Domain Name System (DNS) resolution is critical for deployment and configuration of
PowerProtect Data Manager, the
PowerProtect Data Manager external proxy, andDDVE. All infrastructure components should be resolvable through a fully qualified domain name (FQDN). Resolvable means that components are accessible through both forward (A) and reverse (PTR) lookups.
Ensure that the VMC-on-AWS portal meets the following requirements:
By default, there is no external access to the vCenter server in the software-defined data center (SDDC). You can open access to the vCenter server by configuring a firewall rule. To enable communication to the vCenter public IP address from the SDDC logical network, set the firewall rule in the compute gateway of VMC on AWS. If the firewall rule is not configured in the SDDC,
PowerProtect Data Manager does not allow you to add the vCenter server.
The default compute gateway firewall rules prevent all virtual machine traffic from reaching the Internet. To enable the
PowerProtect Data Manager virtual machine to connect to the Internet, create a compute gateway firewall rule. This action enables outbound traffic on the logical network to which the
PowerProtect Data Manager server virtual machine is connected.
Configure DNS to allow machines in the SDDC to resolve FQDNs to their public IP addresses. If the DNS server is not configured in the SDDC, the
PowerProtect Data Manager server does not allow you to add the vCenter server by using the server's public FQDN or IP address.
It is recommended that you deploy the
DD system as a virtual appliance. If deploying
DDVE to VMC-on-AWS, connect the SDDC to an AWS account during the SDDC creation, and then select a VPC and subnet within that account.
DDVE must be connected to the SDDC through the VMC-on-AWS Elastic Network Interfaces (ENIs). This action allows the SDDC, the services in the VPC, and subnet in the AWS account to communicate without having to route traffic through the Internet gateway.
The same ENI channel is recommended for access to
DDVE.
If
DDVE is running in VMC-on-AWS, configure the inbound and outbound firewall rules of the compute gateway for
DDVE connectivity.
For detailed information on what incoming and outgoing ports need to be opened for the PowerProtect-VM proxy solution, refer to the PowerProtect Data Manager Security Configuration Guide.
If using NSX-T, configure DNS to resolve to the internal IP address of the vCenter server. Navigate to
SDDC Management > Settings > vCenter FQDN, and then select the
Private vCenter IP address to directly access the management network over the built-in firewall.
Open TCP port 443 of the vCenter and ESXi servers in both the management and compute gateways.
For a VMC-on-AWS environment, open the ESXi server inbound firewall rule with ports 902 and 443 for the PowerProtect-VM proxy solution.
If
DDVE is running in VMC-on-AWS, the inbound and outbound firewall rules of the VMC-on-AWE VPC security group are configured to provide connectivity between the SDDC compute gateway and
DDVE.
If there is replication between
DDVE instances, ensure the following:
The security group in AWS is configured to allow all inbound traffic from the private IPs of the
DDVE instances
The
DDVE instances can ping each other using their FQDNs
.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\