VMC on AWS Hybrid Cloud Operations

Confidential │ ©2021 VMware, Inc.

VMC on AWS Hybrid Cloud Operations

With HCX

November 2021

Confidential │ ©2021 VMware, Inc. 2

Agenda HCX Overview

VMware HCX Features & Services for VMC on AWS

HCX Installation

HCX Components

HCX Profiles and Service Mesh

Network Extension

HCX Migrations


VMware HCX Overview


Workload Migration and Mobility ChallengesBarriers customers face when trying to move workloads to the cloud

Application Dependency Mapping

Networking and security issues

Compatibility, Interoperability

Business Disruption, Downtime


VMware HCXAccelerating the SDDC Modernization and Cloud Journey

VMware Cloud Foundation

On-preminfrastructure

ON-PREM CLOUD

VMware Cloud Provider Partners

VMware Cloud on AWS

vSphere 6.0+KVM, Hyper-V

Modern EnterpriseDatacenter

Cloud Director based

environments

Modern Software Defined Data

Center

Hyperscalers (MaaS)

HCXWorkload Mobility Across VMware Stacks

NEW

Metal-as-a-service Cloud Providers


Customer-driven use-casesDriving business strategy and VMware value through workload mobility

Rebalance

Optimize Cloud Footprint

Shift Cloud Providers

Multi-cloud Strategy

Cloud ARegion 1

Cloud B

Business Continuity

Disaster Avoidance

DR to the Cloud

Scheduled Migration

Cloud ARegion 2

Brownfield Refresh

vSphere Replatform to 6x / 7x

Capture New Workloads

+

+

DC Consolidation

DC Evacuation

Cloud Adoption

Migrate Rebalance Business ContinuityUpgrade / Replatform


HCX for VMC

• Migrating Premises to VMC

• Rebalancing across VMC Regions

• Protect from VMC to existing DR side

HCX Advantage

• Live Large-scale migration

• DRaaS + HCX for Protection to DR site

• Region to Region Migration

• Secure migration and DR traffic

• Network and IP preservation

• High scale L2 Extensibility

Sample Customer Scenario

vSphere 6.x

HCXvCenter

Legacy DC

HCXManager

Cloud

vCenterServer

Appliance

vmvm vmvmvm

vSphere NSX-T vSAN

VMware Cloud on AWS

vSphere 7+

vSphere 6.x

HCXvCenter

DR Site


VMware HCX Features & Services for VMC on AWS


HCX for VMware Cloud on AWS

vMotion Live Migration

Bulk Migrationw/ reboot

Retain IP addressing schemes

WAN Optimization& Network

Redundancy

HCX Network Extension

Disaster Protection

Cloud to CloudMobility

Core Features for Basic Hybrid Connectivity and Workload Mobility

Replication Assisted vMotion

Mobility Optimized

Networking

Traffic Engineering

Mobility Groups

KVM + Hyper-V tovSphere Migration


vCenter 6.x, 7+

ESX

SDDC / VMware Cloud on AWS

SDDCOn-prem or cloud

vCenter 6.x

ESX

L2 VM Network

L3 vMotion Network

HCX

vMotion

LARGE SCALE LIVE MIGRATIONLive Bulk Migration with zero downtime


vCenter 6.x, 7.0

ESX

SDDC / VMware Cloud on AWS

SDDCOn-prem or cloud

vCenter 5.5+

ESX

L2 VM Network

L3 vMotion Network

HCX

vMotion

Replication Assisted vMotionLarge-Scale Live Migration


MOBILITY OPTIMIZED NETWORKINGAutomated Migration Aware Routing

1. VMs Migrated

2. Host Routes Injected

3. Host Routes Advertised

4. Host Routes Propagated

VDS NetworkNSX Logical Switch


Source

NSX Logical Switch

Target

HC

X U

plin

kHC

X U

plin

k

BGP / OSPF

HCX HCX

NSX-T

1

2

34

HCX + NSX-T Integration


VMware Cloud on AWS

SDDC Stack

Public CloudOpenstack Cloud

Openstack

KVM

HCX

VCF SDDC

Private CloudData Center or

Cloud

Hyper-V

HCX

Operating System Assisted MigrationKVM and Hyper-V to VMware Cloud

NEW


Traffic EngineeringNetwork Optimization and Resiliency

What is it?

This feature dynamically optimizes the TCP segment size during the TCP handshake with Network Extension traffic.

BenefitsReduced fragmentation. Reduced Packet rate. Increased average packet size.

What is it?

HCX creates multiple tunnels per IX/NE uplink, continuously probes them and intelligently selects the best path.

BenefitsHCX will avoid chokepoints/bottlenecks in the network fabric’s ECMP paths.

TCP Flow Conditioning Application Path Resiliency


MIGRATION PLANNINGSimplified Discovery, Logically Group and Migrate

Applications

SDDC On-prem or cloud

HCX

HCX InterconnectLive Migration

Source

= VLAN= VC Tags= Name

Mobility Group 1

Mobility Group 2

Mobility Group 1

Mobility Group 2

Destination


VMware HCX Installation


HCX With VMC On AWS SetupHCX Public Cloud Deployment Workflow

Log in to the VMC Console

at vmc.vmware.com

Add Ons tab of your SDDC, click Open

HCX on the HCX card and Click Deploy HCX

Add inbound firewall rule: Src-HCX

Manager, Des-HCX, Svc-HTTPS(TCP 443)

Add Ons tab of your SDDC,

click Open HCX on the HCX card and Click Open HCX

The HCX Cloud Manager UI is

available for HCX operations.

1 2 3 4 5

https://vmc.vmware.com/


HCX Cloud/HCX Target

❑ HCX will need to be enabled/deployed in your VMware Cloud on AWS SDDC (the HCX Target) and can be connected to one or multiple vCenters on premises.

❑ Management Gateway Firewall rule to allow traffic access to HCX

❑ Once deployed and activated, obtain the following from your SDDC deployment of HCX:

❖ HCX Fleet Public IPs

❖ Cloud Side HCX URL, for example: https://hcx.sddc-125-34-56-8.vmwarevmc.com

❖ Valid HCX Activation Key

❖ Valid credentials for VMware Cloud on AWS vCenter ([email protected] and appropriate password)

❖ HCX OVA

https://hcx.sddc-125-34-56-8.vmwarevmc.com/

mailto:[email protected]


HCX Pre-requisitesOn-Premises Installation

HCX Manager Interconnect (IX) Network Extension (NE)

IP Addresses - 1 IP from Management Network*- 1 IP from Management Network*- 1 IP from vMotion Network

- 1 IP from Management Network*

Ports

Outbound TCP 443**- https://connect.hcx.vmware.com- https://hybridity-depot.vmware.com- HCX Cloud Side URL

Outbound UDP 4500**- 2 Public IP Addresses assigned to

HCX from VMC Portal (HCX-Fleet)- If DX same port requirements to

private IPs

Outbound UDP 4500**- 2 Public IP Addresses assigned

to HCX from VMC Portal (HCX-Fleet)

- If DX same port requirements to private IPs

Other

- Proxy Information (if applicable)- DNS Server IP- NTP Server IP- User with Admin vCenter rights- HCX License Key (from VMC portal)

- 100 Mbps available bandwidth - 1 NE Appliance per vDS- 8 networks can be extended per

appliance- Cannot extend network where

appliances are deployed- Cannot extend Management

Network

* Appliances can be deployed on a separate network from Management Network as long as appliances have unrestricted access to Management Network.

** Just outbound needed

https://connect.hcx.vmware.com/

https://hybridity-depot.vmware.com/


HCX Components


HCX Appliances –Always In Pairs

HCX Manager (Connector/Cloud)

HCX-IX-I (Migration)

HCX-WO-I (Optimization)

HCX-NE-I (Extension)

HCX Manager (Cloud)

HCX IX-R

HCX-WO-R

HCX-NE-R

Source Destination

Initiates Site Pairing Site Pairing Target

Initiates Transport Tunnel

Initiates Transport Tunnel


About the HCX Manager

HCX Components – HCX Manager

The VMware HCX manager provides a framework for deploying VMware

HCX service VMs across both the source and destination sites. VMware

HCX mobility, extension, protection actions can be initiated from the

VMware HCX User Interface or from within the vCenter Server Navigator

screen's context menus.

HCX Manager

4 vCPU

12 GB Mem

60 GB Disk

Site Pair with remote HCX Cloud Manager

Activation - connect.hcx.vmware.comUpdates - hybridity-depot.vmware.com


HCX User Interface


HCX User Interface (https://hcx-ip-or-fqdn)


HCX Plugin in vCenter Server


HCX Plugin / Context Menus(https://vc-ip-or-fqdn)

Select HCX in the VC Navigator


Components – HCX Manager Types

Site-Paired

▪ Minimum of one HCX Cloud Manager in every deployment

▪ Can be the target for site pairing and pair with other HCX

Cloud systems

▪ Must run with current supported versions of vSphere and

NSX

▪ Licensed / Activated based on environment

▪ When configured as a site pair target, the Service Mesh

components are tunnel receivers

Typically deployed on the destination site for migrations. Cloud to Cloud deployment is an exception where HCX Cloud Manager can also be deployed at the source site.

▪ Cannot pair with another connector

▪ Cannot be the target for site pairing and network extension

▪ Can be run with End-of-life vSphere versions (6.0)

▪ Connector does not require NSX

▪ Licensed / Activated based on HCX Cloud

▪ Always connects to HCX Cloud Manager, the Service Mesh

components are tunnel initiators

Deployed at the source on-premises site where networks and workloads that will be migrated. Requires HCX Cloud Manager be deployed 1st to download.

HCXConnector

HCXCloud

Manager


HCX Site Pairing

vCenterServer

HCXConnector

vSphere Network Storage

Source Data Center

• 6.X

▪ 7.X

▪ NSX-T

▪ NSX-V

▪ VDS

▪ vSAN

▪ FC

▪ NFS

▪ iSCSI

vmvm vmvmvmvm

vmvm vmvmvmvm

vmvm vmvmvmvm

HCX Site Pairing

▪ Establishes the connection needed for management, authentication, and orchestration of HCX services between source and destination

▪ Initiated from source to destination

▪ Cloud to Cloud site pairing can be unidirectional or bidirectional

▪ Communication between HCX managers over port 443 TCP

vCenterServer

vSphere NSX-T vSAN

Elastic Network Interface

Destination

HCXCloud

Manager

VMware Cloud on AWS

Region: US West (N.Virginia)

vmvm vm

Region: US East


VMware Cloud on AWS

Cloud to Cloud Site Example

vCenterServer

vSphere NSX-T vSAN

VMware Cloud on AWS

Region: US West (N.California)


Source

vCenterServer

vSphere NSX-T vSAN


Destination

HCXCloud

Manager

HCX Interconnect

HCX Site PairingHCX

CloudManager

vmvm vmvmvmvm

VMware Cloud on AWS

Region: US West (N.Virginia)

R

vmvm vm vmvm vm

Bidirectional Migration

Region: US East


Components Per Site

Deployment

HCXConnector

HCX-WO HCX-IX

8 vCPU8 vCPU 8 vCPU

14 GB

100 GB

CPU

Memory

Storage

14 GB

100 GB 2 GB

3 GB

HCX-IX HCX-NE HCX-WO

8 vCPU8 vCPU 8 vCPU

14 GB

100 GB

CPU

Memory

Storage

14 GB

100 GB 2 GB

3 GB

HCX-NE

▪ HCX-IX - Interconnect

▪ HCX-NE: Network Extension

▪ HCX-WO – WAN Optimization

Deployed in pairs

HCX Site Pairing 443 TCP HCXCloud

Manager

29Confidential │ ©2020 VMware, Inc.

HCX Interconnect (HCX-IX)The HCX Migration and Protection Data Mover


Service Mesh HCX-IX Runs VM Mobility

HCX Components – IX Interconnect Appliance (HCX-IX)

HCX-IX

The Interconnect (HCX-IX) appliance

provides virtual machine mobility using the

VMware vSphere Replication, vMotion and

NFC (Network File Copy) protocols .

DisasterRecovery

Service

ReplicationAssistedvMotion

HCX vMotion

InterconnectService

Bulk Migration

Service


Form-Factor and Resource Requirements

HCX Components –Interconnect (HCX-IX)

▪ Deployed in a single VM fixed form-factor.

8 vCPU

3 GB Mem

2 GB Disk

▪ Deployed per Service Mesh.

HCX Uplink (Connection to peer HCX-IX)

vMotion Replication

ESXi Cluster(s)

Management


HCX WAN Optimization Appliance (HCX-WO)HCX Data Reduction and In-line Conditioning


In-Line Data Reduction & WAN Path Conditioning

HCX Components – WAN Optimization (HCX-WO)

HCX-WO

▪ HCX WAN Optimization improves

performance characteristics of the WAN

by applying WAN optimization

techniques like the data de-duplication

and line conditioning.

▪ Induces parallelism to single flow

operations.

1.5X – 5X deduplication (50 – 80%)

▪ It accelerates on-boarding to the cloud

using Internet/ HCX VPN without

waiting for Direct Connect/MPLS

circuits and increases latency tolerance

for HCX migrations

HCX WAN

Optimization

Service


Data-in-flight Deduplication, Compression, Packet Reordering

HCX WAN Optimization Service

Migration Protocol

Mesh1-WO-I

Mesh1-IX-I

UDP-4163 ICMP

UDP-4163 ICMP

Mesh1-WO-R

Source Cluster

Migration Protocol

Target Cluster

Mesh1-IX-R

Data in Motion1.5X – 5X deduplication (50 – 80%)

▪ Initial migration operations build the HCX-WO appliance cache. In subsequent operations WO filter looks for known patterns.

▪ HCX-WO uses LZ4 algorithm to compress deduplicated migration data.


HCX Network Extension Appliance (HCX-NE)HCX-based L2 connectivity & Mobility Optimized Networking


Layer 2 Extension for Distributed Switch, NSX

HCX Components – Network Extension (HCX-NE)

HCX-NE

▪ HCX Network Extension appliance provides a low

touch deployment of high performance (4–6 Gbps)

Layer 2 Extension from environments that a

vSphere 6.0+ Distributed Switch, or NSX Networks.

▪ HCX Network Extensions provides the ability to

keep the same IP and MAC addresses during a

Virtual Machine migrations.

▪ Provides VM Networking Efficiencies:

▪ TCP Flow Conditioning

▪ Mobility Optimized Networking

HCX Network

Extension Service


Form-Factor and Resource Requirements

HCX Components – Network Extension (HCX-NE)

▪ Deployed in a single VM fixed form-factor.

8 vCPU

3 GB Mem

2 GB Disk

▪ Only one Distributed Switch per HCX-NE

▪ Can be pre-scaled in the Service Mesh configuration

HCX Uplink (Connection to peer HCX-NE)

Management

Sink Port or Mac Learning Port

VDS and NSX-T Networks


HCX Network Extension overview

vSphere Distributed Switch NSX-T

SRC-ESX2SRC-ESX1 DST-ESX4DST-ESX3

VM VLAN 100 Gateway192.168.100.1

VM4192.168.100.40MAC AD

Internet Or Private Paths

VM VLAN 100192.168.100.0/24

NSX Tier 1Disconnected GWFor Segment 100

192.168.100.1

HCX-NE-I HCX-NE-R

VM1192.168.100.10

MAC AA

VM2192.168.100.20MAC AB

VM3192.168.100.30MAC AC


VMware HCX Profiles & Service Mesh


HCX Profiles: Compute & Network

vCenterServer

HCXServices

ESXI-01

ESXI-02

ESXI-03

ESXI-04

Cluster-01

Datastore Cluster

Compute Profile

HCXManager

Management

vMotion

Network Profile

Replication

IP Pools

MTU

Prefix Length

Network Details

Backing Switch

Compute Profile

Network Profile

Uplink

vCenter Server


Elements of the Compute Profile

HCX Compute Profile ▪ A Compute Profile is a sub-component of the Service Mesh.

It describes which HCX services will run, and how they will be

deployed when the Service Mesh is created.

▪ Sub-Components:

▪ HCX Services

▪ Networks

▪ Deployment Cluster (Container)

▪ Service Clusters (Resources)


Flexibility of Configuration - Service & Deployment Clusters

HCX Compute Profile

Cluster workloads that can be migrated/protected.

Connected Distributed Switches available for Network Extension.

Service Mesh appliances (IX/NE, etc) will be deployed to the Deployment Cluster.


Characteristics of Compute Profiles

HCX Compute Profile

• An HCX Manager system must have one Compute Profile (multiple Compute Profiles can be created).

• Compute Profile references inventory objects from the vCenter Server that was registered during the HCX deployment.

• Creating a Compute Profile does not deploy the HCX appliances (Compute Profiles can be created and not used).

• Creating a Service Mesh deploys appliances using the settings defined in the source and destination Compute Profiles.

• A Compute Profile is considered "in use" when it is used in a Service Mesh configuration.

• Changes to a Compute Profile profile are not affected in the Service Mesh until a Service Mesh a Re-Sync action is triggered.


Network Profile – Flexibility of Configuration

HCX Network Profile


Elements of the Network Profile

HCX Network Profile

Network Profiles are a sub-component of the Compute Profile. When a service mesh is created, the network profile configurations are used to connect the deployed HCX appliances.

▪ One underlying vSphere Port Group (VSS or VDS) or NSX based network.

▪ A pool of unused IP addresses reserved for HCX to use during Service Mesh deployments.

▪ IP address information: The gateway IP, the network prefix and MTU, and DNS.


Network Profile Traffic Types

HCX Network Profile


Network Profile Best Practices

▪ In most deployments, the HCX Network Profile (NP) for cluster vMotion, Replication & Management should connect to an existing cluster VMkernel network Portgroups/VLANS.

▪ VSS, DVS and NSX VLAN and Overlay networks can be used as a Network Profile networks.

▪ Configure NP MTU to match the MTU of the existing port groups.

▪ Use dedicated vSphere Replication NP to separate bulk migration from mgmt traffic. This may require new VMkernel interfaces (dedicated VR VMK are less common than dedicated vMotion VMK).

▪ HCX always uses the Mgmt network for VR NFC. Using a dedicated VR NFC VMK is not supported.

▪ Use dedicated HCX Uplink networks to separate migration and network extension traffic from management traffic.

▪ When working with multiple clusters (with different vMotion / Replication / Management networks), create NPs for each cluster, and assign them to cluster-specific Compute Profiles.


HCX Service Mesh

vCenterServer

ManagementvMotion

HCXIX

HCXWO

HCXNE

Replication

ESXI-01 ESXI-02 ESXI-03 ESXI-04

vCenterServer

HCXWO

ManagementvMotion

Replication

ESXI-01 ESXI-02 ESXI-03

HCXIX

ESXI-04

Initiators Receivers

PG-Applications

HCXNE

Segment-PG-Applications

HCXCloud

Manager

Source Destination

Service Mesh

HCXConnector

HCX Appliances HCX Appliances

Cluster-01

Data Center: San Jose VMC SDDC

Cluster-1

Compute Profile

Network Profile

Compute Profile

Network Profile

* Destination NSX Overlay Networks *

PG-Webservers

PG-Databases

PG-Custom

Segment-PG-Webservers

Segment-PG-DatabasesSegment-PG-Custom

Uplink

Uplink


Instantiate Selected Services

HCX Service Mesh


Best Practices for HCX Service Mesh Deployments

HCX Service Mesh – Best Practices 1

▪ Deploy the HCX Service Mesh in the same vCenter Server it is providing services for.

▪ When deploying the HCX Service Mesh to high density clusters, use CP resource reservations.

▪ Deploy an HCX Service Mesh for each unique source and destination cluster pair to maximize migration concurrency (200 concurrent replications per Service Mesh).

▪ (NEW) Create a Service Mesh to separate Network Extension traffic from Migration traffic. HCX now allows additional service mesh to be deployed for a CP to CP pair (only for NE services)

▪ Create HCX Uplink Network Profile for migration services. Use a dedicated migration VLAN. Create a Service Mesh for migration, assign the migration uplink NP.

▪ Create HCX Uplink Network Profile for network extension traffic. Use a dedicated extension VLAN.Create a Service Mesh for network extensions, assign the network extension uplink NP. Prioritize NE traffic.

▪ Use the Compute Profile Reservations settings to reserve resources for Network Extension traffic.


Storage Best Practices

HCX Service Mesh – Best Practices 2

▪ HCX does not require the source and destination environments to have access to datastores shared across both sites.

▪ When working with smaller or shared datastores, assign multiple datastores in the Compute Profile to allow HCX provisioning ‘spill over’.

HCX Service Mesh VMs have generally very low storage capacity requirements:

▪ HCX-IX, HCX-NE use 2GB disks.

▪ OSAM HCX-SGW & HCX-SDR use 10GB disks.

▪ HCX-WO (WAN Optimization) uses 100GB disks.

▪ Use SSD datastores for HCX-IX/HCX-WO deployments. (WO requires 2500 IOPS)

▪ In multi-site HCX deployments that may contain multiple IX/WO pairs, ensure the selected datastore can support the 2500 IOPS requirement. (4 HCX-WO appliances using the same datastore capability for 10,000 IOPS, just for the WANOPT.


From HCX Manager

HCX Service Mesh – Topology


TASK 1.1 – 3.x

1. Configure Access to HCX

2. Configure HCX On-Premises

3. Configure Site Pairing

4. Configure Compute & Network Profiles

5. Deploy Service Mesh

Lab - 8: Workload Mobility & Hybridity (Part 1)

LAB


HCX Network ExtensionHybridity


Network Extension Use Case/Benefits

▪ Abstracted Complexity

▪ Simple click extension operation.

▪ Simple click unextend/gateway migration.

▪ Interoperable VLAN source networks and NSX-T Overlays (Logical Switches or Segments)

▪ Connect Legacy VDS 6 and higher Distributed Switches

▪ On-board to cloud without waiting for WAN circuits.

▪ Secure, high performance, reliable connectivity.

▪ Keep IP and MAC Address across the extended broadcast domain

▪ Higher cloud uptime/access with resilient and reliable connectivity

Benefits


HCX Network Extension Introduction

HCX provides L2 multi-environment connectivity as a simple operation, creating L2 adjacency for virtual machine networks spanning at destination environments running NSX-T Data Center or NSX for vSphere .

vSphere Distributed Switch 6.0+

OR NSX-v 6.4.4+ NSX-T 2.4+ NSX-T 2.4+ or NSX-v 6.4.4+



VM1192.168.100.10

VM2192.168.100.20

VM3192.168.100.30

VM4192.168.100.40


VM VLAN 100192.168.100.0/24


192.168.100.1


HCX Network Extension Extension Infrastructure

(1) When the HCX Network Extension service is enabled. (2) HCX-NE appliances deploy symmetrically on the selected Service Mesh in both environments. (3) The SRC HCX-NE appliance will automatically establish encrypted transport tunnels to its peer.

vSphere Distributed Switch NSX-T Overlay TZ


HCX-NE-I HCX-NE-RUplink 172.16.200.50

Unmanaged HCX Encrypted Transport Tunnel

Automatically Established

UDP-4500

1

2 2

3

HCX Uplink 10.0.100.50

HCX Uplink 172.16.200.50

10.0.100.1 172.16.200.1

HCX Cloud HCX Connector

Tier 0Gateway

Tier 1 Gateway


HCX Network Extension Network Extension Configuration

From VC or HCX (1). Select a distributed port group or NSX segment, enter IP information, and Network Extension is enabled in the service mesh. (2) the HCX-NE and NSX Tier 1 gateway (or NSXv router) is selected (3) and the operation is started.



Tier 0Gateway

Tier 1 Gateway

HCX-NE-I HCX-NE-RUplink 172.16.200.50

1


VM VLAN 100192.168.100.0/24

2

2

3

3


HCX Network Extension Network Extension Established

(1) HCX compares the entered subnet with existing networks on the destination NSX router, if there is a subnet match, HCX connects to the existing segment, (2) otherwise the segment is created in a disconnected state. (3) Finally, the HCX-NE appliances connect to the original network and extended segment using special listening port, the HCX-NE appliances start learning MAC Addresses and forwarding.




VM1192.168.100.10

VM2192.168.100.20

VM3192.168.100.30

VM4192.168.100.40


VM VLAN 100192.168.100.0/24


192.168.100.1

1

2

2

3 3


HCX Network Extension Integration with vSphere Distributed Switches

vSphere Distributed Switch

SRC-ESX2SRC-ESX1

VM1192.168.100.10

MAC AA

VM2192.168.100.20MAC AB

VM3192.168.100.30MAC AC

VM VLAN 100192.168.100.0/24

HCX can integrate with vSphere Distributed Switch (vDS 5.1) VLAN networks when the distributed switch is version 5.1 or newer.

HCX performs the following actions to bridge the VLAN:

▪ During HCX-NE deployment (when the remote side is

not NSX-T) trunk interfaces are connected to the

vSphere Distributed Switch. One of the trunk

interfaces is designated to VLAN extension.

▪ When a network is extended, HCX adds a sink port

for the VLAN on the HCX-NE appliance with Forged

Transmits enabled.

Sink Port

UplinkvNIC

MgmtvNIC

Cluster MgmtNetwork

HCX-NE Trunks (remote not NSX-T)1 for VLAN extensions 1 for VXLAN extensionsTwo for internal use


HCX Network Extension Integration with NSX Datacenter for vSphere Environments (VDS)

NSX-V VXLAN TZ

SRC-ESX2SRC-ESX1VXLAN VNI 5000192.168.100.0/24

Sink Port

UplinkvNIC

MgmtvNIC

Cluster MgmtNetwork

VTEP 1 VTEP 2

HCX-NE Trunks (remote not NSX-T)1 for VLAN extensions 1 for VXLAN extensionsTwo for internal use

HCX can integrate with a source environment running NSX for vSphere 6.4 and newer. Networks can be extended as overlays to destinations running NSX-V is 6.4+.

HCX performs the following actions to bridge the VXLAN:

▪ During HCX-NE deployment (when the remote side is not

NSX-T) trunk interfaces are connected to the vSphere

Distributed Switch. One of the trunk interfaces is

designated to VXLAN extension.

▪ When a network is extended, HCX adds a sink port for the

VXLAN on the HCX-NE appliance with Forged Transmits

enabled.

VM1192.168.100.10

MAC AA

VM2192.168.100.20MAC AB

VM3192.168.100.30MAC AC


HCX Network Extension Integration with NSX-T

NSX-T N-VDS

SRC-ESX2SRC-ESX1GENEVE VNI 5000192.168.100.0/24

Learning Port

UplinkvNIC

MgmtvNIC

Cluster MgmtNetwork

TEP TEP

HCX can integrate with a source environment running NSX –T 2.4 and newer.

HCX performs the following actions to bridge:

▪ When a network is extended, HCX adds a Learning

interface to the HCX-NE appliance.

▪ The learning interface has the following policies enabled:

▪ MAC Learning

This feature allows multiple MAC Addresses behind

one vNIC.

▪ MAC Address Change

This feature allows a VM to change its MAC address,

and still send and receive traffic on the vNIC.

▪ Unknown Unicast Flooding

The port floods unknown unicast traffic to ports that

have mac learning + uu flooding enabled.

HCX-NE Learning-MAC Switching Profile-MAC Address Change-Unknown Unicast Flooding

VM1192.168.100.10

MAC AA

VM2192.168.100.20MAC AB

VM3192.168.100.30MAC AC


Mobility Optimized Networking generally available for all VMware HCX users (first available only for VMware Cloud on AWS).

Feature

Benefits

General Availability for Mobility Optimized Networking

• Improved VM routed flows during virtual machine migration.

• Tromboning elimination (latency reduction) for multiple extensions.

• Tromboning elimination for cloud native segments.

• SDDC based internet egress.


Key Features & Benefits

Automation

API level integration between HCX and NSX-T automatically configures / reconfigures networks when VMs move

Visibility / Transparency

Increased per VM visibility and control providing migration type and connectivity status and the ability to enable MON routing at any time

Benefits

Usability- vSphere admin friendly - Complex application availability- increased control

Simplification- No BGP / routing config- Cloud provider independence - Toggle on/off - Switchover control


HCX Network Extension Configuration Maximums/Limits


HCX Migrations Mobility


VMware HCX Bulk Migration Overview

▪ Uses host-based replication and optimized for parallel migrations

▪ Bi-directional migration across CPU vendors

▪ VM must have VMware Tools installed

▪ Part of HCX advance licensing

▪ Compatibility for Bulk :

▪ vSphere ESX 6.x+

▪ vCenter Server 6.0+

▪ VM HW version 7+

vCenterServer

HCXConnector


Customer Datacenter

▪ 6.X

▪ 7.X

▪ NSX-T

▪ NSX-V

▪ VDS

▪ VSS

▪ vSAN

▪ FC

▪ NFS

▪ iSCSI

vmvm vmvmvmvm

Source

vmvm vmvmvmvm

vmvm vmvmvmvm

HCXCloud

Manager

vCenterServer

vSphere NSX-T vSAN

Destination

vmvm vmvmvmvm

HCX Site Pairing

VMC SDDC

vmvm vmvmvmvm

vmvm vm

Bulk Migration

vmvm vm

Full Synchronization Transfer

Hybrid Interconnect

vmvm vm

6.0+

©2020 VMware, Inc.


VMware HCX vMotion & Cold Migration

▪ Integrates with ESXi to perform vMotion migrations for powered on VMs & NFC to cold migrate powered off VMs

▪ Bi-directional vMotion

▪ Forward - ESXi 6.0 to 6.7

▪ Reverse – vSphere 6.0 or higher

▪ Forward Migration without EVC baseline downgrade.

▪ HCX vMotion supports overlapping VMkernel IPs.

▪ VMs with RDMs in virtual compatibility mode can be migrated.

vCenterServer

HCXConnector


Customer Datacenter

▪ 6.X

▪ 7.X

▪ NSX-T

▪ NSX-V

▪ VDS

▪ VSS

▪ vSAN

▪ FC

▪ NFS

▪ iSCSI

vmvm vmvmvmvm

Source

vmvmvm

vmvm vmvmvmvm

HCXCloud

Manager

vCenterServer

vSphere NSX-T vSAN

Destination

vmvm vmvmvmvm

HCX Site Pairing

VMC SDDC

vmvm vmvmvmvm

vmvm vm

HCX vMotion

Hybrid Interconnect

vmvm vm

6.0+

©2020 VMware, Inc.

Serialized Migration


VR/HBR for Efficient and Compatible Moves.

• vSphere 6+ / VM Hardware v7+

• AMD to Intel.

Parallel: Mass migration with Scheduled Low Downtime switchover.

Highly Resilient: Transfer halts/resumes on network path disruptions.

VM Transformation during switchover. (Disk Type, Tools, HW, Pre/Post Scripts)

Highly Compatible HCX vMotion

• vSphere 6+, Hardware v9+,

• vMotion without EVC requirements.

• Works with isolated & overlapping vMotionsubnets.

Serial Operations: Single VM migration with Live Switchover.

No Virtual Machine changes during the live switchover.

Ideal for DR avoidance & cloud bursting.

HCX Bulk Migration ”The Resilient Workhorse for Mass Migrations”

HCX vMotion“Live State ”

HCX Advanced Migration Options – At a Glance ComparisonNot mutually exclusive approaches. Use what makes sense.


Replication Assisted vMotion OverviewBulk Migration + vMotion

▪ Uses native replication and vMotion in conjunction with HCX interconnect

▪ Optimized for parallel large-scale migrations

▪ vMotion synchronizes delta data and workload memory state.

▪ Option to schedule cutover

▪ Requires 100 Mbps or above throughput capability

▪ VM hardware must be version 9 or above

vCenterServer

HCXConnector


Customer Datacenter

• 6.X

▪ 7.X

▪ NSX-T

▪ NSX-V

▪ VDS

▪ VSS

▪ vSAN

▪ FC

▪ NFS

▪ iSCSI

Source

vmvmvm

HCXCloud

Manager

vCenterServer

vSphere NSX-T vSAN

Destination

HCX Site Pairing

VMC SDDC

vmvm vmvmvmvm

vmvm vm


Zero Downtime

Hybrid Interconnect

vmvm vm

6.x+

©2020 VMware, Inc.

State =

vmvm vmvmvmvm

vmvm vmvmvmvm vmvm vmvmvmvm


HCX Replication Assisted vMotionKey Features

• Large scale live mobility: A large set of VMs can be submitted for live migration

• Switchover window : Switchover window can be specified with Replication-assisted vMotion

• Continuous Replication: Once a set of VMs are selected for RAV, it does the initial syncing, and continue to

replicate the delta changes until the switchover window is reached

• Concurrency: With Replication-assisted vMotion, multiple VMs can be replicated simultaneously. When the

switchover window is reached, Delta vMotion will be initiated to do quick live switchover. Live Switchover

happens serially

• Resiliency: Resilient to latency and varied network and service conditions during initial sync and continuous

replication sync

• Ability to switchover larger sets of VMs with smaller maintenance window. Large chunk of data

synchronization via replication allows for smaller delta vMotion cycles paving way for large number of VMs

switching over in maintenance window


VMware HCX: OSAM support

VIO

SDDC Stack

VMware SDDC VIOOpenstack Cloud

Openstack

KVM

HCX

vSphere

VMware SDDCDC or Cloud

Hyper-VHCX

• Migrate non-vSphere based workloads (hyper-V/KVM based workloads) to VMware Cloud on AWS

• Uses the Sentinel software installed on Linux- or Windows-based guest VMs


OS Assisted MigrationHow it works.

▪ Deploy and configure the Sentinel Gateway

▪ Download the Sentinel Agent in the HCX interface.

▪ Install in the non-VMware Virtual Machine.

▪ Migrate like other vSphere Virtual Machines in the HCX Migration interface.


HCX OS Assisted Migration (OSAM)

KVM Guest VMs replicating to Target SDDC while remaining online in source environment

Target SDDCSource – KVM Host

OS Assisted Replication-based migration with WAN

Acceleration

Active Replicating

• Utilizes OS assisted replication to migrate (conceptually similar to vSphere replication)

• Source VM remains online during replication

• Quiesce the source VM for final sync before migration

• Perform software stack adaptation (fixup)

• Source VM is powered off and the migrated VM is powered on in target site, for low downtime switchover

• VMware tools is installed on the migrated VM


At user-selected time, the VM is powered off at source, powered on in target site, for low down-time switchover

Powered off

Active


HCX OS Assisted Migration (OSAM)

KVM Guest VMs replicating to Target SDDC while remaining online in source environment


OS Assisted Replication-based migration with WAN

Acceleration

Active Replicating

• Utilizes OS assisted replication to migrate (conceptually similar to vSphere replication)

• Source VM remains online during replication

• Quiesce the source VM for final sync before migration

• Perform software stack adaptation (fixup)

• Source VM is powered off and the migrated VM is powered on in target site, for low downtime switchover

• VMware tools is installed on the migrated VM


HCX OSAM Summary Workflow


Non vSphere to vSphere Virtual Machine Migrations

System Path for OS Assisted Migration Operations

HCX-SGW

HCX-SDR

TCP 9443

TCP 443

HCX Agents

TCP 44500 -44600

HCX-NE

HCX-NE

VLAN: <NN>

DVPG


Comparisons

HCX Migration Types

vCenterServer

HCXConnector


Customer Data Center

vmvm vmvmvmvm

Source

vmvm vmvmvmvm

vmvm vmvmvmvm

HCX Included Migration Types

Type DowntimeNo

DowntimeMin

DowntimeConversionDowntime Notes

ColdMigration

vMotion

BulkMigration

ReplicationAssistedvMotion

OSAssistedMigration

▪ Serialized

▪ Parallel▪ Large-Scale

▪ Parallel▪ Large-Scale

▪ Hyper-V▪ KVM

▪ NFC Protocol

▪ Reverse migration with RAV will depend on CPU family at the original source site▪ OS Assisted Migration requires conversion at local site first


Migration Using HCX

Cold Migration

HCX vMotion

HCX Bulk


1 Per Mesh

1 per Mesh

1 per Mesh

200 per Mesh

SwitchoverConcurrency

Transfer Concurrency

1 Per Mesh

1 per Mesh

200 per Mesh

200 per Mesh

HCX Migration Options – Migration ConcurrencyConcurrency

OS Assisted Replication 50 Disks per Mesh50 Disks per Mesh (up to 4 Meshes)


Migration Using HCX

No

No

OK During Transfer Phase


vMotion Storage Motion

MaintenanceMode

No

No



HCX Migration Options – Underlying Cluster Activity

Cold Migration

HCX vMotion

HCX Bulk


ESXiPower Cycle

Failure

Failure

Transfer Halt orSwitchover Error

Transfer Halt orSwitchover Error

N/A N/AOS Assisted Replication N/A


Migration Using HCXSource

vSphereVersion

6.0+

6.0+

6.0+

6.0+

HCX Migration Options– Source Version Support

Cold Migration

HCX vMotion

HCX Bulk

Replication Assisted vMotion *

Source ESXi

Version

6.0+

6.0+

6.0+

6.0+

Min. VM Hardware

9

9

9

7

N/AOS Assisted Replication N/A N/A


HCX Components – Bringing it all together

Components are deployed symmetrically across the source and destination locations.

HCX-IX and HCX-NE components automatically establish encrypted tunnels to the peers.

WANOPT connect to its peer via the IX appliance.


TASK 4 – 5

1. Create HCX Network Extension

2. Perform HCX vMotion Migration

3. Perform HCX RAV Migration

Lab - 8: Workload Mobility & Hybridity (Part 2)

LAB

Thank You


VMC on AWS Hybrid Cloud Operations

Documents

Transcript of VMC on AWS Hybrid Cloud Operations