The Management Gateway firewall protects access to management components such vCenter and NSX. There are two types of management groups: predefined management groups and user-defined management groups. When choosing a source or destination for a management firewall rule, there are three choices: Any, System-Defined, and User-Defined. System-defined groups simplify the…
Tier-1 gateways can terminate VPNs for multi-tenancy environments, where direct connectivity over the VPN is required by a tenant, as seen in the following architecture diagram: Figure 6.41 – Tier-1 gateway VPN termination diagram The configuration is available at Networking | VPN | Tier-1 VPN Services, as seen in the…
Route-based VPNs support dynamic routing and simplify routing configuration in complex network environments. Route-based VPNs utilize BGP over a VPN tunnel. Customers can establish the tunnel using a private connection such as a Direct Connect private virtual interface (VIF) or public internet. To configure the VPN connection, navigate to the…
Source NAT (SNAT) is automatically configured for all SDDC and tier-1 gateway workloads. SNAT is configured for translating the source IP of the VM into the internet public IP address assigned by the VMware Cloud on AWS SDDC. Therefore, customers do not need to create NAT rules for outbound traffic.…
VMware Cloud on AWS provides DNS services for the Management Gateway (MGW), Compute Gateway (CGW), and custom Tier-1 CGWs. Within the SDDC, default DNS zones are integrated for both the Management Gateway and Compute Gateway. Each zone is equipped with a preconfigured DNS forwarding service. The DNS servers set up…
With a policy-based VPN, there is no routing protocol such as BGP, so the initial setup of the VPN connection is easier. However, administrators must manually update the routing tables on both ends of the network when new routes are added. From the VMware Cloud Console, navigate to Inventory >…
VMware Transit Connect is a VMware Managed Transit Gateway (vTGW), which enables complex network topology, including inter- and intra-Region SDDC connectivity, AWS VPC connection, and much more. You deploy vTGW from the SDDC console through the SDDC groups feature, which lets customers manage multiple SDDCs and external AWS connectivity from…
Network administrators and security personnel often need to review network and security logs. This is often required for auditing or troubleshooting as well as security analysis. VMware Cloud on AWS integrates all its logs in VMware Aria Operations for Logs. This capability allows customers to analyze and troubleshoot their application…
For further details on CMA topology and design, please refer to the Tech Zone design at https://vmc.techzone.vmware.com/resource/designlet-vmware-cloud-aws-static-routing-multiple-cgws-t1s#section3. To create a new tier-1 gateway, let’s navigate to Tier-1 Gateways under Networking and click on ADD TIER-1 GATEWAY, as seen in the following screenshot: Figure 6.11 – Tier-1 Gateways view Next, enter…
This chapter focuses on the practical basics of SDDC networking and security functionality, starting from basic networking and security features, including NSX Micro-Segmentation, and Day 2 operations. You will learn the networking and security configuration essentials required for day-to-day work. The following topics are covered in this chapter: Before moving…
