For a point release, VMware NSX-T 3.1 is packed with a bunch of major features. One of these is modular migration, which is making its debut with this release. Customers had asked for an automated way to migrate just firewall rules and groups; modular migration, a new feature of Migration Coordinator, addresses exactly that request.
What’s Migration Coordinator?
Taking a step back, Migration Coordinator is a tool that was introduced almost 18 months ago, with NSX-T 2.4, to enable customers to migrate from NSX for vSphere to NSX-T Data Center. It’s a free tool built into NSX-T Data Center that enables customers to migrate everything — from edges, to compute, to workloads — in an automated fashion and with a workflow that is similar to an in-place upgrade on existing hardware. This model of migration is called “in-place.”
From a resource perspective, in-place migration only needs enough resources to host NSX-T manager appliances and edges along with enough capacity per cluster to be able to vMotion all VMs from one host at a time in each cluster.
While this approach of minimal resource requirements and in-place migration on the same hardware is ideal for most customers, there are some organizations looking to stand up NSX-T on new hardware. This latter type of migration is called “lift and shift”.
The differences between in-place and lift and shift
In the enterprise, the lift and shift model is generally driven by a hardware refresh that coincides with a migration or enables implementation of design changes to an SDDC stack.
With the in-place migration model, everything is migrated over to NSX-T Data Center. Design from NSX for vSphere is translated into a corresponding model on NSX-T Data Center. In the lift and shift model of migration, customers have the flexibility to rearchitect the design and choose the components — such as DFW rules and security groups — that are to migrate from NSX for vSphere to NSX-T Data Center.
Modular migration, a feature introduced with NSX-T Data Center 3.1, addresses these requirements for migration. In this, its first release, modular migration supports migrating firewall rules and groups via API only.
Unpacking modular migration
Modular migration gives customers the flexibility to use new hardware alongside any changes in NSX-T design while still migrating firewall rules and groups from NSX for vSphere. In effect, modular migration enables the “lift and shift” model of migration.
Modular migration allows customers to rearchitect their NSX-T Data Center design. For example, they could have a new edge design, ECMP, or Active Standby, without having to match it with their existing NSX for vSphere. Or they could leverage Tier 0 and Tier 1 constructs from NSX-T Data Center in ways that either may not have been possible, or were not done, with NSX for vSphere.
Component Migration Flexibility
Modular migration allows customers to choose what is migrated. For example, customers can choose:
- Which workloads are migrated over to NSX-T Data Center
- Which hardware may be repurposed into NSX-T Data Center (as the NSX-T Data Center workload footprint goes up while the NSX for vSphere workload footprint drops).
Migration Timing Flexibility
Modular migration also allows customers to time a migration based on workload requirements. In cases where there are multiple workloads, each with its own maintenance and downtime windows, modular migration helps segment a migration into multiple steps, based on workload, and migrate them individually.
Modular migration, in combination with NSX-T bridging and vSphere vMotion, helps minimize downtime while moving workloads over to NSX-T. There are two areas that can potentially contribute to downtime.
Modular Migration Prerequisites
As with in-place migration, NSX for vSphere and vSphere itself need to be in a green state, with no unpublished firewall rules. On the NSX-T side, Migration Coordinator on NSX-T Manager Appliance needs to be enabled via ssh using the command “start service migration-coordinator”.
Apart from that, NSX-T Data Center needs to be up and running with north/south connectivity also up and running and enough compute resources to accommodate the workloads that will be moved via vMotion. VNI (overlay id) of segments on the NSX-T Data Center side should match the Segment ID of logical segments on the NSX for vSphere side.
In the following image, the Segment ID of the App_Tier_Logical_Switch, on NSX for vSphere, is 5001.
When creating a matching segment on NSX-T Data Center, care should be taken to match the VNI. For example, here’s the output of “get logical-switch” on NSX-T Data Center.
This VNI, 5001 boxed in blue above, helps match up the Segment App on NSX-T Data Center to the App_Tier_Logical_Switch on the NSX for vSphere side.
Finally, for migration with minimum downtime, use an NSX-T Data Center bridge to stretch and connect the logical segment on the NSX-T side with the logical switch on NSX for vSphere. Have the north/south connectivity run from the NSX-T side.
With this NSX-T bridge in place, and all else ready, workloads may be migrated over with minimum downtime.
Modular Migration Process
Once again, like the in-place migration model, lift and shift migration with Migration Coordinator’s modular migration feature is a simple five step process:
- Import configuration
- Resolve any configuration-related issues when migrating from NSX-V to NSX-T
- Migrate configuration to NSX-T
- Migrate workloads using vMotion APIs
- Finalize configuration
Once the 3rd step (migrate configuration) is done, customers are free to deploy other workloads on to their NSX-T infrastructure. Care must be taken not to create conflicts with objects that may be migrating over from NSX for vSphere.
Some of components of the 4th step (migrate workloads) and 5th Step (finalize configuration) may be run multiple times, with each iteration handling one or more workload units.
Want to learn more? Check out the following detailed whitepaper on Migration Coordinator: https://nsx.techzone.vmware.com/resource/nsx-v-nsx-t-3x-migration-coordinator
- Design Guides on NSX-T
- Learning Paths on Tech Zone
- Try out NSX-T: