VMware HCX continues to evolve with the release of HCX 4.4 which includes several key enhancements in multiple different areas. These enhancements are going to address new requirements, stabilize the current feature set and provide additional security. This blog aims to highlight the major changes in HCX 4.4.
Following the release of HCX 4.1, the HCX team undertook an effort to better understand how various aspects of a network underlay (including bandwidth, packet loss, and latency conditions) affect migration outcomes. We called this effort the Network Underlay Characterization for HCX.
During the 4.2 release, the characterization exercise enabled us to officially support services over VPN/SD-WAN, along with the Network Underlay minimum requirements to support any underlay agnostically. We also published a detailed tech paper (See Network Underlay Requirements and HCX Performance Outcomes). This document guides the reader through the characterization exercise (manually using command line tooling).
HCX 4.4 adds Transport Analytics to the HCX, allowing the user to execute performance baselining for the HCX service transport on-demand and visualizes transport performance in real-time and as time-series graphs.
This enables the migration administrator to understand the network underlay conditions reflected in the transport and plan based on migration-centric performance insights and quickly identify scenarios where the network underlay requirements cannot be met.
Transport Analytic enhancements:
The diagram below displays details of available bandwidth of uplinks, latency, and packet loss. The administrator can re-run the tests at any point of time to get updated details.
The following diagram shows time-series graphs (both real time and historical) of the following metrics –
The diagram below shows a comparison by traffic types. For example, we can clearly see the throughput utilization by migration traffic for uploads/downloads.
The last diagram here shows that admins can also monitor for threshold breaches on historical basis. We can see that there was a sudden spike of Packet loss for vMotion around 2.06PM, which could help when troubleshooting.
HCX with Photon OS
Photon OS is VMware’s own operating system, optimized for vSphere environments. With HCX 4.4, the HCX Management and Service Appliances have been upgraded to Photon OS 3, bringing the following benefits:
For end customers the upgrade to HCX 4.4 with Photon OS would appear seamless just like any other upgrade operation. We’ve also added the ability for HCX Manager to have a snapshot taken automatically via the same vCenter Server it’s registered to in case of the need of restoring to a previous version.
HCX with Host-Based Replication 8.4
The Host-based Replication (HBR) module included in VMware HCX is updated to HBR version 8.4. HBR 8.4 provides enhanced compatibility with vSphere Replication services and supports HCX Bulk and Replication Assisted vMotion migrations, as well as HCX protection (DR) operations.
HCX Supported in Additional VMware Cloud on AWS Regions
Starting HCX 4.4 there will be support for the following additional regions.
MON support for Active/Standby FHRP (VRRP/HSRP)
FHRP is designed in many customer environments to provide redundancy to the on-premises gateway by using a backup/standby router. The new release HCX 4.4 will support MON enabled VMs in this network scenario. There will be no load balancing involved here because it’s an active/standby model only.
To understand how it works, traffic destined for an address outside the MON enabled network is forwarded to the default cloud gateway first. The cloud gateway then checks the policy routes to see if there is a match. In case of a match the appropriate action is taken as per the policy routes. If there is no match the packets are forwarded to the NE appliance. The NE appliance learns the virtual MAC address of the On-prem gateway and takes appropriate action on the packets that it must forward to the On-Prem gateway.
The key use case here is that after any operations like an NE reboot or failovers at the On-premises gateway, there would be no need for any manual intervention. The system will automatically re-learn any changes.
This diagram depicts multiple MON enabled VMs that have traffic with each other and shows the On-premises gateway with two routers in Active/standby mode.
Self-Signed Certificate Rotation
The HCX 4.4 the system now checks the issue date of Self-Signed certificates. In prior releases Self-Signed certificates were valid for three years. In HCX 4.4 if the system finds that the self-signed certificate would expire in a year then it would renew the certificate automatically. Any new certificate would be valid for 10 years.
HCX Publisher Notifications
HCX customers will now be able to identify out-of-support and retracted builds. Administrators now are now alerted to insecure or unsupported builds in production through visible system messages and banners.
HCX Manager Virtual Hardware
The HCX Manager virtual appliances will be deployed with a virtual machine compatibility (Hardware Version) 10. This improves HCX Manager security and adheres to the VMware advisory to upgrade all virtual machines to a minimum version 9.
HCX Service Mesh appliances are already use virtual hardware version 10.
There will be a new alerts tab in HCX Manager GUI. This will display outstanding alert messages in the system with its corresponding severity, the affected components, and the trigger date.
The screenshot below shows an example the HCX Alerts under Administration tab.
VMware HCX 4.4 provides several key new features, GUI enhancements and bug fixes. There are major improvements with infrastructure changes, enhanced security, and better interoperability.
To learn more about HCX, check out the following resources: