Getting Started with

VMware HCX
VMware HCX
Getting Started with VMware HCX

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

If you have comments about this documentation, submit your feedback to

docfeedback@vmware.com

VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

©
Copyright 2020 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc. 2
 Contents

1 Introduction to HCX Deployments 4

HCX Connector and HCX Cloud Installations 5

2 Install Checklist A - HCX with a Private Cloud Destination Environment 8

3 Install Checklist A - Completed with Example Scenario 16

4 Install Checklist B - HCX with a VMC SDDC Destination Environment 21

5 HCX Deployment Considerations 28

Network Profile Considerations and Concepts 28
Compute Profile Considerations and Concepts 33

6 Appendix I - HCX Installation Summary Steps 44

VMware, Inc. 3
 1
Introduction to HCX
Deployments

Deploying VMware HCX requires information about your vSphere sites, networks and configurations.
Collecting the required configuration details and making some design choices in advance can greatly
reduce the time and resources to deploy. Install checklists are provided in this document to assist in
configuration planning. Deployment concepts, considerations and practices are explored.

Note This document is intended to supplement the information found in the VMware HCX User Guide.
Operational procedures for HCX are not included in this document.

Overview

HCX provides services between two or more distinct environments. The environments could be running
legacy (EOS) vSphere (5+), or they could be running modern vSphere (6.5+), they could also be
VMware-based public cloud instances. See VMware HCX Deployment Types.

This chapter includes the following topics:

n HCX Connector and HCX Cloud Installations

VMware, Inc. 4
Getting Started with VMware HCX

HCX Connector and HCX Cloud Installations

In HCX , there is notion of an HCX source and HCX destination environment. There is a specific HCX
installer that should be used depending on the environments.

The table highlights the differences between the two HCX Manager/Installation types:

HCX Connector
(previously Enterprise) HCX Cloud

When to use: Use the HCX Connector with the vCenter Use the HCX Cloud installer with the
Server containing the virtual machines vCenter Server containing the clusters
that will be migrated. that will be used for the destination for
The HCX Connector is always an HCX migrations.
source that connects to an HCX Cloud The HCX Cloud is an HCX destination, but
Caveat: If the environment will also be a can also be a source that connects to
destination for migrations, use the HCX another HCX Cloud.
Cloud instead.

Installer Option 1 - Use a download link from a In a public cloud deployment, HCX Cloud
deployed HCX Cloud system. is automatically installed when the service
Option 2 - Use the Download Link API to is enabled.
get a download link for the latest HCX In private cloud installations:
Connector build. Option 1 - Use the installer in
downloads.vmware.com. This installer
updates itself to the latest release.
Option 2 - Use the Download Link API to
get a download link for the latest HCX
Cloud build.

Supports EOS/legacy vSphere (5.0 - 6.0) Yes No

Requires new vSphere (6.5+) No Yes

Requires NSXv or NSX-T No Yes

Endpoint for Site Pairing (The HCX No Yes

destination)

Can initiate Site Pairing Yes Yes*

(the HCX source) * Cloud to Cloud.

Licensing/Activation No* Yes *

* Uses HCX Cloud-based activation/ * Public cloud HCX systems are activated
license. through the cloud service.
* Private cloud HCX systems are licensed
based on NSX Enterprise + or VCF
bundle.

VMware, Inc. 5
Getting Started with VMware HCX

More About the HCX Cloud Environments

The environment that is running HCX Cloud is generally the destination for HCX site pairing, for network
extensions and workload migration (but they can also be the source site when connecting to another
private or public HCX cloud system). The HCX Cloud site is always a Software Defined Data Center like
VMware Cloud Foundation or similar environments with new vSphere and NSX, built a la carte. HCX
public clouds like VMware Cloud AWS, IBM Cloud, Azure VMware Solution by CloudSimple are all HCX
Cloud environments. These are characteristics of the HCX destination environment:

n The destination environment and can be the target for Site Pairing, Network Extension and virtual
machine migrations with HCX.

n HCX at the destination is always deployed using the HCX Cloud Manager OVA.

n HCX requires the destination environment to use current vSphere. See Software Version
Requirements (destination environment).

n HCX requires the destination environment to use current NSX-T (or NSX for vSphere) that meets at
minimum all the NSX Requirements for HCX Appliance Deployments. Additional Requirements for
Network Extension may apply.

n When the destination is an HCX enabled Public Cloud provider (like the VMware Cloud on AWS):

n The public cloud provider will install and configure the HCX Cloud Manager on behalf of the
tenant (the process varies slightly by public cloud provider).

n The public cloud provider activates HCX or provides activation keys.

n When the destination is on-premises or private cloud:

n VMware Cloud Foundation Enterprise meets all the destination environment and licensing
requirements for HCX.

n The user will install and configure HCX Cloud Manager.

n The HCX Cloud Manager is licensed using NSX Data Center Enterprise plus.

n The HCX Cloud Manager installation carries higher requirements, but it can be both the source and
the target for Site Pairing, HCX Network Extension operations and Service Mesh deployments.

More About the HCX Connector Environments

In public cloud-based deployments (e.g HCX with VMware Cloud on AWS), the HCX Connector will be
deployed on-premises (the cloud instance runs HCX Cloud).

In private cloud deployments (e.g. Legacy to a modern migrations), the legacy environment will use the
HCX Connector (the modern private cloud environment runs HCX Cloud).

n An HCX Connector environment is always the source for Site Pairing, for Service Mesh
deployments.

n An HCX Connector cannot be the target for HCX Site Pairing.

VMware, Inc. 6
Getting Started with VMware HCX

n HCX Connector cannot site pair with another HCX Connector, the destination must always be a
private or public cloud with HCX Cloud.

n The HCX Connector's IX and NE appliances are always the Tunnel initiators when a Service Mesh is
created.

n HCX Connector supports lower software versions found in out of support environments that cannot be
upgraded. They may be running EOS vSphere software as far back as vSphere 5.0.

n An HCX Connector installation does not require NSX to be present.

n A legacy vSphere environment running EOS software is always considered the source HCX system,
and will be installed using the HCX Connector OVA. See Software Version Requirements (Source
Environment Requirements).

n When the HCX Connector environment also meets the destination site requirements, consider
installing HCX Cloud. See Software Version Requirements (destination environment).

n HCX supports interoperability with legacy environments for the purpose of migration or evacuation,
there is no support for migrating to a legacy environment.

VMware, Inc. 7
 2
Install Checklist A - HCX with a
Private Cloud Destination
Environment

This install checklist is written for fully private deployments, where HCX has to be prepared in each
environment (in public cloud HCX deployments, the provider handles HCX installation and bootstraps an
configuration using public IPs).

This document presented in a source vSphere to destination vSphere format:

n It is assumed that the source vSphere contains the existing workloads and networks that will be
migrated. This environment can be legacy (vSphere 5 +) or relatively modern (in support/current
vSphere & NSX).

n It is assumed that destination is a relatively modern private cloud (with in support/current vSphere &
NSX), or a VMware Cloud Foundation deployment that will be the target for HCX network extensions,
migrations and services.

n Deployment variations like multi-vCenter Server, multi-cloud, inter-cluster (same vCenter Server),
vCloud Director, OS-Assisted or performance-centric implementations are outside the scope of this
checklist.

Use Cases and POC Success Criteria

"How am I doing with HCX? How will I define a success in my proof of concept?"

VMware, Inc. 8
Getting Started with VMware HCX

▢ What defines the success Clearly define how the success criteria. For example:
criteria for the HCX proof of n Extend 2 test networks.
concept? n Live migrate virtual machine.
n Test HCX L2 connectivity using over the extended network.
n Reverse migrate a VM.
n Bulk Migrate a VM.

▢ Ensure features will be The core migration services (vMotion, Bulk, Optimization and Network Extension) are available
available with the trial or full with HCX Advanced licensing.
licenses obtained. Trial license allows up to 20 migrations.
OSAM, RAV and SRM integration require HCX Enterprise licensing.

▢ Understand technology- For any HCX technologies that will be used, have awareness of possible restrictions and
specific restrictions. requirements.
For example, if a zero downtime application needs to be migrated, HCX vMotion or RAV should be
used.
In this case, one should note that "vMotion based migrations require Virtual Machine Hardware
Version 9 or above." Restrictions like this one are documented in the About section for the specific
migration type in the HCX User Guide.

Collect vSphere Environment Details

This section identifies vSphere related information that should be known about the environments that is
relevant for HCX deployments.

Environment Detail Source Environment Destination Environment

▢ vSphere Version: n Must be 5.0 or above. n Must be 6.5 or above (6.7 recommended, 6.0
nearing EOS).

▢ Distributed Switches n Understand the relationships between n Understand the relationships between clusters
and Connected Clusters clusters and the Distributed Switches. and the NSX Transport Zone. HCX will only
deploy and extend networks to clusters
included in the Transport Zone.

▢ ESXi Cluster n Identify the ESXi Management, vMotion and n Identify the ESXi Management, vMotion and
Networks Replication (if it exists). VSS PG or DPG Replication (if it exists). VSS PG or DPG
Names, VLANs and Subnets. Names, VLANs and Subnets.
n If these networks vary from cluster to cluster, n If these networks vary from cluster to cluster,
additional configuration will be needed. additional configuration will be needed.
n Identify available IPs (HCX will participate in n Identify available IPs (HCX will participate in
these networks) these networks)

▢ NSX version and n NSX is not required at the source, but is n Must be NSX-T 2.4+ or NSX-V 6.3+. See NSX
configurations: supported for NSX Network Extension. See Requirements for HCX Appliance Deployments.
NSX Requirements for the HCX Enterprise n NSX-T T1 or NSX-V ESG or DLR is required for
Installation. Network Extension.

▢ Review and ensure

all Software Version
Requirements are
satisfied.

▢ vCenter Server URL: n https://vcenter-ip-or-fqdn n https://vcenter-ip-or-fqdn

VMware, Inc. 9
Getting Started with VMware HCX

Environment Detail Source Environment Destination Environment

▢ administrator
@vsphere.local or
equivalent account.

▢ NSX Manager URL: n NSX is optional. It is only required when HCX n https://nsxmgr-ip-or-fqdn
will be used to extend NSX networks

▢ NSX admin or n If HCX will be used to extend NSX networks, n A full access Enterprise Administrator user is
equivalent account. know the administrator account for the NSX required when registering the NSX Manager.
registration step.

▢ Destination vCenter n Use the SSO FQDN as seen in the vCenter n Use the SSO FQDN as seen in the vCenter
SSO URL : Advanced Configurations Advanced Configurations
(config.vpxd.sso.admin.uri) (config.vpxd.sso.admin.uri).

▢ DNS Server: n DNS is required. n DNS is required.

▢ NTP Server: n NTP server is required. n NTP server is required.

▢ HTTP Proxy Server: n If there is an HTTPS proxy server in the n If there is an HTTPS proxy server in the
environment, it should be added to the environment, it should be added to the
configuration. configuration.

Planning for the HCX Manager Deployment

This section identifies information that should be known prior to deploying the source and destination
HCX Manager systems.

Source HCX Manager Destination HCX Manager

(type: Connector or Enterprise) (type: Cloud)

▢ HCX Manager n The HCX Manager can be deployed like other n The HCX Manager can be deployed like other
Placement/ management components (like vCenter management components (like vCenter Server or NSX
Zoning: Server or NSX Manager). Manager).
n It does not have to be deployed where the It does not have to be deployed where the migration
migration workloads reside. workloads reside.

▢ HCX Manager n The HCX Manager download link for the [The OVA has been downloaded.]
Installer OVA: source is obtained from the destination HCX n HCX Manager installer OVA can be obtained from
Manager, in the System Updates UI. downloads.vmware.com.
n If OVA download links were provided by the n If OVA download links were provided by the VMware
VMware team, the file for the source will be team, the file for the destination will be named VMware-
named VMware-HCX-Enterprise-3.5.2- HCX-Cloud-3.5.2-########.ova.
########.ova.
Note The file VMware-HCX-
Installer-3.5.2-14263139.ova with Release Date
2019-08-08 is a generic installer that will update itself to the
latest version during the installation.

▢ HCX Manager
Hostname:

▢ HCX Manager n The HCX Manager vNIC IP address, typically n The HCX Manager vNIC IP address, typically an
Internal IP an internal address from the environment's internal address from the environment's management
Address: management network. network.

VMware, Inc. 10
Getting Started with VMware HCX

Source HCX Manager Destination HCX Manager

(type: Connector or Enterprise) (type: Cloud)

▢ HCX Manager n The source HCX Manager initiates the [sddc1-hcx.xyz.com , Pub IP assignment 192.0.2.50]
External Name / management connection to the destination, it n Only required when the paired environments do not
Public IP does not need a dedicated public IP address. have a private connections and will connect over the
Address: n The HCX manager should can NAT Internet.
n The external name record should resolve to a public IP
address.

▢ HCX Manager
admin / root
password:

▢ Verify external n HCX Manager makes outbound HTTPS n HCX Manager makes outbound HTTPS connections to
access for the connections to connect.hcx.vmware.com and connect.hcx.vmware.com and hybridity-
HCX Manager: hybridity-depot.vmware.com. depot.vmware.com.
n The source HCX Manager will make n The destination HCX Manager will receive HTTPS
outbound HTTPS connections to the site connections from the site paired source HCX Manager
paired destination HCX Manager systems. systems.

▢ HCX n In private cloud / private data center / VFC n In private cloud / private data center / VFC
Activation / deployments, HCX Advanced features are deployments, HCX Advanced features are licensed
Licensing: licensed using the NSX Enterprise plus using the NSX Enterprise plus licenses from the
licenses from the destination NSX destination NSX environment. See Activating or
environment. See Activating or Licensing Licensing New HCX Systems for more details.
New HCX Systems for more details.

Planning the Compute Profile Configurations

A Compute Profile contains the catalog of HCX services and allows in-scope infrastructure to be planned
and selected prior to deploying the Service Mesh. The Compute Profile describes how HCX will deploy
services and services appliances when a Service Mesh is created.

VMware, Inc. 11
Getting Started with VMware HCX

Source Compute Profile Destination Compute Profile

▢ Compute Profile n Using meaningful names simplify operations in n Using meaningful names simplify operations
Name multi-CPs deployments. in multi-CPs deployments.

▢ Services to Enable n Services are presented as a catalog, showing n Services are presented as a catalog, showing
available capabilities based on licensing. available capabilities based on licensing.
n This can be used to restrict the individual HCX This can be used to restrict the individual
services that will be enabled. HCX services that will be enabled.

▢ Service Resources [legacy-dev cluster] [Compute-1 , Compute-2 ]

(Datacenter or n Every cluster that contains virtual machines will n Every cluster that is a valid target should be
Cluster) be used as a Service Cluster in the Compute included as a Service Cluster in the
Profile. Compute Profile.

▢ Deployment n The Deployment Cluster hosts HCX appliances. n The Deployment Cluster hosts HCX
Resources (Cluster or n It needs to be connected to DVS for HCX L2 and appliances.
Resource Pool) can reach the service cluster networks for HCX n It needs to be connected to the NSX
migration. Transport Zone for L2 and can reach the
service cluster networks for HCX migration.

▢ Deployment n Select the datastore to use with HCX service n Select the datastore to use with HCX service
Resources (Datastore) mesh deployments. mesh deployments.

▢ Distributed Switches n Select the virtual switch(es) or transport zone n Select the transport zone that will be used
or NSX Transport that contains virtual machine networks that will with HCX Network Extension operations.
Zone for Network be extended.
Extension n The deployment cluster hosts must be connected
to the selected switches.

VMware, Inc. 12
Getting Started with VMware HCX

Planning the Network Profile Configurations

A Network Profiles contains information about the underlying networks and allows networks and IP
addresses to be pre-allocated prior to creating a Service Mesh. Review and understand the information
in Network Profile Considerations and Concepts before creating Network Profiles for HCX .

Network Profile
Type Source Network Details Destination Network Details

▢ HCX Uplink n It is typical to use the Management and Uplink n When connecting environments over Internet,
Networks to use the same backing at the source. If assign the Public IPs networks as the HCX
a dedicated network is used, collect the following: Uplink.
n VLAN, Port Group n VLAN, Port Group
n VSS|DVS|NSX Network Name n VSS|DVS|NSX Network Name
n Gateway IP n Gateway IP
n Range of available IPs for HCX to use. n Range of available IPs for HCX to use.

▢ HCX n The ESX Management network (typically). n The ESX Management network (typically).
Management n VLAN, Port Group n VLAN, Port Group
n VSS|DVS|NSX Network Name n VSS|DVS|NSX Network Name
n Gateway IP n Gateway IP
n Range of available IPs for HCX to use. n Range of available IPs for HCX to use.

▢ HCX vMotion n The vMotion network n The vMotion network

n VLAN, Port Group n VLAN, Port Group
n VSS|DVS|NSX Network Name n VSS|DVS|NSX Network Name
n Gateway IP n Gateway IP
n Range of available IPs for HCX to use. n Range of available IPs for HCX to use.

▢ HCX n The ESX Replication network. This will be the same n The ESX Replication network. This will be the
Replication as the Management network when a dedicated same as the Management network when a
Replication network doesn't exist (5.5 and older). dedicated Replication network doesn't exist (5.5
n VLAN, Port Group and older).

n VSS|DVS|NSX Network Name n VLAN, Port Group

n Gateway IP n VSS|DVS|NSX Network Name

n Range of available IPs for HCX to use. n Gateway IP

n Range of available IPs for HCX to use.

Service Mesh Planning Diagram

The illustration summarizes HCX service mesh component planning.

VMware, Inc. 13
Getting Started with VMware HCX

Site to Site Connectivity

▢ Bandwidth for n A minimum 100 Mbps ofbandwidthis required for HCX migration services.
Migrations

▢ Public IPs & NAT n HCX automatically enables strong encryption for site to site service mesh communications. It is typical
for customers to begin migration projects over the Internet (while private circuits are not available, or
won't become available).
n HCX supports outbound SNAT at the source. The HCX Uplink can be a private/internal IP address at
the source environment. The SNAT of all HCX components to a single Public IP address.
n Public IP addresses must be assigned directly in the Uplink Network Profile at the destination HCX
configuration.
n Inbound DNAT is not supported at the destination.

▢ Source HCX to n The source HCX Manager connects to the HCX Cloud Manager using port TCP-443.
Destination HCX n The source IX (HCX-IX-I) connects to the peer IX (HCX-IX-R) using port UDP-500 and UDP-4500.
Network Ports n The source NE (HCX-NE-I) connects to the peer NE (HCX-NE-R) using port UDP-500 and UDP-4500.
n The source HCX appliances initiate the connections.

▢ Other HCX Network n A full list of port requirements for HCX can be found in ports.vmware.com.
Ports

VMware, Inc. 14
Getting Started with VMware HCX

Figure 2-1. Network Ports at the Source

Figure 2-2. Network Ports at the Destination

VMware, Inc. 15
 3
Install Checklist A - Completed
with Example Scenario

This version of the checklist is prepared using a fictional migration scenario. The entries are completed
using the scenario information.

The planning tables in this document are organized assuming there is one source environment and one
destination environment:

n It is assumed that the source vSphere contains the existing workloads and networks that will be
migrated. This environment can be legacy or relatively modern. See Software Version Requirements
(Source Environment Requirements).

n It is assumed that destination is a private cloud deployment, and will be the target for HCX network
extensions, migrations and services. See Software Version Requirements (Destination Environment
Requirements).

Explanations are included in the regular pre-install checklists. This checklist omits them for brevity.

Scenario - XYZ Migration from Legacy DC to SDDC

The XYZ Widget Company plans to evacuate the XYZ Legacy DC into a newly built XYZ SDDC (in a new
physical data center). HCX will enable the evacuation of all workloads and the decommissioning of EOL
hardware and EOS software without upgrades.

The objective for the HCX POC is to test core VMware HCX capabilities that will enable the evacuation of
the legacy data center. The proof of concept will be following this success criteria:

n Deploy the HCX Service Mesh, configured to provide services for the DEV environment.

n Extend the prepared test network (virtual machine VLAN 10 backed DPG).

n Successfully perform HCX vMotion and Bulk migration for a test virtual machine from Legacy DC to
the SDDC.

n Understand the time to migrate VM data for each protocol.

n Understand the ability to use bandwidth for migrations under the POC configuration.

n Test Network Extension:

n Verify Legacy VM to SDDC VM connectivity over the HCX L2 path.

n Understand Legacy to SDDC latency.

VMware, Inc. 16
Getting Started with VMware HCX

n Successfully perform reverse HCX migrations from SDDC to Legacy.

n Successfully complete the Bulk migration of 3-5 VMs in parallel from Legacy DC to SDD in parallel.

n Test the Bulk migration failover scheduler.

n Upgrade VM Hardware / VM Tools.

Scenario Environment Details

Fictional environment details for the XYZ-Legacy and the XYZ-SDDC.

Environment Facts Source - Legacy DC Destination - XYZ-SDDC

vSphere n vSphere 5.5 U3 n vSphere 6.7

n Mgmt Cluster n Mgmt Cluster
n Dev Cluster n Compute-1 Cluster
n Prod Cluster n Compute-2 Cluster
n Legacy DVS n Mgmt DVS
n Compute DVS

Cluster Networks n ESXi Management 192.168.100.0 n ESXi Management 10.0.100.0

prefix-24 VSS-VLAN-100 prefix-22
n ESXi vMotion 192.168.101.0 n ESXi vMotion 10.0.104.0 prefix-22
prefix-24 VSS-VLAN-101 n ESXi Replication 10.0.108.0 prefix-22

VM Networking n Single Legacy DC DVS. n NSX-T Overlay TZ Configured

n DPG Test-VM-NET-10 192.168.10.0 n NSX-T T1 Router Created.
prefix-24 VLAN 10.
n 5 Test-VMs deployed for the POC.

Storage n Block Storage Central Array n vSAN Storage

Site to Site Connectivity n 1 Gbps Internet / WAN. n 10Gbps Internet / WAN.

n No dedicated Public IPs required for n 3 Public IPs reserved for HCX.
HCX (HCX will NAT outbound).

Collect vSphere Environment Details

Collect the relevant environment details in preparation for the installation. The bulleted entries may
provide context, or about requirements related to the Environment Detail entry.

XYZ Widget Company Scenario information is [in brackets].

Environment Detail Source Environment Destination Environment

▢ vSphere Version: [XYX Legacy is 5.5.] [XYZ SDDC is 6.7]

▢ Distributed Switches and Connected [Shared DVS : Mgmt, Dev, Prod] [Mgmt DVS: Mgmt Cluster
Clusters Compute DVS: Compute-1, Compute-2]

▢ ESXi Cluster Networks [ESXi Management [ESXi Management 10.0.100.0/22

192.168.100.0/24 VSS-VLAN-100 ESXi vMotion 10.0.104.0/22
ESXi vMotion 192.168.101.0/24 ESXi Replication 10.0.108.0/22]
VSS-VLAN-101]

VMware, Inc. 17
Getting Started with VMware HCX

Environment Detail Source Environment Destination Environment

▢ NSX version and configurations: [No NSX in Legacy DC] [XYZ SDDC is running NSX-T 2.4.3, with
an overlay Transport Zone that includes
Compute-1 and Compute-2 clusters]

▢ Verify all Software Version Requirements are [Verified XYZ Legacy DC meets all [Verified XYZ SDDC meets all
satisfied documented version requirements] documented version requirements]

▢ vCenter Server URL: [https://legacy-vcenter] [https://sddc-1-vcenter.xyz.com]

▢ vCenter administrator@vsphere.local or [Verified administrator access to [Verified administrator access to the

equivalent account. the vCenter server] vCenter server]

▢ Destination NSX Manager URL: [N/A] [https://sddc-1-nsxm.xyz.com]

▢ NSX admin or equivalent account. [N/A] [Verified the NSX admin account]

▢ Destination vCenter SSO URL : [embedded ] [sddc-1-psc.xyz.com]

▢ DNS Server: [legacy-dns.xyz.com] [dns.xyz.com]

▢ NTP Server: [legacy-ntp.xyz.com] [ntp.xyz.com]

▢ HTTP Proxy Server: [proxy.xyz.com] [Verified xyz does not use HTTP proxy
servers]

Planning for the HCX Manager Deployments

XYZ Widget Company Scenario information is [in brackets].

HCX Manager Deployment at

HCX Manager Deployment at Source Destination

▢ HCX Manager Placement: [HCX Manager will be deployed in the xyz- [HCX Manager will be deployed in the
sddc1 ] XYZ-SDDC-1 Mgmt cluster ]

▢ HCX Manager Installer OVA: [The OVA will be downloaded from the SDDC-1 [The OVA has been downloaded.]
HCX Manager once that is online]

▢ HCX Manager Hostname: [legacy-hcxm.xyz.com] [sddc-1-hcxm.xyz.com]

▢ HCX Manager Internal IP [192.168.100.50] [10.0.100.50]

Address:

▢ HCX Manager External Name / [External Name/Pub IP assignment is not [sddc1-hcx.xyz.com , Pub IP assignment
Public IP Address: applicable] 192.0.2.50]

▢ HCX Manager admin / root

password:

▢ Verify outbound access for the [Verified outbound NAT will allow outbound [Verified the HCXM network can reach
HCX Manager: connections for legacy-hcxm] *.vmware.com using . HTTPS]

▢ HCX Activation / Licensing: [The licenses for the sddc-1-hcx will be used at [The XYZ HCX POC will use trial licenses,
the source) which allows testing up to 20 migrations]

VMware, Inc. 18
Getting Started with VMware HCX

Planning the Compute Profile Configurations

XYZ Widget Company Scenario information is [in brackets].

Note In the XYZ Widget Company POC scenario, a single Compute Profile will be used.

In production deployments, one can create additional Compute Profiles to scale out the HCX services or
to achieve connectivity when there are things like per-cluster vMotion or DVS isolation in the environment.

Source Compute Profile Destination Compute Profile

▢ Compute Profile Name [Legacy-DC-CP] [sddc-1-CP]

▢ Services to Enable [All services enabled] [All services enabled]

▢ Service Resources (Datacenter or Cluster) [legacy-dev cluster] [Compute-1 , Compute-2 ]

▢ Deployment Resources (Cluster or Resource Pool) [legacy-dev cluster] [sddc-1-compute-1]

▢ Deployment Resources (Datastore) [legacy-block-array] [sddc-1-vsan-datastore]

▢ Distributed Switches or NSX Transport Zone for [legacy-shared-dvs] [sddc-1-nsxt-overlay-tz, includes compute
Network Extension clusters]

Planning the Network Profile Configurations

The Network Profiles abstract Network consumption during HCX service deployments. See Network
Profile Considerations and Concepts.

XYZ Widget Company Scenario information is [in brackets].

Network Profile Type Source Network Details Destination Network Details

HCX Uplink [Using Mgmt] [xyz-sddc-ext-net 192.0.2.11 - 192.9.2.15]

HCX Management [legacy-mgmt, 192.168.100.0/24, gw: .1 [xyz-sddc-mgmt, 10.0.100.0/22, gw: .1

HCX range: 192.168.100.201 - 192.168.100.205] 10.0.100.201 - 10.0.100.205]

HCX vMotion [legacy-vmotion, 192.168.101.0/24, gw: .1 [xyz-sddc-vmo, 10.0.104.0/22, gw: .1

HCX range: 192.168.101.201 - 192.168.101.205] 10.0.104.201 - 10.0.104.205]

HCX Replication [Using Mgmt] [xyz-sddc-repl, 10.0.108.0/22, gw: .1

10.0.108.201 - 10.0.108.205]

Source HCX to Destination HCX IP Connectivity

XYZ Widget Company Scenario information is [in brackets].

Bandwidth for Migrations [XYZ Legacy DC has 1Gbps Internet uplinks, 500 can be used for migrations. XYZ-SDDC has 10Gbps
available.]

Public IPs & NAT [XYZ Legacy DC HCX components will SNAT.
XYZ Legacy DC Public IP addresses have been allocated as follows :
One for the HCX Manager (it will be configured as an inbound DNAT rule).
Two for HCX Uplink NP (one for the IX appliance and one for the NE appliance) ]

VMware, Inc. 19
Getting Started with VMware HCX

Source HCX to [XYZ Legacy DC perimeter firewall has been configured to allow UDP-500, UDP-4500 and HTTPS
Destination HCX Network outbound
Ports XYX SDDC perimeter firewall has been configured to allow HT ]

HCX Network Ports n A full list of port requirements for HCX can be found in ports.vmware.com.

VMware, Inc. 20
 4
Install Checklist B - HCX with a
VMC SDDC Destination
Environment

This install checklist is written for HCX deployments with VMware Cloud on AWS as the target, where
HCX is automatically installed by enabling the service (in private cloud HCX deployments, the user
handles full HCX deployment and configuration for the destination environment.

This document presented in using on-prem as the source to VMC SDDC as the destination. All the
checklist tables follow this format:

n It is assumed that the on-prem vSphere contains the existing workloads and networks that will be
migrated. This environment can be legacy (vSphere 5 +) or relatively modern (in support/current
vSphere & NSX). The HCX Connector will be installed.

n It is assumed that destination is a VMC SDDC instance.

HCX Use Cases and POC Success Criteria

"How am I doing with HCX? How will I define a success in my proof of concept?"

▢ What defines the success criteria for the HCX proof of Clearly define how the success criteria. For example:
concept? n Extend 2 test networks to VMC.
n Live migrate a virtual machine.
n Test HCX L2 connectivity using over the extended network.
n Reverse migrate a VM.
n Bulk Migrate a VM.

▢ Ensure features will be available with the trial or full n HCX is an available add-on included with a VMC SDDC.
licenses obtained. n The add-on gives access to the HCX Advanced features.
n The add-on does not provide access to HCX Enterprise features.
See VMware HCX Services.

Collect vSphere Environment Details

This section identifies vSphere related information that should be known about the environments that is
relevant for HCX deployments.

VMware, Inc. 21
Getting Started with VMware HCX

Environment Detail On-premises Environment VMC SDDC

▢ vSphere Version: n Must be 5.0 or above. n N/A. SDDC instances run supported
software versions.

▢ Distributed Switches n Understand the relationships between clusters and n N/A. The SDDC compute profile will
and Connected Clusters the Distributed Switches. automatically include the workload
clusters.

▢ ESXi Cluster n Identify the ESXi Management, vMotion and n N/A. In VMC the HCX is automatically
Networks Replication (if it exists). VSS PG or DPG Names, installed.
VLANs and Subnets.
n If these networks vary from cluster to cluster,
additional configuration will be needed.
n Identify available IPs (HCX will participate in these
networks)

▢ NSX version and n NSX is not required on-premises, but is supported n N/A. In VMC the HCX is automatically
configurations: for the purpose of extending NSX Networks. See installed.
NSX Requirements for the HCX Enterprise
Installation if NSX networks will be extended to
VMC.

▢ Review and ensure all

Software Version
Requirements are
satisfied.

▢ vCenter Server URL: n https://vcenter-ip-or-fqdn n The VMC URLs are listed in

vmc.vmware.com, under SDDCs >
Settings.

▢ Administrative n Know the administrator @vsphere.local or n In VMC, know how to locate the
accounts equivalent account for the vCenter Server cloudadmin@vmc.local account details.
registration step.

▢ NSX Manager URL: n N/A. See the NSX versions column above. n N/A. Networking & Security features are
managed using the VMC user interface.

▢ NSX admin or n If HCX will be used to extend NSX networks, know n N/A. Networking & Security features are
equivalent account. the administrator account for the NSX registration managed using the VMC user interface.
step.

▢ Destination vCenter n Use the SSO FQDN as seen in the vCenter n The VMC URLs are listed in
SSO URL : Advanced Configurations (config.vpxd.sso.admin.uri) vmc.vmware.com, under SDDCs >
Settings.

▢ DNS Server: n DNS is required. n N/A. Automatically configured.

▢ NTP Server: n NTP server is required. n N/A. Automatically configured.

▢ HTTP Proxy Server: n If there is an HTTPS proxy server in the n N/A. Automatically configured.
environment, it should be added to the configuration.

Planning for the HCX Manager Deployment

This section identifies information that should be known prior to deploying the HCX Manager system on-
premises. HCX Manager at the VMC SDDC is deployed automatically when the service is enabled.

VMware, Inc. 22
Getting Started with VMware HCX

Source HCX Manager Destination HCX Manager

(type: Connector or Enterprise) (type: Cloud)

▢ HCX Manager n The HCX Manager can be deployed like other n The VMC HCX Cloud Manager is deployed
Placement/Zoning: management components (like vCenter Server or automatically in the SDDC management
NSX Manager). cluster whenever the HCX add-on service is
n It does not have to be deployed where the migration enabled on the SDDC.
workloads reside.

▢ HCX Manager n The HCX Manager download link for the source is n N/A.
Installer OVA: obtained from the destination HCX Manager, in the
System Updates UI.
n If OVA download links were provided by the VMware
team, the file for the source will be named VMware-
HCX-Enterprise-3.5.2-########.ova.

▢ HCX Manager n The VMC URLs are listed in

Hostname / vmc.vmware.com, under SDDCs > Settings.
FQDN:

▢ HCX Manager n The HCX Manager vNIC IP address, typically an n The SDDC HCX Cloud system uses an IP
Internal IP internal address from the environment's management address based on the provided subnet for
Address: network. SDDC management. This address is not
required for site pairing with the SDDC.

▢ HCX Manager n The source HCX Manager initiates the management n The SDDC Management firewall will reflect
External Name / connection to the destination, it does not need a entries allowing TCP-443 connections to the
Public IP Address: dedicated public IP address. HCX Cloud Manager public IP address.
n The HCX manager should be able to NAT

▢ HCX Manager n In VMC, know how to locate the

admin / root cloudadmin@vmc.local account details.
password:

▢ Verify external n HCX Manager makes outbound HTTPS connections n The VMC URLs are listed in
access for the to connect.hcx.vmware.com and hybridity- vmc.vmware.com, under SDDCs > Settings.
HCX Manager: depot.vmware.com. n Ensure the VMC management firewall allows
n The source HCX Manager will make outbound inbound HTTPS connections from the on-
HTTPS connections to the site paired destination prem HCX Connector and from the User
HCX Manager systems. systems that will access the interface.

▢ HCX Activation / n Activation keys for the HCX Connector system on- n The HCX in the VMC SDDC instance is
Licensing: premises is generated in VMC. activated when the service is enabled.
n To generate a key, open add-ons tab to open HCX.
Use Activation Keys > Create Activation Key > HCX
Connector to generate a key for the on-premises
HCX system.

Planning the Compute Profile Configuration

A Compute Profile contains the catalog of HCX services and allows in-scope infrastructure to be planned
and selected prior to deploying the Service Mesh. The Compute Profile describes how HCX will deploy
services and services appliances when a Service Mesh is created.

A Compute Profile is required in the on-premises HCX Connector.

VMware, Inc. 23
Getting Started with VMware HCX

A Compute Profile is pre-created in the VMC SDDC as part of enabling the HCX Add-on.

On-premises Compute Profile SDDC Compute Profile

▢ Compute Profile n Using meaningful names simplify operations in multi- n The Compute Profile configuration is
Name CPs deployments. created automatically in the SDDC
HCX system when HCX is enabled.

▢ Services to Enable n Services are presented as a catalog, showing n All HCX services are enabled in the
available capabilities based on licensing. SDDC Compute Profile.
n This can be used to restrict the individual HCX
services that will be enabled.

▢ Service Resources n Every cluster that contains virtual machines will be n The SDDC Compute Cluster is
(Datacenter or Cluster) used as a Service Cluster in the Compute Profile. assigned as the HCX Service Cluster.
n The SDDC Management Cluster is a
Service Cluster.

▢ Deployment n The Deployment Cluster hosts HCX appliances. n The SDDC Management Cluster is
Resources (Cluster or n It needs to be connected to DVS for HCX L2 and can assigned as the HCX Deployment
Resource Pool) reach the service cluster networks for HCX migration. Cluster.

▢ Deployment n Select the datastore to use with HCX service mesh n The SDDC Management Datastore is
Resources (Datastore) deployments. used.

▢ Distributed Switches n Select the virtual switch(es) or transport zone that n The SDDC Transport zone is used in
or NSX Transport Zone contains virtual machine networks that will be the configuration.
for Network Extension extended.
n The deployment cluster hosts must be connected to
the selected switches.

VMware, Inc. 24
Getting Started with VMware HCX

Planning the Network Profile Configurations

A Network Profiles contains information about the underlying networks and allows networks and IP
addresses to be pre-allocated prior to creating a Service Mesh. Review and understand the information
in Network Profile Considerations and Concepts before creating Network Profiles for HCX .

Network Profile
Type On-Prem Details VMC SDDC Details

▢ HCX Uplink n It is typical to use the Management and Uplink n By default, the SDDC instance uses Public
Networks to use the same backing at the source. If a IP-based EIPs in the Uplink configuration.
dedicated network is used, collect the following: n If a DX private VIF will be used for
n VLAN, Port Group connecting the on-prem environment to the
n VSS|DVS|NSX Network Name SDDC, configure a unique private IP
network.
n Gateway IP
n Range of available IPs for HCX to use.

▢ HCX n The ESX Management network (typically). n Network Profiles are configured
Management n VLAN, Port Group automatically when the HCX service is
enabled using a portion of the SDDC
n VSS|DVS|NSX Network Name
management network.
n Gateway IP
n Range of available IPs for HCX to use.

▢ HCX vMotion n The vMotion network n Network Profiles are configured

n VLAN, Port Group automatically when the HCX service is
enabled using a portion of the SDDC
n VSS|DVS|NSX Network Name
management network.
n Gateway IP
n Range of available IPs for HCX to use.

▢ HCX n The ESX Replication network. This will be the same as n Network Profiles are configured
Replication the Management network when a dedicated automatically when the HCX service is
Replication network doesn't exist (5.5 and older). enabled using a portion of the SDDC
n VLAN, Port Group management network.

n VSS|DVS|NSX Network Name

n Gateway IP
n Range of available IPs for HCX to use.

Service Mesh Planning Diagram

The illustration summarizes HCX service mesh component planning.

VMware, Inc. 25
Getting Started with VMware HCX

Site to Site Connectivity

▢ Bandwidth for n A minimum 100 Mbps of bandwidth is required for HCX migration services.
Migrations

▢ Public IPs & NAT n HCX automatically enables strong encryption for site to site service mesh communications. It is typical
for customers to begin migration projects over the Internet (while private circuits are not available, or
won't become available).
n HCX supports outbound SNAT at the source. The HCX Uplink can be a private/internal IP address at
the source environment. The SNAT of all HCX components to a single Public IP address.
n Inbound DNAT is not supported at the destination. A VMC HCX deployment automatically assigns
public IP addresses to the HCX components

▢ Source HCX to n The source HCX Manager connects to the HCX Cloud Manager using port TCP-443.
Destination HCX n The on-prem IX (HCX-IX-I) connects to the VMC SDDC IX (HCX-IX-R) using port UDP-500 and
Network Ports UDP-4500.
n The on-prem NE (HCX-NE-I) connects to the VMC SDDC NE (HCX-NE-R) using port UDP-500 and
UDP-4500.
n The source HCX appliances always initiate the transport tunnel connections.

▢ Other HCX Network n A full list of port requirements for HCX can be found in ports.vmware.com.
Ports

VMware, Inc. 26
Getting Started with VMware HCX

HCX Network Ports On-Premises

VMware, Inc. 27
 5
HCX Deployment Considerations

Several aspects of HCX deployments are presented and explored in the sections that follow.

This chapter includes the following topics:

n Network Profile Considerations and Concepts

n Compute Profile Considerations and Concepts

Network Profile Considerations and Concepts

Network Profiles are a sub-component of the Compute Profile. When a service mesh is created, the
network profile configurations are used to connect the deployed HCX appliances.

Introduction to Network Profiles

Network Profiles can be pre-created in the Network Profile tab or they can be created during the
Compute Profile configuration. A Network Profile contains:

n One underlying vSphere Port Group (VSS or VDS) or NSX based network.

n IP address information: The gateway IP, the network prefix and MTU, and DNS.

n A pool of IP addresses reserved for HCX to use during Service Mesh deployments.

Characteristics of Network Profiles

n Network Profile configurations are only used during Service Mesh deployments (IP addresses
assigned to the IX and NE, and OSAM appliances).

VMware, Inc. 28
Getting Started with VMware HCX

n The HCX Manager only uses a Management interface, it does not use other Network Profile
networks.

n A Compute Profile will always include one or more Network Profile.

n When Service Mesh is deployed, every Network Profile that is included in the Compute Profile
configuration will be used .

n When a Network Profile network is used in a Service Mesh, the HCX appliance will consume a
single IP address out of the configured IP pool.

n When a Network Profile is assigned to a specific HCX traffic type (the traffic types are explained in
the next section), a single IP address is used. For example, if the same Network Profile is assigned
for HCX Management and HCX Uplink, one IP address is used, not two.

n A Network Profile can be used with multiple Compute Profiles.

HCX Traffic Types

Consider the Network Profile traffic types are like a router's uplinks and downlinks. The HCX-IX
(mobility) and the HCX-NE (extension) have "uplinks" and "downlinks". The HCX "uplink" is used to
connect the IX or NE to its remote peer, the "downlink" traffic types (Management, vMotion, Replication)
connect the IX or NE to the local environment.

VMware, Inc. 29
Getting Started with VMware HCX

HCX Network Profile

Types Description

HCX Uplink Used by Service Mesh components to reach their peer appliances.

Important When destination HCX systems need to be reachable over internet, use the Uplink
Network Profile to assign the Public IP addresses. Destination NAT configurations are not supported.

The source HCX systems don't need Public IP addresses, they can be configured using traditional
SNAT.

HCX Management Used by Service Mesh components to connect to HCX Manager, vCenter Server, NTP, DNS.

HCX vMotion Used by Service Mesh components to connect to the ESXi cluster for vMotion based services.

HCX Replication Used by Service Mesh components connect to the ESXi cluster for Replication based services.

HCX Guest Network In OSAM deployments, used by the Service Mesh Sentinel Gateway to connect to the the Sentinel
agents.

HCX Traffic Types and HCX Appliances

The table describes which NP traffic types are used by the different HCX appliances.

Important - One IP address is assigned for uniquely backed traffic type.

(For example, if all HCX-IX traffic types are configured to use a single network, a single vNIC with a single
IP address is assigned. If a dedicated network is configured for each possible IX traffic type, then the
HCX-IX will use four vNICs with an IP in each network. These wiring variations are described in the
examples section, after the table.

HCX Appliance Traffic Types Used

HCX-IX (Migrations, DR) n HCX Uplink

n HCX Management
n HCX vMotion
n HCX Replication

HCX-NE (Network Extension) n HCX Uplink

n HCX Management

HCX-WO (WAN Optimization) n HCX Management

HCX-Sentinel Gateway (OSAM) n HCX Management

n HCX Guest Network

HCX-Sentinel Data Receiver n HCX Management

Network Profile Configuration Examples

The examples below depict how the HCX Service Mesh applinces might be wired up.

In fully private HCX deployments where the environments are inside of the same private network, it is
typical for the source HCX and destination HCX network profiles to be structured identically.

VMware, Inc. 30
Getting Started with VMware HCX

It is possible (and common) for the Network Profile configurations to differ at the source and destination
when they are separated by the Internet. The reason for this is that the destination HCX Service Mesh
appliances must have an HCX Uplink network profile with Public IP assignments (this requirement is not
true at the source, where internal addresses can use source NAT for Internet access).

HCX Network Configuration 1 - Shared Management, Replication

and Uplink with Dedicated vMotion.
n This configuration trades the benefits gained from separation of traffic to simplify deployments. The
same network is selected for Management, Uplink and Replication traffic.

n This configuration requires the management IP addresses assigned to destination HCX appliances at
the destination to be fully reachable from the source HCX appliances without NAT translation.
Because of this requirement - this configuration is most typical in HCX deployments fully within a
private network.

HCX Network Configuration 2 - Dedicated Replication Nework.

n Configuration 2 adds a dedicated network for Replication traffic (HCX Bulk Migration).

n This configuration variation is only possible when the cluster hosts use a dedicated Replication
VMkernel network (the option to add a Replication VMkernel adapter was added in vSphere 6.0, so it
is not as common as having a vMotion VMkernel adapter).

n Separating the replication traffic is a recommended practice. This configuration should be used when
a dedicated replication VMkernel interface is available.

VMware, Inc. 31
Getting Started with VMware HCX

HCX Network Configuration 3 - Dedicated Uplink Network.

n Configuration 3 adds a dedicated network for HCX Uplink traffic (HCX Service Mesh Transport traffic).

n This configuration trades simplicity of deployment (see configuration 1) for the benefits of separating
uplink and management traffic.

n A dedicated uplink network is a good way to isolate the migration traffic for the purpose of applying
QOS or to control the outbound path.

n A dedicated uplink can be used to consume bandwidth/networks dedicated to the migration project.

n For deployments over the Internet:

n Public IP addresses should be assigned at the destination using the HCX Uplink network profile.

n The source HCX appliances can use traditional Internet SNAT to securely connect to the
destination public IP addresses using strong encryption.

n Public cloud providers leverage this configuration to make HCX services easy to deploy before
dedicated private circuits become available.

VMware, Inc. 32
Getting Started with VMware HCX

Compute Profile Considerations and Concepts

A Compute Profile is a sub-component of the Service Mesh. A Compute Profile describes which HCX
services will run, and how they will be deployed when the Service Mesh is created.

Introduction to Compute Profiles

A Compute Profile configuration required for Service Mesh deployments. It defines deployment
parameters, and allows service. See Creating a Compute Profile for configuration procedures. A
Compute Profile is constructed of the following elements:

Services The HCX services that will be enabled when a Service Mesh is created
(only licensed services can be enabled).

Service Cluster(s) At the HCX source, the Service Cluster hosts should contain the virtual
machines that will be migrated. For Network Extension, only Distributed
Switches connected to selected Service Clusters will be displayed. A
Datacenter container can be used to automatically include clusters within
the Datacenter container. Clusters are automatically adjusted in the
Compute Profile when clusters are removed or added to the Datacenter
container.

At the HCX destination, the Service Clusters can be used as the target for
migrations.

VMware, Inc. 33
Getting Started with VMware HCX

Deployment Cluster(s) The Cluster(or Resource Pool) & Datastore that will host the Service Mesh
appliances.

For migrations to be successful, the Deployment Cluster must be

connected such that the Service Cluster(s) vMotion and Management/
Replication VMkernel networks are reachable to the HCX-IX appliance.

For Network Extension to be successful, the Deployment Cluster must be

connected to a Distributed Switch that has full access to the VM network
broadcast domains.

Management Network The Network Profile that HCX will use for management connections.
Profile

Uplink Network Profile The Network Profile that HCX will use for HCX to HCX traffic.

vMotion Network The Network Profile that HCX will use for vMotion-based connections with
Profile the ESXi cluster.

Replication Network The Network Profile that HCX will use for Replication-based connections
Profile with the ESXi cluster.

Distributed Switches The Distributed Switches containing the virtual machine networks that will
for Network Extension be extended.

Guest Network Profile The Network Profile that HCX will use to receive connections from the
for OSAM Sentinel agents.

VMware, Inc. 34
Getting Started with VMware HCX

Characteristics of Compute Profiles

n An HCX Manager system must have one Compute Profile.

n Compute Profile references clusters and inventory within the vCenter Server that is registered in
HCX Manager (other vCenter Servers require their own HCX Manager).

n Creating a Compute Profile does not deploy the HCX appliances (Compute Profiles can be created
and not used).

n Creating a Service Mesh deploys appliances using the settings defined in the source and destination
Compute Profiles.

n A Compute Profile is considered "in use" when it is used in a Service Mesh configuration.

n Changes to a Compute Profile profile are not effected in the Service Mesh until a Service Mesh a
Re-Sync action is triggered.

Compute Profiles and Clusters

The examples that follow depict the configuration flexibility when using Compute Profiles to design HCX
Service Mesh deployments. Each example is depicted in the context of inventory within a single vCenter
Server connected to HCX. The configuration variations are decision points that can be applied uniquely to
each environment.

CP Configuration 1 - Single Cluster Deployments

In the illustrated example, Cluster-1 is both the Deployment Cluster and Service Cluster.

n Single cluster deployments will use a single Compute Profile (CP).

n In the CP, the one cluster is designated as a Service Cluster and as the Deployment Cluster.

VMware, Inc. 35
Getting Started with VMware HCX

CP Configuration 2 - Multi Cluster (Simple CP)

In the illustrated example, Cluster-1 is the Deployment Cluster. Both Cluster-1 and Cluster-2 are
Service Clusters.

n In this CP configuration, one cluster is designated as the Deployment Cluster, and all clusters
(including the Deployment Cluster) are designated as Service Clusters.

n All the Service Clusters must be similarly connected (i.e. Same vMotion/Replication networks).

n When the Service Mesh is instantiated, one HCX-IX is deployed for all clusters.

VMware, Inc. 36
Getting Started with VMware HCX

n In larger deployments where clusters may change, a Datacenter container can used (instead of
individual clusters) so HCX will automatically manage the Service Clusters.

VMware, Inc. 37
Getting Started with VMware HCX

CP Configuration 3 - Multi Cluster (Dedicated Deployment

Cluster)
In the illustrated example, Cluster-1 is the Deployment Cluster and Cluster-2 is the Service Cluster.

n In this CP configuration, one cluster is designated as the Deployment Cluster and is not a Service
Cluster. All other clusters are designated as Service Clusters:

n This CP configuration can be used to dedicate resources to the HCX functions.

n This CP configuration can be used to control site to site migration egress traffic.

n This CP configuration can be used to provide a limited scope vSphere Distributed Switch in
environments that heavily leverage the vSphere Standard Switch.

n For HCX migrations, this CP configuration requires the Service Cluster VMkernel networks to be
reachable from the Deployment Cluster, where the HCX-IX will be deployed.

n For HCX extension, this CP configuration requires the Deployment Cluster hosts to be within
workload networks' broadcast domain (Service Cluster workload networks must be available in the
Deployment Cluster Distributed Switch).

n When the Service Mesh is instantiated, one HCX-IX is deployed for all clusters.

VMware, Inc. 38
Getting Started with VMware HCX

CP Configuration 4 - Cluster Exclusions

In the illustrated example, Cluster-2 is not included as a Service Cluster.

n In this CP configuration, one or more servers have been excluded from the Service Cluster
configuration.

n This can be used to prevent portions of infrastructure from being eligible for HCX services. Virtual
machines in clusters that are not designated as a Service Cluster cannot be migrated using HCX
(migrations will fail).

VMware, Inc. 39
Getting Started with VMware HCX

CP Configuration 5 - Multiple Compute Profiles (Optional, for

Scale)
In the illustrated example, Compute Profile (CP) 1 has been created for Cluster-1 and CP-2 has been
created for Cluster-2.

In the illustrated example, the VMkernel networks are the same. Creating additional CPs is optional (for
scaling purposes).

n In this CP configuration ,Service Clusters are 'carved' into Compute Profiles.

VMware, Inc. 40
Getting Started with VMware HCX

n Every Compute Profile requires a Deployment Cluster, resulting in a dedicated Service Mesh
configuration for each Compute Profile.

n As an expanded example, if there were 5 clusters in a vCenter Server, you could have Service
Clusters carved out as follows:

n CP-1: 1 Service Cluster , CP-2: 4 Service Clusters

n CP-1 2 Service Clusters, CP-2: 3 Service Clusters

n CP-1: 1 Service Cluster, CP-2: 2 Service Clusters, CP-3: 2 Service Clusters

n CP-1: 1 Service Cluster, CP-2: 1 Service Cluster, CP-3: 1 Service Cluster, CP-4: 1 Service
Cluster, CP-5: 1 Service Cluster

n It is worthwhile noting that the distinct Compute Profile configurations can leverage the same
Network Profiles for ease of configuration.

VMware, Inc. 41
Getting Started with VMware HCX

CP Configuration 6 - Multiple Compute Profiles (with Dedicated

Network Profiles)
In the illustrated example, Cluster-1 uses vMotion and Mgmt network 1. Cluster-2 uses vMotion and Mgmt
network2.

In the illustrated example, the VMkernel networks are different, and isolated from each other. Creating
dedicated Network Profiles (NPs) and dedicated Compute Profiles (CPs) is required.

n In this CP configuration, the Service Clusters are 'carved up' into distinct Compute Profiles. The
Compute Profiles reference cluster-specific Network Profiles.

VMware, Inc. 42
Getting Started with VMware HCX

n Because the Service Mesh HCX-IX appliance connects directly to the cluster vMotion network,
anytime the cluster networks for Replication and vMotion are different, cluster-specific Network
Profiles should be created, and assigned to cluster-specific Compute Profiles, which will be
instantiated using cluster-specific Service Mesh.

VMware, Inc. 43
 6
Appendix I - HCX Installation
Summary Steps

This reference lists All the steps involved when deploying an HCX Connector, or HCX Cloud system. The
steps are listed here as a quick reference. Requirements are not listed here. We recommended using the
checklists in this publication to prepare for the installation.

Install (or Enable) HCX Cloud at the Destination

1 Enable the HCX Service (in a public cloud), or Install HCX Cloud Manager at the destination:

a If the destination is a Public Cloud instance, the provider may deploy HCX Cloud automatically
when the service is enabled. If not, continue to step b.

b If the destination environment is a Private Cloud:

1 Use the HCX-Cloud-Manager-########.OVA to deploy the HCX Manager in the vSphere

client.

2 Browse to the HCX Appliance Management (9443) interface and activate or license HCX and
set the Location.

3 Register the vCenter Server & NSX Manager.

4 Define Role Mapping (this setting defines the groups can perform HCX operations).

5 Restart the HCX Services

2 In the destination environment HCX Cloud Manager, create a Compute Profile:

a If the destination is VMware Cloud Foundation or a private SDDC installation:

1 Browse to the HCX UI (443) or use the HCX Plug-in in vSphere to create a Compute Profile.
The compute profile defines how HCX Services Mesh components will be deployed in the
destination environment.

b If the destination is a Public Cloud instance, review the existing Compute Profile and Uplink
Network Profile configurations.

3 Configure firewalls to allow inbound HCX traffic:

a Allow TCP-443 inbound from the planned source HCX Manager to the HCX Cloud Manager at
the destination (this may be a NAT Public IP if the environments are separated by Internet).

VMware, Inc. 44
Getting Started with VMware HCX

b Allow UDP-500 and UDP-4500 inbound from the source HCX IX and NE planned IP addresses
(this may be a NAT IP if the environments are separated by Internet).

4 Configure any other firewalls as needed. Reference ports.vmware.com for the complete list of HCX
network ports.

5 Install HCX at the source environment:

Install the HCX Connector Source

1 Use the HCX-Connector-Manager-########.OVA to deploy the HCX Manager system in the vSphere
Client. After the OVA is deployed and the system is initialized:

a Browse to the HCX Appliance Management interface (:9443), authenticate with the Admin user.

b Activate HCX.

c Register the vCenter Server, SSO and optionally the NSX Manager.

d Configure Role Mapping (this defines the SSO user groups can perform HCX operations).

2 Create a Compute Profile:

a Browse to the the HCX Connector service UI (:443), authenticate with a user that is part of the
role mapping group. Or use the HCX plug-in to create a Compute Profile.

3 Create a Site Pairing:

a In the HCX Connector service UI (:443) register the remote HCX Cloud system using the SSO
group from the destination environment (or Cloudadmin if the target is a VMC SDDC)

4 Create a Service Mesh:

a In the HCX Connector service UI (:443) use the Service Mesh wizard to instantiate services.

1 In the service mesh interface you will select a Compute Profile for the HCX Connector
environment, and a Compute Profile for the destination environments.

2 Service mesh creation deploys HCX components in parallel at the source and the destination
environments.

3 The source HCX service components are Initiators, and will automatically attempt to establish
HCX tunneling connections to the destination side.

4 The destination HCX service components are Receivers that will only accept tunneling
request from the Initiators.

VMware, Inc. 45