VMware Hands-on Labs - HOL-1881-01-HBD


Lab Overview - HOL-1881-01-HBD - VMware HCX - Getting Started with Cross-Cloud Mobility

Lab Guidance


Note: It will take more than 90 minutes to complete this lab. 


Review the Table of Contents for an overview of all the modules (in the upper right-hand corner of the Lab Manual).


Lab Abstract: Datacenter migrations are complex elongated processes. Moving to a datacenter across the WAN is even more complicated. VMware Hybrid Cloud Services allow efficient datacenter migration beginning at datacenter setup & design through migrations leveraging VMware technologies such as Cross-Cloud vMotion. Learn about VMware's SD-WAN technologies with high throughput Layer-2 Network Extension, Disaster Recovery, Low/No Downtime Migration & optimized datacenter-to-datacenter or datacenter-to-cloud connectivity.

In this lab we will explore VMware HCX, this game changing new functionality offers vSphere administrators  a seamless method  for extending an on-premises data center and vSphere environments into a Public Cloud. The Hybrid Cloud Manager offers hybrid networking and bi-directional workload migration capabilities, simplifying  resource integration and management of workloads. The Hybrid Networking Services aspect of the offering consists of software- defined WAN technologies that significantly improve the connectivity, resilience and security of "middle mile" networking. 

This HOL lab mimics a Hybrid Cloud Infrastructure with an On-Premise vSphere environment and Cloud vSphere environment. 

On-Premise vSphere Environment:

Cloud vSphere Environment:

Disclaimer: Elements of the technologies and solutions in this lab IS NOT generally available.

Lab Module List:

 Lab Captains:

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Click once in active console window

 

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

  1. Click once in the active console window.
  2. Click on the Shift key.

 

 

Click on the @ key

 

  1. Click on the "@ key".

Notice the @ sign entered in the active console window.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

 

Introducing VMware HCX


 

Has your team faced these Issues?

  1. Operational Overhead equating to months of effort in application dependency mapping and migration planning, accounting for complex application infrastructure architectures.
  2. Lock-in and Weak Security policy concerns that hold back adoption of cloud.
  3. DR/Business Continuity plans that require maintaining a secure off-premises 'Active' infrastructure, resulting in potential capacity/resource wastage.
  4. Multiple (swing) vSphere environments for vSphere Upgrades to ensure no impact to critical production apps.

We believe the goal of every Enterprise IT Organization is to be able to accelerate their time to business value for their internal customers by taking advantage of the advances in the IT infrastructure space, such as cloud. Based on this belief, we built VMware HCX. 

VMware HCX provides:

  1. With the state of hybridity established, Seamless Operations is enabled with the ability to do secure zero-downtime migration or low downtime bulk migrations. This minimizes the need for application dependency planning or migration planning.
  2. By replicating On-premise Network Topology mapping to the cloud and enabling bi-directional migrations concerns around Security or Lock-in are alleviated.
  3. Over the HCX platform, DR is now a simple workflow which allows for partial or full failover.
  4. Eliminating the need for multiple swing environments during vSphere upgrades by pairing ANY vSphere 5.1+ Environment. 

Furthermore, Operational Benefits of HCX: 

  1. Modernize your application infrastructure with minimal operational overhead.
  2. Simple service-driven installation without the need to retrofit or upgrade a legacy environment. No additional hardware or software infrastructure purchase required! 
  3. No products or appliances to manage – pure service-driven model; user signals intent by checking the boxes across the services they need - WAN optimization, encryption, vMotion and network extension services. 
  4. Operational focuse is on the Project Outcome vs Product Install.  
  5. IP addressing schemes between source and destination can overlap and there's no need to renumber or complex NAT. 
  6. Security domains remain separated – no approval to open internal protocols between datacenters over Internet or private WANs.

What is Cross-Cloud Mobility?

Cross-Cloud Mobility is the capability to pair any cloud infrastructure together and expect each cloud to act as an extension to the other(s). The HCX platform becomes the basis on which Cross-Cloud Mobility is provided by leveraging infrastructure services (Any-Any vSphere Zero downtime migration, seamless Disaster Recovery, enabling Hybrid Architectures, etc.) to provide tangible business value.  


Module 1 - Establishing a State of Hybridity (60 minutes)

What is the 'State of Hybridity'?


In this module, you will - 


 

Overview

 

HCX's state of hybridity is made up of 2 primary components - 

  1. HCX interconnect Service
    • The interconnect service provides resilient access over the internet and private lines to the target site while providing strong encryption, traffic engineering and extending the datacenter. This service simplifies secure pairing of site and management of HCX components.
    • WAN Optimization
      • Improves performance characteristics of the private lines or internet paths by leveraging WAN optimization techniques like data de-duplication and line conditioning. This makes performance closer to a LAN environment.
  2. Network Extension Service
    • High throughput Network Extension service with integrated Proximity Routing which unlocks seamless mobility and simple disaster recovery plans across sites.

The operational advantages that the state of hybridity provides are many. Below are a few - 

  1. Explore New Hybrid Datacenter Architectures. For e.g. DB tier on-premises while App and Web tier in the public cloud, allowing to take advantage of price and performance.
  2. Migrate VMs between a mix of vSphere-based clouds and that are over the WAN. For e.g. On-Premises vSphere/vCF Private Cloud and a vSphere/vCF Public Cloud. 
  3. Take advantage of Zero-Downtime migrations and no Application Dependency Mapping (ADM). For e.g. Datacenter consolidations require large ADM exericises, as Production Apps reside in the to-be-retired-Datacenters. With HCX, this will no longer be a concern.
  4. Establish a simplified and complete Disaster Recovery solution. For e.g. DR site can be a public cloud or another private cloud across the WAN. 

 

 

Day-To-Day IT Operations Applicability of the State of Hybridity

Below are a few benefits gained just from setting up the state of hybridity.

 

 

Deep Dive into each of the Components

We shall now take an expanded look into each of the components.

 

 

HCX Interconnect Service

 

The above picture describes the function of the WAN Edge in further depth.

 

 

Network Extension with Proximity Routing

 

The above picture describes the function of the SD-WAN tunnel.

Benefits of extending the network include: 

  1. IP addressing stays the same due to network extension service and therefore migration and DR runbooks become very simple. 
  2. Migration and WAN networking workflows are integrated to have IP addressing following the virtual machines to support mobility for VMs between sites, plus firewall policies move to maintain the security posture. 
  3. In order to reduce the bandwidth used on the WAN for migrations, DR and backup and to speedup these functions, proper pipelining is required where you must see raw traffic before encryption for reduction and optimization, then service chain and keep symmetry for stateful services and lastly encrypt before leaving trusted zones to maintain data in-flight security and integrity. 
  4. Also, large sync flows for DR and migration often compete with interactive user traffic so proper traffic engineering must occur to avoid elephant flows from hurting the interactive apps with mice flows.
  5. The SD-WAN Tunnel further enhances the application portability story by allowing migrated applications to keep their same on-premises IP and MAC addresses. 

 

 

The problem of 'Tromboning/Hairpinning'

When users extend their networks to the cloud, Layer 2 connectivity is stretched onto the cloud. However, without route optimization, Layer 3 communication requests must return to the on-premises network origin to be routed. This return trip is called "tromboning" or "hairpinning". Tromboning is inefficient because packets must travel back and forth between the network origin and the Cloud, even when both source and destination virtual machines reside in the Cloud.

In addition to inefficiency, if the forwarding path includes stateful firewalls, or other inline equipment that must see both sides of the connection, communication might fail. Virtual machine communication (without route optimization) failure occurs when the egress path exiting the cloud can be either the stretched Layer 2 network or the Org Routed Network. The on-premises network does not know about the stretched network "shortcut." This problem is called asymmetric routing. The solution is to enable proximity routing so the on-premises network can learn the routes from the cloud.

To prevent tromboning, HCX uses intelligent route management to choose routes appropriate to the virtual machine state.

 

HCX Walkthrough


In this section, we will familiarize with On-premises and Cloud vSphere Infrastructure specifics as well as explore the HCX plugin available within the On-Premises vSphere Instance.


 

On-Premises and Cloud HCX Walkthrough

In this exercise, we will do 2 things - 

  1. Record the On-Premises and Cloud vSphere Infrastructure specifics.
  2. Familiarize with both On-Premises and Cloud HCX interfaces. 

We will first review the underlying vSphere instances for both Site A and Site B before we do a HCX walkthrough.

 

 

HOL Console Screen

 

  1. Make sure the lab is in Ready state.
  2. Double click on Google Chrome browser on the desktop.

 

 

Login to vCenter

 

  1. Verify the address as : https://vcsa-01a.corp.local/vsphere-client/?csp
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

Note: For additional screen space, consider closing or pinning the Alarms, Work in Progress and Recent Tasks window's. 


 

 

Verify vCenter version for Site A (On-Premises)

 

  1. Go to Home
  2. Click on vCenter Inventory Lists
  3. Go to Summary
  4. Verify vCenter is version 6.0

 

 

Verify ESX version for Site A (On-Premises)

 

  1. Click on Hosts

 

 

Verify ESX version for Site A (On-Premises)

 

  1. Select host esx-01a.corp.local
  2. Click on Summary
  3. Expand Configuration to verify ESX version is 6.0.0
  4. Repeat for esx-02a.corp.local and verify ESX version.

 

 

Verify vSphere Instance on Site B (Cloud)

 

  1. Open a new tab on the browser.
  2. Click on Site-B vCenter from the bookmarks toolbar.

 

 

Verify vCenter version for Site B (Cloud)

 

  1. Verify the address as : https://vcsa-01b.corp.local/vsphere-client/?csp
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

 

 

Verify vCenter version for Site B (Cloud)

 

  1. Go to Summary
  2. Expand Version Information and verify vCenter is version 6.5.0

 

 

Verify ESX version for Site B (Cloud)

 

  1. Expand datacenter RegionB01
  2. Expand cluster RegionB01-COMP01
  3. Select host esx-01b.corp.local
  4. Go to Summary
  5. Verify ESXi Version is 6.5.0.
  6. Repeat for esx-02b.corp.local and verify ESX version.

Now that we have verified both vSphere instances are of different versions, we will now do the walkthrough of the HCX plugin.

 

 

Access HCX Plugin

 

This lab comes with HCX pre-installed on both the On-Premises, as well as the Cloud vSphere instances. 

We are now exploring the HCX plugin available within the On-Premises vSphere Instance.

HCX is delivered via SaaS. The reason we have a plugin for VC is to simplify the workflows for customers without having to go to multiple sites to access various functionalities.

To access the HCX plugin,

  1. Go back to the Site-A vCenter tab in Chrome
  2. Click on Home
  3. Click Hybrid Cloud Services (HCX) from the Home menu on the right.

 

 

Dashboard

 

The Dashboard is your starting page. It provides a high-level of all HCX related activities in one single page.

  1. Click on the Dashboard tab. The above screenshot is for illustration purposes.
  2. Cloud Overview shows you - 
    • Total # of VMs Migrated, 
    • Migrations in Progress, 
    • Migrations Scheduled and
    • # of Networks Extended.
  3. Site Pairings
    • # of Sites that have been paired.
    • Starting place for new site pairing.
  4. Active Migrations
    • # of Active Migrations across all paired sites.

 

 

Interconnect

 

  1. Click on the Interconnect tab.
  2. Click on the HCX Components sub-tab. HCX Components will show up here once we deploy the HCX Fleet Services.

 

 

Extended Networks

 

  1. Click on the Extended Networks sub-tab. Extended Networks will show up here once we stretch the network further in the module.

Learn more about Extending the network in the next module.

 

 

Migration View

 

  1. Click on the Migration tab. This shows all migration tasks completed and in-progress. Your screen will be empty, but as you do some vMotion in Module 2, you will see the details here.

 

 

Disaster Recovery View

 

  1. Click on the Disaster Recovery tab. This shows all DR specific tasks in-progress and completed. Your screen will be empty, but as you do some Disaster Recovery in Module 3, you will see the details here.

 

 

Administration

 

  1. Click on the Administration tab.
    • Remember, HCX is NOT a software product. There is no software bundle.
    • All updates and patches are sent via web.
  2. Click on the browser tab to create a new browser window and continue to the next page for more instructions.

 

 

HCX Cloud Service Walkthrough (Cloud Portal)

 

This lab comes with HCX pre-installed on both the On-Premises, as well as the Cloud vSphere instances. 

We are now exploring the HCX website available within the Cloud vSphere Instance.

HCX is delivered via SaaS. The reason we have a plugin for VC is to simplify the workflows for customers without having to go to multiple sites to access various functionalities.

  1. Click on HCX-Cloud-Site-B from the bookmarks toolbar.
  2. Enter the username: administrator@vsphere.local
  3. Enter the password: VMware1!
  4. Click the LOG IN button. NOTE: It may take a few seconds to load the first time, please be patient.

 

 

Dashboard

 

You are now looking at the HCX Cloud Dashboard.

 

 

Services - Compute

 

  1. Select the Services tab.
  2. With the COMPUTE section selected on the sidebar, we see that we are running NSX.

 

 

Services - Networking - Networks

 

  1. Select NETWORKING from the sidebar.
  2. With the Network tab already selected, we see some predefined networks.

 

 

Services - Networking - Router

 

  1. Select the Router tab, and we will see some routers predefined here.

 

 

Data Center Designer

 

  1. Select the Data Center Designer tab at the top. This is where you can build a Hybrid DMZ. NOTE: Your screen will look different. This screenshot is for illustrative purposes.

 

 

Administration

 

  1. Select the Administration tab at the top.

NOTE: You can leave this browser tab open if you want. We may come back to this browser window later.

 

 

Conclusion

As you noticed, on-premises and cloud site are running with different VMware vSphere Versions. We have now established that we have HCX pre-installed on both sites. 

This ends the HCX Walkthrough exercise. In the next exercise, we will pair these 2 Sites to establish the state of hybridity.


 

HCX Site Pairing


In this exercise, we will be pairing our On-Premises vSphere Instance with the Cloud vSphere Instance.

We are now going to deploy the HCX Components which establishes the platform necessary to provide the application portability and disaster recovery features.


 

Login to Site A vCenter

 

If you aleady have the vSphere Client up, you can skip this step. Go back to Site-A vCenter tab.

  1. Start the Chrome Browser from the desktop. Click on Site-A vCenter. Verify the address as : https://vcsa-01a.corp.local/vsphere-client/?csp
  2. Enter Username: administrator@vsphere.local
  3. Enter Password: VMware1!
  4. Click on Login

 

 

Site Pairing

 

  1. Return to the HCX Dashboard. To do so, from the Navigator menu on the left, select Hybrid Cloud Services (HCX).
  2. Stay on Dashboard view. Note that at this stage you will see all  "0's" in the Cloud Overview columns.
  3. Under Site Pairings, click on New Site Pairing. You may need to scroll down a bit to see it.

 

 

Register new Connection

 

Before any migrations can be done you will need to register the Public Cloud instance with the HCX Manager.

  1. Click on Register new Connection.

 

 

Register new Remote Site Connection

 

Next, enter the URL and credentials for Remote Site Connection. 

  1. Enter Site URL: https://hcx-cloud-site-b 
    1. Note: Be sure to put in the URL with leading "https://" else the registration would not work.
  2. User Name: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Register

It may take a minute or so for the pairing to take place so please be patient. If the pairing does not show up, please go to the troubleshooting step next.

 

 

Remote Site Pairing Troubleshooting

 

  1. This step needs to be followed only if the site pairing shows "No registered connections found".
  2. Click on ReloadConnections to see if "No registered connections found" changes. Try this 2 more times.
  3. If the Remote Site Pairing still does not show up, retry the previous step 'Register New Remote Site Connection".

The pairing should now show up.

 

 

Verify Remote Site Pairing

 

  1. Clicking through Dashboard -> New Site pairing would show the Remote Site Connection

 

 

Choose the HCX Components

 

  1. Confirm the new site pairing information. If you don't see the Remote Site registered, please go back to the previous steps and try to register again.
  2. Check the checkbox for HCX Interconnect Service.
  3. Check the checkbox for WAN Optimization Service.
  4. Check the checkbox for Network Extension Service.
  5. Click on Next

 

 

Enter the parameters for the HCX Interconnect service

 

Enter the following information

  1. Network: From the drop down select ESXi-RegionA01-vDS-COMP
  2. Cluster/Host: From the drop down select RegionA01-COMP01
  3. Datastore: From the drop down select hcx-ds
  4. IP Address/PL:  192.168.110.91/24
  5. Default Gateway:  192.168.110.1
  6. DNS:  192.168.110.10
  7. VMotion Network: From the drop down select vMotion-RegionA01-vDS-COMP
  8. IP Address /PL:  10.10.30.55/24 This is the vMotion network and it is non-routable. 
  9. Password: VMware1! for both admin and root.
  10. Click on Next

 

 

Enter the parameters for the Network Extension Service

 

Enter the following L2 Concentrator parameters

  1. Compute: From the drop down select RegionA01-COMP01
  2. Datastore: From the drop down select RegionA01-ISCSI01-COMP01
  3. Management Network: From the drop down select ESXi-RegionA01-vDS-COMP
  4. Ip Address /PL:  192.168.110.92/24
  5. Default Gateway:  192.168.110.1
  6. Passwords: VMware1! for both admin and root.
  7. Click on Next

 

 

Ready to complete

 

  1. Scroll down the scroll bar on the right and continue to the next page on this lab manual

 

 

Ready to complete - Drag down for the rest of the screen

 

  1. Verify the Green checks
  2. Click on Finish

 

 

Verify Site Pairing

 

  1. You should be back at the Hybrid Cloud Services Dashboard.
  2. If Site Pairing was successful, you will see a new entry under Site Pairings with the pairing status as Up.

 

 

Monitor Tasks

 

  1. Click on Tasks from the Navigator menu on the left.
  2. Look for the HCX Services Initialization task in the Task Console. It should start to deploy the HCX Services. Continue to the next step in the manual.

 

 

HCX Install Troubleshooting

 

  1. In the event, HCX Service Initialization task returns as Null, please go back and re-run all the steps from Verify Remote Site Pairing, all the way to Monitor Tasks step.

 

 

Status of Services

 

  1. Select the Hybrid Cloud Services (HCX) from the Navigator menu on the left.
  2. Select the Interconnect tab and
  3. Select the HCX Components sub-tab.
  4. You will see Network Extension Service and VM Migration Services (WAN Optimization and Core Cloud Gateway). As we can see here, the deployment is still in process.

It is normal for the deployment to take a few minutes.

 

 

All Tasks Completed

 

  1. Select Tasks from the Navigator menu on the left to continue to monitor the deployment.
  2. You can type HCX in the filter field and hit the Enter key to find the HCX Service Initialization task.
  3. This process will take a total of approximately 10-15 minutes since you started. Select the refresh icon on the top of the screen sporadically to see the completion. Wait until it is Completed to continue.

 

 

Verify Components Deployed and Tunnel is Up

 

  1. Click on Hybrid Cloud Services from the Navigator menu on the left.
  2. Select Interconnect tab.
  3. Select the HCX Components sub-tab.
  4. Here we see the different HCX Fleets services deployed. If you click the drop-down arrow next to any of the services more information will be shown. This includes options to Redeploy the appliance.
  5. Notice all of the status should be Active and Tunnel is Up.

Congratulations! You have deployed the HCX Components and established a SD-WAN tunnel. In the next exercise, we will stretch the On-Premise Network to the Cloud.

 

Network Extension Setup


In this lesson, we will extend network to the Cloud.


 

Extend Network (Optional Way)

 

There are 2 ways to extend the Network - (a) From vDS view (b) From the HCS plugin view

In this lab we will extend network from the Hybrid Cloud Services (HCX) view. Just for illustration purposes here is the alternate way to extend network in the cloud from the vDS view.

  1. On Site-A vCenter, click on Home
  2. Click on Networking.

 

 

Extend Network (Optional Way via vDS view)

 

  1. Expand the Datacenter RegionA01
  2. Right Click on vDS RegionA01-vDS-COMP
  3. Select Hybridity Actions
  4. Click on Extend Networks to the Cloud

It will bring you to the same screen as "Extend Network to the Cloud" section further in the module.

 

 

Access Hybrid Cloud Services (HCX) Plugin

 

On Site-A vCenter, if you are not already in the Hybrid Cloud Services (HCX) window, you can either:

  1. Click Hybrid Cloud Services (HCX) from the Navigator menu on the left
  2. OR Click Hybrid Cloud Services (HCX) from the Home menu on the right.

 

 

Extend Network

 

In the Hybrid Cloud Services (HCX) section, we will:

  1. Select the Interconnect tab.
  2. Click on the Extended Networks tab.
  3. Click on the Extend network option.

 

 

Extend Network to the Cloud

 

In the popup screen, we will configure the extend/stretch network to the cloud:

  1. From the Edge drop-down menu, select NSX Access Router
  2. Select the line with the HCX-Stretched-Network network,
  3. Enter the following ip information under Gateway /Prefix length with 192.168.115.253/24
  4. Click the Stretch button to complete the operation to stretch the network to the cloud.

 

 

Verify L2 Tunnel Status

 

  1. Click on 'Refresh' until Status changes to Extension complete.

 

 

Task Completed

 

  1. Select Tasks under the Navigator menu on the left to monitor the Network Stretch status.
  2. Wait until the Task is Completed.

 

 

Login to HCX Portal to verify Stretch Network

 

  1. Open a new tab on the browser.
  2. Click on HCX-CLOUD-Site-B from the bookmarks toolbar.

 

 

Verify the stretch network from Cloud Portal

 

  1. Enter username as administrator@vsphere.local
  2. Enter password as VMware1!
  3. Click LOG IN

 

 

View Stretch L2 Network

 

  1. Click on Services from the top menu.
  2. Click NETWORKING from the Navigator menu on the left
  3. Verify Stretch Network is Success.

 

Conclusion


In this module, we walked through the HCX's Cross-Cloud Mobility Solution in its entirity, learned HCX site pairing and Network Stretch.


 

You've finished Module 1

Congratulations on completing  Module 1!!

If you are looking for additional information on HCX Cross-Cloud Mobility solution, please reach out to your sales team.

Proceed to any module below which interests you most.

In case you want to exit lab, please click on the END button at the top right corner.

 

 

Module 2 - Bi-Directional Cloud Migration (30 minutes)

Enterprise Migration


IMPORTANT: There is a dependency on Module 1 for this module. If you have not done the site-pairing, please go to Module 1 and complete the site-pairing registration and the HCX Services deployment.

In this module, you will learn how to -


 

Workload Migration

Migration of VMs typically fall in the following (or a variation of) 3 Operational Buckets - 

  1. Datacenter Consolidation - Merger & Acquisition, Retiring of Datacenter space, upgrade of hardware/software infrastructure platforms with HCI, etc.
  2. Datacenter Replacement - Moving to a IaaS or modern Private Cloud. 
  3. Datacenter Extension - Adopting a Hybrid Architecture (moving workloads that require and take advantage of elastic public clouds), 

Traditionally, all of the above require complex set of processes, purchase of additional technology and investment in people. Typically, App Migration face the following challenges - 

  1. Mission Critical Apps require migration without downtime. 
  2. And when these apps are migrated without downtime, they typically suffer from performance degradation. 
  3. Given that during these migration windows, WAN and LAN traffic are negatively impacted, a maintenance window with reduced usage of infrastructure is typically outlined.
  4. Migration windows are over multiple months due to size, distance and network latency/loss.
  5. Requires re-architecting a new IP platform for smooth switchovers requiring the purchase of additional hardware or software.
  6. Application rollback can be complex.

As you can see and have probably experienced, migrations pose complex problems that require complex solutions. And usually, Complex = Expensive.

In Todays Enterprise IT world, 3 types of Migrations are often considered.

  1. Cold Migration - VM is powered-off. VMs moved to the destination Site. Templates are a good example of workloads that require Cold Migration.
  2. Warm Migration - VM is powered-on. VMs are snapshotted and kept in sync with source site. When Source site is down, VMs are powered-on in last known good state. Tier-2 Apps are a good example of workloads, that use this type of Migration.
  3. Zero-Downtime Migration - VM needs to remain powered-on. RPO/RTO requirements require zero downtime. Any data-loss is unaffordable. Mission Critical Apps require this type of migration.

 

 

Migration With HCX

 

With HCX, we are not only looking to solve this problem, but hybridity in general. Which is why - 

  1. HCX enables zero-downtime migration without having to worry about IP re-architecting.
  2. HCX enables Bulk Migration at Scale. Workflows exist for moving 100s VMs in parallel vs 1 VM at a time. 
  3. HCX works across the WAN and LAN, thereby enabling a unique model of Infrastructure with a mix of Private, Public and Hybrid, based on the workload requirements.
    • HCX includes all components required for Migration and beyond .
  4. Network Stretching, Proximity Routing, Wan-OPT, Suite-B encryption, Traffic Engineering are included.
  5. HCX requires No DNS and SSL certificate changes, no app reconfig, simpler rollbacks, no need for strict application groupings that are caused by non-optimized WAN environments. 
  6. HCX works across any vSphere versions (vSphere version 5.5+), thereby not requiring to you to invest in bringing both sites up to parity and enabling you to modernize your datacenters with full SDDC/vCF stack, managed service or IaaS.
  7. HCX enables you to seamlessly extend your network and thus your IP space, extensively reducing the complexity and ensuring your IP Addressing policies, security policy violations and administrative boundaries are not broken.
  8. HCX is delivered as a service, not a product bundle – download small plugin (via OVA) into vSphere, signal the intent via service-driven deployment forms where you select which functions you want to use between sites and tether the sites together. Frequent upgrades, no appliances to manage, ease of install and ease of support. 
  9. HCX enables you to combine on and off-premises networks into a single organizational network, you can still isolate individual workloads on that network via SD-firewalling, ensuring that there are no security gaps.

 

Zero downtime migration (vMotion) between On-Premises to Cloud Instance


In this lesson we will migrate a VM from Inventory in Site A to Site B while powered on.


 

Login to vCenter

 

We will begin by logging into the On-premise (Site A) VC.

  1. Verify the address as : https://vcsa-01a.corp.local/vsphere-client/?csp
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

 

 

Access Hybrid Cloud Services (HCX) Plugin

 

To access the Hybrid Cloud Services (HCX) plugin:

  1. Click Hybrid Cloud Services (HCX) from the Navigator menu on the left
  2. OR Click Hybrid Cloud Services (HCX) from the Home menu on the right.

 

 

Verify Site Pairing

 

Before we do a VM migration, we want to make sure we have paired the 2 sites from the previous Module 1 and also have completed the Layer 2 Network Stretch. The requirement for VM Migration at a minimum is to have Site Pairing.

L2 Network Stretch is optional.

  1. Verify the Site Pairing already exists from our previous Module 1. You may need to scroll a bit down to see the Site pairings. If you have not done the Site Pairing, please go back to Module 1 Site pairing before you can do a VM migration.
  2. Validate that you also have a single Network Extension defined. On the next page, we will see more details about this Stretched Network.

 

 

Verify L2 Network Stretch

 

Now we will verify that we have completed the L2 Network Stretch:

  1. From the top tab, select the Inteconnect tab.
  2. On the Sub-tab, select Extended Networks.
  3. Expand the Port Group named HCX-Stretched-Network by clicking on the triangle icon.
  4. You will see the status Extension complete stating that we have successully extended the L2 Network Stretch from Module 1.

NOTE: L2 Network Stretch is optional for VM migration.

 

 

Run Continuous Ping

 

We are going to migrate the VM core-A from esx-01a.corp.local in RegionA01 Datacenter to esx-02b.corp.local in RegionB01 Datacenter. 

  1. Click on the Command Prompt icon from the bottom taskbar to launch Windows Command Prompt.
  2. From the command prompt, type ping -t core-A to continuously ping the VM core-A

Leave this command prompt running in the background and we will refer back to this prompt occasionally to check if the VM is disrupted duing the vMotion migration.

 

 

Starting the Migration

 

  1. Click on the Migration tab.
  2. Click on Migrate Virtual Machines.

 

 

Migration Screen Options

 

On the Migrate Virtual Machines to Remote Site window:

  1. The Top left side shows the paired remote site.
  2. The left side shows the Source (local site where plugin is installed) inventory.
  3. Top Right side shows the global values that you can set for all your migration initiating from this site. Global Value options are:
    • Specify Destination Container - Can be a cluster, ESX host or folder.
    • Select Storage - Datastores that are available on the Remote Site.
    • Select Provisioning Type - 3 Options. Same format as source, Thick Provision or Thin Provision.
    • Select Migration Type -  vMotion or Replication. 

Please continue to the next page of this lab manual.

 

 

Source Inventory

 

  1. From the Source Inventory on the left, select esx-01a.corp.local. You should see a VM named core-A appear.

 

 

Choosing VM to Migrate

 

  1. Check the checkbox to select the VM core-A. We will select this VM to vMotion.
  2. Next to Specify Destination Container click on the folder icon to open the Destination Container window.
  3. Select the host esx-02b.corp.local. We will migrate the VM core-A from esx-01a.corp.local in RegionA01 Datacenter to esx-02b.corp.local in RegionB01 Datacenter.
  4. Click on Select Destination to select it.

 

 

Choosing VM to Migrate

 

  1. From the dropdown menu for Select Migration Type, select vMotion.
  2. From the dropdown menu for Select Storage, select RegionB01-ISCSI01-COMP01.
  3. From the dropdown menu for Select Provisioning Type, select Same format as source.
  4. From the dropdown menu for HCX-Stretched-Network, scroll down and select vxw-dvs-121-virtualwire-5-sid-15003-L2E_HCX-Stretched-Network_vlan-0-d9dd6319
  5. Click Next to continue.

 

 

Validate Migration Request

 

Before migrating, validation is done to ensure the migration can actually be completed. You can ignore any warnings that may come up. Validate the information you inputed in previous screens.

  1. Select Finish to start the migration.

 

 

Migration in Progress

 

  1. Click Refresh to see updated progress.
  2. The 'vMo' next to the green arrow shows the type of migration - vMotion.
  3. The green arrow shows the direction of the migration - Local to Remote site.


 

 

Uninterrupted VM during Migration

 

  1. Select the Command Prompt from the bottom taskbar.
  2. As you can see, the VM is still accessible without any service disruptions during the vMotion migration.

 

 

Migration is Complete

 

  1. View Migration completed status.

 

 

Migration is Complete

 

  1. Select the Dashboard tab.
  2. Scroll down on the right to reach the bottom of the dashboard screen.
  3. Under Activity Logs, we see that the Cross Cloud vMotion of the VM core-A has completed.

 

 

View migrated VM  

 

Now we are going to connect to the Site-B vCenter  to locate the VM Core-A that we have vMotioned from Site A.

  1. Select to create a new browser tab.
  2. From the Bookmarks toolbar, click on Site-B vCenter.
  3. Enter the User name: administrator@vsphere.local
  4. Enter the Password: VMware1!
  5. Click on Login to continue.

 

 

View migrated VM

 

  1. From the top, select the Home menu.
  2. From the Home Menu, select Host and Clusters.
  3. On the left navigation, expand out the arrows for vcsa-01b.corp.local, RegionB01, RegionB01-COMP01. Locate and click on the VM, core-A. Note: This is the VM we vMotion over from RegionA.
  4. With the core-A VM selected, on the right window select the Summary tab. Here we see some summary details about the core-A VM. Notice it is running on Host esx-02b.corp.local where it was vMotioned.

 

 

Check Migration test status

 

  1. Bring the command prompt back into view.
  2. Stop the ping by clicking on Ctrl + C.
  3. Check the packet loss rate. You should see 0% packet loss

Congratulation! You have vMotion'd a VM from Site A to Site B at 0% packet loss. In the next exercise, we will bulk migrate, via vMotion, from Site B to Site A.

 

Zero downtime Bulk Migration between Cloud Instance to On-Premises


We will now do a bulk migration of the VMs from Remote site to the Source Site. 

Please Note: You might see errors during the migration process. This is expected behavior currently and will be fixed soon.


 

Login to vCenter

 

We will now go back to our vCenter for Site-A. If you still have your vSphere Web Client connected to Site-A vCenter, you may skip this step. If not, please open a new Chrome browser tab:

  1. Go to the address: https://vcsa-01a.corp.local/vsphere-client/?csp or click from the bookmarks toolbar on Site-A vCenter.
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

 

 

Access Hybrid Cloud Services (HCX) Plugin

 

To access the Hybrid Cloud Services (HCX) plugin:

  1. Click Hybrid Cloud Services (HCX) from the Navigator menu on the left
  2. OR Click Hybrid Cloud Services (HCX) from the Home menu on the right.

 

 

Starting the Migration

 

  1. Click on the Migration tab.
  2. Click on Migrate Virtual Machines.

 

 

Choose Reverse Migration

 

  1. Check the Reverse Migration checkbox. We are now going to migrate from RegionB01 back to RegionA01.
  2. Click on the esx-02b.corp.local host from the Source Inventory. Remember we vMotion a VM core-A from RegionA01 to RegionB01 earlier on to this host. You will also notice there is another existing core-B VM as well. Continue to the next page in the lab manual.


 

 

Choose the 2 VMs

 

  1. Check the checkbox next to core-A VM to select it for vMotion.
  2. Check the checkbox next to core-B VM to select it for vMotion.
  3. At the top we the universal migration options, the selections you make it will apply to all selected VMs. We will select esx-01a.corp.local as our host to vMotion to (Destination Container).
  4. For Storage, select RegionA01-ISCSI01-COMP01.
  5. For Provisioning Type, select Same format as source.
  6. For Migration Type, select vMotion.
  7. Under VM core-A, select HCX-Stretched-Network as the network to use.
  8. Under VM core-B, select HCX-Stretched-Network as the network to use as well.
  9. Click Next to continue.

 

 

Validating the Migration

 

Migration process is now being validated for the parameters that were passed. Note: If you happen to have some warning, you may safely ignore them and proceed.

  1. Click on Finish to start the reverse migration back to RegionA01.

 

 

Migration in Progress

 

The Migration screen now shows the migration in progress.

  1. Click the Refresh button sporadically to see any updates to the process.

Direction and color of arrow show the type of migration. Reverse migration from Remote to Local.

 

 

 

Migration is Complete

 

  1. Completion is marked by a checkmark. You can also view on the Dashboard showing the total completed migrations.
  2. Now we will view the local VM inventory to see if VMs were successfully migrated over from the Remote site. From the left Navigator Home menu, click on Hosts and Clusters and continue to the next page of this lab manual.


 

 

Verification

 

From the Hosts and Clusters view, we will verify if VMs were successfully migrated over from the Remote site.

  1. On the left menu, expand the arrows for vcsa-01a.corp.local, RegionA01 Datacenter and RegionA01-COMP01.
  2. Select the host esx-01a.corp.local. Note: Remember we reverse migrated the 2 VMs to this host.
  3. On the right window, select the tab Related Objects for this host. It should default to Virtual Machines sub-tab. Notice the 2 VMs, core-A and core-B are located on this host just as we expected.


Congratulation! You have successfully bulk migrated both VMs from Site B to Site A.

 

Conclusion


In this module, you learnt how to 


 

Day-Day Applicability of this Module

  1. Non-disruptive vSphere Upgrade (from vSphere 5.5 to vSphere 6.x) into newer hardware or public cloud.
  2. Migration of Production Apps without the need for Application Dependency Mapping. 
  3. Moving VMs between various cloud infrastructures for various IT operations tasks such as (hardware refresh, switch upgrades, software upgrades/patches, etc).

 

 

You've finished Module 2

Congratulations on completing  Module 2.

If you are looking for additional information on HCX Cross-Cloud Mobility solution, please reach out to your sales team.

Proceed to any module below which interests you most.

In case you want to exit lab, please click on the END button at the top right corner.

 

 

Module 3 - Hybrid Disaster Recovery (DR) (30 minutes)

Introduction


IMPORTANT: Before you start the exercises in this module, please ensure that you have completed Module 1. There is a dependency on Module 1 for the exercises in this module. 

In this module, you will learn  -


 

What is Hybrid Disaster Recovery

4 Key weaknesses that Enterprises face today when dealing with a disaster

  1. There is no DR plan or is an afterthought.
  2. The DR plan is inadequate.
  3. The DR plan has not been updated for newer infrastructure and associated changes in processes.
  4. The DR plan is not properly tested.

HCX's introduces a new architecture in solving the age old problem of Disaster Recovery. With the state of hybridity established and network extended, the HCX platform can now be used to provide Active-Active protection for either Partial Recovery or Full Recovery of BOTH VM workloads and Infrastructure.

With HCX's Hybrid Disaster Recovery solution, the following is possible - 

  1. Protect VMs on the primary (local) site to a secondary (remote) site.
  2. Protect VMs from the secondary (local) site to the primary (remote) site.
  3. Deploy Test and Planned Recovery from the remote site.
  4. Reverse replicated the recovered VM to the local site.
  5. Reconfigure protected VMs - to change RPO, etc.
  6. Pause, Resume protected VMs - to account for maintenance windows, etc.

By adding Data Center Designer into the architecture, replicating/mirrororing even the most complex networking topologies into a single virtual data center now is a reality, simplifying disaster recovery to the cloud.

 

 

Illustration of Proximity Routing

 

In a partial failover scenario, tramboning (When users extend their networks to the cloud, Layer 2 connectivity is stretched onto the cloud. However, without route optimization, Layer 3 communication requests must return to the on-premises network origin to be routed.) is a real problem. 

HCX includes Proximity Routing to solve this problem.

In the diagram above, the N*a components on the left reside in the on-premises data center, and the N*b component on the right reside in the cloud. 

R1 is the default gateway for N1-b, therefore, N1-b must return to R1 to route traffic through R2. To prevent asymmetric routing, HCX injects host routes into the on-premises network. 

  1. If the virtual machine was newly created in the cloud, the host route is injected immediately.
  2. If the virtual machine was transferred using vMotion, the route is not injected until the virtual machine reboots. Waiting until after the reboot ensure that the on-premises stateful devices continue to service the existing session until the virtual machine reboots. After the reboot, the routing information is consistent, both on-premises and in the cloud.

That is, R1 can use routing to reach a specific virtual machine through R2, rather than using the locally connected extended Network. R2 fully owns the path for other networks to reach virtual machines with Proximity Routing enabled.

 

Setup Disaster Recovery Protection for a VM


In this lesson, we will configure disaster recovery protection for a VM


 

Login to vSphere Web Client At Site A

 

  1. On the broswer click on Site-A vCenter. Verify the address as : https://vcsa-01a.corp.local/vsphere-client/?csp
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

 

 

Access Hybrid Cloud Services (HCX) Plugin

 

To access the Hybrid Cloud Services (HCX) plugin:

  1. Click Hybrid Cloud Services (HCX) from the Navigator menu on the left
  2. OR Click Hybrid Cloud Services (HCX) from the Home menu on the right.

 

 

Verify Site Pairing

 

Before we do a VM protection, we want to make sure we have paired the 2 sites from the previous Module 1 and also have completed the Layer 2 Network Stretch. The requirement for VM Protection at a minimum is to have Site Pairing.

  1. Verify the Site Pairing already exists from our previous Module 1. You may need to scroll a bit down to see the Site pairings. If you have not done the Site Pairing, please go back to Module 1 Site pairing before you can do a VM Protection.
  2. Validate that you also have a single Network Extension defined. On the next page, we will see more details about this Stretched Network.

 

 

Verify L2 Network Stretch

 

Now we will verify that we have completed the L2 Network Stretch:

  1. From the top tab, select the Inteconnect tab.
  2. On the Sub-tab, select Extended Networks.
  3. Expand the Port Group named HCX-Stretched-Network by clicking on the triangle icon.
  4. You will see the status Extension complete stating that we have successully extended the L2 Network Stretch from Module 1.

 

 

Hosts and Clusters

 

  1. Click on Hosts and Clusters in the left pane.

 

 

Enable DR Protection on VM

 

  1. Expand Datacenter RegionA01
  2. Expand Cluster RegionA01-COMP01
  3. Right Click on VM core-A
  4. Expand Hybridity Actions
  5. Click on Protect VM

 

 

VM Replication Details

 

  1. Check the checkbox for VM Name core-A
  2. Expand the VM core-A
  3. Select Destination Container as RegionB01
  4. Select Storage as RegionB01-ISCSI01-COMP01
  5. Select Provisioning Type as Same format as source
  6. Select RPO as 15 minutes.  Recovery Point Objective (RPO) is the maximum targeted period in which data might be lost from an IT service due to a major incident. You can set the range between 15mins - 24 hours.
  7. Select Snapshots Interval as 1 hour. Here we establish multiple recovery points. It can be configured between 1 hour - 4 days.
  8. Select No. of Snapshots as 1 snapshot
  9. Select HCX-Stretched-Network as vxw-dvs-121-virtualwire-5-sid-15003-L2E_HCX-Stretched-Network_vlan-0-d9dd6319
  10. Click on Next

 

 

Reviewing the configured replication policy for protected VM

 

Verify the details and Click on Finish

 

 

Go To HCX Plugin

 

  1. Click on Home
  2. Click on Hybrid Cloud Services (HCX)

 

 

Go to Disaster Recovery

 

  1. Select tab Disaster Recovery
  2. Local VMs show the following
    1. Total # of VMs that are being  protected out of the Total # of VMs in the local site.
    2. It also shows the # of these protected VMs that have been tested thus far.
  3. Remote VMs show the following
    1. The # of VMs that the local site is protecting for the Remote Site.
    2. It also shows the # of these protected VMs that have been tested thus far.
  4. Progress shows how many VMs are in the following state
    1. Configuring
    2. Syncing
    3. Recovering
    4. Testing
    5. Cleaning

 

 

DR Protection is Configuring

 

  1. DR tab shows the DR Protection being configured for the selected VM.
  2. Currently the Status of the VM is Configuring
  3. The # of VMs protected under Local VMs goes up by 1

 

 

DR protection in Progress

 

This process might take a few minutes.

You will see Detailed Status first move to Not Available, to Protection Inactive, to Synchronization (Full) and then finally to Active.

 

 

DR Protection is Complete

 

  1. VM is now in Active State - DR Protection is active for this particular VM. This is represented by the green shield.
  2. The yellow triangle means that this active VM has not been tested.
  3. Green circle represents a powered-on VM.
  4. Direction of the arrow shows the direction of protection. In this case the VM is protected on the remote site.

 

 

Verify DR Protection at Site A

 

  1. Click on Tasks from the left pane.
  2. Verify "Enable replication of virtual machine" is Completed.

 

 

Lets look at Site B

 

  1. Open a new tab on the browser
  2. From the bookmarks menu click on Site-B vCenter

 

 

Login to Site B

 

  1. Verify the address as : https://vcsa-01b.corp.local/vsphere-client/?csp
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

 

 

Tasks on Site B

 

  1. Click on Home
  2. Click on Tasks

 

 

Verify Protection on Site B

 

  1. Verify the task "Create virtual disk" is Complete.  Do NOT close Site B tab.

Congratulations! You have enabled Disaster Recovery Protection for a VM. In the next exercise we will test this protection.

 

Testing the Disaster Recovery Protection for the Protected VM


In this lession, we will learn how to run the Test recovery and Test Cleanup for the Protected VM


 

Login to HCX Cloud

 

We will now run Test Recovery on the protected VM on the Remote site.

If not yet open, open a new tab in the browser and click on HCX-CLOUD-Site-B from the bookmarks toolbar.

  1. Enter username as administrator@vsphere.local
  2. Enter password as VMware1!
  3. Click LOG IN

 

 

Go to the DR Tab

 

  1. Click on Services tab
  2. Click on DISASTER RECOVERY from the left pane.
  3. Local VMs here mean the VMs that are local to the Remote site.
  4. Remote VMs are the VMs that are remote to the Remote Site (on-premises).
  5. The arrow shows DR protection that is incoming to the Remote site.

 

 

VM Disaster Recovery options

 

  1. Against the protected VM, Click on the 3 dots for more options.
  2. The operations available to you are -
    1. Recover (To recover a VM immediately)
    2. Planned Recovery (To plan a recovery at a scheduled time)
    3. Test Recovery (Testing the protected VM on the recovery site to ensure its integrity/state)
    4. Reconfigure (Edit the RPO, Snapshots etc, other characteristics for the protected VM)
    5. Pause (In the event there is a planned event such as a maintenance window, this options help avoiding conflicts of replicating at that point of time) 
    6. Resume (Resume the protection)
    7. Remove (Remove the protection plan)

 

 

Run a Test Recovery

 

Click on Test Recovery

 

 

Configure Test Recovery

 

Click on Test

 

 

Test Recovery In Progress

 

On the top status, you will notice Successfully queued Test Recovery in green.

 

 

DR Test Recovery Complete

 

This process will take a couple of minutes.

  1. Detailed Status of the VM shows Test Complete.
  2. No.of  tested VMs under Remote VMs has changed. It now shows 1/1 VM tested.
  3. Instead of the yellow triangle, there now is a green check mark.

 

 

VM Replication Details

 

Expanding on > gives you more information on the Replication Status, Activity History, Replica Instances, Replication Details, Virtual Machine Details etc

 

 

Verify Test Recovery on Site B

 

  1. Go back to Site-B vCenter tab. Make sure the web address is https://vcsa-01b.corp.local/vsphere-client/?csp
  2. Select Tasks -> Verify Register virtual machine task is Completed.

 

 

Go to Hosts and Clusters view on Site B

 

  1. Click on Home
  2. Click on Hosts and Clusters

 

 

Verify VM registered on Site B

 

  1. Verify the VM core-A is registered and powered on at Site B.

Do NOT close the tab.

 

 

Start DR Test Cleanup

 

Go back to HCX Cloud tab.

  1. Click on Services
  2. Click on DISASTER RECOVERY
  3. Click on the 3 dots.
  4. Click on Test Cleanup.

 

 

DR Test Cleanup

 

Click on Cleanup.

 

 

DR Test Cleanup In Progress

 

The Status now reads Cleaning Test.

 

 

DR Test Cleanup Complete

 

The Status now reads Active State.

 

 

Verify VM is unregistered at Site B

 

  1. Go back to Site B tab. Make sure the web address is https:..vcsa-01b.corp.local/vsphere-client/?csp
  2. Verify the VM core-A is powered off and unregistered from Site B.

 

 

Go to Tasks View at Site B

 

  1. Click on Home
  2. Click on Tasks

 

 

Verify DR Test Cleanup Task is Completed on Site B

 

  1. Verify the Unregister and Power off tasks for VM core-A at Site B is Completed


Congratulations, you have successfully tested an actively DR Protected VM!!

 

Simulate, Recover and Reverse Replicate from a Disaster for the Protected VM


In this lesson, we will simulate disaster on-premises site, recover the VM in the cloud and later reverse replicate the VM.


 

Login to vSphere Web Client on Site A

 

We will know simulate a Disaster event and recovery the VM from the Remote site.

  1. Verify the address as : https://vcsa-01a.corp.local/vsphere-client/?csp
  2. Username: administrator@vsphere.local
  3. Password: VMware1!
  4. Click on Login

 

 

Simulate Disaster

 

  1. Click on Hosts and Clusters

 

 

Power Off VM

 

  1. Expand Datacenter RegionA01
  2. Expand Cluster RegionA01-COMP01
  3. Right Click on VM core-A
  4. Select Power
  5. Click on Power Off

 

 

Confirm Power Off VM

 

Click on Yes

Wait for the VM to be powered off.

 

 

Back To HCX Plugin At Site A

 

  1. From Home, click on Hybrid Cloud Service (HCX)
  2. Click on tab Disaster Recovery
  3. You will notice the VM Status is now Protection Inactive, represented by the red lightning icon.

 

 

Configure Recovery Of VM from HCX Cloud Portal

 

Go back to HCX Cloud Portal tab

  1. Now expand the 3 dots against the VM and click on Recover.

 

 

Recover the VM

 

  1. By Default it chooses the latest recovery point instance.
  2. Click on Recover.

 

 

Recovery in Progress

 

  1. On the top it shows the VM Recovery is successfully Queued
  2. Detailed Status shows the Received request for recovery.

 

 

 

Recovery is Complete on the Remote Site

 

  1. The VM has successfully been Recovered. This is denoted by the dark grey shield icon.

Congratulations, you have successfully recovered the VM on the Remote Site after a disaster!

 

 

Go Back to Site A to Power on the VM

 

While the VM is recovered in Cloud, original VM on Site A is back up now.

  1. Right click on the VM core-A
  2. Expand Power
  3. Click on Power On

Wait for VM to be powered on

 

 

Go back to the HCX Plugin At Site A

 

  1. Click on Home
  2. Click on Hybrid Cloud Services (HCX)

 

 

View Replication Status

 

  1. Click on Disaster Recovery. You will notice the replication status as Protection inactive.

 

 

Start the Reverse Replication from Site A

 

  1. Click on 3 dots to get the options for the VM. 
  2. Click on Reverse

 

 

Configure Reverse Replication

 

Click on Reverse.

 

 

Reverse Replication is Scheduled

 

In the Detailed Status notice the reverse replication is in Synchronizing (initial) mode.

 

 

Reverse Replication is Completed

 

  1. VM is now in Active state.
  2. And 2 arrows represent the reverse replication and forward protection. The VC will only have 1 VM.


Congratulations! You have successfully Simulated a disaster, recovered and reverse replicated protection on a VM with HCX!

 

Conclusion


You have learnt


 

Day-Day Applicability of this Module

  1. No longer need a dedicated DR site, as with HCX, the same vlans can be stretched to the cloud instance.
  2. No Massive re-iping or application dependency mapping exercise.
  3. Bi-directional DR protection helps you make the most effecient hybrid cloud architecture.

 

 

You've finished Module 3

Congratulations on completing  Module 3!!

If you are looking for additional information on HCX Cross-Cloud Mobility solution, please reach out to your sales team.  

Proceed to fourth module below if it is of interest to you.

 

In case you want to exit lab, please click on the END button at the top right corner.

 

 

Module 4 - Datacenter Designer (15 minutes)

Introduction


In this module we will learn:


 

Overview of Data Center Designer

The Data Center Designer for Hybrid Cloud provides customers with  a series of field-tested recommended architectures, or designs which have been created by VMware network security architects  to help users moving to public cloud with understanding how to provide the tools, resources and services commonly found in on-premises data centers in a public cloud. It is based on the commonly known concept of a Demiltarized Zone also known as a DMZ. The main goal of this hybrid cloud DMZ is to create an aggregation and isolation point between the user's existing  on premesis data center and public cloud deployments.

By providing the aggregation of shared core features such as Active Directory servers, encryption key servces  and licensing services customers can  lower overall licensing costs by reducing the number of duplicate instances that need to be maintained and paid for in each public cloud Virtual Data Center and establish a single administrative domain for these features, accomplishing a clear separation of roles and responsibilities as well.

 

 

Typical Datacenter Architecture

 

The above picture shows two different network architectres which are  typical of the type of network perimeter  that customers implement today to provide access and protection to their datacenter for a  3-tier workload.

The Aggregation Layer incorporates the following functions -

  1. Firewalling
  2. Loadbalancing
  3. Network Analysis
  4. SSL offloading services
  5. Intrusion detection

As you can see, each production 3-tier application would require similar aggregation layer setup. 

This only gets additionally  complex and expensive, when you have to replicate this on-premesis architecture in the cloud. 

Data Center Designer helps customers solve this problem by providing the tools to quickly build and deploy a coud based permiiter security and aggrigration layer  as well as providing a set of validated reference designs.

 

 

What is Data Center Designer

 

Data Center designer provides network  architects with the tools necessary to quicky and easily provide the resources and services commonly found in on-premises data centers in a public cloud. It is based on the commonly known concept of a Demilitarized Zone  also known as a DMZ. The main goal of this  DMZ is to create an aggregation and isolation point between the user's existing on premesis data center and public cloud deployments.

By providing the aggregation of shared core features such as Active Directory servers, encryption key services and licensing servers customers can lower overall licensing costs by reducing the number of duplicate instances that need to be maintained and paid for in each public cloud Virtual Data Center and establish a single administrative domain for these features, accomplishing a clear separation of roles and responsibilities as well.

 

 

Data Center Designer Template Example

 

Data Center Designer provides customers with a set of validated reference architectures  as well as a blueprinting tool which allows a customer to recreate the same  level of perimeter network security in the public cloud as they have on premesis today while also providing the ability to leverage service aggregation.  In short, providing in public cloud the equalivalent of  an on- premises DMZ.

The Data Center Designer provides several benefits:

  1. Provides customers with the ability to leverage proven and validated designs which, vetted by VMware cloud security experts.
  2. Allows for Consistent Networking and Security Policies. By extending your on-premises security and governance policies to the public cloud, you can eliminate inconsistencies in your networking and security policies and architecture.
  3. Speeds the Implementation of a secure DMZ entry point that extends your on-premises security and governance policies into the public cluud space.
  4. Run perimeter security and entry point security services, such as firewalls and intrusion detection systems, as well as shared services like monitoring, logging, and orchestration tools to eliminate duplication of services and ease management burden.
  5. Bring your own IPS/IDS, antivirus, content firewalls, proxies and more. You can also bring your own network appliances such as WAN optimization, DNS, routers, load balancers, and VPN concentrators. Share them among multiple cloud endpoints to eliminate overhead and wasted resources.
  6. Facilitates BYOA: Bring Your Own Security Appliances such as IPS/IDS Anti-Virus, Content Firewalls, Proxy  and   Network Appliances such as WAN OPT, DNS, Routers, LoadBalancers, VPN Concentrators etc.
  7. Facilitates separation of roles and responsibilities, by separating the firewalls and network aggrigation applicances into a separate DMZ area IT administrators do not have to provide administrative rights into the compute cluster.

We will now do a walkthrough of Data Center Designer.

 

Datacenter Designer Walkthrough


In this module, we will walk through Datacenter Designer. Note this is a simulation of  the functionality which  the Data Designer will provide, the walkthrough is for illustrative purposes only, and there is no need to fill in any of the pop-up windows they are for example only.


 

Login to HCX Cloud

 

The Data Center Designer functionality is included with the Hybrid Cloud.

Login to the Hybrid cloud by clicking the tab labeled "HCX-Cloud-Site-B" in the browser.

  1. Enter Username: administrator@vsphere.local
  2. Enter Password: VMware1!
  3. Click on LOG IN

 

 

Go to Data Center Designer

 

  1. Click the "Data Center Designer" To initiate the Data Center Designer template

 

 

Add Networks

 

  1. Click on Add Networks

 

 

Complete the Add Networks process

 

Reminder: there is no need to enter data in these screens they are for illustrative purposes only.

  1. Provide a name for the network, for example "transit network"
  2. Add the address of the network gateway, for example the IP address of the transit gateway
  3. Add the  prefix length, for example /24 or /32
  4. Enter  the  IP ranges which will be used by virtual machines on this network for example 192.168.1.100:192.168.1.200
  5. Click Save to  complete the add network process.

 

 

Add Routers

 

  1. Click on Add Routers
  2. Choose to add either an Aggregator Router, An Aggregator Router will handle traffic to a DMZ aggregation  point OR
  3. Access Router  , an Access Router will handle north-south traffic into/out of the cloud.

 

 

Add An Aggregation Router

 

Reminder: there is no need to enter data in these screens they are for illustrative purposes only. Creating an Aggregation Router is similar (in function) to creating an Edge Gateway on NSX or vCD.

Click on Aggregation Router and fill in the information.

  1. Based on the anticipated throughput of the router virtual appliance, it can be configured for a small resource footprint or a large resource footprint.
  2. The appliance can be configured in a HA Pair
  3. Once completed, click on setup.

 

 

Add an Access Router

 

Reminder: there is no need to enter data in these screens they are for illustrative purposes only.

  1. Based on the anticipated thruput of the router virtual appliance, it can be configured for a small resource footprint or a large resource footprint.
  2. The appliance can be configured in a HA Pair
  3. Once completed, click on setup.

 

 

Save The Network Construct As A .PNG FIle

 

  1.  Click the arrow to download the network diagram as a .png file for reference

 

 

Download And Save the File

 

Click on DOWNLOAD to save the file.

 

Conclusion


In this module you learnt -


 

Day-Day Applicability of this Module

  1. Secure IT Control with Service and Network Isolation.
  2. Separation of Duties: maintain different projects in different Virtual Data Centers for resource isolation and role based access control.
  3. Management and Network Services: run perimeter security, entry point security services (F/Ws, IPS,IDS), Shared Services (Monitoring, Logging, Orchestration, AD etc.) in the Data Center Designer service. 
  4. Cloud Exchange: physical separation of App and OS licensing such as Oracle & Windows Datacenter licensing.

 

 

You've finished Module 4

Congratulations on completing  Module 4!!

In case you want to exit lab, please click on the END button at the top right corner.

 

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1881-01-HBD

Version: 20180406-150349