VMWare HCX Design Considerations

Design Considerations

HCX Migration Types

Migration Type

Down

time?

Concurrent Migration?

Short Description

Edition

HCX vMotion

No

1 / S.Mesh

  • Transfers a live VM, just like vsphere vmotion.
  • Best suited for business critical small and medium virtual machines.

Advanced

Cold Migration

Yes

1 / S.Mesh

  • Transfers a powered-off VM.
  • Uses VMWare network file copy (NFC) protocol

Advanced

Bulk Migration

Minimal

250 / Mgr

  • Replicates vm before switchover.
  • Uses vsphere replication protocols
  • Once base sync is completed, delta sync keeps running every 2 hours until scheduled time.
  • Once the switchover is completed the source vm is renamed (not deleted)
  • Reference:
    • https://kb.vmware.com/s/article/87028

Advanced

Replication Assisted migration.

No

200 / Mgr

  • Replicates VM before vMotion.
  • Best suited for business critical virtual machines, including big vms.
  • RAV does the initial syncing, and continues to replicate the delta changes until the switchover window is reached.
  • Once the switchover is completed the source vm is removed.
  • Reference:

Enterprise

OS Assisted Migration

Yes

50 disks / S.Mesh

  • Replicate VM at OS level before switchover.
  • Supports migrating Windows and Linux vms running on Hyper-v and KVM hypervisors

Enterprise

License

Activation Key

In private to public cloud deployment, activation keys come from public cloud providers.

HCX Edition

HCX for VMware Cloud on AWS

  • Includes HCX Advanced services and HCX Enterprise features and services with no additional license requirement or additional cost. reference link2

Service Mesh

Compute Profile

Compute profile captures the following information

  1. HCX Services to be enabled
  2. Service Clusters
  3. Deployment Resources
    1. Cluster
    2. Datastore
  4. Network Profiles
  5. Distributed switches for network extension

Compute profile on Cloud HCX

On activating HCX on VMC, a compute profile is created automatically.

We can login to HCX on the VMC side with cloudadmin@vmc.local user account and check the compute profile

Uplink Network profiles on Cloud HCX

Uplink network profiles define how the migration traffic and network extension traffic flows between HCX appliances Onprem and VMC.

HCX Interconnect and network extension appliances communicate over the internet or directconnect. These appliances create their own ipsec tunnels; they do not use the VPNs created in the VMC console .

However, HCX managers can communicate over the VPN tunnels.

On the VMC side, the following network profiles are created by default

  1. If you have direct connect
    1. Use directConnect network profile
    2. Ip addresses; provide a non-overlapping cidr block. This is done from the HCX Cloud Manager UI located at the VMC for AWS Cloud site.
  2. If you don’t have direct connect
    1. Use externalNetwork, even if you have ipsec vpn setup between onprem and vmc.
    2. Note: mgmt-app-network profile should NOT be used for uplink. Kb Kb2
    3. Ip addresses: the Ip addresses are taken from public ips. If you don’t have enough public Ips, they can be requested in the vmc console.

Configure HCX to use Direct Connect

  • SDDC must be configured to use the Direct Connect Private Virtual Interface.
  • In VMC, Create a network segment for HCX appliances to be deployed.
  • login to the HCX on the VMC side and update directConnectNetworkProfile
    • to use the newly created segment and
    • update Ip pool.

Reference: Link1

Mobility Optimized

Networking

( enterprise edition

feature)

Solves hairpinning or tromboning effect for migrated VMs i.e. Avoids a long round trip network path via on-prem gateway

The network path of routed traffic for migrated VMs

  1. Without MON
    1. All traffic is directed back to source gateway located on-prem
  2. With MON
    1. Not all traffic is routed to source gateway
      1. Extended networks: Routed within destination
      2. Cloud native networks: Routed within destination
      3. Internet Egress: Routed within destination

Reference: vmw-doc

Traffic Engineering

( enterprise edition

feature)

  1. TCP Flow Conditioning:
    1. Dynamically adjusts the segment size during the TCP connection handshake between end points across the Network Extension
    2. Optimizes the average packet size to reduce fragmentation and lower the overall packet rate.
  2. Application path resiliency:
    1. HCX builds multiple transport tunnels between source and destination uplink addresses.
    2. HCX actively probes various paths in an ECMP and avoid black holed paths

Reference: vmw-blog vmw-bp-doc license-doc vmw-blog

Mobility Groups

HCX Concepts

HCX Components

What is a Proxy Host?

It is a two-way vmotion proxy.

  • When a vMotion is initiated to a remote host, the local ESXi host migrates that VM to the local proxy ESXi host.
  • HCX-IX appliance transfers the VM data to remote HCX-IX appliance.
  • Target proxy ESXi host migrates the VM to target ESXi host

How to deploy the Proxy host?

When a service mesh is created with “vMotion Migration Service” selected, a proxy host gets automatically deployed on vCenter. It’s purpose is

  • It looks like nested ESXi, but it isn’t. It is a dedicated mobility platform.
  • The processor, memory, storage and networking resources displayed on this object does not represent actual consumption on the physical hypervisor hosting the IX appliance.

References:

  1. https://docs.vmware.com/en/VMware-HCX/4.3/hcx-user-guide/GUID-9D3270E2-E7B1-42E6-A385-E5207957FCDB.html
  2. https://www.softwaredefinedblog.com/hcx/hcx-mobility-agent-aka-dummy-host/

HCX Appliances

Appliance

Services

Interconnect

(HCX-IX)

1. Replication based migration

2. vMotion based migration

3. Deploys Mobility Agent service that appears as a host object in the vCenter server.

WAN Optimization

(HCX-WO)

1. Applies WAN optimization techniques like the data de-duplication and line conditioning.

2. It accelerates on-boarding to the destination site using Internet connections, without waiting for Direct Connect/MPLS circuits.

Network Extension (HCX-NE)

Layer 2 Extension

Sentinel Gateway

Connects and forwards source workloads to destination

( In OS assisted migrations )

Sentinel Data Receiver

Receive, manage, and monitor data replication operations at the destination environment ( In OS assisted migrations )

HCX Traffic Types

Management

HCX appliances use the network to communicate with HCX Manager, vCenter Server, NTP, DNS.

Uplink

Local HCX appliances use the network to connect with remote HCX appliances and vice versa.

vMotion

HCX appliances use the network to communicate with the vMotion interface of ESXi hosts.

vSphere Replication

HCX appliances use the network to communicate with the vSphere replication interface of ESXi hosts.

To reach the vSphere replication interface of ESXi hosts.

HCX Guest Network

To connect to the Sentinel agents.

HCX Installation Flow

VMC

Deploy HCX on VMC

VMC

Download HCX OVA for On-Prem

On-prem

Deploy OVA

On-prem

Activate and Register HCX

On-prem

Register vCenter.

Register NSX (optional)

On-prem

Restart Services

On-Prem

Pair Sites

On-Prem

Create network profiles

On-Prem

Create compute profile

On-Prem

Create Service Mesh

References

  1. https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-C4CC758B-CAA4-42B9-92C3-9F16D10E25C5.html
  2. https://docs.vmware.com/en/VMware-HCX/4.2/hcx-getting-started/GUID-AB56D9A9-7E2C-436F-9E20-445E447E300F.html