In today’s rapidly evolving IT landscape, Cloud Service Providers need to ensure that their customers have access to the latest and most advanced networking and security features. VMware Cloud Director (VCD) allows customers to build secure private clouds, dramatically increasing data center efficiency and business agility.
Combined with VMware NSX (previously NSX-T Data Center or NSX-T), VMware’s software-defined networking platform, the result is a powerful solution for service providers and enterprises to support the growing number of distributed applications being run on heterogenous endpoints, VMs, containers, and bare metal across DC, Cloud, and Edge.
Why should we migrate VMware Cloud Director to VMware NSX (NSX-T)?
As per the current latest version (10.4.2), VCD still supports two options for network virtualization: NSX Data Center for vSphere (NSX-V) and VMware NSX (formally known as NSX-T Data Center or NSX-T). However, NSX-V reached its End of General Support (EoGS) is January 16, 2022, and technical guidance on January 16, 2023. Therefore organizations must take proactive steps to mitigate security risks, maintain compliance, and continue to leverage the benefits of network virtualization.
The migration process can be complex and should be planned and executed carefully to minimize disruption and ensure a successful transition. Recently, VMware has released version 1.4.2 of the VMware NSX Migration for VMware Cloud Director tool, enhancing the support of VCD networking features and allowing V2T migrations with minimal downtime.
VCD V2T Features and Migration Matrix
To help Cloud Service Providers plan for a smooth transition, this short blog provides information on the current VCD NSX Features Support Matrix and those that can be auto-migrated using the latest NSX Migration for VCD tool (1.4.2).
Feature | NSX Data Center for vSphere (NSX-V) | VMware NSX (NSX-T) | NSX Migration for VCD tool |
---|---|---|---|
Overlay network backing | VXLAN | GENEVE | Yes |
Distributed Routing | Yes | Yes | Yes |
Non-Distributed Routing | Yes | Yes (10.3.2) | Yes |
External Network | Port groups; Logical Switches (virtual wires) | Port groups; NSX Segments; Connection to external networks from Edge GW (10.4.1) | Yes |
Provider Gateway | Not Applicable (N/A) | T0/VRF for Edge GW egress | Yes |
Routed Network with NAT | Yes | Yes | Yes |
Routed Network no NAT | Yes | Advertisement of routed network requires dedicated Provider GW or IP Spaces. | Yes |
Isolated Network | Yes | Yes | Yes |
Direct Network | Yes | Yes | Yes |
Imported Network | Unsupported | Yes | N/A |
Shared Network | Yes | With Data Center Groups for non-directly connected Org VDC networks | Yes |
IPv6 Network | Yes | Yes | Yes |
Dual Stack (IPv4/IPv6 on same vNIC) | Yes | Yes | Yes |
Org VDC Edge GW | ESG | Tier-1 Gateway | Yes |
IP address sub-allocation | Provider managed | Provider managed or self-service with IP Spaces | Yes |
Edge Firewall | Yes | Yes | Yes |
NAT (NAT44) | Yes | Yes | Yes |
NAT64 | Yes | Unsupported | N/A |
DHCP | Yes | Yes | Yes |
DHCPv6 | Unsupported | Yes | N/A |
DNS Forwarding | Yes | Yes | Yes |
BGP IPv4 | Yes | The Provider GW must be private to an organization or dedicated to Tenant’s Edge GW. | Yes |
BGP IPv6 | Unsupported | Yes | N/A |
OSPF | Yes | Unsupported | N/A |
VRF Lite | Unsupported | Yes | Yes |
Static Routes | Yes | Static routes only on Tier-1 GW, but not on Tier-0/VRF (10.4) | Yes |
Policy-Based IPsec VPN | Yes | Yes | Yes |
Route-Based IPsec VPN | Yes | Unsupported | N/A |
L2 VPN | Yes | Yes (10.3) | NSX-T L2VPN is not backwards compatible with NSX-V L2VPN. The configuration of all L2VPN endpoints must be migrated manually. |
SSL VPN | Yes | Unsupported by NSX-T. SSL VPN alternatives can be deployed, and the configuration migrated manually. Please check the VMware Cloud Director Remote Access VPN Integration Guide. | N/A |
Load Balancing | Yes | Requires NSX Advanced Loadbalancer (Avi) | Yes |
IPv6 Load Balancing | Yes | Requires NSX Advanced Loadbalancer (Avi) (10.4) | Yes |
Edge logging and CLI | Yes | NSX-T Edge node is shared. CLI is not available. Centralized logging with possible filtering. No tenant-dedicated logging. | N/A |
Edge HA | Yes (Optional Active/Standby) | Yes | Yes |
vApp Edge (routing, NAT, firewall) | Yes | Yes (10.3) Routed vApps cannot be connected to VLAN-backed Org VDC network | Yes |
vApp Edge Fencing | Yes | Unsupported | N/A |
Distributed Firewall (L3/L4 and L7) | Yes | Requires VCD Data Center Group | Yes |
Distributed Firewall (L2) | Yes | Unsupported | N/A |
Cross VDC Networking (same VCD) | Yes | Requires VCD Data Center Group; single egress only | Unsupported |
Cross VDC Network (different VCDs) | Yes | Unsupported | N/A |
Edge placement | Yes (via API) | Edge Cluster granularity and via failure domains in NSX-T | Yes |
Edge gateway rate limiting | Yes (external network granularity) | At the Edge GW level (10.3.2). NSX-T Gateway Ingress/Egress QoC Profiles | Yes |
External network metering | Yes | Yes with Aria Operations | N/A |
Segment Profile | Unsupported | Yes | N/A |
Are you interested in learning more about NSX Migration for VCD tool and process? Do you need to perform a VCD NSX migration? Beneath are some reference resources to help you throughout the transition.
Docs and Blogs
- VCD NSX-V to NSX-T micro-site
- VMware NSX Migration for VMware Cloud Director 1.4.2 is now GA (May 9, 2023)
- VMware NSX Migration for VMware Cloud Director Documentation (May 22, 2023)
- Run Assessment Tool VCD v1.4.2 (May 9, 2023)
- VMware Cloud Director NSX Feature Support Matrix (78788)
Webinar Series
- Close the Technical NSX V to NSX T Skills Gap
- Part 1 Series: Modernize Your NSX Environment (3 Episodes, Level 100-300) Watch now on-demand
- Part 2 Series: Migrating Complex NSX-v Architectures (4 Episodes Level 300-400). Register for July 11-19 Series AMER/EMEA or APJ
Demos:
- Feature Friday Episode 138 – NSX V to T Migration Tool 1.4.2
- Walk-thru NSX-v to NSX-T Migration with for VCD (Part 1 & Part 2)
Conclusion
While VMware NSX Data Center for vSphere (6.4.x) continues to function past its EoGS date, bug fixes and security patches for the specific version are discontinued. This can expose the infrastructure to vulnerabilities, making it crucial for organizations to plan and execute an NSX-V to NSX-T transition for VMware Cloud Director environments.
In addition, migrating to NSX-T will maintain a strong integration to your VMware Cloud Director platform while enabling greater business agility, cloud scalability, and network performance by supporting modern distributed apps with a complete networking and security stack.
Use the vcd-v2t-assist channel in the VMware Cloud Provider Slack workspace for further questions or to provide your V2T migration experience and feedback. Additionally, the following FAQ answers common questions concerning the VMware NSX Migration for VMware Cloud Director.