Once you have successfully deployed your SDDC, the next steps usually include configuring the VPN and accessing vCenter. This post will walk you through the steps you need to take to access your vCenter and begin adding workloads.
Since the VMware Cloud on AWS SDDC uses NSX-T for it’s networking, we will use our NSX-T interface in the VMware Cloud Console to allow secure traffic to the vCenter Server. When an SDDC is deployed, the default network settings for your vCenter is ‘Deny All’. This means, once it has deployed successfully, you will not be able to resolve your vCenter Server until you open a firewall rule.
After logging into the VMC Console, click on the ‘Networking & Security’ Tab. If the Networking & Security page does not populate, it means your user account does not have NSX Admin rights and will need to be added to your account for you to proceed (Blog post on that, here) Once there, click the ‘Gateway Firewall’ link on the left and make sure ‘Management Gateway’. Here you can give your firewall rule a name. The source will be ‘any’ if you want any IP address on the internet to be able to resolve it. Generally, this is very temporary as most customers will enable a VPN connection soon after deployment and only allow internal traffic. Either way, Source will be the IP addresses you allow to access vCenter.
For Destination, you can click in ‘System Defined Groups’ and select ‘vCenter’ You will notice that several management resources have already been prepopulated with their corresponding IPs or subnets for you to use. Click ‘SAVE’
Now, we choose which services we are allowing through. If you want to be able to ping your vCenter, enable ‘ICMP (ALL ICMP)’. Otherwise, select ‘HTTPS (TCP 443)’. You can also enable SSO if you are using other products that leverage vCenter SSO.
Lastly, do not forget to click ‘PUBLISH’. If you do not, your firewall rule will not be saved.
Once you’ve published your firewall rule, click on the ‘Settings’ tab and copy the URL for the vSphere Client.
Paste it into your browser of choice and submit. You should now see the login screen for vCenter. Once you have a VPN established, you can turn the DNS resolution to ‘internal’ thereby adding another layer of security to your environment.