73
VMware HCX User Guide VMware HCX

VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

  • Upload
    others

  • View
    47

  • Download
    0

Embed Size (px)

Citation preview

Page 1: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX User GuideVMware HCX

Page 2: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX User Guide

VMware, Inc. 2

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

If you have comments about this documentation, submit your feedback to

[email protected]

Copyright © 2019 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com

Page 3: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Contents

1 Using VMware HCX 5

VMware HCX Components 6

Installing and Configuring the VMware HCX Destination System 7

Installation Requirements 7

Deploying VMware HCX Manager in the vSphere Client 14

Activating and Updating the VMware HCX System 15

Updating the VMware HCX License Key 17

VMware HCX Interconnect Configuration 18

Installing and Configuring VMware HCX Enterprise 19

Hardware, Interoperability and Activation Requirements 20

Network Requirements 21

VMware HCX Manager Deployment Considerations 23

Obtaining the VMware HCX OVA 24

Installing the VMware HCX Enterprise Manager OVA 24

VMware HCX Activation and Initial Configuration 25

Updating the VMware HCX License Key 27

Building the VMware HCX Interconnect 27

Managing a Configured VMware HCX Interconnect 35

Extending Networks with VMware VMware HCX 36

About VMware HCX Network Extension 36

Extending Networks from the vSphere Networking Context Menu 37

Extending Networks from the VMware HCX User Interface 38

Removing a Network Extension 38

Verifying Network Extension Operations in the VMware HCX Enterprise Interface 39

Verifying Network Extension Operations in vSphere Task Interface 39

Verifying Network Extension Operations in the VMware HCX Cloud Interface 39

VMware HCX Network Extension with Proximity Routing 40

Migrating Virtual Machines with VMware HCX 43

VMware HCX Migration Types 43

About VMware HCX Bulk Migration 44

About VMware HCX vMotion and Cold Migration 45

Additional Migration Settings 46

Migrating a Virtual Machine from the vCenter Context Menu 47

Migrating Virtual Machines from the VMware HCX Interface 48

Protecting Virtual Machines with VMware HCX Disaster Recovery 49

About VMware HCX Disaster Recovery 49

Enabling DR Protection for a Virtual Machine 50

Performing a Virtual Machine Test Recovery 51

VMware, Inc. 3

Page 4: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Performing a Virtual Machine Recovery 52

VMware HCX Disaster Recovery - Protect Operations for VMs 52

Updating VMware HCX 53

About VMware HCX System Updates 53

Planning VMware HCX System Updates 54

VMware HCX Update Procedures 55

VMware HCX Release Notes 56

VMware HCX Troubleshooting 56

Enabling SSH on the VMware HCX Manager 56

Logging into the VMware HCX Manager CLI 57

Locating the VMware HCX System IDs Using VMware HCX Manager CLI 58

Locating the VMware HCX System IDs Using VMware HCX Plug-In 58

Using Central CLI to Connect to VMware HCX Services 59

Gathering VMware HCX Technical Support Logs from the VMware HCX Plug-In 60

Gathering VMware HCX Technical Support Logs from the VMware HCX Appliance

Management 60

Viewing Logs in the VMware HCX Manager Shell 61

VMware HCX Manager Services from the VMware HCX Appliance Management Interface 61

VMware HCX Manager Services from the VMware HCX CLI 62

Viewing VMware HCX System State 63

Viewing VMware HCX-Related Entries in the vSphere Task Console 64

Enabling the VMware HCX Central CLI 64

Monitoring VMware HCX Systems 64

vROPS Management Pack for VMware HCX 64

VMware HCX in the VMware Cloud on AWS 67

Deploying VMware HCX Cloud from the VMC Console 67

Overview of VMware HCX on NSX for vSphere backed SDDCs 68

Overview of VMware HCX on NSX-T Backed VMC SDDCs 70

Configuring VMware HCX for Direct Connect Private Virtual Interfaces 72

VMware HCX User Guide

VMware, Inc. 4

Page 5: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Using VMware HCX 1VMware HCX abstracts on-premises versus cloud notions and presents capabilities to Virtual Machinesas a continuous hybrid cloud.

VMware HCX enables:

n Modernization of Mission-Critical Application Infrastructure with a minimal operational overheadwithout requiring a retrofit of legacy infrastructure.

n New hybrid data center architectures, where premises/private cloud network topologies are efficientlyreplicated, accelerating application migration, mobility and business continuity, and at scale.

n Coherent migration of hundreds of VMs, bi-directionally, in parallel, on a secure high-performanceoverlay, over an existing WAN, VPN, or Private lines.

This chapter includes the following topics:

n VMware HCX Components

n Installing and Configuring the VMware HCX Destination System

n Installing and Configuring VMware HCX Enterprise

n Extending Networks with VMware VMware HCX

n Migrating Virtual Machines with VMware HCX

n Protecting Virtual Machines with VMware HCX Disaster Recovery

n Updating VMware HCX

n VMware HCX Troubleshooting

VMware, Inc. 5

Page 6: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n Monitoring VMware HCX Systems

n VMware HCX in the VMware Cloud on AWS

VMware HCX ComponentsThe VMware HCX is comprised of a virtual management component at the source and destination site,and up to three types of VMware HCX Interconnect service appliances. VMware HCX services areconfigured and enabled at the source site, and then deployed as virtual appliances at the source site, witha peer appliance at the destination site.

VMware HCX Enterprise and VMware HCX Cloud Manager

VMware HCX Manager platform is deployed to the management zone, adjacent to each site's vCenterServer, and provides a single plane for VMware HCX administration. The VMware HCX manager providesa sophisticated framework for deploying VMware HCX service VMs across both the local and remotesites. VMware HCX administrators are authenticated, and each task authorized through the existingvSphere SSO identity sources. VMware HCX mobility, extension, protection actions can be initiated fromthe VMware HCX User Interface or from within the vCenter Server Navigator screen's context menus.

In the VMware HCX site-to-site Architecture, the VMware HCX Managers have a Source or Destinationtype. VMware HCX Enterprise Manager is always a source type, and VMware HCX Cloud is always adestination type. Same types cannot be paired with each other.

In the VMware HCX for Cloud Service Providers model, the CSP deploys VMware HCX Cloud. Thetenant deploys VMware HCX Enterprise on premises.

In the NSX Hybrid Connect model (VMware HCX for Private Cloud), the tenant deploys both source anddestination VMware HCX Managers.

VMware HCX WAN Interconnect Virtual Appliance

The VMware HCX Interconnect service appliance provides replication and vMotion based migrationcapabilities over the Internet and private lines to the target site whereas providing strong encryption,traffic engineering, and virtual machine mobility.

VMware HCX User Guide

VMware, Inc. 6

Page 7: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX WAN Optimization Virtual Appliance

The VMware HCX WAN Optimization service improves performance characteristics of the private lines orInternet paths by applying WAN optimization techniques like the data de-duplication and line conditioning.It makes performance closer to a LAN environment. It accelerates on-boarding to the cloud usingInternet/VPN- without waiting for Direct Connect/MPLS circuits.

VMware HCX Network Extension Virtual Appliance

The VMware HCX Network Extension service provides a late Performance (4–6 Gbps) Layer 2 extensioncapability. The extension service permits keeping the same IP and MAC addresses during a VirtualMachine migration. Network Extension with Proximity Routing enabled ensures that forwarding betweenvirtual machines connected to extended and routed networks, both on-premises and in the cloud, issymmetrical.

Installing and Configuring the VMware HCX DestinationSystemA destination VMware HCX system is registered at a source VMware HCX enterprise system and deployspeer VMware HCX Interconnect appliances when services are enabled at the source site.

Note For private data center to public cloud VMware HCX deployments, skip to the Installing andConfiguring VMware HCX Enterprise topic. This procedure is not applicable to deployments where thetarget site is an VMware HCX enabled public cloud.

Note After VMware HCX is deployed in the target site, use Installing and Configuring VMware HCXEnterpriseto install VMware HCX at the source site.

Installation RequirementsFor a successful installation, ensure each of the requirements in this topic is met.

VMware HCX User Guide

VMware, Inc. 7

Page 8: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

The VMware HCX Installer and License KeyHCX Manager is installed as a virtual appliance. The Installer OVA file is required for deployments.

Procedure

1 Open VMware Downloads at https://my.vmware.com/web/vmware/downloads.

2 Locate VMware NSX Hybrid Connect.

3 Click Download the OVA installer.

4 Obtain the license key in myvmware. For more information on licenses, see How to view license keysin My VMware (2006831).

Virtual Resources Required for VMware HCX Cloud InstallationsThis topic describes the Virtual Hardware resources required by each of the VMware HCX components.

VMware HCX Component vCPU Memory Disk 1 Disk 2

HCX Manager 4 12 GB 60 GB Not Applicable

HCX WAN Interconnect (HCX-WAN-IX)* 8 3 GB 2 GB Not Applicable

HCX Network Extension (HCX-NET-EXT)* 8 3 GB 2 GB Not Applicable

HCX WAN Optimization (HCX-WAN-OPT)* 8 14 GB 30 GB 70 GB

n The Destination vSphere environment requires NSX for vSphere version 6.4 or later.

n NSX 6.4 requires vSphere 6.0 U1 or later; or vSphere

VMware HCX Manager IP Address RequirementsThis topic describes the HCX Manager Network Address Requirements.

n The HCX Manager requires a private IP address for the management interface.

n During Initial Configuration, a Public Access URL is configured for the VMware HCX component. Ifconnections to the Public Access URL will be over Internet, a public IP / external address will berequired.

n A Destination NAT or Reverse Proxy configuration may also be required for translating the PublicAccess URL's external address to the management interface internal address.

Perimeter Firewall RequirementsVMware HCX components make network connections across the WAN boundary. To allow the listedconnections, update the firewalls in the path.

VMware HCX User Guide

VMware, Inc. 8

Page 9: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Source DestinationProtocol/Port Purpose

HCX Manager connect.hcx.vmware.com

hybridity-depot.vmware.com

TCP-443 Activation

Updates

Source HCX Manager Destination HCX Manager's Public AccessURL.

TCP-443 VMware HCX Multisite Management

Source HCX-WAN-IX(CGW)

Peer HCX-WAN-IX (CGW) UDP-500

UDP-4500

VMware HCX WAN Transport

Suite B Cryptography; IKEv2

Source HCX-NET-EXT(L2C)

Peer HCX-NET-EXT (L2C) UDP-500

UDP-4500

VMware HCX WAN TransportSuite BCryptography; IKEv2

Note VMware HCX is closely integrated with vSphere SDDC technologies - the VMware HCXcomponents make connections with vCenter Server, ESXi, NSX (if present), and local managementsystems. If the environment requires strict firewalling for connections within the data center, reference thecomplete VMware HCX Network Ports Table.

VMware HCX Network Ports DiagramsVMware HCX uses specific network ports between source and destination sites.

VMware HCX Network Ports - Source Site

VMware HCX User Guide

VMware, Inc. 9

Page 10: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

connect.hch.vmware.comhybridity-depot.vmware.com

HCX Hybridity/Mobility Admins

Internet

Boundary

Internet

Boundary

Target HCX Site

DNSServer

NTPServer

SyslogServer

Name Resource TCP/UDP 53

Time Sync UDP-123

Remote SyslogTCP/UDP-514

SSH TCP-22

HCX ApplianceMgmt TCP-9443

NSX API(OPTIONAL)TCP-443

vCenter

SSO/PSC

vSphere API TCP-443

HCX HTTPS TCP-443

Web-Client/Plug TCP-9443

vSphere (5.5) SSO /Lookup Svc TCP-7444

vSphere (6.0+) SSO /Lookup Svc TCP-443

ESXi ManagementVMkernel Interface

ESXi vMotionVMkernel Interface

OVD Import TCP-80,TCP-902

vCenter NetworkFabric

HCX Enterprise ManagerHCX X-vMo Ctl UDP-902

HCX-WAN-IX

HCX-WAN-OPT

Bulk Migration CtlTCP-8123

HCX Internal TCP-9443HCX X-vMo Ctl TCP-443

SyslogServer

Remote SyslogTCP/UDP-514

Remote SyslogTCP/UDP-514

HCX-NET-EXT

HCX InternalTCP-9443

HCX Multisite Management (SSL/TLS1.2) TCP-443

HCX- Activation & Entitlement (connect) TCP-443HCX-Updates (hybridity-depot) TCP-443

HCX Enterprise Manager (Origin Site)(Local HCX Management VM)

HCX Manager (Target Site)(Remote HCX Management VM)

HCX WAN Interconnect(HCX Migration Proxy)

HCX WAN Optimization(Deduplication, Compression WANConditioning, Always Paired with IX)

HCX Network Extension(HCX Extension Proxy)

HCX WAN FLOWSSDDC INTEGRATION FLOWSCOMMON MGMT PROTOCOLS

Legend

HCX WAN Transport/Suite B Crypto(IKEv2, Certificate Based)

UDP-500, UDP-4500

HCX WAN Transport/Suite B Crypto(IKEv2, Certificate Based)

UDP-500, UDP-4500

Datacenter

ESXi Auth TCP-80

HCX Cold Migration (NFC) TCP-902

HCX Bulk Migration TCP-31031, TCP-44046

HCX X-Cloud vMotion TCP-8000

VMware HCX User Guide

VMware, Inc. 10

Page 11: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Network Ports - Destination Site

VMware HCX User Guide

VMware, Inc. 11

Page 12: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

connect.hch.vmware.comhybridity-depot.vmware.com

HCX Hybridity/Mobility Admins

Internet

Boundary

Internet

Boundary

Source HCX Siteor Instance

DNSServer

NTPServer

SyslogServer

SNMPServer

Name Resource TCP/UDP 53

Time Sync UDP-123

Remote SyslogTCP/UDP-514

SSH TCP-22

HCX ApplianceMgmt TCP-9443

NSX APITCP-443

vCenter

SSO/PSC

vSphere API TCP-443

HCX HTTPS TCP-443

Web-Client/Plug TCP-9443

vSphere (5.5) SSO /Lookup Svc TCP-7444

vSphere (6.0+) SSO /Lookup Svc TCP-443

ESXi ManagementVMkernel Interface

ESXi vMotionVMkernel Interface

vSphere (6.0+) SSO /Lookup Svc TCP-443

vCenterDatacenter

HCX ManagerHCX X-vMo Ctl UDP-902

HCX-WAN-IX

HCX-WAN-OPT

Bulk Migration CtlTCP-8123HCX Internal TCP-9443HCX X-vMo Ctl TCP-443

SyslogServer

Remote SyslogTCP/UDP-514

Remote SyslogTCP/UDP-514

HCX-NET-EXT

HCX InternalTCP-9443

HCX Cold Migration (NFC) TCP-902

HCX Bulk Migration TCP-31031, TCP-44046

ESXi Auth TCP-80

HCX X-Cloud vMotion TCP-8000

HCX Multisite Management (SSL/TLS1.2) TCP-443

HCX- Activation & Entitlement (connect) TCP-443HCX-Updates (hybridity-depot) TCP-443

HCX Enterprise Manager (Origin Site)(Local HCX Management VM)

HCX Manager (Target Site)(Remote HCX Management VM)

HCX WAN Interconnect(HCX Migration Proxy)

HCX WAN Optimization(Deduplication, Compression WANConditioning, Always Paired with IX)

HCX Network Extension(HCX Extension Proxy)

HCX WAN FLOWSSDDC INTEGRATION FLOWSCOMMON MGMT PROTOCOLS

Legend

NetworkFabric

HCX WAN Transport/Suite B Crypto(IKEv2, Certificate Based)

UDP-500, UDP-4500

HCX WAN Transport/Suite B Crypto(IKEv2, Certificate Based)

UDP-500, UDP-4500

VMware HCX User Guide

VMware, Inc. 12

Page 13: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Network Ports TableIn most deployments, it is sufficient to allow the network ports in the Perimeter Firewall Requirements.

The following table provides a list of complete network ports for environments with strict LAN firewallcontrols.

VMware HCX WAN Flows

Source Component Destination ComponentTransportProtocol Port Purpose

HCX EnterpriseManager

connect.hcx.vmware.com

hybridity-depot.vmware.com

TCP 443 VMware HCX Activation &Entitlement

VMware HCX Updates

HCX EnterpriseManager

Remote HCX Manager (Cloud) TCP 443 VMware HCX MultisiteManagement (SSL / TLS1.2)

Local HCX HybridInterconnect (HCX-WAN-IX)

Remote HCX Hybrid Interconnect(HCX-WAN-IX)

UDP 500,4500

VMware HCX WAN Transport /Suite B Cryptography; IKEv2(Cert Based)

Local HCX NetworkExtension (HCX-NET-EXT)

Remote HCX Network Extension(HCX-NET-EXT)

UDP 500,4500

VMware HCX WAN Transport /Suite B Cryptography; IKEv2(Cert Based)

VMware HCX LAN FLOWS

Source Component Destination ComponentTransportProtocol Port Purpose

HCX Enterprise Manager Local HCX Hybrid Interconnect(HCX-WAN-IX)

TCP 8123 VMware HCX Bulk MigrationControl Traffic

HCX Enterprise Manager Local HCX Hybrid Interconnect(HCX-WAN-IX)

Local HCX Network Extension(HCX-NET-EXT)

TCP 9443 VMware HCX Internal Control

HCX Enterprise Manager Local HCX Hybrid Interconnect(HCX-WAN-IX)

TCP 443 VMware HCX vMotion Control

HCX Enterprise Manager vCenter Server TCP 443

9443

7444

vSphere API / vSphere 6.0+SSO Lookup Service

Web-client/Plugin

vSphere 5.5 SSO LookupService

vCenter Server VMware HCX EnterpriseManager

TCP 443 VMware HCX HTTPS

vCenter Server HCX Interconnect (HCX-WAN-IX)

TCP 443 VMware HCX vMotion Control

HCX Enterprise Manager ESXi Management VMkernel TCP 80,902 OVF Import

HCX Enterprise Manager NSX Manager TCP 443 (Optional) NSX API

VMware HCX User Guide

VMware, Inc. 13

Page 14: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Source Component Destination ComponentTransportProtocol Port Purpose

Local HCX HybridInterconnect (HCX-WAN-IX)

vCenter Server UDP 902 VMware HCX vMotion Control

Local HCX HybridInterconnect (HCX-WAN-IX)

ESXi Management VMkernel TCP 80 ESX Authentication

Local HCX HybridInterconnect (HCX-WAN-IX)

ESXi Management VMkernel

ESXi Management VMkernel

Local HCX Hybrid Interconnect(HCX-WAN-IX)

TCP 902 VMware HCX Cold Migration(Bi-Directional Flow)

Local HCX HybridInterconnect (HCX-WAN-IX)

ESXi Management VMkernel

ESXi Management VMkernel

Local HCX Hybrid Interconnect(HCX-WAN-IX)

TCP 8000 VMware HCX vMotion (Bi-Directional Flow)

ESXi Management VMkernel Local HCX Hybrid Interconnect(HCX-WAN-IX)

TCP 31031,44046 VMware HCX Bulk Migration

VMware HCX Administrators HCX Enterprise Manager TCP 9443 VMware HCX ApplianceManagement

VMware HCX MANAGEMENT FLOWS

Source Component Destination ComponentTransportProtocol Port Purpose

HCX Enterprise Manager DNS Server TCP/UDP 53 Name Services

HCX Enterprise Manager NTP Server UDP 123 Synchronized Time

HCX Enterprise Manager

Local HCX Hybrid Interconnect (HCX-WAN-IX)

Local HCX Network Extension (HCX-NET-EXT)

Syslog Collector Server TCP/UDP 514 Remote/CentralSyslogs

VMware HCX Administrators HCX Enterprise Manager

Local HCX Hybrid Interconnect(HCX-WAN-IX)

Local HCX Network Extension (HCX-NET-EXT)

Deploying VMware HCX Manager in the vSphere ClientVMware HCX is deployed in the vSphere Client using an OVA installer.

Prerequisites

Download the NSX Hybrid Connect OVA from downloads.vmware.com. This installer updates itself to themost recent version during the installation.

Procedure

1 Connect to the vCenter Server client.

VMware HCX User Guide

VMware, Inc. 14

Page 15: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

2 Deploy the OVF Template.

3 Browse and select the HCX-Installer-#.ova file, Click Next.

4 Review the Deploy OVF Template Details and click Next.

5 Read and accept the EULA and click Next.

6 Enter the HCX Manager appliance name and the inventory location and click Next.

7 Select a specific host and click Next.

8 Select the Storage Profile and Destination Storage and then click Next.

9 Select the Disk Format and click Next.

10 Select the Destination Network and click Next.

11 Set the appropriate properties.

n Passwords

n Provide the admin password.

n Provide the root password.

n Network Properties

n Enter the Hostname for the HCX Manager Virtual Machine.

n Static Route

n Optionally, provide the IPv4 Network, the Prefix Length, and Gateway IP address for anynetworks that are notreachable through the default gateway.

n DNS

n Enter the DNS server.

n Services Configuration

n NTP Server List (space separated)

n Optionally, select the Enable SSH checkbox.

12 Click Next.

13 Review the Deployment settings and click Finish.

What to do next

Allow up to 5 minutes for the VMware HCX appliance to initialize, then browse to the VMware HCXappliance for the initial configuration using https://hcx-ip-or-fqdn.

Activating and Updating the VMware HCX SystemNewly deployed systems are activated with an NSX Data Center Enterprise Plus license. A newlyactivated system communicates with connect.hcx.vmware.com and is signaled to retrieve and install thelatest VMware HCX update.

VMware HCX User Guide

VMware, Inc. 15

Page 16: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Prerequisites

The HCX Manager OVA must be deployed and fully initialized.

Procedure

1 Open the VMware HCX interface https://hcx-ip-or-fqdn:9443.

2 Authenticate with the admin user and password, click Continue.

3 Configure your HCX System and click Continue.

4 Activate your VMware HCX Instance by entering the NSX Data center Enterprise Plus License Keyand click Continue.

5 Download and upgrade your VMware HCX Instance.

n The latest updates are obtained from a distributed file depot. The download may take a fewminutes to complete.

n After the contents are downloaded and extracted, an upgrade action is initiated. The Upgrademay take a few minutes.

n Expected upgrade transitions:

n Stopping of services.

n Preparing the slot.

n Verifying and installing the image.

n Upgrading the HCX Manager appliance.

n After services are fully initialized, the HCX Manager Appliance Management login screen isdisplayed.

6 Authenticate with the admin user and password and then click Continue.

7 Enter the city where the installed VMware HCX System is located and click Continue.

Enter the nearest major city if the actual city is not available in the interface. The VMware HCXconnected environments will be displayed on the VMware HCX dashboard.

8 Provide the VMware HCX system name and click Continue.

9 Select the VMware HCX Instance type to configure, such as vSphere or vCloud Director and clickContinue.

10 Enter the vCenter Server and NSX URL, the administrative users and passwords and then clickContinue to connect your vCenter Server and NSX System.

11 Configure SSO/PSC by entering the IP address of the Platform Services Controller or the vCenterServer IP if embedded SSO is used.

VMware HCX User Guide

VMware, Inc. 16

Page 17: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

12 Configure the Public Access URL.

n Provide the IP or URL that external/remote VMware HCX systems will use to access this VMwareHCX installation.

n For internet accessible VMware HCX systems, the Public Access URL may behttps://public-ip-for-hcx, even if it is ultimately NAT translated to an internal address.

n If VMware HCX systems will be reachable only on an internal IP address, the IP address isused for the Public Access URL.

13 Review the connections summary information.

14 Click Restart or Restart Later to restart the services. You must restart the services to complete theconfiguration.

What to do next

Allow up to 5 minutes for the VMware HCX system to fully initialize after the application and web engineshave been restarted.

Updating the VMware HCX License KeyVMware HCX installations using evaluation or trial activation keys can be configured to use a purchasedNSX Enterprise Plus license.

This procedure can be used with the Source (Enterprise) and Target (Cloud) VMware HCX Managersystems activated with NSX Data Center Enterprise Plus trial licenses (or expiring licenses). It is notapplicable to VMware HCX systems that connect to VMware HCX enabled cloud IaaS providers. Inprivate to cloud deployments (where the target site is an VMware HCX enabled cloud provider like IBM,VMC, OVH), the VMware HCX activation keys are obtained through the provider-specific process.

Prerequisites

n Administrative access to the VMware HCX System.

n NSX Data Center Enterprise Plus license.

Procedure

1 Navigate to the VMware HCX Appliance Management Interface https://hcx-manager-ip-or-fqdn:9443.

2 Navigate to the Configuration tab.

3 Select HCX on the side menu and click Edit.

4 Enter the NSX Enterprise Plus key, and click UPDATE.

VMware HCX User Guide

VMware, Inc. 17

Page 18: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Interconnect ConfigurationThe VMware HCX Interconnect Configuration is the destination site prerequisite for deployingInterconnect appliances from a connected source VMware HCX system.

n VMware HCX Interconnect Interface Types

n Management

n VMware HCX Interconnect appliances use this interface for communications with thevSphere environment.

n vMotion

n VMware HCX Interconnect appliances use this interface for vMotion communications with thehypervisors. This interface type should always be used when the vMotion network is notrouted.

n Internet/Direct Connect

n VMware HCX Interconnect appliances will use this interface for WAN-bound encryptedcommunication with the remote site/peer VMware HCX Interconnect appliances.

Prerequisites

n The target vSphere environment that VMware HCX will be connected to should have NSX installed.

n The NSX installation must be configured for VXLAN/Logical Switches.

n The NSX installation should include at least one NSX Edge Services Gateway or Distributed LogicalRouter.

n A Resource Pool is required for deploying VMware HCX Interconnect appliances. Use the resourcepool to reserve resources.

Procedure

1 Open the VMware HCX Service Interface at https://hcxmgr-ip-or-fqdn.

2 Authenticate with a user in a group that has been designated the System Administror role in theVMware HCX Appliance Management vSphere Role Mapping interface.

3 Click CONFIGURE INTERCONNECT on the banner. Or navigate to the Interconnect Configurationsection in the Administration tab.

4 Click CREATE INTERCONNECT CONFIGURATION, the Create Interconnect Configuration wizardis launched.

5 In the Select Compute Resources screen, make the following required selections:

n Select the vCenter Server IP Address

n Select the HCX Resource Pool. VMware HCX will use it when deploying VMware HCXInterconnect appliances.

VMware HCX User Guide

VMware, Inc. 18

Page 19: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n Select the Datastore. VMware HCX will use it when deploying VMware HCX Interconnectappliances.

6 Use the Configure Network Profiles section to define the LAN and WAN networks that VMwareHCX will use when deploying Interconnect appliances. Make the following selections:

n Select the vSphere or NSX Network Type.

n Select the VMware HCX Interface Type

n Enter the IP Ranges that will be used when deploying VMware HCX Interconnect appliances.

n Enter the Prefix Length.

n Enter the Default Gateway IP Address.

7 Click Next.

8 Optionally, Add Static Routes. Click Next.

9 Verify all information. Click Finish.

What to do next

The complete Interconnect Configuration is required for source VMware HCX systems to deployInterconnect to this VMware HCX target/cloud system.

If this system will connect with multiple VMware HCX source sites, the Network Profile IP ranges shouldbe sized to ensure Interconnect appliances can deploy successfully.

Installing and Configuring VMware HCX EnterpriseIn a private cloud to VMware HCX-public cloud deployment, VMware HCX Enterprise is deployed onpremises and used with a remote site that is VMware HCX ready (prepared by the Cloud provider). This isthe right place to start for those private cloud (VMware HCX Source) to public cloud (VMware HCXTarget) deployments. This section contains steps for Installing and Configuring VMware HCX at a sourcesite. In the private to private deployment (with no VMware HCX public cloud), VMware HCX must beinstalled at both sites, begin withInstalling and Configuring VMware HCX for Remote Sites section ofthe manual, then return here when it is time to install the VMware HCX Source Site.

VMware HCX deployment involves the followings steps:

1 Plan for the deployment and ensure all requirements are met

2 Download the OVA from the VMware HCX-enabled target site.

3 Deploy, activate, and configure the VMware HCX Manager on-premises..

4 Build the VMware HCX Interconnect by establishing the source VMware HCX and destinationVMware HCX relationship and then deploying the HCX WAN-IX, WAN-OPT, NET-EXT components.

Note If you need to update the license at any later point in time, see Updating the VMware HCX LicenseKey

VMware HCX User Guide

VMware, Inc. 19

Page 20: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Hardware, Interoperability and Activation RequirementsThis topic provides information about the virtual hardware resources required to deploy the VMware HCXcomponents.

Virtual Hardware Requirements

VMware HCX Component vCPU Memory Disk 1 Disk 2

VMware HCX Enterprise Manager 4 12 GB 60 GB Not Applicable

VMware HCX WAN Interconnect (HCX-WAN-IX)* 8 3 GB 2 GB Not Applicable

VMware HCX Network Extension (HCX-NET-EXT)* 8 3 GB 2 GB Not Applicable

VMware HCX WAN Optimization (HCX-WAN-OPT)* 8 14 GB 30 GB Not Applicable

n The VMware HCX Enterprise Manager appliance is typically deployed in the management cluster, inthe vSphere management network on the management datastores.

n In data centers with multiple tiers of performance, plan the VMware HCX Interconnect and WANOptimization placement in the high-performance CPU/Memory and Storage tiers to ensure the fastestmigration speeds.

n Except VMware HCX WAN Optimization, the storage datastore can be selected per appliance. Italways deploys on the datastore selected for the WAN Interconnect component.

Feature Interoperability Requirements

Note Listed VMware HCX Interoperable versions must also meet VMware Product Interoperability Matrixcompatibility requirements.

Feature Requirements

VMware HCX (API Only) n vCenter 5.1 and above with ESXi 5.0 and above.

VMware HCX Bulk Migration n vCenter 5.1 and above with ESXi 5.0 and above.

VMware HCX vMotion n vCenter 5.5 and above with ESXi 5.0 and above.

VMware HCX Cold Migration n vCenter 5.5 and above with ESXi 5.0 and above.

VMware HCX Cloud Motion with Replication Assisted vMotion n Source vCenter 5.5 and above with ESXi 5.5 and above.n Only supports target vSphere in VMware Cloud on AWS.

VMware HCX Network Extension (VLAN) n vCenter 5.1 and above with ESXi 5.1 and above.n vSphere or 3rd party Distributed Switch must be installed.

VMware HCX Network Extension (VXLAN) n vCenter 5.5 and above with ESXi 5.5 and above.n vSphere Distributed Switch must be installed.n NSX 6.1+ and above at the local source site .

VMware HCX Network Extension with Proximity Routing n vCenter 5.1 and above with ESXi 5.1 and above.n vSphere Distributed Switch must be installed.

VMware HCX User Guide

VMware, Inc. 20

Page 21: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Feature Requirements

VMware HCX Network Extension of Cisco Nexus 1000vNetworks

n vCenter 5.0 and above.

VMware HCX Disaster Recovery n vCenter 5.1 with ESXi 5.0 and above.

Requirements for VMware HCX Activation

Requirement Notes

VMware HCXCloud URL

The VMware HCX Cloud URL is needed for registering a remote VMware HCX site at the local VMwareHCX site

This URL is the public address of the Manager component of the VMware HCX Target Site. The way thisURL is obtained varies by target site provider.

VMware HCX in VMware Cloud on AWSn Log in to console.cloud.vmware.com.n Open VMware Hybrid Cloud Extension > SDDCs > Open HCX > HCX Cloud interface opens in a new

tab.n Note the VMware HCX URL.

VMware HCX in IBM Cloudn Log in at IBM Cloud for VMware Solutions Portal.n Select the instance > Services > Installed Services > HCX.Cloud interface opens in a new tab.n Note the External IP.

Note If the certificated are imported in the source site VMware HCX appliance management interface,the remote VMware HCX can be added with IP instead of FQDN

Activation Keysfor VMware HCX-enabled Clouds

Obtaining the activation keys :

VMware HCX in VMware Cloud on AWSn Log in to console.cloud.vmware.com.n Open VMware Hybrid Cloud Extension > Activation Keys > CREATE ACTIVATION KEYS.n Create an VMware HCX Cloud key for VMware Cloud on AWS.n Create an VMware HCX Enterprise key for VMware HCX on-premises.

VMware HCX in IBM Cloudn Login at IBM Cloud for VMware Solutions Portal > VMware HCX on IBM > Learn More > Scroll to

bottom > Select on-premises VMware HCX > Provide Instance Name > Click Next to place the order >Copy the activation key.

n Use this activation key on-premises. The IBM Cloud is activated automatically during provisioning.

NSX Hybrid Connect (VMware HCX for Private Cloud to Private Cloud)n Activate the system the NSX Data Center Enterprise Plus License from my.vmware.com

Network RequirementsThe VMware HCX network requirements include Network Address Assignments, ports for VMware HCXWAN connections, local connections, standard management connections, and MPLS/VPLS/DirectConnect.

VMware HCX User Guide

VMware, Inc. 21

Page 22: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Network Address Assignments

Component Requirements

VMware HCX EnterpriseManager (HCX-ENT-MGR)

n One management internal IP (typically from the ESXi management network).

VMware HCX WANInterconnect (HCX-WAN-IX)

n One management IP per remote site (Preferably allocated from the ESXi managementnetwork).

n One vMotion IP address per remote site (In most environments the vMotion network is notrouted, this assignment keeps the network isolated and allows VMware HCX to become asecure proxy to one or more configured remote sites).

VMware HCX NetworkExtension (HCX-NET-EXT)

n One management internal IP per Distributed Switch. (Preferably allocated from the ESXimanagement network)

On-premises/Local InternetPublic IP / NAT

n The local VMware HCX components can share a single public NAT IP address, or they canbe configured for 1 to 1 NAT. Both approaches are supported.

On-premises/Local HTTPSProxy Servers

n VMware HCX must be configured in the proxy bypass settings.n The proxy server can be specified in the VMware HCX appliance management.

Remote VMware HCXcomponents

n For each VMware HCX appliance deployed on-premises, the remote VMware HCX Cloud(the target site) automatically deploys a peer appliance.

n One Public IP is required per peer appliance. At minimum, two public IP addresses areneeded.

n The current VMware HCX Enabled Cloud services providers include the minimum IPaddresses from of the box but require additional VMware HCX public IPs to be purchased.

Network Ports for VMware HCX WAN ConnectionsVMware HCX functionality always spans a source and remote site. The local VMware HCX componentsmake network connections to remote components. The connections are detailed in the following table.The perimeter firewalls must be updated to allow these connections.

Source Destination Protocol/Port Purpose

Local Site VMware HCXEnterprise Manager

connect.hcx.vmware.com

hybridity-depot.vmware.com

TCP-443 Activation

Updates

Local Site HCX EnterpriseManager

Remote Site VMware HCX Cloud Manager TCP-443 VMware HCX MultisiteManagement

Local Site HCX-WAN-IX(CGW)

Remote Site HCX-WAN-IX (CGW) UDP-500

UDP-4500

VMware HCX WAN TransportSuite B

Cryptography; IKEv2

Local Site HCX-NET-EXT(L2C)

Remote site HCX-NET-EXT (L2C) UDP-500

UDP-4500

VMware HCX WAN TransportSuite B

Cryptography; IKEv2

VMware HCX User Guide

VMware, Inc. 22

Page 23: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Local ConnectionsVMware HCX is closely integrated with vSphere Products (vCenter, ESXi, Optionally NSX), connectionsare made to those components for inventory and for specific VMware HCX operations. A table for thelocal connections is available in the appendices, at the end of the user guide.

VMware HCX Standard Management ConnectionsThe VMware HCX Manager must be integrated with the local DNS, NTP, and Syslog servers. Use yourexisting processes to ensure that these shared services are reachable.

VMware HCX Over MPLS/VPLS/Direct ConnectBy default, VMware HCX uses a minimum of two Public IP addresses to connect the HCX-WAN-IX andHCX-NET-EXT components (Public IP addresses are assigned to their uplink interface). In most VMwareHCX-enabled Cloud providers, VMware HCX can be configured to use Direct Connect IP/private linesaddresses as the uplink IP addresses of the appliances. The remote site (VMware HCX Cloud)configuration must be updated.

VMware HCX Manager Deployment ConsiderationsThe listed VMware HCX Deployment Considerations are provided to enable successful installationactivities.

n The VMware HCX Manager should be placed deployed on management resources, alongside thevCenter Server and other management virtual machines.

n The VMware HCX Manager should be placed in the management network alongside the vCenterServer, and other management virtual machines.

n The VMware HCX Manager should be placed in a network that can make internet-bound HTTPsconnections and internal connections.

n In source sites with multiple primary vCenter Servers, the VMware HCX Manager is always deployedper vCenter Server.

n In destination sites, the VMware HCX Manage can register multiple vCenter Servers that are within asingle datacenter.

n The VMware HCX Manager does not require high performance storage. It can be deployed tostandard tier storage.

n To integrate vCenter Server Linked-Mode, deploy the VMware HCX Manager as one-to-one pair witheach vCenter Server where VMware HCX is desired; in the VMware HCX Manager’s SSOconfiguration, the shared Platform Services Controller (PSC) should be specified. VMware HCX-Enabled Linked-mode vCenters will display objects from all linked vCenters during VMware HCXOperations.

VMware HCX User Guide

VMware, Inc. 23

Page 24: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Obtaining the VMware HCX OVAThe VMware HCX Enterprise installation begins with a standard OVF deployment in the vCenterenvironment. The VMware HCX Manager OVA is deployed using standard OVF deployment proceduresin the next section. The VMware HCX Cloud system contains a link to the correct VMware HCXEnterprise Client (OVA).

Procedure

1 Connect to the VMware HCX Cloud system

2 Browse to the VMware HCX cloud URL identified in the requirements of this guide.

3 Click the Administration tab.

4 Click the System Updates section.

5 You can directly download the OVA by clicking the HCX Enterprise Client button or, optionally copythe download link, by using the Copy Link button, to download using a different system / client. Clickthe VMware HCX Download Link.

Installing the VMware HCX Enterprise Manager OVAThe VMware HCX Manager component requires a standard OVA template installation through thevSphere client.

Procedure

1 Right-click the management cluster and click DEPLOY OVF Template.

2 Review the details and click Next.

3 Accept the EULA and click Next.

4 Provide a name for the VMware HCX Manager appliance.

5 Select the deployment Folder and Click Next.

6 Select the management datastore (Typically where vCenter is deployed) and click Next.

7 Select the management network (Typically where the vCenter is connected), click Next.

8 Define the admin and root user passwords.

9 Expand and fill the Network properties, DNS and Services sections (NTP is required).

a In the Network Properties section, provide the VM hostname and IP Address configurations.

b In the DNS section, provide the local DNS server and Domain Name Search List.

c In the Services Configuration section, provide the local NTP server (required). Optionally enableSSH.

10 Click Next > Finish.

VMware HCX User Guide

VMware, Inc. 24

Page 25: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Activation and Initial ConfigurationA new VMware HCX Manager system will need to be activated immediately upon launching the VMwareHCX Appliance Management interface, after the newly deployed system is initialized. In the appliancemanagement procedure, vCenter, SSO, and optionally NSX systems are integrated.

Prerequisites

Figure: Activation/Initial Configuration Interface

Procedure

1 Browse to the HCX appliance management and authenticate using the admin user. For example,https://hcx-manager-ip-or-fqdn:9443/.

2 Enter the Activation Key (refer to the HCX Deployment Checklist) and click Continue.

3 Select the major city to where the VMware HCX Manager system geographically located. VMwareHCX sites are represented visually in the VMware HCX interface and click Continue.

4 Provide a System Name and click Continue.

5 On HCX Cloud Manager systems, select the HCX Instance Type to Configure. Select vSphere orvCloud Director for the instance type.

This step is only applicable to HCX Cloud Manager configurations. HCX Enterprise Managerinstallations do not show this step.

6 For vSphere based Cloud Managers, enter the Public Access URL.

How does the source site HCX Enterprise Manager resolve the address of this HCX Cloud Managersystem? If there is a Public IP or Name configured, use it here.

https://hcx-ip-or-fqdn.

HCX Enterprise Manager installations do not show this step.

7 For vCloud Director-based HCX Cloud Managers, enter the vCloud Director Details.

a Enter the vCloud Director URL, System administrator credentials

b Click Continue.

VMware HCX User Guide

VMware, Inc. 25

Page 26: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

8 Connect the vCenter Server system.

a Enter the vCenter Server FQDN, user name, and password.

b Click Continue.

9 Connect the NSX System.

This step on HCX Cloud Managers. It is optional on HCX Enterprise Managers, unless using HCX toextend NSX Logical Switches at the source site.

a Select Connect your NSX.

b Enter the NSX server, user name, and password.

c Click Continue.

10 Enter the SSO details, user name, and password and then click Continue.

vCloud Director-based installations do not show this step.

11 For vCloud Director-based HCX Cloud Managers, connect the RabbitMQ AMQP information.

a Enter the AMQP Hostname, Port, vHost, user name, and password.

HCX collects this information automatically from the vCloud Director. Enter the user name andpassword.

b Click Continue.

12 Verify the information. To reinitialize the VMware HCX services, click RESTART. It permits up to 5minutes for VMware HCX, fully to reinitialize (the Appliance Management interface becomesunavailable briefly). After the VMware HCX Manager system is initialized, the VMware HCX ManagerDashboard is displayed.

13 Browse to the vSphere Role-Mapping section in the Configuration tab.

a Assign the VMware HCX Roles to the vCenter User Groups that are allowed to perform VMwareHCX operations. The groups assigned must have sufficient privileges to perform the VMwareHCX-related operations in vCenter Server.

b Click Save.

14 What to do next?

n If HCX Cloud Manager was configured for vSphere, use to the next topic: Preparing HCX CloudInterconnect Configuration.

n If HCX Cloud Manager was configured for vCloud Director, use the topic Preparing HCX Cloudwith the Multisite Service Mesh.

n If installing HCX Enterprise Manager at the source site, open the vSphere Client, and open theHCX plugin and begin Site Pairing.

Log out first if an active session existed during the VMware HCX configuration.

VMware HCX User Guide

VMware, Inc. 26

Page 27: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Updating the VMware HCX License KeyVMware HCX installations using evaluation or trial activation keys can be configured to use a purchasedNSX Enterprise Plus license.

Attention This procedure is applicable to both the Source (Enterprise) and Target (Cloud) VMware HCXManager systems activated with NSX Data Center Enterprise Plus trial licenses (or expiring licenses). It isnot applicable to VMware HCX systems will connect to an VMware HCX enabled cloud IaaS provider. Inprivate to cloud deployments (where the target site is an VMware HCX enabled cloud provider like IBM,VMC, OVH), the VMware HCX activation keys will be obtained through the provider specific process.

Prerequisitesn Administrative access to the VMware HCX System.

n NSX Data Center Enterprise Plus purchased License.

Procedure1. Navigate to the VMware HCX Appliance Management Interface https://hcx-manager-ip-or-fqdn:9443.

2. Navigate to the Configuration tab.

3. Select HCX on the side menu and click Edit.

4. Enter the NSX Enterprise Plus key, and click UPDATE.

Building the VMware HCX InterconnectThe VMware HCX Interconnect provides a secure pipeline for migration, extension and Virtual Machineprotection between two connected VMware HCX sites.

Figure: The VMware HCX Interconnect

VMware HCX User Guide

VMware, Inc. 27

Page 28: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Source Portgroup Extended Portgroup

vSphereHXC

NSX

ESXiDistributed Switch

HCX Target Site(HCX-EnabledCloud Instance)

HXC INTERCONNECT

HXC Secure Network ExtensionHigh Performance L2 Network Extension

VM MAC/IP RetentionEnables Zero-Downtime Migrations

vSphereHXC

NSX (Optional)

ESXiDistributed Switch

HCX Source Site(Cusromer Premises)

WAN Boundary

Accelerate Bi-Directional MigrationHCX Scheduled Bulk Migration

HCX Cross-Cloud vMotionIntelligent Flow Steering

Compression, Deduplication

Registering a New Remote VMware HCX SiteTo use or deploy the VMware HCX migration, mobility and extension services, the remote site must firstbe registered in the local/source VMware HCX system.

Enterprise Operations (VMware HCX Network Extension, Bulk migration, VMware HCX vMotionMigrations, DR) are triggered from the VMware HCX interface at the on-premises/source site. Theoperations are orchestrated and run on both the VMware HCX source the VMware HCX-enabled targetsites.

n A single VMware HCX source site can be connected with one or more VMware HCX Cloud targetsites.

n VMware HCX service configurations are specific to the source/target site pair.

Figure 1‑1. VMware HCX Enterprise with Two Registered Remote Sites.

VMware HCX User Guide

VMware, Inc. 28

Page 29: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Procedure

1 In the vSphere Web Client, navigate to HCX > Interconnect > HCX Components > Install HCXComponents.

The existing Site connections are displayed.

2 In the top-right area of the Choose Hybrid Services UI, click Register New Connection.

3 The Remote Site Connection form is displayed.

4 Enter the VMware HCX Cloud site URL, username, and password.

Note Https is required. When the FQDN is used, ensure that VMware HCX Enterprise Manager hasa DNS server configured. If the remote VMware HCX is entered with IP, the certificates must beimported manually. This process is covered in a later step.

5 Click Register.

Selecting VMware HCX Services to EnableAfter a registered remote VMware HCX site is selected. The VMware HCX Interconnect is configured torun the selected services.

The VMware HCX WAN Interconnect Service is always required for Virtual Machine mobility, the WANOptimization, and Network Extension services are optional but highly suggested for the best end to endexperience.

Prerequisites

A remote VMware HCX site must be registered.

Procedure

1 In the vSphere Web Client, navigate to HCX > Interconnect > HCX Components > Install HCXComponents.

The existing Site connections are displayed.

2 Select a single site.

3 Select the all the services to be enabled.

4 Click Next.

Configuring the VMware HCX WAN Interconnect ComponentThe VMware HCX Interconnect (HCX-WAN-IX) component provides replication and vMotion basedcapabilities over the Internet and private lines to the target site while providing strong encryption, trafficengineering, and virtual machine mobility.

VMware HCX WAN Interconnect (CGW) Deployment Considerations

n The VMware HCX WAN Interconnect service appliance must be deployed in a cluster where theVMware HCX appliance is not CPU/Memory resource constrained.

VMware HCX User Guide

VMware, Inc. 29

Page 30: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n It is a good practice to have 100 Mbit of the WAN bandwidth available for the VMware HCX WANInterconnect's migration services.

Figure: VMware HCX WAN Interconnect Connections Summary

ESXi ManagementVMkernel Interface

ESXi vMotionVMkernel Interface

HCX EnterpriseManager

HCX Bulk Migration

HCX Cold Migration

HCX Cross Cloud vMotion

HCX Operation/MGMTLocal HCX

InterconnectSecure HCX

WAN TransportRemote HCXInterconnect

WAN Boundary: InternetOr Private Circuit

Prerequisites

The VMware HCX Interconnect Service (HCX-WAN-IX) appliance is always in the path for replication-based and vMotion-based operations. The Remote Site HCX Interconnect (HCX-WAN-IX) appliance iscreated automatically when a local appliance is deployed.

Procedure

1 In the vSphere Web Client, navigate to HCX > Interconnect > HCX Components.

2 Click Install HCX Components. The Install HCX Components wizard is displayed.

3 In the Remote Site Connection, Select Connection section, registered remote sites are displayed.Select a single site.

4 Select the HCX Interconnect Service, click Next.

Note If the selected remote site is unavailable or deactivated, or if the service is already installed theservice is dimmed .

5 Populate the HCX Interconnect Service (IX) form for the local appliance deployment. Refer to theHCX Deployment Checklist, if completed during planning. The text boxes are as the following:Placement of local Hybrid Cloud Gateway

a Network : Select a distributed port group. The interface connected to the selected network is usedfor management of the appliance, for VMware HCX internal communications, and for themigration protocols. Selecting the ESX Management network is preferred.

b Cluster/Host: To deploy the service, select a resource VM. Ensure that the appliance is notresource constrained for maximum migration performance.

c Datastore : Use the flash/high performance tier datastore for maximum migration performance.VMware HCX Interconnect disks are 1.5 GB.

d IP Address/Prefix Length : Provide an available IP address and prefix length (e.g255.255.255.128 = PL 25) for the network selected.

VMware HCX User Guide

VMware, Inc. 30

Page 31: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

e Default Gateway : The network gateway IP address for the specified network.

f DNS : Provide the local DNS server IP address.

g vMotion Network : Select the vMotion distributed port group. If the management network definedin step 1 is also used for vMotion, leave this left blank.

h vMotion IP Address/PL : Provide an available IP address and prefix length (e.g 255.255.255.128= PL 25) for the network selected. Skip if 7 was left blank

i Passwords : Set the admin and root passwords.

6 Click Next and configure the other selected services, or proceed to the Ready to Configure screen.

7 Verify the information and click Finish.

8 Follow the vCenter tasks pane for appliance deployment progress.

Configuring the VMware HCX WAN Optimization ComponentThe VMware HCX WAN Optimization (HCX-WAN-OPT) service improves performance characteristics ofthe private lines or Internet paths by using WAN optimization techniques like the data de-duplication andcompression. The process makes performance closer to a LAN environment. It accelerates on-boardingto the cloud using Internet/VPN- without waiting for Direct Connect/MPLS circuits.

VMware HCX WAN optimization Deployment Considerations

n The VMware HCX WAN Optimization service appliance must be deployed to the compute zone, ornetwork services cluster (or in a cluster where the VMware HCX appliance is not CPU/Memoryresource constrained).

n The VMware HCX WAN Optimization service appliance must be deployed in performance tier storageto ensure de-duplication and WAN conditioning services operate optimally.

The VMware HCX WAN Optimization appliance does not need an IP address. VMware HCX uses aninternal addressing configuration and network to service chain the WAN-OPT.

Local HCXWAN-OPT

Remote HCXWAN-OPT

ESXi ManagementVMkernel Interface

ESXi vMotionVMkernel Interface

Path for HCXOptimizedMigration Flow

Local HCXInterconnect Secure HCX

WAN Transport

Remote HCXInterconnect

WAN Boundary: InternetOr Private Circuit

ESXi ManagementVMkernel Interface

ESXi vMotionVMkernel Interface

VMware HCX User Guide

VMware, Inc. 31

Page 32: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Prerequisites

The HCX-WAN-OPT appliance is deployed adjacent to the VMware HCX Interconnect (CGW) appliance.The WAN Optimization component is always in the path for VMware HCX migration and replication.

Procedure

1 In the vSphere Web Client, navigate to HCX > Interconnect > HCX Components.

2 Click Install HCX Components. The Install HCX Components wizard is displayed.

3 In the > Remote Site Connection > , registered remote sites are displayed. Select a single site.

4 Select the WAN Optimization check box and click Next.

5 The VMware HCX WAN Optimization service appliance is also an enterprise-grade traffic shaper.Configure the setting only if there is a need to restrict the bandwidth available for VMware HCX.

6 Click Next and configure the other selected services, or proceed to the Ready to Configure screen.

Configuring the VMware HCX Network Extension ComponentVMware HCX Network Extension (HCX-NET-EXT) provides a High Performance (4–6 Gbps) Layer 2extension capability.

Scaling the VMware HCX Extension Service

A Single Network Extension Appliance for the VMware HCX Source Site

If a single HCX-NET-EXT/L2E appliance is deployed, the ESXi host it resides on must be connected toevery VDS for those networks to be displayed in the VMware HCX interface.

One Network Extension Appliance per Site per Virtual Distributed Switch

The HCX-NET-EXT/L2E can be deployed per Distributed Switch to achieve isolation in environmentswhere business zones are segregated by Distributed Switch.

One Network Extension Appliance per Extended Network

For high-density environments with very high-bandwidth network use; the HCX-NET- EXT/L2Ecomponent can be deployed for each extended network, providing about 4–6 Gbps per extendednetwork.

VMware HCX User Guide

VMware, Inc. 32

Page 33: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Virtual Machine Network A

Secure HCXWAN Transport

WAN Boundary: InternetOr Private Circuit

Virtual Machine Network B

Remote HCXNET-EXT

Local HCXNET-EXT

vSphere Distributed Switch

VM-B10192.168.20.10/24

VM-A10192.168.10.10/24

Local First HopGateway

Data Center A (On-Premises)-HCX Enabled Source Site-

Virtual Machine Network A

Virtual Machine Network B

vSphere Distributed Switch

VM-C10192.168.30.10/24

VM-A20192.168.10.20/24

Data Center B (Cloud)-HCX Enabled Target Site-

NET C Gateway192.168.30.1/24

Cloud SiteNSX Router

NET B Gateway192.168.20.1/24

NET A Gateway192.168.10.1/24

Prerequisites

n Use Extension with Migration to keep Virtual Machine IP and MAC addresses during migration.

n Extend VLANS from VMware’s vSphere Distributed Switch.

n Extend VXLANs (Requires NSX integration in the VMware HCX Appliance Management interface).

n Extend Cisco’s Nexus 1000v networks.

Deploying the Network Extension Service appliance allows networks to be extended in the vSphere WebClient. The Remote HCX-NET-EXT appliance is created automatically whenever a local appliance isdeployed. The HCX-NET-EXT service appliance is always deployed as a pair.

Procedure

1 In the vSphere Web Client, navigate to HCX > Interconnect > HCX Components.

2 Click Install HCX Components. The VMware HCX Components wizard is displayed.

3 In the Remote Site Connection > Select Connection section, registered remote sites are displayed.Select a single site.

4 Select the Network Extension Service check box and click Next.

5 Populate the Network Extension Service form for the local appliance deployment. Refer to the HCXDeployment Checklist, if completed during planning. The text boxes are as explained:

a Compute : To deploy the service VM, select a resource; Consider the Deployment Optionsimplications when selecting the resource. See the preceding Deployment Options section fordetails.

b Datastore : Select a datastore for deploying the Extension appliance. Network Extensionappliance disks are about 1.5 GB total.

VMware HCX User Guide

VMware, Inc. 33

Page 34: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

c Network : Select a distributed port group. The interface connected to the selected network is usedfor management of the appliance and VMware HCX internal communications with the VMwareHCX Manager

d VM Hostname : Specify a friendly name for the VMware HCX Network Extension VM.

e IP Address/Prefix Length : Provide an available IP address and prefix length (e.g255.255.255.128 = PL 25) for the selected network.

f Default Gateway : The network gateway IP address for the specified network.

g Passwords : Set the admin and root passwords. Click Next and configure the other selectedservices, or to the Ready to Configure screen.

6 Click Next and configure the other selected services, or to the Ready to Configure screen.

7 Verify the Information and click Finish.

Verifying the VMware HCX Appliance Deployment Progress in the vSphereWeb Client Tasks ConsoleThe deployment of the VMware HCX services appliances takes a few minutes to complete. The vSphereWeb Client Tasks Console can be used to track the status of VMware HCX service appliancedeployments.

Procedure

1 In the vSphere Web Client, navigate to Tasks.

2 Look for the HCX Service Initialization in the Task Console.

Verifying the VMware HCX Appliance Deployment Progress in the VMwareHCX InterfaceThe deployment of the VMware HCX services appliances takes a few minutes to complete. The VMwareHCX Interface can be used to track the status of VMware HCX service appliance deployments.

Procedure

1 In the vSphere Web Client, Open HCX.

2 Open the Interconnect tab.

3 Open the HCX Components.

4 The Status column displays the current step during the appliance deployment:

n Queued for Deployment

n Deployment In Progress

n Deployment Complete

n Reconfiguring Appliance

VMware HCX User Guide

VMware, Inc. 34

Page 35: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Verifying the VMware HCX Interconnect Deployment Completion By TunnelStateThe deployment of the VMware HCX services appliances takes a few minutes to finish. The Tunnel Statecan be used to determine the status of VMware HCX service appliance deployments.

Procedure

1 In the vSphere Web Client, navigate to HCX.

2 Navigate to the Interconnect tab.

3 Navigate to the HCX Components view.

4 The VMware HCX appliance deployment and configuration is converged when the Tunnel columnreads Active and Tunnel is Up.

Managing a Configured VMware HCX InterconnectThe following sections describe how to modify or delete an existing VMware HCX Interconnect site to siteconfiguration, and how to delete individual VMware HCX Interconnect service appliance

Editing a Registered Remote VMware HCX SystemModify a remote VMware HCX System connection configuration.

Procedure

1 In the vSphere Web Client, navigate to HCX.

2 Click the Dashboard tab and locate the Site Pairings pane.

3 Click > to expand the Site Pair that is modified.

4 Click Edit Site Pairing.

5 Modify the URL, user, or password settings.

6 Click Update to apply the changes.

Removing a Registered Remote VMware HCX SystemRemove a registered remote VMware HCX System when it is no longer required.

Prerequisites

All VMware HCX Interconnect components must be deleted prior to removing a remote VMware HCXsystem.

Procedure

1 In the vSphere Web Client, navigate to HCX.

2 Select the Dashboard tab.

VMware HCX User Guide

VMware, Inc. 35

Page 36: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

3 Locate the Site Pairings pane.

4 Click > to expand the Site Pair that is removed.

5 Click Remove Site Pairing.

6 In the confirmation screen, click Remove.

Removing VMware HCX Interconnect Virtual AppliancesRemove VMware HCX Interconnect Service Appliances if they are no longer required.

Prerequisites

The VMware HCX Hybrid Interconnect (HCX-WAN-IX/CGW) component must not be running migrationoperations or DR replication.

The VMware HCX Network Extension (HCX-NET-EXT/L2C) component must not be currently extendingnetworks.

Procedure

1 In the vSphere Web Client, navigate To HCX > Interconnect > HCX Components.

2 In the Service Component column, click the ► icon to display the expanded appliance view.

3 Click X Remove.

Extending Networks with VMware VMware HCXThe VMware HCX Network Extension can be used to create bridged multi-gigabit network segments atthe target VMware HCX data center. The new stretched network is automatically bridged/aggregated withthe vSphere Network at the source VMware HCX data center.

About VMware HCX Network ExtensionYou can create local network segments at an VMware HCX enabled remote datacenter with advancedtechnologies using VMware HCX Network Extension .

With VMware HCX Network Extension (HCX-NET-EXT), a High-Performance (4–6Gbps) service, you canextend the Virtual Machine networks to an VMware HCX enabled remote site. Virtual Machines that aremigrated or created on the extended segment at the remote site are Layer 2 next to virtual machinesplaced on the origin network. Using Network extension a remote site's resources can be quicklyconsumed. With Network Extension , the default gateway for the extended network only exists at theorigin site. Traffic from Virtual Machines (on remote extended networks) that must be routed returns to theorigin site gateway.

Figure: Virtual Machine 192.168.10.20 Is L2/ARP Next to Virtual Machine 192.168.10.21 in the RemoteSite

VMware HCX User Guide

VMware, Inc. 36

Page 37: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Virtual Machine Network A

Secure HCXWAN Transport

WAN Boundary: InternetOr Private Circuit

Virtual Machine Network B

Remote HCXNET-EXT

Local HCXNET-EXT

vSphere Distributed Switch

VM-A20192.168.10.20/24

Local SiteGateway

Data Center A (On-Premises)-HCX Enabled Source Site-

Virtual Machine Network A -Extended

Virtual Machine Network B -Native

vSphere Distributed Switch

VM-A21192.168.10.20/24

Data Center B (Cloud)-HCX Enabled Target Site-

Target SiteNSX Edge Router

HXC SourceManagerHXC SourceManager

HXC TargetManager

Network AFirst Hop Gateway

192.168.10.1/24

n Using VMware HCX Network Extension with VMware HCX Migration you can retain the IP and MACaddresses of the Virtual Machine and honor the existing network policies.

n Extend VLAN networks from VMware’s vSphere Distributed Switch.

Extend VXLANs (Requires NSX integration at the origin site).

n Extend Cisco’s Nexus 1000v networks.

n VMware HCX deploys the Remote Site HCX-NET-EXT appliance automatically whenever a localappliance is deployed. The HCX-NET-EXT service appliance is always deployed as a pair.

Extending Networks from the vSphere Networking Context MenuVMware HCX Network Extension can be initiated from the vSphere Networking views.

Procedure

1 In the vSphere Web Client, navigate to the Networking view.

2 Right-click a Distributed Portgroup.

3 Locate Hybridity Actions near the bottom of the menu.

4 Select Extend Networks to the Cloud.

The Extend Network to the Cloud VMware HCX interface opens with the network selected.

5 In the top right, select the Edge from the drop-down.

6 Select the Extension appliance in the Power by column.

7 Provide the Gateway IP and Prefix Length for the network being extended.

8 Extending the configuration displays optional DNS configuration, must be left blank unless requiredby a vCD target cloud.

VMware HCX User Guide

VMware, Inc. 37

Page 38: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

9 The PR switch enables Proximity Routing.

10 Click Stretch to finish.

Extending Networks from the VMware HCX User InterfaceThe VMware HCX Network Extension tasks can be performed directly on single Distributed Port Group'scontext menu, or on multiple Distributed Port Groups selected in the VMware HCX User Interface.

This approach allows multiple network extensions to be configured in a single operation. The interfaceloads all Distributed Switches connected to the VMware HCX Network Extension services and all thenetworks under each Distributed switch. Networks that were previously extended are dimmed.

Procedure

1 In the vSphere Web Client, navigate to the HCX > Interconnect > Extended Networks.

2 Click Extend Network.

3 In the top right, select the Edge from the drop-down.

4 Select each network that is extended.

5 For each selected network:

a Provide the Gateway IP and Prefix Length for the network being extended.

b Select the Extension appliance in the Power by column.

Extending the Gateway/PL configuration displays optional DNS configuration which must be left blankunless required by a vCD target cloud.

6 Toggle the PR switch to enable Proximity Routing.

7 Click Stretch to finish.

Removing a Network ExtensionUnextending a network prevents further cross-site communications between virtual machines residing onthat network. This operation is typical when the source side network is vacated.

Procedure

1 In the vSphere Web Client navigator, select HCX.

2 Navigate to Interconnect and select the Extended Networks tab. You can see a list of currentlyextended port groups.

3 Locate the network that must be unextended and expand the selection.

4 Click Unstretch.

The Un-Extend Network interface opens. Review the information.

VMware HCX User Guide

VMware, Inc. 38

Page 39: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

5 Optionally, select the Connect cloud network to cloud edge gateway after unstretching option toconnect the remote side gateway. To view this selection, expand Cloud Network column.

Using this option will enable the gateway for the stretch network.It is recommended to perform thisoperation after the stretched network has been fully evacuated from the source site. Not selecting thisoption results in a network segment at the target site that is not connected to a gateway for routing.

6 To confirm the operation, click Unstretch.

Verifying Network Extension Operations in the VMware HCXEnterprise InterfaceThe status of in-progress Network Extension operations can be tracked in the VMware HCX EnterpriseUser Interface.

Procedure

1 In the vSphere Web Client, navigate to the VMware HCX.

2 Open the Interconnect tab.

3 Select the Extended Networks section.

4 Locate the Status column.

The status appears as Extension Complete when the operation completes.

Verifying Network Extension Operations in vSphere Task InterfaceThe status of in-progress Network Extension operations can be tracked in the vSphere Tasks interface.

Procedure

1 In the vSphere Web Client, navigate to Tasks.

2 Look for Network Stretch V2 in the Tasks Console.

The task shows Completed when the stretch operation finalizes.

Verifying Network Extension Operations in the VMware HCXCloud InterfaceNetwork Extension operations can be tracked in the VMware HCX Cloud User Interface.

Procedure

1 Browse to the VMware HCX Cloud interface.

2 Navigate to Services.

3 Navigate to the Networking section and locate the extended networks section.

4 The status appears as success when the extension operation finalizes.

VMware HCX User Guide

VMware, Inc. 39

Page 40: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Network Extension with Proximity RoutingVMware HCX Proximity Routing optimizes connectivity for VMs that are migrated in and out of ProximityRouted Networks. Proximity Routing builds on VMware HCX Network Extension by integrating with NSXRouters at the VMware HCX Cloud destination site. By dynamically injecting Virtual Machine routes intothe existing routed topology, proximity routed network traffic always traverses a symmetric path to thenetwork target.

VMware HCX-PR allows extended VMs to route optimally on regress through the cloud side first hopgateway. By dynamically injecting VM routes into the routing protocols, ingress traffic from the local andremote data center uses an optimal path to reach the extended Virtual Machine, while ensuring all flowsremain symmetric. The Proximity Routing feature is toggled on during the VMware HCX NetworkExtension operation, but it carries distinct requirements and results in enhanced traffic patterns, which arecovered in this section.

Virtual Machine Reachability on Extended Networks without Proximity Routing

n In the figure below, Network A has been extended without enabling Proximity Routing. VirtualMachine B has been migrated.

n Reaching Virtual Machine B:

n Traffic sourcing from Virtual Machine A in data center A traverses Local HCX-NET-EXT andRemote HCX-NET-EXT to reach Virtual Machine B in data center B, and conversely for VirtualMachine B to Virtual Machine A.

n Traffic sourcing from Network B, Network C, or any other network, must first travel to the NetworkA gateway in data center A. It then traverses Local HCX-NET-EXT and Remote HCX-NET-EXT toreach VM-B in data center B.

n Traffic sourcing from VM-B to Network B, Network C, or any other network, must first travel to theNetwork A gateway to be routed to its destination.

VMware HCX User Guide

VMware, Inc. 40

Page 41: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Figure 1‑2. Network A Is Extended from Data Center A to Data Center B

Virtual Machine Network A

Secure HCXWAN Transport

WAN Boundary: InternetOr Private Circuit

Virtual Machine Network B

Remote HCXNET-EXT

Local HCXNET-EXT

vSphere Distributed Switch

VM-C192.168.20.5/24

VM-A192.168.10.5/24

Local First HopGateway

Data Center A (On-Premises)-HCX Enabled Source Site-

Virtual Machine Network A

Virtual Machine Network C

vSphere Distributed Switch

VM-D192.168.30.10/24

VM-B192.168.10.15/24

Data Center B (Cloud)-HCX Enabled Target Site-

NET C Gateway192.168.30.1/24

Cloud SiteNSX Router

NET B Gateway192.168.10.1/24

NET A Gateway (HCX-PR)192.168.10.1/24Dinamic

Routing(OSPF/BGP)

Dinamic Routing(OSPF/BGP)

NET A Gateway192.168.10.1/24

VMware HCX Proximity Routing In Action

The following events take place when VMware HCX-PR is used, with VMware HCX Migrations. Once therequirements in the previous sections are met.

Prerequisites

Requirements and Restrictions for VMware HCX Proximity Routing

n Dynamic Routing

n The VMware HCX Enterprise site (on-premises data center) must be configured to learn routesfrom the VMware HCX Cloud target site dynamically. A routing protocol like BGP or OSPF mustbe configured between the two sites.

n The VMware HCX-enabled Cloud target site must be running NSX 6.3GA+ (allows host routes tolearn from the dynamic routing protocol).

n Private Lines/Direct Link/ Direct Connect Networks

n Private lines are typically implemented as the transport for the Dynamic Routing configuration (ifthere is OSPF, to meet security requirements, and adjacency requirements ).

n VMware HCX-Cloud Providers and Proximity Routing

n VMware HCX is available for IBM Clouds, OVH Private Cloud, and the VMware Cloud on AWS(VMC). The IBM and OVH cloud services can be configured to meet all VMware HCX-PRrequirements. If the Cloud is configured to use NSX Distributed Logical Router for virtual machinenetworking, there additional requirements in the following section that must be met.

VMware HCX User Guide

VMware, Inc. 41

Page 42: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n At the time, of this writing, the VMC cloud cannot be configured to meet the VMware HCX-PRrequirements.

n After all requirements are met, Proximity Routing can simply be toggled enabled during the NetworkExtension operations.

Additional Configuration Requirements for VMware HCX Proximity Routing when NSX Distributed LogicalRouter (DLR) is Present.

n Dynamic Routing Between the Cloud Site Edge Gateway and the Cloud Site DLR

n Cloud Site NSX Edge Services Gateway Configuration

n Enable BGP.

n Add the Cloud Site DLR as a Neighbor.

n Add the on-premises peer as a neighbor.

n Configure Redistribution of Static routes.

n Cloud Site NSX DLR Configuration

n Enable BGP.

n Add the Cloud Site NSX Edge as a Neighbor.

n Add BGP Filters (in this specific order):

n Deny Out Network Extended/Stretch Prefix Lists.

n Permit Out Any (this advertises native Virtual Machine networks).

n Deny Any In (The NSX DLR must be configured to reach the ESG using its default route).

Procedure

1 VMware HCX Network Extension is triggered at the source site (on-premises).

n The extended subnet's details are provided, including the extended subnet's gateway IP. VMwareHCX-PR is set to enabled for the extension.

n Upon completion, a routed port group and isolated port group are created for the extendednetwork, at the cloud site.

n The VMware HCX Network Extension appliance becomes connected to both the routed andisolated extended port groups.

n VMware HCX creates the extended subnet's gateway on the Cloud Site DLR using the same IPas the on-premises gateway. ARP filters are applied to prevent the new gateway.

VMware HCX User Guide

VMware, Inc. 42

Page 43: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

2 A Virtual Machine is migrated into the PR-Extended Network.

u A virtual machine is migrated to the extended network with VMware HCX Proxy vMotion placedinto the ISO segment. The ARP table shows the on-premises gateway's MAC address, the VMcontinues sending routing requests to the on-premises gateway mac address.

Note VMware HCX handles VM membership in the isolated "ISO" network under the covers. VMmembership in the ISO port groups is not reflected in the vCenter Network view.

n Whenever the vMotion VM is rebooted (at the administrator's discretion), VMware HCX connectsthe VM to the routed (non-ISO) version of the network. Post-reboot, the VM ARP table shows theCloud Site DLR MAC address for its gateway and being routing locally, without hair pinnning.

Note Rewiring into the non-ISO/routed port group requires VM tools to be running and detectingthe virtual machine's IP address.

n A Virtual Machine migrated to the extended network with VMware HCX Bulk Migration is placeddirectly on the non-ISO tagged/routed extended network. The ISO tagged isolated network is notused in this case.

n VMware HCX Injected Routes

n After the VM is placed on the non-ISO/routed extended network, VMware HCX will add a /32 hostroute for the VM. The VM is then added to the Cloud Site NSX Edge Gateway with the Cloud SiteDLR Uplink IP as the next hop.

n Also, VMware HCX adds exclusion static routes covering every IP from the extended subnet thatdoes not belong to migrated VMs to the Cloud Site DLR. With the Cloud Site NSX EdgeGateway Downlink IP as the next hop.

Migrating Virtual Machines with VMware HCXWorkloads can be migrated bi-directionally between data centers using various VMware HCX migrationtechnologies.

VMware HCX Migration TypesVirtual Machines can be moved to and from VMware HCX-enabled data centers using multiple migrationtechnologies.

VMware HCX Bulk MigrationThis migration method uses the VMware vSphere Replication protocols to move the virtual machines to aremote site.

n The Bulk migration option is designed for moving virtual machines in parallel.

n This migration type can set to complete on a pre-defined schedule.

VMware HCX User Guide

VMware, Inc. 43

Page 44: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n The virtual machine runs at the source site until the failover begins. The service interruption with bulkmigration is equivalent to a reboot.

VMware HCX vMotionThis migration method uses the VMware vMotion protocol to move a virtual machine to a remote site.

n The vMotion migration option is designed for moving single virtual machine at a time.

n Virtual machine state is migrated. There is no service interruption during an VMware HCX vMotionmigration.

VMware HCX Cold MigrationThis migration method uses the VMware NFC protocol. It is automatically selected when the sourcevirtual machine is powered off.

VMware HCX Replication-Assisted vMotionThis new migration method, VMware HCX Replication-Assisted vMotion (RAV), combines advantagesfrom VMware HCX Bulk Migration (parallel operations, resiliency, and scheduling) with VMware HCXvMotion (zero downtime virtual machine state migration) .

n The migration begins with the replication of the virtual machine's disks. As with Bulk migration, virtualmachines can be migrated in parallel, and the switchover is configurable on a schedule.

n During the RAV switchover phase, vMotion is engaged for migrating the disk delta data and virtualmachine state.

n VMware HCX Replication Assisted vMotion (RAV) is in preview for VMware Cloud on AWScustomers, and has the following requirements:

n VMware HCX must be updated to Release 105 or later.

n A VMware Cloud on AWS SDDC with vSphere 6.8.1 or later.

n Contact VMware Support to enable this feature.

About VMware HCX Bulk MigrationBulk migration uses the host-based replication to move a live virtual machine to and from VMware HCX-enabled Cloud sites or data centers.

To reduce the downtime, the source VM remains online during the replication and is bootstrapped on thedestination ESX host after replication completes.

A Bulk Migration request triggers the following actions:

1 Replication begins a full synchronization transfer to the remote site. The time it takes to replicate is afunction of the size of the VM and available bandwidth.

2 Replication bandwidth consumption varies depending on how the workload changes blocks on thedisk.

VMware HCX User Guide

VMware, Inc. 44

Page 45: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

3 When full synchronization finishes, a delta synchronization occurs.

4 When the delta synchronization finishes, a switchover is triggered. You can start immediately or delaythe switchover until a specific time using the scheduled migration option. By using the scheduledmigration option, the switchover can occur during a maintenance window.

5 Following the switchover, the source VM is powered-off, and the migrated replica is powered-on. If forsome reason the VM cannot power on, the new VM is powered off (or remains powered off) and theoriginal is powered on. You must have sufficient resources to power on the VM.

6 VMware HCX Manager renames the powered off original VM to avoid a naming conflict with themigrated VM. VMware HCX Manager appends a binary timestamp to the original VM name. If youhave not enabled the Retain MAC option, the migrated VM obtains a new MAC address.

7 The migration completes.

VMware HCX copies the original VM to the Migrated VMs folder in the vSphere Templates view. You canrecover a saved VM.

Note There are two uses for these copies:

1 The copy can act as seed, in the event the VM on Site B must be protected on Site A.

2 Protect against VM corruption (due to external factors) during migration.

About VMware HCX vMotion and Cold MigrationThe VMware HCX Interconnect integrates with ESXi to perform migrations based on the vMotion protocolfor live powered on virtual machines, and with VMware NFC for cold migrations on powered off virtualmachines.

Hot MigrationVMware HCX vMotion can transfer a live Virtual Machine from an VMware HCX enabled vCenter Serverto an VMware HCX enabled Remote Site (or from the VMware HCX-enabled target site towards the localsite. The vMotion transfer captures the virtual machine's active memory, its execution state, its IPaddress, and its MAC address. Migration duration depends on the connectivity (bandwidth available forVMware HCX migration / Latency between the two sites).

Cold MigrationCold migration uses the same network path as VMware HCX vMotion to transfer a powered-off virtualmachine. During a cold migration, the Virtual Machine IP address and MAC address are preserved. Coldmigrations must satisfy the vMotion requirements.

Pre-Requisites for VMware HCX vMotionn VMware HCX Interconnect Tunnels must be up/active.

n VMware HCX vMotion requires 100 Mbps or above throughput capability.

n The virtual machine hardware version must be at least version 9 or higher.

VMware HCX User Guide

VMware, Inc. 45

Page 46: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n The underlying architecture, regardless of OS, must be x86.

n VMs with Raw Disk Mapping in compatibility mode (RDM-V) can be migrated.

VMware HCX vMotion RestrictionsVirtual machines with the following attributes are not supported for migration.

n Disk size exceeds 2 TB.

n Shared VMDK files.

n Attached virtual media or ISOs.

n Virtual Machine Hardware Version 8 or below.

n Although concurrent VMware HCX vMotion migrations can be initiated up to the vSphere limits,VMware only supports serial VMware HCX vMotion migrations between a source and destination site.For simultaneous migrations in parallel, VMware HCX Bulk Migration should be selected.

n VMware HCX vMotion defaults to Opportunistic mode for per-VM vMotion Encryption if it is set toRequired. During the migration operation - the mode is changed to Opportunistic during the migrationinitialization, and then set back to Required after the migration is completed.

Additional Migration SettingsThe VMware HCX migration interface provides a set of options that can be used to tailor the behaviorsand conditions of the Virtual Machine before or after the migration operation.

Force Power-off VMBy default, VMware HCX will attempt to gracefully shutdown the Virtual Machine guest during the VMwareHCX Bulk migration operation. If the OS interrupts the graceful shutdown, the migration operation will fail.Checking this option allows VMware HCX to force the power-off. This option is not available for vMotionmigrations.

Retain MACThis option allows a virtual machine to keep its current MAC address during VMware HCX bulk migrationoperation, allowing communications to resume gracefully, and allows for MAC based security policies tobe honored. This option is not available for vMotion migrations.

Upgrade Virtual HardwareThis option allows VMware HCX to upgrade Virtual Machine Hardware to the latest supported version aspart of the migration operation, making current Virtual Machine Hardware features immediately availableto the migrated Virtual Machine.

VMware HCX User Guide

VMware, Inc. 46

Page 47: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Upgrade VMware ToolsThis option allows VMware HCX to upgrade VMware Tools to the latest supported version as part of themigration operation, making current VMware Tools features immediately available to bulk migrated VirtualMachine.

Remove SnapshotsThis option allows VMware HCX to consolidate snapshot files prior to migrating the Virtual Machine. Ifthere are snapshots present, the option will be checked by default.

Force Unmount ContainerThis option allows VMware HCX to remove mounted ISO images prior to migrating the Virtual Machine.

Select Destination ContainerThis dropdown option is for selecting a compute container (cluster, host, resource pool) that the VMwareHCX migrated Virtual Machine will use at the target site.

Select Destination StorageThis dropdown option is for selecting a storage location that the VMware HCX migrated Virtual Machinewill use at the target site.

Select Virtual Disk FormatThis dropdown option allows VMware HCX to set the Virtual Disk Format that the migrated VirtualMachine will use at the target site.

Select the Destination NetworkThis dropdown option is for selecting the network that will be used to connect the VMware HCX migratedVirtual Machine at the target site. If the Virtual Machine resides on a network that has been extended withVMware HCX, that network will be pre-selected.

Migrating a Virtual Machine from the vCenter Context MenuWhen VMware HCX is installed, the capabilities are integrated into the vSphere Web Client. The situationis the ideal method for kicking off single Virtual Machine Forward Migrations. Forward Migration refers tothe VMware HCX Migration of Virtual Machines from the Local Site to an VMware HCX-Enabled RemoteSite. The operation is initiated at the local site. These operations can be initiated directly from the VirtualMachine context menu.

Procedure

1 In the vSphere Web Client, search for a virtual machine and select it, or select it directly in the VMsand Templates navigator tab.

2 Right-click the virtual machine and selectHybridity Actions

VMware HCX User Guide

VMware, Inc. 47

Page 48: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

3 Select Migrate to the Cloud.

4 In the Migrate to the Cloud wizard, select from the migration options: Force Power-off VM, RetainMAC, Upgrade Virtual Hardware, Upgrade VMware Tools, Remove Snapshots, and Force-UnmountISO Images.

5 Select the Target Site Resources Destination Container, the Storage, the Virtual Disk Format and theDestination Network.

6 Set Migration Type to vMotion, Bulk Migration. Cold Migration is automatically selected for poweredoff virtual machines.

7 Click Next. VMware HCX performs a validation.

8 Click Finish to begin the Migration.

Migrating Virtual Machines from the VMware HCX InterfaceThe VMware HCX interface is used for configuring multiple migrations, or for configuring ReverseMigrations. Reverse Migration refers to the VMware HCX Migration of Virtual Machines in VMware HCX-Enabled Remote to the Local Site. The operation is initiated at the local site.

Procedure

1 In the vSphere Web Client, navigate to HCX.

2 Select the Migrationtab and click Migrate Virtual Machines.

The Migrate Virtual Machines to Remote Site wizard is displayed.

3 Select from the migration options: Force Power-off VM, Retain MAC, Upgrade Virtual Hardware,Upgrade VMware Tools, Remove Snapshot, Force-Unmount ISO Images.

Note Use the Default Options pane to make the options apply to all selected Virtual Machines.

4 Select the target site resources:

n Select the Destination Container.

n Select the Storage.

n Select the Virtual Disk Format.

n Select the Destination Network.

5 Set the migration information:

n Select from the Migration Types:vMotion, Bulk Migration, Cold Migration.

n If Bulk Migration was selected, set a schedule.

6 Click Next.

VMware HCX performs a validation.

7 Click Finish to begin the Migration.

VMware HCX User Guide

VMware, Inc. 48

Page 49: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Protecting Virtual Machines with VMware HCX DisasterRecoveryThe Disaster Recovery feature replicates and protects Virtual Machines to a remote data center. ExistingVMware HCX Interconnect components are used, greatly simplifying from traditionally complex DisasterRecovery infrastructure.

About VMware HCX Disaster RecoveryVirtual Machine replication based protection with a nimble architecture that uses existing VMware HCXmobility components.

VMware HCX Disaster Recovery is a service intended to protect virtual workloads managed by VMwarevSphere that are either deployed in a private or a public cloud. It is simple to set up, manage, and costsless than the traditional disaster recovery solutions. VMware HCX Disaster Recovery can accommodatethe most demanding business critical applications and allows you to scale your protection capacity tomeet variable demands. This user guide addresses configuration, setup, and management aspects ofVMware HCX Disaster Recovery. VMware HCX Disaster Recovery provides the following benefits:

n Simple and easy to use the management platform that allows secure (enterprise to cloud and cloud tocloud) asynchronous replication and recovery of virtual machines.

n Introduces major efficiency gains over traditional business continuity and disaster recovery (BC/DR)practices.

n Allows for an improved recovery point objective (RPO) and recovery time objective (RTO) policycompliance while reducing total cost of ownership (TCO).

Note RPO is the interval of time that might pass during a disruption before the quantity of data lostduring that period exceeds your BC/DR maximum allowable threshold. Whereas RTO is the durationof time, and a service level within which data must be restored after a disaster to avoid unacceptableconsequences associated with a break in continuity.

n Reverse failover of workflows to your source site.

n Self-service RPO settings from 5 minutes to 24 hours per virtual machine.

Note RPO policy compliance depends on the available bandwidth from the source site to thedestination site.

n Multiple points in time recovery snapshots that allow you to recover back up to 24 previous replicationpoint in time.

n Optimized replication throughput by use of Wan Optimizer.

n Routing replication traffic through a customer preferred direct connect network

n On-premises monitoring and management with the fully integrated vSphere Web Client.

VMware HCX User Guide

VMware, Inc. 49

Page 50: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n Additional benefits of proximity routing and stretched networks. See Service Architecture forinformation.

n Access to VMware's production-level support.

Prerequisitesn Requires compute on a secondary site.

n Enabled Interconnect services through VMware HCX.

n VMware HCX Disaster Recovery uses the IPsec tunnel established between sites as the data path forreplications. For a proper communication, ensure you adhere to the requirements in the KB article Port numbers that must be open for vSphere Replication 5.8.x, 6.x, and 8.x (2087769).

Enabling DR Protection for a Virtual MachineThe VMware HCX virtual machine protection operation is used to configure the disaster recovery settingsfor a virtual machine, with specific remote site resources and recovery point objectives.

Procedure

1 In the vSphere Web Client, navigate to VMware HCX.

2 Navigate to the Disaster Recovery tab and click Protect VMs.

Protection Configuration screen appears.

3 Set these options as appropriate:

n Replication Destination Site – When selected, the site loads the virtual machine Inventory for SiteB. When deselected (default) Site B’s virual machine inventory is loaded.

n Remote Site – The 2 Sites that are paired and the current direction of Protection.

n Source Inventory

n Default Replication options – Global Setting Policy for all VMs within the DC or Cluster, ResourcePool, or Host.

n Virtual MachineReplication Options:

n Enable Compression – Helps during the seeding process of the VM. Helps if there is a lowthroughput LAN/WAN connectivity.

n Enable Quiescence – Pauses the virtual machine to ensure that the most consistent copy ofthe virtual machine is protected on Site B.

n Seed Virtual Machine – Used when a previous action created a copy of the VM, for example,a Bulk Migration of a virtual machine.

n Specify Destination Container – data center, Cluster, or Resource Pool where the protectedcopy of the virtual machine is going to live.

n Storage – Datastore on which the protected copy of the virtual machine lives.

VMware HCX User Guide

VMware, Inc. 50

Page 51: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n RPO – Recovery Point Objective for the VM. With VMware HCX, it can go from 5 mins – 24hours. The synchronization interval between the Source virtual machine and the Protectedvirtual machine

n Snapshots Interval – Interval between Snapshots. In the event, a corrupted change wassynchronized to the protect site, providing an option to recover from an earlier point in time.The event provides a Multiple Point in the Time Recovery plan for the protected VM.

n No. of Snapshots – Total no. of snapshots within the established snapshot interval.

n Network Port group – Corresponding port group that the protected virtual machine uses. Inthe illustration used, the port group that the source virtual machine is using has beenstretched to Site B, as a result it is automatically populated.

4 Click Next. A validation of the configuration for protection is performed.

5 Click Finish.

The DR Dashboard is displayed. You can monitor the progress of virtual machine protection.

6 The dashboard now shows the virtual machine being protected. Expand the dashboard.

n Local VMs – Reflects the total # of VMs on Site B that are protected. In the preceding illustration,it shows that one local virtual machine is being protected.

n Remote VMs – Reflects the total # of VMs on Site B that are being protected from other Sites.

n Activity – To monitor any ongoing Disaster Recovery related operations.

n Green Shield – DR protection is active.

n Yellow triangle – Protection has not been tested.

n In/Out – Direction of protection between a local site and a remote site.

7 Log in to Site B.

8 Go to Services > Disaster Recovery.

The Protected virtual machine is displayed.This process shows how a virtual machine on Site A isprotected on Site B using VMware HCX.

Performing a Virtual Machine Test RecoveryAn VMware HCX Disaster Recovery protection configuration can be tested by bringing the virtualmachine online with a test recovery operation, which does not disrupt the ongoing replication.

Prerequisites

n An initial full synchronization of the protected virtual machine is required. The vm test recovery optionwill be grayed out while the initial synchronization is in progress.

n When working with protected virtual machines on extended networks

n Do not connect a test recovered virtual machine to the extended network. This may impact theoriginal protected virtual machine due to the duplicate IP address.

VMware HCX User Guide

VMware, Inc. 51

Page 52: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n Create or use a test network at the Disaster Recovery site to test the recovery.

Procedure

1 Log in to the vSphere Web Client and access the VMware HCX plugin.

2 Go to the Disaster Recoverytab.

3 Select the virtual machine and under Actions, click Test Recovery.

4 If the Protected virtual machine is on a stretched network, an error similar to the illustration shows up.The option to use none is available for test recovery.

5 ClickingTest.

After the test completes, the yellow triangle changes to a certificate to show a test been completed.The solid yellow triangle shows that a test cleanup is needed.

6 Select the VM, click Actions, and then click Test Cleanup.

7 Click Cleanup on the next screen.

The test is now cleaned up. The solid yellow triangle disappears.

Performing a Virtual Machine RecoveryUsing the VMware HCX Disaster Recovery's Virtual Machine recovery operation, you can enable theVirtual Machine replica at the VMware HCX Target Site.

Prerequisites

This procedure applies when a protected Virtual Machine has become unavailable due to a disasterevent. This unavailable state is indicated with a red lightning bolt status in the Services - DisasterRecovery interface.

Procedure

1 Open the VMware HCX Cloud interface at the destination site.

2 Navigate to Services > Disaster Recovery.

3 Click : (colon icon) and click Recover.

The recovery process starts. After the recovery completes, the Virtual Machine is visible in theVMware HCX Disaster Recovery Target Site's vSphere Inventory.

VMware HCX Disaster Recovery - Protect Operations for VMsVMware HCX provides various operations that provide more control and granularity in replication policies.

Available Operations include:

1 Reverse – After a disaster has occurred. Reverse helps make Site B the source site and Site A wherethe protected VM now lives.

2 Pause – Pause the current replication policy associated with the virtual machine selected.

VMware HCX User Guide

VMware, Inc. 52

Page 53: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

3 Resume - Pause the current replication policy associated with the virtual machine selected.

4 Remove - Remove the current replication policy associated with the virtual machine selected.

5 Sync Now – Out of bound sync source virtual machine to the protected VM.

Updating VMware HCXThe information includes step-by-step instructions for performing VMware HCX system updates.

About VMware HCX System UpdatesUpdates to the VMware HCX service with new features and software fixes are released in a bi-weeklyinterval.

Terminology used in this section:

n VMware HCX Enterprise refers to the VMware HCX Manager system type for on-premises or sourcedata center installations.

n VMware HCX Cloud refers to the VMware HCX Manager system type for public cloud or destinationdata center installations.

n VMware HCX Interconnect refers collectively to the VMware HCX service appliances:

n The HCX-WAN-IX (CGW): The VMware HCX migration and DR service appliance.

n The HCX-WAN-OPT: The VMware HCX WAN optimization service appliance.

n The HCX-NET-EXT (L2C): The Network Extension service appliance.

n VMware HCX Interconnect appliances are deployed in site to site pairs.

n The VMware HCX Architecture for System Updates describes VMware HCX Enterprise (on-premise/source) and VMware HCX Cloud (on-premise/target or Public Cloud) as VMware HCX Clientsystems

n The VMware HCX Architecture for System Updates describes the VMware HCX Service URLconnect.hcx.vmware.com as a server system. This service provides VMware HCX update metadatato the clients.

n The VMware HCX Architecture for System Updates describes the VMware HCX Service URLhybridity-depot.vmware.com as a server system. This service will provide the VMware HCX Updatefiles to the VMware HCX Client systems.

n An VMware HCX Release refers to a set of builds, which are released on the same cycle withupdated software for all VMware HCX client systems types. For example, Release 105 (R105) wasreleased August 20th and contains VMware HCX Enterprise Build 9689240 and VMware HCX CloudBuild 9689167.

Build numbers in a release set have similar opening digits.

VMware HCX Architecture for System Updates:

VMware HCX User Guide

VMware, Inc. 53

Page 54: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Planning VMware HCX System UpdatesCarefully plan VMware HCX Updates to minimize risk.

n Perform updates on all connected VMware HCX sites. In the VMware HCX Architecture for SystemUpdates illustration in the previous topic, there are two VMware HCX Enterprise systems connectedto a single VMware HCX Cloud at the destination site. Plan a single maintenance event for all threesites.

n All VMware HCX Manager components should be updated before the VMware HCX Interconnectservice components are upgraded/redeployed.

n VMware HCX client systems periodically connects to connect.hcx.vmware.com and queries theserver for published updates. The VMware HCX UI displays a banner when an update is available.

n VMware HCX client systems must be able to reach connect.hcx.vmware.com using HTTPSthroughout the entire lifecycle of the system. When this connection is not working; the VMwareHCX client system will not display updates available to other VMware HCX systems.

n Only perform an update when a published release is available on all of the VMware HCXsystems.

n VMware HCX client systems must be able to reach hybridity-depot.vmware.com using HTTPS forthe download of update files, without connectivity to the depot, the Update Download fails.

n The VMware HCX Interface allows the Update file download to be decoupled from the VMware HCXManager update.

n VMware HCX Enterprise/Cloud Manager systems must be updated on all connected sites beforeupdating the VMware HCX Interconnect service appliances.

VMware HCX User Guide

VMware, Inc. 54

Page 55: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

n Updating the VMware HCX Enterprise and VMware HCX Cloud systems requires a reboot of theVMware HCX Manager appliance, but will not disrupt VMware HCX services as they operateheadless when the manager is unavailable.

n Because updating the VMware HCX Manager does not disrupt the VMware HCXInterconnect/Service layer, the VMware HCX team recommends consuming VMware HCX updates asthey become available to ensure that the systems are running the latest fixes and security updates.

n Updating the VMware HCX Interconnect VMs causes an interruption to the VMware HCX services.Only upgrade the VMware HCX Interconnect during an approved off-peak maintenance window.

n Ensure that migrations are not running or scheduled when updating the HCX-WAN-IX(CGW) andHCX-WAN-OPT appliances.

n Re-deploying the HCX-NET-EXT (L2C) appliances will disrupt connectivity that crosses theNetwork Extension path. The tunnel state reconverges in less than one minute.

VMware HCX Update ProceduresUpdating an VMware HCX system installs the latest features, problem fixes and security patches.

Verify the VMware HCX Client systems from all connected sites have received notifications of anavailable update for the same release.

1 Update the VMware HCX Manager components:

n Download and Upgrade the VMware HCX Cloud Manager component at the destination site. TheVMware HCX Manager system will reboot during the Upgrade. Allow the system several minutesto fully initialize.

n Download and Upgrade the VMware HCX Enterprise Manager component at the source site. TheVMware HCX Manager system will reboot during the Upgrade. Allow the system several minutesto fully initialize.

2 The VMware HCX Interconnect Service appliances can be upgraded once all the paired VMwareHCX Manager systems are updated.

n The service appliances updates are always initiated at the source site. Use the VMware HCXInterconnect view to redeploy or upgrade the VMware HCX Interconnect service appliances:

n Upgrade or Redeploy the HCX-WAN-IX (CGW) and HCX-WAN-OPT together. Bothappliances must be fully operational

n Verify tunnels are Up before resuming services or proceeding to the next component.

n Upgrade or Redeploy the HCX-NET-EXT (L2C) appliance

n Verify tunnels are Up before resuming services or proceeding to the next component.

Note Re-deploying the VMware HCX Network Extension service disrupts VM to VM traffictraversing the Network Extension network path provided by VMware HCX. This componentshould only be redeployed or upgraded in off-peak hours, during a maintenance window.

VMware HCX User Guide

VMware, Inc. 55

Page 56: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Release NotesDetails for new updates can be found in the System Updates section of the VMware HCX Manager plug-in and on the VMware HCX | NSX Hybrid Connect document page.

Locating the Release Notes within the VMware HCX Interface1 In the vSphere Web client on the VMware HCX Enterprise | VMware HCX Source site, open the HCX

plug-in.

2 Open the Administration tab.

3 Open the System Updates section.

4 Under the Local VMware HCX section right-click the available version link and select Readme.

5 Current Release Notes are displayed.

Release Notes on VMware DocsRelease Notes are available in the VMware documentation homepage: VMware VMware HCX | NSXHybrid Connect Release Notes.

VMware HCX TroubleshootingThe following sections contain common VMware HCX troubleshooting scenarios, troubleshootingmethodology, general information collection and how to use built in diagnostic tools like the VMware HCXCentral CLI

Enabling SSH on the VMware HCX ManagerEnabling the SSH service on the VMware HCX Manager component for CLI access.

To access to the VMware HCX Manager and its services, use a VMware Remote Console session usingvSphere or by establishing an SSH session. You must first enable SSH on the VMware HCX Manager ifSSH was not enabled during the initial VMware HCX Manager installation.

Procedure

1 Log in to the VMware HCX Appliance Management interfacehttps://hcxmgr-ip-or-fqdn

2 Go to Appliance Summary.

3 Under System Level Services, locate the SSH Service.

VMware HCX User Guide

VMware, Inc. 56

Page 57: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

4 Click Start.

Logging into the VMware HCX Manager CLIThis topic contains information on how to connect to the VMware HCX Manager CLI.

Prerequisites

When logging in to the VMware HCX Manager command-line interface, either Using VMRC or an SSHsession, the first-level access is with the admin account created during the initial installation of theVMware HCX Manager. If requested to do so by support after you log in with the admin account, you canswitch the User to root.

Procedure

1 Connect to the VMware HCX Manager using VMRC or SSH.

2 When prompted for credentials, enter admin as the user name and password.

3 Switch to root by typing su rootand providing the root password.

VMware HCX User Guide

VMware, Inc. 57

Page 58: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Locating the VMware HCX System IDs Using VMware HCXManager CLIWhen working with support, you may have to provide the VMware HCX System IDs. You can get the IDsfrom the VMware HCX plug-in and from the VMware HCX Manager CLI.

Prerequisites

This procedure only permits you to obtain the local VMware HCX System ID.

Procedure

1 Connect to the VMware HCX Manager shell using VMRC or SSH.

2 Switch user to root: su

3 Type cat /common/location

4 Note the System ID .

Locating the VMware HCX System IDs Using VMware HCX Plug-InWhen working with support, you may have to provide the VMware HCX System IDs. The IDs can beobtained from the VMware HCX plug-in and from the VMware HCX Manager CLI.

Procedure

1 In the vSphere Web Client, navigate to the VMware HCX plug-in > Administration > SystemUpdates.

2 Under Local VMware HCX, in the Info column click the i (information) icon. This copies the System IDto your clipboard. Do the same to obtain the Remote VMware HCX System ID.

VMware HCX User Guide

VMware, Inc. 58

Page 59: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

3 Note the IDs and provide them to VMware when requested

Using Central CLI to Connect to VMware HCX ServicesFrom the VMware HCX Manager Central CLI, you can connect to the various VMware HCX services fortroubleshooting or gathering information.

Procedure

1 Enable CCLI on the VMware HCX Manager: ccli.

2 Type list to view a list of VMware HCX nodes.

3 Identify the VMware HCX node ID for the VMware HCX service you want to connect to.

4 Type go # where # is the node ID.

5 Type ssh

VMware HCX User Guide

VMware, Inc. 59

Page 60: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

6 Use the help command to display available commands. Refer the VMware HCX Central CLI Guidefor more detail about the Central CLI commands.

Gathering VMware HCX Technical Support Logs from the VMwareHCX Plug-InLocating the VMware HCX logs for review and knowing how to gather them is an important part of thetroubleshooting process. It is helpful to include at least the VMware HCX Manager Technical Support logwhen experiencing an issue and reaching out to support.

Procedure

1 In the vSphere Web Client, navigate to the VMware HCX plug-in > Administration >Troubleshooting > Download Log Bundles.

2 Select the box next to one or more logs that you want to generate.

3 Click Request.

4 After the bundle is prepared, you are prompted to download them.

Gathering VMware HCX Technical Support Logs from the VMwareHCX Appliance ManagementLocating the VMware HCX logs for review and knowing how to gather them is an important part of thetroubleshooting process. It is helpful to include at least the VMware HCX Manager Technical Support logwhen experiencing an issue and reach for support.

Procedure

1 Log in to the VMware HCX Appliance Management interface.

2 Navigate to Administration > Troubleshooting > Technical Support Logs.

3 Select the box next to one or more logs that you want to generate.

VMware HCX User Guide

VMware, Inc. 60

Page 61: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

4 Click Generate.

5 After the bundle is prepared, you are prompted to download them.

Viewing Logs in the VMware HCX Manager ShellVMware HCX service logs are useful when troubleshooting failures.

Prerequisites

There are two key logs in the VMware HCX Manager that can be reviewed and used whentroubleshooting problems or to monitor system activities. Both are located in /common/logs/admin andthey are the Application log (app.log) which logs all activities for the App-engine service and Web log(web.log) which logs all activities for the VMware HCX Web Engine service. The process requires agood understanding of the VMware HCX system so it is best to review with a VMware support engineer.

Procedure

1 Use VMRC or SSH to connect to the VMware HCX Manager shell.

2 Switch user to root: su –.

3 Change directory to /common/logs/admin.

4 From within this directory, you can open the relevant logs using standard linux text commands.

5 When troubleshooting failures, search using keywords such as Fail, ERROR, exception, migration.

VMware HCX Manager Services from the VMware HCX ApplianceManagement InterfaceManaging VMware HCX services from the appliance management interface.

VMware HCX User Guide

VMware, Inc. 61

Page 62: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Prerequisites

The VMware HCX Manager requires several key services to be running for VMware HCX operations tofunction properly. There are several services that are required but the two most important ones which youmust monitor and become familiar with are the App-engine and the Web- engine services.

When working with support, you may have to confirm that these services running or may have to restartthem. The VMware HCX Manager Services are located and can be viewed and restarted in severalplaces.

Note Do not restart services unless it is requested by a support engineer.

Procedure

1 Log in to the VMware HCX Appliance Management interface.

2 Navigate to Appliance Summary.

3 You can find all services and can monitor or restart them. The only two services that are optional arethe SNMP and SSH services. All others must always be running.

VMware HCX Manager Services from the VMware HCX CLIYou can manage the VMware HCX service using the VMware HCX CLI.

Procedure

1 VMRC or SSH into the VMware HCX Manager.

2 Switch user to root: su –.

VMware HCX User Guide

VMware, Inc. 62

Page 63: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

3 Type systemctlactionservice_name.

n Action can be status, stop, start, restart.

n Service name can beWeb-engine or app-engine.

systemctlstatus web-engine

systemctlstatus web-engine

systemctl stop web-engine

systemctl restart web-engine

Viewing VMware HCX System StateViewing VMware HCX system state from the appliance management dashboard.

Prerequisites

For VMware HCX to run properly, it is important that it has sufficient available resources. You can view thekey system resources such as CPU, memory, and storage from the Dashboard section in the VMwareHCX Appliance Management Interface. The dashboard section also provides other useful informationsuch as the version that the VMware HCX Manager is running, the uptime, its IP address, and currenttime. All useful information when reviewing logs or required by support.

Procedure

1 Log in to the VMware HCX Appliance Management interface.

2 Navigate to Dashboard.

3 Review the CPU, Memory, Storage, Uptime, and Version.

VMware HCX User Guide

VMware, Inc. 63

Page 64: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Viewing VMware HCX-Related Entries in the vSphere Task ConsoleMost VMware HCX Operations such as the initial appliance deployment, extending a network, or amigration can be monitored from the vSphere Web Client Task Console.

Procedure

1 Open the vSphere Web Client and navigate to Home.

2 Navigate to Tasks.

3 In the Task Console, filter the results by using HCX in the search filter.

4 Look for any failures or errors. If you see an error, you can review the logs to find additional details.

Enabling the VMware HCX Central CLIThe VMware HCX Central CLI is used for diagnostic information collection and secure connections toInterconnect components.

The Central CLI on VMware HCX allows you to run commands available centrally on the VMware HCXManager to query all your VMware HCX services, including the VMware HCX Interconnect and NetworkExtension Service. The Central CLI reduces troubleshooting time by providing centralized diagnostics andincreases the security of the WAN Interconnect service appliances by eliminating the need to run SSH. Touse it, first you must enable the Central CLI on the VMware HCX Manager.

Procedure

1 Use VMRC or SSH to connect to the VMware HCX Manager shell.

2 Switch user to root: su –.

3 Type ccli.

The VMware HCX Central CLI is now enabled.

4 Begin using it by exploring the p command output.

Monitoring VMware HCX SystemsVMware HCX native tools and views can be used to collect current state and general system health. Also,VMware HCX can be integrated with vRealize Log Insight and vRealize Operations using ManagementPack.

vROPS Management Pack for VMware HCXThe vRealize Operations Management Pack (MP) for VMware HCX helps monitoring with integrateddashboards and reports. It triggers problem alerts for the VMware HCX components and services.

VMware HCX User Guide

VMware, Inc. 64

Page 65: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

The vRealize Operations Management Pack for VMware HCX extends the Operations Managementcapabilities of vRealize Operations for VMware HCX Hybrid Mobility, Interconnect Management and DataCenter and Cloud Migrations.

Installing the VMware HCX Management PackThe VMware HCX Management Pack is available in two variants: One for vSphere based VMware HCXdeployments and the other is specific to vCloud Director-based vSphere deployments.

Prerequisites

You need a my.vmware.com account to download the management pack.

Procedure

1 Navigate to the VMware Solutions Exchange.

2 Locate the appropriate Management Pack based on the presence or absence of vCloud Director.

3 Login using my.vmware.com credentials.

VMware HCX User Guide

VMware, Inc. 65

Page 66: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

4 To download the Management Pack, click the Try button.

5 Log into the vRealize Operations Manager user interface with administrator privileges.

6 On the left pane, click the Administration icon and click Solutions.

7 On the Solutions tab, click the plus sign.

8 Browse to the downloaded HCX MP PAK file.

9 Click Upload. After the upload, click Next.

10 Accept the EULA, click Next.

11 After the installation is finished, click Finish.

The Management Pack is listed as a solution.

The listed VMware HCX Enterprise Adapter is connected to the local VMware HCX system, typicallyin the same site as the VROPS installation. The VMware HCX Cloud for vCenter Adapter makes aconnection to the remote VMware HCX system.

12 Connect the HCX Enterprise Adapter or HCX Cloud for vCenter Server Adapter to the VMware HCXEnterprise system using its IP or FQDN. Authenticate to the VMware HCX system using a vSphereSSO-integrated user that belongs to a group with access to VMware HCX.

13 Connect the VMware HCX Cloud for vCloud Director Adapter using its Load Balancer address orPublic Access URL. Authenticate using the Org administrator.

After sufficient metrics are collected - the vROPS dashboard is populated with views based onenabled VMware HCX services.

VMware HCX User Guide

VMware, Inc. 66

Page 67: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX in the VMware Cloud on AWSVMware HCX enables cloud on-boarding without retrofitting source infrastructure, supporting migrationfrom vSphere 5.0+ to VMware Cloud on AWS (VMC) without introducing application risk and complexmigration assessments.

Deploying VMware HCX Cloud from the VMC ConsoleVMware HCX is an add-on to the VMC SDDC. The VMware HCX Cloud components are deployed andthe SDDC becomes an eligible VMware HCX target site.

Prerequisites

n The user performing this procedure must have access to to the VMC Console.

Procedure

1 Log in to the VMC Console at vmc.vmware.com.

2 On the Add Ons tab of your SDDC, click OPEN HYBRID CLOUD EXTENSION on the Hybrid CloudExtension card.

The VMware Hybrid Cloud Extension interface will open.

3 Navigate to the SDDCs tab and click DEPLOY HCX and click CONFIRM to initiate the deployment.

The VMC activation is created and displayed, and the deployment begins. This step takes severalminutes to complete.

4 Open the vCenter console and locate the VMware HCX_cloud_manager.

5 On the Add Ons tab of your SDDC, click OPEN HYBRID CLOUD EXTENSION on the Hybrid CloudExtension card.

VMware HCX User Guide

VMware, Inc. 67

Page 68: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

6 Navigate to the SDDCs tab and click OPEN HCX.

The VMware HCX Cloud service interface opens, the URL will read https://hcx.sddc.*.vmwarevmc.com.

7 Enter the [email protected] user and credentials and click LOG IN.

The Administration tab System Updates can now be used to download the VMware HCX EnterpriseClient installer, which is needed for the on-premises VMware HCX installation. The on-premisesdeployment is detailed in Installing and Configuring VMware HCX Enterprise section of this guide.

Overview of VMware HCX on NSX for vSphere backed SDDCsVMware Cloud on AWS SDDCs backed by NSX for vSphere and SDDCs backed by NSX-T supportdifferent sets of features. This section describes the behavior and features of VMware HCX services onSDDCs whose networking is backed by NSX for vSphere.

Determining Whether Your SDDC Networking is Backed by NSX for vSphere or NSX-T

VMware HCX User Guide

VMware, Inc. 68

Page 69: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Component Architecture on NSXv backed SDDCs

Supported VMware HCX Features with NSXv SDDCs

Feature Details

VMware HCX VirtualMachine Migrations

n VMware HCX vMotion for serial migrations.n VMware HCX Bulk Migration for scheduled, replication based, parallel migrations.n VMware HCX Cold Migrations for powered-off virtual machines.n VMware HCX Replication-Assisted vMotion is only available with exclusively VMware HCX on

VMC. For more details, see VMware HCX Replication-Assisted vMotion.

VMware HCX WANOptimization

n Deduplication, compression and line conditioning of VMware HCX migration and protectionnetwork flows.

VMware HCX User Guide

VMware, Inc. 69

Page 70: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Feature Details

VMware HCX NetworkExtension

n Network Extension with Proximity Routing is not currently available with VMware Cloud on AWSNSXv or NSX-T SDDCs.

VMware HCX over AWSDirect Connect

n VMware HCX supports connections over AWS Direct Connect with a Public Virtual Interfaceonly.

n VMware HCX does not require special configuration for Public VIF support. The VMware HCXcomponent EIPs will be part of the AWS region subnets advertised to the premises router.

n For more detail, see Using AWS Direct Connect with VMware Cloud on AWS.

Overview of VMware HCX on NSX-T Backed VMC SDDCsSDDCs backed by NSX for vSphere and SDDCs backed by NSX-T support different sets of features. Thissection describes the behavior and features of VMware HCX services on SDDCs whose networking isbacked by NSX-T.

Determining Whether Your SDDC Networking is Backed by NSX for vSphere or NSX-T

Summary of VMware HCX Changes to Support NSX-T backed VMC SDDCn Updated component architecture uses the NSX Service Insertion Framework.

n The AWS Direct Connect with Private Virtual Interface is now supported. User-defined Private IPSubnets can be used during the VMware HCX Interconnect configuration.

n Network Extension L2 bridging is done with MAC Address learning on the Network Extension L2switch port.

VMware HCX User Guide

VMware, Inc. 70

Page 71: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

VMware HCX Architecture on NSX-T backed SDDCs

VMware HCX Features with NSX-T Backed SDDCsAll the features listed in the Supported VMware HCX Features with NSXv SDDCs section apply toVMware HCX on NSX-T SDDCs with the exceptions detailed in the following table.

Feature Details

VMware HCX NetworkExtension

n A maximum of four networks can be extended to the SDDC per VMware HCX NetworkExtension appliance.

n After a Network Extension operation, there is a five minute delay until the network is availablefor a migration operation.

VMware HCX over AWSDirect Connect

n VMware HCX supports connections over AWS Direct Connect with a Private Virtual Interface.

VMware HCX User Guide

VMware, Inc. 71

Page 72: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

Configuring VMware HCX for Direct Connect Private VirtualInterfacesThe private virtual interface allows VMware HCX migration and network extension traffic to flow over theDirect Connect connection between your on-premises environment and your SDDC.

Prerequisites

n The AWS Direct Connect with Private Virtual Interface is only supported on VMC SDDC backed byNSX-T networking.

See Determining Whether Your SDDC Networking is Backed by NSX for vSphere or NSX-T.

n The SDDC must be configured to use the Direct Connect Private Virtual Interface.

See Using AWS Direct Connect with VMware Cloud on AWS.

n A private subnet that will be reachable from on-premises over the Direct Connect with Private VIFshould be reserved for VMware HCX component deployments.

n A logical switch should be configured and reserved for the VMware HCX interconnect.

n Existing VMware HCX Interconnect, Optimization Network Extension appliances must be removedprior to this configuration.

See Removing VMware HCX Interconnect Virtual Appliances.

Procedure

1 Log in to the VMC Console at vmc.vmware.com.

2 On the Add Ons tab of your SDDC, click OPEN HYBRID CLOUD EXTENSION on the Hybrid CloudExtension card.

3 Navigate to the SDDCs tab and click OPEN HCX.

4 Enter the [email protected] user and credentials and click LOG IN.

In the current release, this procedure requires a VMware Support account, in the upcoming release,the cloud administrator will be able to perform this operation.

5 Navigate to the Interconnect Configuration section of the Administration tab and click Edit.

6 Locate the Network Profile with Type: Internet and click the X to delete it.

7 Create a Network Profile:

a Select the Distributed Portgroup Network Type

b Select the Direct Connect Network Network Type

c Enter the private IP address ranges reserved for VMware HCX.

d Enter the Prefix Length and the Gateway IP address.

8 Click Next, and click Finish.

VMware HCX User Guide

VMware, Inc. 72

Page 73: VMware HCX User Guide - VMware HCX HCX...Web-Client/Plug TCP-9443 vSphere (5.5) SSO / Lookup Svc TCP-7444 vSphere (6.0+) SSO / Lookup Svc TCP-443 ESXi Management VMkernel Interface

When the VMware HCX Interconnect services are deployed from the VMware HCX Enterprise consoleon-premises, the VMware HCX Interconnect appliances will be deployed using uplink IP addresses thatare reachable over the AWS Direct Connect.

Figure 1‑3. VMware HCX over Direct Connect Private Virtual Interface

VMware HCX User Guide

VMware, Inc. 73