Home > Blogs > vCloud Architecture Toolkit (vCAT) Blog

Live Workload Mobility to a vCloud Air Network IaaS Provider

Solution Introduction

VMware vCloud Air Network providers are uniquely positioned to become a seamless extension of their existing customers on-premises datacenters, offering a true unified hybrid cloud experience for applications and cloud infrastructure management.

With the introduction of NSX 6.2 and vSphere 6.0, VMware introduced the concept of cross vCenter Network and Security between vCenter servers that are within 150ms RTT. This raises some excellent opportunities for vCloud Air Network Providers to offer live workload mobility and business continuity services as an extension of their end-customers on-premises data centers.

This blog post will introduce a solution which can be offered by VMware’s vCloud Air Network partners to enable live workload mobility between an end-customer’s on-premises data center and a VMware vCloud Air Network provider. A follow-up blog post in the coming weeks will explain how vCloud Air Network provider’s can also very easily introduce business continuity services for their customers on top of this solution.

The full solution will be published as part of vCloud Architecture Toolkit for Service Providers during the first quarter of 2016.

Key Business Drivers

  • To provide a seamless extension to the end-customer’s data center, enabling ease of migration between customer and provider data centers.
  • To provide additional ‘burstable’ capacity to end-customers to support emerging projects, based on business demand.
  • To provide consistent security policies enforcement and micro-segmentation to all end-customer workloads, whether based on-premises or within the hosting provider’s data center.
  • To provide a managed mobility service to end-customers, where the provider executes mobility requests.
  • To offer a self-service workload mobility, disaster recovery and disaster avoidance solution to the end-customers.


  • Network connectivity between datacenters is established and out of scope for this blog post.
  • vMotion networks are configured at both provider and customer data centers.

Architecture Overview

The design below highlights a vCloud Air Network provider managed solution, where an end-customer datacenter is connected to a vCloud Air Network provider data center via a federated vSphere and NSX management domain. This architecture introduces “Universal Objects” in NSX, which are objects that span across vCenter server objects. The following sections will highlight the management components required and which NSX universal objects have been configured with basic configuration considerations.

 Workload Mobility Image v1-2

Software Bill of Materials

Management Components

  • VMware vCenter Server at each site with mirrored release versions:
    • Both vCenter Server instances should be members of the same SSO domain for operations carried out through the UI. However, separate SSO domains can be supported if vMotion operations are executed through the API with appropriate authentication.
  • VMware NSX Manager at each site, paired with their local vCenter Server:
    • The primary NSX manager hosted in provider data center, and secondary NSX manager in end-customer’s data-center.

Control Plane Components

Data-Plane Components

  • Universal Transport Zone – controls the hosts that a universal object can span across – this needs to be configured across both vCenter Servers (vCAN Provider and on-premises).
  • Universal Logical Distributed Router – provides east > west routing between universal logical switches.
  • Universal Logical Switches – Layer 2 segment which spans the universal transport zone. This is where the provider and customer will attach the virtual machine network.

Service Offerings

This solution has several potential service offerings that the vCloud Air Network provider can offer to their end-customers:

  • Hosted Virtual Infrastructure – the provider can offer their existing virtual hosted infrastructure portfolio as its foundation offering, with the required scale and distribution the end-customer requires for their new initiatives, or to support migration.
  • Network Connectivity between provider and end-customer – with support for higher levels of latency, up to 150ms, the options which the provider can offer their end-customers could range from direct connected networks, to VPN connectivity across the internet, leveraging NSX services such as L2, SSL or IPSec VPN.
  • Advanced Hybrid Networking Services – the provider can offer their end-customers additional hybrid software-defined networking services, ranging from NAT, DHCP, Firewall, Routing (dynamic / static) and Load-Balancing services.
  • Portable Security Services – the provider, or end-customer, can build security policies and groups with dynamic membership, which work at a per-VM level across the provider and end-customer’s data centers.
  • Live Workload Mobility Services – with this architecture, the hosting provider can enable live workload mobility services between the end-customer and the provider data centers.
  • Disaster Avoidance Services – with this architecture, the provider can build true hybrid applications, maintaining Layer 2 network connectivity between application components hosted on-premises and with the provider.


As we have seen outlined above, by including the VMware NSX 6.2 into a vCloud Air Network provider’s hosting portfolio, the service provider can offer a unified hybrid platform which enables the provider to become a strategic extension of their end-customer’s data center. By extending network and security services across these data centers, we can enable numerous use-cases around workload mobility, disaster avoidance and disaster recovery, which will be covered in more detail with a follow up blog post.

For more information on how a vCloud Air Network Provider can leverage long-distance vMotion to enhance their user experience, please refer to the vCAT-SP document: Architecting a Hybrid Mobility Strategy for vCloud Air Network.

2 thoughts on “Live Workload Mobility to a vCloud Air Network IaaS Provider

  1. David Chung

    Great diagram. I would love to POC this in my lab. I have two questions…
    1. Instead of hosting primary NSX manager and controllers on vCloud Air, will you allow customer to choose on-prem site as NSX primary and vCloud Air as secondary?
    2. If the link between the site are down for extended period of time for whatever the reasons, what will be the worst case scenario for on-prem site without having access to the vCloud Air NSX controller? Will customers be able to promote on-prem site as NSX primary and bring up the controller?

    1. Adrian RobertsAdrian Roberts Post author

      Hi David,

      This is a potential vCloud Air Network IaaS powered provider based solution (hosted by one of our partners; (http://vcloudproviders.vmware.com/) so it really depends on what the provider offers to their customers (on-premises management or off-premises management).
      If the network link is down between the primary site and secondary site, the controller configuration is replicated to the Secondary NSX-Manager and therefore the solution will continue to work for normal operations, although new requests such as creating new logical networks, routers etc. on the remote site will fail until the link is re-established.
      If the site never recovers, you could promote the secondary NSX-Manager to primary and re-deploy the universal controller cluster in the other location.

Comments are closed.