The links provide more detail, but the needed steps have been summarized and provided below.
Note: These instructions also work with cloud-to-cloud VSR deployments. For this use case, when you see 'on-premises' in the steps below, consider this as the site where your AD is managed. If both your SDDCs are version 1.12+, then you can use the following instructions, instead of the steps below, to link your vCenters:
Use vCenter Linking in an SDDC GroupIn the following document, it mentions that you have two options for configuring Hybrid Linked Mode. You can use only one of these options at a time.
Configuring Hybrid Linked Mode
- You can install the Cloud Gateway Appliance and use it to link from your on-premises data center to your cloud SDDC.
- You can link your VMware Cloud on AWS SDDC to your on-premises vCenter Server. In this case, you must add an identity source to the SDDC LDAP domain.
With DRaaS, the Cloud Gateway Appliance is not compatible, so this option
must not be used.
Configuring Hybrid Linked Mode from the Cloud SDDCAs an alternative to using the Cloud Gateway Appliance, you can configure Hybrid Linked Mode from the cloud SDDC.
In this case, you use your cloud SDDC's vSphere Client to view and manage your complete inventory. When you link from the cloud SDDC, you can link only one on-premises domain.
Add an Identity Source to the SDDC LDAP DomainThe first step toward configuring Hybrid Linked Mode from your SDDC is to add your on-premises LDAP domain as an identity source for the SDDC vCenter Server.
When the identity source is added, on-premises users can authenticate to the SDDC, but have the "No access" role. Add permissions for a group of users to give them the Cloud Administrator role.
Link to an On-Premises Data Center
- Login to the vSphere Client for your SDDC -> Menu -> Administration to display the Administration page.
- Under Hybrid Cloud, select Linked Domains.
- Connect to the on-premises Platform Services Controller.
On-premises AD groups that are added to the SDDC vCenter CloudAdmin role will also inherit the permissions needed to manage VSR.
Hybrid Linked Mode Prerequisites
- Decide which of your on-premises users will have Cloud Administrator permissions.
- Add these users to a group within your identity source.
- Ensure that this group has access to your on-premises environment.
- In the SDDC vCenter -> Menu -> Administration -> Access Control -> Global Permissions -> add the AD group to the CloudAdmin role.
Now, when you login to the SDDC vCenter with one of those AD user accounts, you will have the needed permissions to manage VSR.