IBM Cloud Docs
Networking considerations for VCF for Classic - Automated

Networking considerations for VCF for Classic - Automated

Review the following information for details about networking considerations and requirements for your VMware Cloud Foundation for Classic - Automated instances. Ensure that you meet the requirements so that your instance functions properly.

Networking components for VCF for Classic - Automated

To review the networking components that are included in your Automated instance, see Technical specifications for Automated instances.

Firewall considerations

If you're using firewalls, you must configure rules for all communications from the IBM® CloudDriver virtual server instance (VSI) and the SDDC Manager virtual machines (VMs). These rules must allow all protocols to communicate on the IP addresses 10.0.0.0/8 and 161.26.0.0/16. Examples of such firewalls are NSX Distributed Firewalls (DFW) or vSRX gateway cluster firewalls.

Some components might attempt to connect to the public network, although they are deployed to your private network. In some cases, such as Zerto Virtual Replication or FortiGate-VM, this connection is required for licensing or to report usage. These components are configured to connect either by using the instance NAT or a proxy you provide. You might need to allow these connections in your firewall. In other cases, these connection attempts are only for diagnostic and usage data, and the connections fail since no public connectivity is available or configured.

Using NSX with your virtual machines

During VCF for Classic - Automated instance deployment, VMware NSX® is ordered, installed, licensed, and configured in your instance. Also, NSX Manager, VMware NSX Controllers™, and NSX Transport Zone are set up, and each VMware ESXi™ server is configured with the NSX components.

A VMware NSX Edge™ cluster is also deployed to be used by your workload VM or VMs. For more information, see Configuring your network to use the customer-managed NSX edge cluster with your VMs.

Considerations when you change passwords for NSX components

Review the following considerations before you attempt to change the passwords for the NSX Manager, NSX Controllers, and NSX Edges.

Considerations when you change passwords for NSX-T components

  • You can change the NSX Manager root password. This password is not displayed in the VMware Solutions console. However, the password is the same as the one for the root user for NSX Controllers, which is displayed in the console.
  • You can change the passwords for the root user for NSX Controllers. The root credentials are displayed in the VMware Solutions console.
  • You can change the passwords for the admin user and the root user for the customer-managed VMware NSX edge nodes. The admin credentials are displayed in the VMware Solutions console, but the root credentials are not displayed. The passwords for the root user and the admin user are the same.
  • You can change the passwords for admin user and root user for management services edge nodes. The admin credentials are displayed in the VMware Solutions console, but the root credentials are not displayed. The passwords for the root user and the admin user are the same.

Considerations when you change passwords for NSX-V components

  • You can change the NSX Manager password. This password is displayed on the Summary page of the instance in the VMware Solutions console.
  • You can change the NSX Controller password. This password is not displayed in the VMware Solutions console, but you can set a new password without the old password. For more information, see Change Controller password.
  • You can change the password and the SSH settings for the customer-managed edge. This password is not displayed in the VMware Solutions console, but you can set a new password without the old password. For more information, see Change CLI credentials.
  • Do not change the passwords for the management VMware NSX ESG and the related Distributed Logical Router.