Table of Contents
This blog post provides an overview of the HCX installation workflow for VMware Cloud Director based Clouds.
The below diagram taken from VMware official docs shows the high-level architecture of HCX architecture for VCD based clouds.
HCX Cloud System & Network Requirements
Before starting HCX Cloud installation, please ensure that you’ve met all the System and Network Port/Protocol requirements. These are documented Here
Firewall Requirements
- The site’s WAN firewall will need to allow inbound HTTPS connections destined for the HCX Cloud. HCX Cloud will make outbound HTTPS requests.
- The HCX Cloud site firewall also needs to allow inbound UDP-500 and UDP-4500 connections destined for the HCX appliances.
- All other flows allow HCX to integrate with VMware SDDC components, typically these are not firewalled within the datacenter
The below diagram shows various ports that must be allowed in the firewall for a successful HCX cloud deployment in the destination environment.
VMware Cloud Director Pre-requisites
Make sure the following is already configured in VCD:
1: VCD Public Address is set and load balancer cert is imported (for multi-cell deployment)
2: RabbitMQ is installed and configured into VCD.
HCX Cloud Manager Deployment & Configuration
Deploy the HCX Cloud appliance using the standard OVA deployment process.
Once HCX Manager ova is deployed and the appliance boots up, connect to the HCX Appliance Management UI by opening https://<HCX-Cloud-FQDN>:9443
Authenticate using the admin credentials set during the OVA deployment.
Import VCD Certificate
VCD certificate needs to be imported into HCX Manager before VCD integrating into HCX. This is done under Administration > Certificate > Trusted CA Certificate and click on Import.
Select option ‘URL’ and punch VCD public IP address and click on Apply.
And the cert is now imported.
Register VCD
Under the HCX Instance type page, select VCD and hit continue.
- Hostname: Provide the VCD public address.
- Username/Password: Authenticate using a VCD System Administrator account.
vCenter server registered in VCD is automatically detected. You just need to supply VC credentials here.
Perform the same for the NSX-T instance.
You will be presented with an NSX-T certificate. Click on Import Certificate to continue.
AMQP settings are automatically imported by HCX (from VCD). You just need to punch in the RMQ user password and hit continue.
Note: Ensure that the “Non-blocking AMQP Notifications” is enabled in VCD for this to function correctly.
Review the configuration summary and click the RESTART button to complete the configuration. The HCX engine services will restart.
Once the HCX service engine is restarted, make sure you are seeing the green light against all configured components.
HCX Interconnect Configuration
Connect to HCX Manager Cloud UI by typing https://<hcx-cloud-fqdn>/hybridity/ui/hcx-client/index.html and logging with VCD system admin credentials.
Navigate to the Interconnect tab and under Multi-Site Service Mesh select Network Profiles.
Click on Create Network Profiles.
Specify network profiles for Interconnect Management, vMotion, Uplink, and Replication traffic (optional).
Here are the 3 profiles which I have created in my lab. I m going to use the Management network profile for IX replication traffic as well.
Switch to the Compute Profiles tab and click on Create Compute Profile.
A Compute Profile contains the compute, storage, and network settings that HCX will use to deploy the Interconnect appliances when a Service Mesh is created.
Provide a name for the compute profile and hit continue.
Select the services that you need to include in the compute profile.
Select Service Cluster/Resource Pool/Datastore/Folder etc where IX appliance will be deployed during service mesh creation.
Select the network profile of IX appliance management, vMotion & uplink connection.
Select VDS/TZ that will be used for L2 extension.
Review connection rules. This will give you a fair idea of which network ports need to be enabled in the firewall.
Click on Finish to complete the Compute Profile creation wizard.
And the compute profile is now created.
Configure HCX Connector (On-Prem)
Once you have created Network & Compute Profiles, you can proceed with HCX Connector deployment & configuration in your on-prem datacenter. Deployment steps are pretty much the same as HCX Cloud Manager deployment and I have written a post on the same here.
Once HCX Connector’s initial configuration is completed, login to vCenter Web Client and switch to HCX context.
Go to the Site Pairing tab and click on “Connect To Remote Site”
Since we are connecting to VCD based clouds, the Remote HCX URL will be in format https://hcx-cloud-fqdn>/cloud/org/tenant-org-name> and credentials will be of org admin’s.
Click on Import Certificate to accept destination side HCX certificate.
And there you go. The 2 sites are now connected.
Next, you have to create Compute & Network Profiles corresponding to the on-prem environment.
Next, you have to deploy service mesh.
Switch to the Appliances tab and make sure tunnel status reports as UP.
And that completes the on-prem HCX configuration.
Try to perform a test migration to ensure things are working as expected.
And that’s it for this post.
I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing 🙂