From the official documentation
“When HCX Migration, Disaster recovery, Network Extension, WAN Optimization services are enabled, HCX deploys Virtual Appliances in the source site and corresponding “peer” virtual appliances on the destination site. The Multi-Site Service Mesh enables the configuration, deployment, and serviceability of these Interconnect virtual appliance pairs with ease.”
For now I will create a Service Mesh only with three services
- Hybrid Interconnect Service
- The HCX Service provides resilient access over the Internet and private lines to the target site while providing strong encryption, traffic engineering and extending the datacenter. This service simplifies secure pairing of sites and management of HCX components. The service is deployed as an HCX virtual appliance (HCX-WAN-IX).WAN Optimization Service
- WAN Optimization Service
- The WAN Optimization service improves performance characteristics of the private lines or Internet paths by leveraging WAN Optimization techniques like data deduplication and line-conditioning. The service is deployed as an HCX virtual appliance (HCX-WAN-OPT).
- Bulk Migration Service
- The HCX Bulk Migration service provides low-downtime, bi-directional, Virtual Machine mobility using VMware vSphere Replication technology. The service is deployed as an embedded function on the HCX-WAN-IX virtual appliance.
I will create articles for the remaining service later, but it requires additional lab configuration that is currently not in place.
Also vMotion for example has a massive limitation – which is one VM at a time (One per Service Mesh) ! Also as HCX is based on vSphere Replication the same limitation of migrating powered-off VMs applied.
Essentially in HCX the migration of powered-off VMs is a Cold Migration that uses the vMotion stack rather than Bulk Migration.
So the limitation are just that – too limiting so there is not really a use case right now. None I have seen with customers anyway.
So here I concentrate on Bulk Migration.
WAN Optimization offers De-Duplication and Compression – so that’s common sense to use 🙂
Anyway, we have a few pre-requisites before creating a Service Mesh
- Network Pool
- The required appliances will take an IP from those Network Pools so you need to make sure you have enough IPs available. The WAN Optimization appliances using their own internal IPs, so you only need an IP for every Interconnect appliance. So if you have one source and one destination – you need one IP for each site combination. Here I have one source connecting to one destination so I need one IP for the source appliances and one for the destination ones.
- Compute Profiles
- A Compute Profile contains the compute, storage, and network settings that HCX uses on this site to deploy the Interconnect-dedicated virtual appliances when a Service Mesh is added.
So first we create a Network Profile. You need to create one in EACH site, so login to https://FQDN-EM | FQDN-CM:443
Navigate to Infrastructure > Interconnect > Multi-Site Service Mesh > Network Profiles
Click Create Network Profile
Enter here the details of the subnet to be used by the appliances that HCX will deploy. Do this on the Source
Here you can see I have given only two IPs (although I only need one for now)
Next, navigate to Compute Profiles. Again, do this on both sites
Give it a name.
Select the required Services. As mentioned, I only use three for now. Interconnect, WAN Optimization and Bulk Migration. You can select all and limit the selection in the Mesh but I don’t meet any of the pre-reqs for the other ones for now. So here i got with my minimum selection.
Select the Service Resources. Service Resources are the clusters / datacenters that you want to migrate FROM
Select the Deployment Resource. This is the cluster you want to use to deploy the appliances in. I.e. your Management Cluster.
Select the Management Profile. I only have one flat network. So every network uses the same network profile.
Same with Uplink Profile.
And again, same with Replication Network.
It will now create connection rules. It will show you the required firewall ports.
You could use the provided information and hand this to your firewall / network team.
You should now see your Compute Profile successfully created.
Now the Service Mesh itself. Assuming you got Network profiles and Compute Profiles in both, Source and Destination site, navigate to Service Mesh . Click Create Service Mesh
Select the Source and Destination paired site
Select the created Source and Destination Compute Profiles
Now select the Services again.
Here I leave the networks configured in the Compute Profiles and don’t overwrite them
This is important. Depending on your network you might have to limit the bandwidth. For example, because I am using the same network as my ESXi/vCenter network, I’d potentially bring down the management network of the hosts if I were to push a lot of VMs through that pipe.
But it is a lab, it is a nested cluster, and I run out of I/O before I get anywhere near the bandwidth limitations. So here I leave the default.
Just a quick overview.
Give it a name
And watch the progress bars.
During the Service Mesh creation you will find that a Logical Switch is being created. Here you can see why NSX is required in the destination sites.
You can expand the tasks and see what is going wrong (if)
You will see that appliances are now being deployed in both sites.
Eventually the Service Mesh should come online with all Services being Green. This can take anything between two and ten minutes. Or 30 if you got a slow nested lab 🙂
Just as an additional troubleshooting nugget.
SSH to the Enterprise Manager and type ccli
Type list to show the current nodes and type go <ID> to move into that node
From here you can run performance tests for example or check the IPSec tunnel between source and destination and so on.
Type help for the available commands
With show ipsec status you can for example check the tunnel
And as mentioned, perform performance tests. This might be helpful if you feel the performance is not good enough. The test result will help VMware Support and VMware Engineering.
So if you ever have to open a ticket, alongside the logs I would submit the perf tests
Here for example just a performance test of the IPSec VPN using perfest ipsec
Next we will test the Service Mesh and perform a migration.