Deploy and configure VMware HCX in your VMware Cloud Foundation instance to extend the on-premises networks to the recovery SDDC.

Deploy VMware HCX to the Recovery SDDC for Cloud-Based Workload Protection for VMware Cloud Foundation

Before you can configure any of the VMware HCX components in your VMware Cloud Foundation instance, you deploy the VMware HCX service into the VMware Cloud on AWS recovery SDDC.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Cloud on AWS Administrator and VMware Cloud on AWS NSX Cloud Admin roles.
  2. On the Services page, locate the VMware HCX tile and click Launch service.
  3. On the SDDCs page, in the Recovery-sddc tile, click Deploy HCX.

  4. In the Confirm deployment dialog box, click Confirm.

  5. In the Confirm deployment dialog box, once Deployment initiated is displayed, click Close.

    Note:

    This operation takes several minutes to complete.

  6. Verify the deployment of VMware HCX is complete when you can see Open HCX and Undeploy HCX in the Recovery-sddc tile.

Deploy the HCX Connector Appliance for Cloud-Based Workload Protection for VMware Cloud Foundation

To provide connectivity to the VMware HCX Cloud service, you deploy an HCX Connector appliance in the VMware Cloud Foundation instance.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Live Cyber Recovery Orchestrator Admin and VMware HCX Admin roles.
  2. On the Services page, locate the VMware Cloud tile and click Launch service.
  3. In the left pane, click Inventory.

  4. In the Recovery-sddc tile, click Open vCenter.

  5. In the Open access to vCenter dialog box, click Show credentials.

  6. On the Open vCenter page, under Default vCenter user account, click Copy password to clipboard and click Open vCenter.

  7. Log in to the recovery SDDC vCenter Server with the default [email protected] user.

  8. From the vSphere Client Menu, select HCX.

  9. Deploy an HCX Connector appliance.

    1. In the left pane, select Administration > System updates.

    2. On the System updates page, click Request download link and then VMware HCX.

    3. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
    4. In the VMs and templates inventory, navigate to the default management domain data center and expand the data center.

    5. Right-click the Cloud-Based Workload Protection folder and select Deploy OVF template.

    6. On the Select an OVF template page, select Local file, click Upload files, navigate to the HCX Connector OVA file, click Open and click Next.

    7. On the Select a name and folder page, in the Virtual machine name text box, enter a virtual machine name according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

    8. On the Select a compute resource page, select the compute resource and click Next.

    9. On the Review details page, review the settings and click Next.

    10. On the License agreement page, accept the license agreement and click Next.

    11. On the Select storage page, select the vSAN datastore and click Next.

    12. On the Select networks page, from the Destination network drop-down menu, select the management VLAN port group and click Next.

    13. On the Customize template page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.

    14. On the Ready to complete page, click Finish and wait for the completion of the process.

  10. Power on the HCX Connector appliance.

    1. In the VMs and templates inventory, navigate to the default management domain data center and expand the data center..

    2. Expand the Cloud-Based Workload Protection folder.

    3. Right-click the HCX Connector appliance and, from the Actions menu, select Power > Power on.

  11. Configure the HCX Connector appliance.

    1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 with a user assigned the Admin role.
    2. On the Activate your HCX instance page, enter an HCX License key and click Activate.

    3. On the Where is your HCX system located? page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

    4. On the System name page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

    5. On the Congratulations! You have successfully activated your HCX page, click Yes, continue.

    6. On the Connect your vCenter Server page, click Connect your NSX Manager (Optional), configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

    7. On the Configure SSO/PSC page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

    8. On the Congratulations! page, click Restart.

Replace the Certificate of the HCX Connector Appliance for Cloud-Based Workload Protection for VMware Cloud Foundation

You replace the default self-signed certificate of the HCX Connector appliance with a signed certificate from the Microsoft Certificate Authority generated through the Certificate Generation utility.

Procedure

  1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 with a user assigned the Admin role.
  2. Select the Administration tab.

  3. In the left pane, select Certificate > Server certificate.

  4. On the Update server certificate page, paste the contents of the <hostname>.1.cer file into the Server certificate text box.

  5. On the Update server certificate page, paste the contents of the <hostname>.key file into the Private key text box.

  6. Click Apply.

Configure VMware HCX Access to the Recovery SDDC for Cloud-Based Workload Protection for VMware Cloud Foundation

To allow access to VMware HCX over the internet, you configure firewall rules on the management gateway of the VMware Cloud on AWS recovery SDDC.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Cloud on AWS Administrator and VMware Cloud on AWS NSX Cloud Admin roles.
  2. On the Services page, locate the VMware Cloud tile and click Launch service.
  3. In the left pane, click Inventory.

  4. In the Recovery-sddc tile, click View details.

  5. On the Recovery-sddc page, click Open NSX Manager.

  6. In the Open NSX Manager dialog box, click Access via the internet.

    Note:

    If the NSX Manager UI does not open, verify you do not have a pop-up blocker, preventing the window from opening.

  7. On the NSX page, click the Security tab.

  8. In the left pane, click Gateway firewall.

  9. Add a rule for inbound access to HCX.

    1. On the Gateway firewall page, click the Management gateway tab and click Add rule.

    2. In the new rule Name field, enter HCX Inbound Rule.

    3. In the Sources field, click Edit.

    4. In the Set source dialog box, select User defined group, configure the setting according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Apply.

    5. In the Destinations field, click Edit.

    6. In the Set destination dialog box, select HCX and click Apply.

    7. In the Services field, select Appliance Management (TCP 9443) and HTTPS (443).

    8. Click Publish.

Pair On-Premises vSphere Environment with HCX Cloud for Cloud-Based Workload Protection for VMware Cloud Foundation

A site pair establishes the connection needed for management, authentication, and orchestration of HCX services across a source and a destination environment.

Procedure

  1. Obtain the HCX Cloud FQDN.

    1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Live Cyber Recovery Orchestrator Admin and VMware HCX Admin roles.
    2. On the Services page, locate the VMware Cloud tile and click Launch service.
    3. In the left pane, click Inventory.

    4. In the Recovery-sddc tile, click View details.

    5. Click the Settings tab.

    6. In the HCX Information section, expand the HCX FQDN and copy the address.

  2. Pair the on-premises environment with HCX Cloud.

    1. Log in to the VI workload domain vCenter Server at https://<vi_workload_domain_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
    2. From the vSphere Client Menu, select HCX.

    3. In the left pane, click Site pairing under Infrastructure.

    4. On the Site pairing page, click Connect to remote site.

    5. In the Connect to remote site dialog box, paste the HCX FQDN in the Remote HCX URL text box.

    6. Repeate the step 1 and in the vCenter Information section, expand the Default vCenter User Account and Copy password to clipboard for [email protected] user.

    7. Paste the [email protected] credentials for the recovery SDDC vCenter Server and click Connect.

Create Network Profiles in HCX for Cloud-Based Workload Protection for VMware Cloud Foundation

You create a network profile for each network you intend to use with the HCX services.

Procedure

  1. Log in to the VI workload domain vCenter Server at https://<vi_workload_domain_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select HCX.
  3. In the left pane, under Infrastructure, click Interconnect.

  4. Create a network profile for the management and the HCX uplink networks.

    1. On the Interconnect page, click the Network profiles tab and click Create network profile.
    2. In the Create network profile dialog box, configure the following settings from the table below and the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Create.

      Setting

      Value

      Distributed Port Groups

      Selected

      HCX Traffic Type

      Management

      HCX Uplink

      vSphere Replication

  5. Create a network profile for the vMotion network.
    1. On the Interconnect page, click the Network profiles tab and click Create network profile.

    2. In the Create network profile dialog box, configure the following settings from table below and configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Create.

      Setting

      Value

      Distributed Port Groups

      Selected

      HCX Traffic Type

      vMotion

Create a Compute Profile in HCX for Cloud-Based Workload Protection for VMware Cloud Foundation

You create a compute profile which contains the compute, storage, and network settings that VMware HCX uses on the on-premises site to deploy the interconnect-dedicated virtual appliances when a Service Mesh is added.

Procedure

  1. Log in to the VI workload domain vCenter Server at https://<vi_workload_domain_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select HCX.
  3. In the left pane, click Interconnect.
  4. On the Interconnect page, click Compute profiles and click Create compute profile.
  5. On the Creating compute profile page, enter a name for the compute profile according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  6. On the Select services to be activated page, keep the default settings and click Continue.
  7. On the Select service resources page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  8. On the Select deployment resources and reservations page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  9. On the Select management network profile page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  10. On the Select uplink network profile page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  11. On the Select vMotion network profile page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  12. On the Select vSphere replication network profile page, keep the default settings and click Continue.
  13. On the Select network containers eligible for network extension page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Continue.

  14. On the Review connection rules page, click Continue.
  15. On the Ready to complete page, click Finish.

Create a Service Mesh in HCX for Cloud-Based Workload Protection for VMware Cloud Foundation

You create a Service Mesh between the VMware Cloud Foundation instance and the HCX Cloud by using valid compute profiles created on both sites.

Procedure

  1. Log in to the VI workload domain vCenter Server at https://<vi_workload_domain_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select HCX.
  3. In the left pane, click Interconnect.
  4. On the Interconnect page, click Service mesh and click Create service mesh.
  5. On the Select sites page, click Continue.
  6. On the Select compute profiles page, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook and click Continue.
  7. On the Select services to be activated page, keep the default settings and click Continue.
  8. On the Advanced configuration - override uplink network profiles (Optional) page, keep the default settings and click Continue.
  9. On the Advanced configuration – network extension appliance scale out page, keep the default settings and click Continue.
  10. On the Advanced configuration – traffic engineering page, keep the default settings and click Continue.
  11. On the Review topology review page, click Continue.
  12. On the Ready to complete page, configure settings according to your VMware Cloud Foundation Planning and Preparation Workbook and click Finish.