Deploying, configuring and testing HCX based migration between my home lab and VMC on AWS

Introduction

I recently got the opportunity to become one of the few SME’s for the VMC on AWS service offering in the Netherlands. Because of this, I have decided to create some blog articles on this topic. So let’s start off with my first blog article on the topic, which will be a step-by-step on how to configure HCX between my home lab (on-premise) and an SDDC within the VMC on AWS service (off-premise).

Goals

The primary goal of this article is to show you how to install and configure HCX between my home lab and VMC on AWS. The secondary goal is to test the migration by doing a cold migration. With “cold” I mean that the Virtual Machine that is migrated will be turned off.

VMC on AWS side installation and configuration steps

First, we log in to the VMC on AWS console.

Vmcoaws1398-image001.png

Click on the “VMware Cloud on AWS” service to get access to the SDDC’s where you have access to.

Vmcoaws1398-image002.png

You will see the SDDC’s where you have access to and you need to select the SDDC where you want to enable HCX on.

Vmcoaws1398-image003.png

Click on the “add ons” button.

Vmcoaws1398-image004.png

Click on the “Open HCX” button inside the HCX add on.

Vmcoaws1398-image005.png

Click on “Deploy HCX” for the SDDC you want to enable HCX on. Once you have done this the “Open HCX” button will appear. It will take more than an hour before everything is deployed on the VMC on AWS side.

Vmcoaws1398-image006.png

In the background the “hcx_cloud_manager” VM will be deployed in the Management cluster.

Vmcoaws1398-image007.png

Before we can access the HCX manager on the VMC on AWS side we first need to create some firewall rules on Management Gateway of your SDDC. First, we need to add two groups in the “Management Groups” section.

Section Name Member Type Members
Management Groups connect.hcx.vmware.com IP address 45.600.65.140
Management Groups hybridity-depot.vmware.com IP address 23.223.132.251

The IP addresses may be different for you, but just do a ping to the FQDN name and use that IP address that it resolved to.

Vmcoaws1398-image008.png

When the groups are created using the groups in a rule that you will create to allow connectivity from the HCX Manager towards these two “update and activation” servers of VMware. This rule is to make sure the HCX Manager can reach VMware for patches and updates.

Name Source Destination Services Action
HCX Manager to Activation Server HCX connect.hcx.vmware.com + hybridity-depot.vmware.com Any Allow

Also, create another rule that makes sure that you can access the HCX Management page.

Name Source Destination Services Action
Allow inbound to HCX Manager Any HCX HTTPS (TCP 443) Allow

Vmcoaws1398-image009.png

To enable access from your home-lab HCX manager towards the VMC on AWS HCX manager we also need to have an additional firewall rule. First, create a group with the PUBLIC IP address of your home lab.

Vmcoaws1398-image010.png

Then create the rule that will use the group.

Name Source Destination Services Action
IH-Remote network to HCX IH-ON-PREM HCX HTTPS (TCP 443) + SSH (TCP 22) + ICMP (Echo Request) + Appliance Management (TCP 9443) Allow

Vmcoaws1398-image012.png

Let’s browse to the HCX Manager (VMC on AWS) management page and log in.

Vmcoaws1398-image013.png

Once logged in let’s explore the environment a bit more and look at the dashboard.

Vmcoaws1398-image014.png

To download the HCX manager for the home lab (on-prem) side we need to click the “Administration” button and the “Request Download Link” button.

Vmcoaws1398-image015.png

Once the button is clicked you need to download the “HCX Enterprise Client”.

Vmcoaws1398-image016.png

This is how the file will look like after you clicked the download button.

Vmcoaws1398-image017.png

Let’s look around a bit more in the HCX manager on VMC on AWS.

Administration --> Interconnect Configuration

Vmcoaws1398-image018.png

Services --> Compute

Vmcoaws1398-image019.png

Services --> Networking --> Network

Vmcoaws1398-image020.png

Services --> Networking --> Router

Vmcoaws1398-image021.png

Multi-Site Service Mesh (New) --> Network Profiles

Vmcoaws1398-image022.png

Vmcoaws1398-image023.png

Home lab side installation and configuration steps

Now let’s deploy the “HCX Enterprise Client” on one of the hosts in my home lab using the vCenter server.

Give it a nice name:

Vmcoaws1398-image024.png

Select a proper cluster / host:

Vmcoaws1398-image025.png

Review the details:

Vmcoaws1398-image026.png

Accept the licence agreement:

Vmcoaws1398-image027.png

Select Storage:

Vmcoaws1398-image028.png

Select Networks:

Vmcoaws1398-image029.png

Customize the OVF Template:

Vmcoaws1398-image030.png

Ready to complete and hit the “Finish” button.

Vmcoaws1398-image031.png

When the “HCX Enterprise Client” is fully deployed it will take around 15 minutes before all the services have started and we can log in.

Vmcoaws1398-image032.png

The first page after logging in is to “activate” your HCX instance. You need to type in a License Key. This License Key needs to be a VMware NSX Data Center Enterprise Plus per Processor License (NX-DC-EPL-C).

Vmcoaws1398-image033.png

Input your location. For me, this was Rotterdam (The Netherlands).

Vmcoaws1398-image034.png

Confirm/input your system name.

Vmcoaws1398-image035.png

Not sure why this “Congratulations” page suddenly pops up but we finished the first phase of the initial configuration I guess. Click “YES, continue” for phase two.

Vmcoaws1398-image036.png

Specify the home lab vCenter Server details and NSX Manager details.

Vmcoaws1398-image037.png

Configure SSO details.

Vmcoaws1398-image038.png

And we have another congratulation for the second phase. Click “Restart”.

Vmcoaws1398-image039.png

Vmcoaws1398-image040.png

Log back in after the reboot.

Vmcoaws1398-image041.png

Look at the appliance summary.

Vmcoaws1398-image042.png

Now let’s verify if the HCX vSphere plug-in is installed as well by logging into the vSphere Client:

Vmcoaws1398-image043.png

Click on “HCX” and take a look at the dashboard. Click on “New Site Pairing” to pair with the VMC on AWS HCX Manager.

Vmcoaws1398-image044.png

Click on “Register new Connection”

Vmcoaws1398-image044.png

Input the VMC on AWS HCX Manager details and click register.

Vmcoaws1398-image046.png

As you can see this gave me an error below: “Untrusted SSL Connection”

Vmcoaws1398-image047.png

In order to fix this, we need to log in to the “HCX Enterprise Client” management page: Administration --> Trusted CA Certificate --> Import Trusted CA Certificate (trough the URL) and click apply.

Vmcoaws1398-image048.png

The confirmation that the CA certificate is imported successfully.

Vmcoaws1398-image049.png

Now we can continue with Registering the new connection without any issues.

Vmcoaws1398-image050.png

Select the “HCX Interconnect Service” check button.

Vmcoaws1398-image051.png

Another appliance will be deployed which is called the “local Hybrid Cloud Gateway”. The new appliance needs to have the details specified where and how it needs to be deployed.

Vmcoaws1398-image052.png

Review the destination counterpart as well that will be deployed on the VMC on AWS side. Note that these gateways: 1) The local “Hybrid Cloud Gateway” (home lab side) 2) The remote cloud “HCX Cloud Gateway” (VMC on AWS side) Will be added as “hosts” to the vCenter Servers locally and remote)

Vmcoaws1398-image053.png

Vmcoaws1398-image054.png

Verify the new site pairing.

Vmcoaws1398-image055.png

Verify the local “Hybrid Cloud Gateway” VM.

Vmcoaws1398-image056.png

Verify the “Hybrid Cloud Gateway” (host) added to the vCenter Server. (home lab side)

Vmcoaws1398-image057.png

Verify the “Hybrid Cloud Gateway” (host) added to the vCenter Server. (VMC on AWS side)

Vmcoaws1398-image058.png

Review the “Interconnect” section with the HCX Components. Here you can see that the “Tunnel is Up” which is important for our service to work.

Vmcoaws1398-image059.png

When you click on “Administration” you can verify the link between the two HCX appliances.

Vmcoaws1398-image060.png

When we log back into the “HCX manager” management page and click on Administration --> System Updates You can see the linked HCX appliances as well.

Vmcoaws1398-image061.png

Let’s jump back on to the local HCX Enterprise client and look at the Dashboard.

Vmcoaws1398-image062.png

Testing / Verification by doing a cold migration

For this occasion, I have created a blank VM with a (virtual) hard disk of 40 GB. We will use this VM for the cold migration.

Vmcoaws1398-image063.png

Click on “Migration” and then the “Migrate Virtual Machines” button.

Vmcoaws1398-image064.png

Specify your “to” and “from” details and click “Next”.

Vmcoaws1398-image065.png

Review the “validation” and click “Finish” to start the cold migration.

Vmcoaws1398-image066.png

And review the status of the actual migration.

Migration Queued:

Vmcoaws1398-image067.png

Creating shadow Virtual Machine:

Vmcoaws1398-image068.png

Initiating Virtual Machine Relocation:

Vmcoaws1398-image069.png

Relocation in progress:

Vmcoaws1398-image070.png

Migration completed:

Vmcoaws1398-image071.png

Verify the VMC on AWS vCenter Server if the (migrated) VM is actually there:

Vmcoaws1398-image072.png