AWS.