VMware Hybrid Cloud Extension (HCX) Overview

VMware Hybrid Cloud Extension (HCX) is probably one of the coolest VMware products that many people still don’t know about. Even among virtualization experts, very few people really know what it is and what it can do.

In a nutshell, VMware HCX is a SaaS offering that combines a set of network features that provide what is referred to as “Infrastructure Hybridity”. These features ease the challenges around connecting on-premises data centers and cloud, delivering infrastructure hybridity for vSphere 5.0 and newer versions.

For anyone who has had to do migrations from one environment to another with minimal downtime (that means no downtime to management and the AppDev teams, right?!), you know that there is a myriad of networking variables that can affect even the best plan. Well, good news! VMware HCX can solve those challenges, making migrations simple and pain free.

HCX provides a solution for two use cases: on-premises to Public Cloud and on-premises to on-premises connectivity. Despite on-premises to Public Cloud being useful, I believe the on-premises to on-premises use case will see more demand overall, particularly for migration purposes.

To that point, VMware has added HCX to NSX Enterprise Plus edition and has changed the name to NSX Hybrid Connect. No confusion there, right?

I’m going to cover details of the common use cases and then do an overview of the components that make up the solution. Finally, I’ll call out a couple of things to be aware of with certain configurations.

Use Cases

Migration: This is, hands down, the most common use case for HCX. Modern data centers have become very complex, sometimes having hundreds of dependencies for the virtual infrastructure and applications. Anyone who’s gone through an application dependency mapping exercise knows it’s not trivial. And, with all of the integrations that are now so prevalent in virtual environments, it’s nearly impossible to upgrade one product/solution without affecting other components or solutions.

And then, what happens when upgrading isn’t an option? For instance, I have customers that still run vSphere 5.1 and/or that have hardware that is well past EOL. In cases like these, choosing migration over upgrading may be the best way for a customer to move forward with modernizing their environment.

For those that have chosen to accept an excessive amount of technical debt (those that have chosen to stay on vSphere 5.x), fear not, all of the HCX features are supported with vSphere 5.x and above.

Hybrid Cloud: Another area that customers are looking at very closely right now is Hybrid Cloud Adoption. HCX helps solve a number of challenges associated with adopting Hybrid Cloud. For example, with HCX there is no need to wait for carriers to provision WAN circuits for things like AWS Direct Connect, and no need to upgrade networking hardware or modify on-premises networking to extend L2 networks to the cloud.

Disaster Recovery: HCX also provides the ability to protect workloads at primary or secondary sites for Disaster Recovery. You can even run test and planned failovers, then reverse the replication and execute failback. If you have experience with VMware Site Recovery Manager, this will sound familiar. However, HCX is not (currently) a replacement for SRM, more like a lite version. HCX can do scheduled migrations between source and destination sites, but it does not have the robust orchestration capabilities that SRM has.

Product Features

Moving on to more specifics about HCX product features, here’s what it currently offers:

Migration Types

Bulk Migration: This migration method uses the VMware vSphere Replication to move virtual machines to a remote site.

  • This option is designed for moving many (up to 100) VMs at the same time.
  • Migrations can be setup to run on a pre-defined schedule.
  • Virtual machines run at the source site until the migration begins. The service interruption with this type of migration is equivalent to a reboot.

HCX vMotion: This type of migration is just like the vMotion most of us have come to know and love, even allowing virtual machines to keep their IP and MAC addresses.

  • This option is designed to move a single virtual machine at a time.
  • Virtual machine state is migrated, with no service interruption during the migration.

HCX Cold Migration: This migration method uses the VMware NFC protocol. NFC is automatically selected when the source virtual machine is powered off.

HCX Replication Assisted vMotion: Also known as Cloud Motion, this new migration combines the capabilities of Bulk Migration (parallel operations, resiliency, and scheduling) with HCX vMotion (zero downtime virtual machine state migration).

  • The migration begins with the replication of the virtual machine’s disks. As with Bulk migration, virtual machines can be migrated in parallel, and the switchover is configurable on a schedule.
  • During the RAV switchover phase, vMotion is engaged for migrating the disk delta data and virtual machine state.
  • Currently in preview for VMware Cloud on AWS customers, and has additional requirements.

HCX Network Extension (VLAN and VXLAN)

HCX Network Extension provides a High-Performance (4–6Gbps) service to extend Virtual Machine networks to an HCX enabled remote site. Virtual Machines that are migrated or created on the extended segment at the remote site are Layer 2 adjacent to virtual machines on the source network.

  • Allows your virtual machines to retain their IP and MAC addresses and retain their existing network policies (when used with HCX Migration).
  • Can extend VLAN and VXLANs networks (extending VXLAN requires NSX integration at the source site).
  • Extend Cisco Nexus 1000v networks.

HCX automatically deploys the Remote Site appliance whenever a local appliance is deployed (e.g. the Network Extension service appliances are always deployed as a pair).

HCX Network Extension (VLAN and VXLAN)

Note: By default, when using Network Extension, the default gateway for the extended network only exists at the source site. Routed traffic from Virtual Machines on the remote side of extended networks will return to the source site gateway.

HCX Network Extension with Proximity Routing

Proximity Routing builds on HCX Network Extension by integrating with NSX Routers at the HCX Cloud destination site and dynamically injecting VM routes into the routing protocols. This allows ingress traffic from the local and remote data centers to use an optimal path to reach the extended Virtual Machine, while ensuring all flows remain symmetric.

The Proximity Routing feature is toggled on during the HCX Network Extension operation but be aware that there are additional requirements to leverage this feature.

HCX Disaster Recovery

HCX Disaster Recovery provides a simple and easy to manage solution that can protect VMs deployed on-premises or in a public cloud like VMC on AWS.

HCX Disaster Recovery provides the following:

  • Secure, asynchronous replication and recovery of virtual machines.
  • Self-service RPO settings from 5 minutes to 24 hours per virtual machine.
  • Reverse failover of workflows to the source site.
  • Multiple points in time recovery snapshots that allow recovery for up to 24 previous replication points in time.
  • Optimized replication throughput by use of WAN Optimizer.
  • Ability to route replication traffic across a direct connect network.
  • On-premises monitoring and management with the vSphere Web Client integration plug-in.

HCX Components

HCX is the management plane of the platform and is comprised of a virtual management component at the source and destination site, and up to three types of HCX Interconnect service appliances which, when combined, provide Infrastructure Hybridity.

HCX services are deployed as virtual appliances at the source site, with a corresponding peer appliance deployed at the remote site.

HCX Manager

There are two versions of HCX Manager defined for HCX Architecture – Source or Destination. The key differences between them are pretty minor, but important to understand.

HCX Enterprise Manager is always a source type. It is responsible for integration with the on-premises vCenter and for installation of the HCX plugin into the vSphere Web Client. After HCX Enterprise Manager is paired with a remote site it enables the deployment of the other HCX components.

HCX Cloud Manager is part of VMware’s HCX for Cloud model. With this model, the CSP deploys HCX Cloud and a tenant deploys HCX Enterprise on-premises. HCX Cloud is always deployed as a destination type.

NSX Hybrid Connect is VMware’s HCX for Private Cloud model. With this model the tenant deploys both source and destination HCX Managers.

To clarify, here’s what that looks like in the different scenarios:

On-premises to Public Cloud

HCX Enterprise Manager to HCX Cloud Manager

On-premises to on-premises

HCX Enterprise Manager to NSX Hybrid Connect

From a management standpoint there are a couple of things to be aware of.

First, even though HCX Manager is paired with a vCenter server when it is deployed at the remote site, there is no HCX Web Client plugin installed in the remote vCenter, so all HCX configuration and migration activities must be completed from the source site.

Second, the HCX Manager GUI at the remote site does provide disaster recovery capabilities, but it can only be used during an actual disaster recovery event where the source site is unavailable.

HCX WAN Interconnect

VMware has taken vMotion and vSphere Replication and merged them into a single appliance solution that provides encrypted replication and vMotion based migration capabilities over the Internet and direct connect to a target site, along with traffic engineering, and virtual machine mobility.

HCX WAN Optimization

If you look at the details, you may notice that it is a customized Silverpeak WAN Optimization virtual appliance. It improves the performance of the WAN and Internet links by compressing and deduplicating the migration traffic. On top of that, the WAN Optimization appliance uses path conditioning techniques, such as Adaptive Forward Error Correction and Real-Time Packet Order Correction, to minimize the number of retransmits and increase overall performance of the network between sites.

HCX Network Extension 

The HCX Network Extension virtual appliance extends L2 broadcast domains to the remote sites over an encrypted tunnel. This allows VMs to keep the same IP and MAC address during migration.

Network Extension with Proximity Routing enabled ensures that forwarding between virtual machines connected to extended and routed networks, both on-premises and in the cloud, is symmetrical.

In Summary …

HCX removes many of the barriers that have kept businesses from realizing a variety of multi-site and multi-cloud solutions. My opinion is that HCX is going to become a key component in VMware’s push to pave the way to not only Public and Hybrid Cloud, but on-premises multi-site designs as well.