VMware Cloud Director Migration NSX-T

VMware Cloud Director NSX-V to NSX-T Migration Support Matrix

In today’s rapidly evolving IT landscape, Cloud Service Providers need to ensure that their customers have access to the latest and most advanced networking and security features. VMware Cloud Director (VCD) allows customers to build secure private clouds, dramatically increasing data center efficiency and business agility.

Combined with VMware NSX (previously NSX-T Data Center or NSX-T), VMware’s software-defined networking platform, the result is a powerful solution for service providers and enterprises to support the growing number of distributed applications being run on heterogenous endpoints, VMs, containers, and bare metal across DC, Cloud, and Edge.

Why should we migrate VMware Cloud Director to VMware NSX (NSX-T)?

As per the current latest version (10.4.2), VCD still supports two options for network virtualization: NSX Data Center for vSphere (NSX-V) and VMware NSX (formally known as NSX-T Data Center or NSX-T). However, NSX-V reached its End of General Support (EoGS) is January 16, 2022, and technical guidance on January 16, 2023. Therefore organizations must take proactive steps to mitigate security risks, maintain compliance, and continue to leverage the benefits of network virtualization.

The migration process can be complex and should be planned and executed carefully to minimize disruption and ensure a successful transition. Recently, VMware has released version 1.4.2 of the VMware NSX Migration for VMware Cloud Director tool, enhancing the support of VCD networking features and allowing V2T migrations with minimal downtime.

VCD V2T Features and Migration Matrix

To help Cloud Service Providers plan for a smooth transition, this short blog provides information on the current VCD NSX Features Support Matrix and those that can be auto-migrated using the latest NSX Migration for VCD tool (1.4.2).

FeatureNSX Data Center for vSphere (NSX-V)VMware NSX (NSX-T)NSX Migration for VCD tool
Overlay network backingVXLANGENEVEYes
Distributed RoutingYesYesYes
Non-Distributed RoutingYesYes (10.3.2)Yes
External NetworkPort groups; Logical Switches (virtual wires)Port groups; NSX Segments; Connection to external networks from Edge GW (10.4.1)Yes
Provider GatewayNot Applicable (N/A)T0/VRF for Edge GW egressYes
Routed Network with NATYesYesYes
Routed Network no NATYesAdvertisement of routed network requires dedicated Provider GW or IP Spaces.Yes
Isolated NetworkYesYesYes
Direct NetworkYesYesYes
Imported NetworkUnsupportedYesN/A
Shared NetworkYesWith Data Center Groups for non-directly connected Org VDC networksYes
IPv6 NetworkYesYesYes
Dual Stack (IPv4/IPv6 on same vNIC)YesYesYes
Org VDC Edge GWESGTier-1 GatewayYes
IP address sub-allocationProvider managedProvider managed or self-service with IP SpacesYes
Edge FirewallYesYesYes
NAT (NAT44)YesYesYes
NAT64YesUnsupportedN/A
DHCPYesYesYes
DHCPv6UnsupportedYesN/A
DNS ForwardingYesYesYes
BGP IPv4YesThe Provider GW must be private to an organization or dedicated to Tenant’s Edge GW.Yes
BGP IPv6UnsupportedYesN/A
OSPFYesUnsupportedN/A
VRF LiteUnsupportedYesYes
Static RoutesYesStatic routes only on Tier-1 GW, but not on Tier-0/VRF (10.4)Yes
Policy-Based IPsec VPNYesYesYes
Route-Based IPsec VPNYesUnsupportedN/A
L2 VPNYesYes (10.3)NSX-T L2VPN is not backwards compatible with NSX-V L2VPN. The configuration of all L2VPN endpoints must be migrated manually.
SSL VPNYesUnsupported by NSX-T. SSL VPN alternatives can be deployed, and the configuration migrated manually. Please check the VMware Cloud Director Remote Access VPN Integration Guide.N/A
Load BalancingYesRequires NSX Advanced Loadbalancer (Avi)Yes
IPv6 Load BalancingYesRequires NSX Advanced Loadbalancer (Avi) (10.4)Yes
Edge logging and CLIYesNSX-T Edge node is shared. CLI is not available. Centralized logging with possible filtering. No tenant-dedicated logging.N/A
Edge HAYes (Optional Active/Standby)YesYes
vApp Edge (routing, NAT, firewall)YesYes (10.3)
Routed vApps cannot be connected to VLAN-backed Org VDC network
Yes
vApp Edge FencingYesUnsupportedN/A
Distributed Firewall (L3/L4 and L7)YesRequires VCD Data Center GroupYes
Distributed Firewall (L2)YesUnsupportedN/A
Cross VDC Networking (same VCD)YesRequires VCD Data Center Group; single egress onlyUnsupported
Cross VDC Network (different VCDs)YesUnsupportedN/A
Edge placementYes (via API)Edge Cluster granularity and via failure domains in NSX-TYes
Edge gateway rate limitingYes (external network granularity)At the Edge GW level (10.3.2).
NSX-T Gateway Ingress/Egress QoC Profiles
Yes
External network meteringYesYes with Aria OperationsN/A
Segment ProfileUnsupportedYesN/A

Are you interested in learning more about NSX Migration for VCD tool and process? Do you need to perform a VCD NSX migration? Beneath are some reference resources to help you throughout the transition.

Docs and Blogs

Webinar Series

  • Close the Technical NSX V to NSX T Skills Gap
    • Part 1 Series: Modernize Your NSX Environment (3 Episodes, Level 100-300) Watch now on-demand
    • Part 2 Series: Migrating Complex NSX-v Architectures  (4 Episodes Level 300-400). Register for July 11-19 Series AMER/EMEA  or  APJ

Demos:

Conclusion

While VMware NSX Data Center for vSphere (6.4.x) continues to function past its EoGS date, bug fixes and security patches for the specific version are discontinued. This can expose the infrastructure to vulnerabilities, making it crucial for organizations to plan and execute an NSX-V to NSX-T transition for VMware Cloud Director environments.

In addition, migrating to NSX-T will maintain a strong integration to your VMware Cloud Director platform while enabling greater business agility, cloud scalability, and network performance by supporting modern distributed apps with a complete networking and security stack.

Use the vcd-v2t-assist channel in the VMware Cloud Provider Slack workspace for further questions or to provide your V2T migration experience and feedback. Additionally, the following FAQ answers common questions concerning the VMware NSX Migration for VMware Cloud Director.