A proxy server is an intermediary “message-forwarding agent” selected by a client through its local configuration for outbound HTTPS requests for security or shared caching. Add a proxy server configuration in HCX Manager to send HTTPS requests to a proxy server in the environment.
When configuring a proxy server, refer to the following considerations and best practices:
- HCX Manager systems make various HTTPS requests during normal operation. For outbound connections, these requests can vary based on the HCX Manager activation mode: Connected Mode or Local Mode/Evaluation Mode. See Activating New HCX Systems.
Outbound Connections (Connected Mode):
- HCX Manager to connect.hcx.vmware.com (for activation /entitlement)
- HCX Manager to hybridity-depot.vmware.com (for updates/downloads)
- HCX Manager to Remote HCX Manager
(for site pairing)
Outbound Connections (Local Mode):- HCX Manager to vcsa.vmware.com (for sites participating in the HCX Customer Experience Improvement Program [CEIP])
- HCX Manager to Remote HCX Manager
(for site pairing)
Local Connections:- HCX Manager to Registered vCenter Server
- HCX Manager to Registered vCenter Server’s ESXi Hosts
- HCX Manager to Registered NSX Manager system
- HCX Manager to Migration and Network Extension Service Mesh appliances deployed by this HCX Manager
- A proxy server is usually intended to handle internet-bound connections from internal systems (to endpoints that resolve to public IP addresses).
- Use the Proxy Server field to enable proxy operation.
- For HCX to function correctly when a proxy server is configured, local connections must be explicitly excluded from proxy operation. Use the Proxy Exclusions field.
- The destination HCX Manager for site pairing must be configured with the Local Connection when the IP address is internally reachable without traversing the proxy.
- Use the Proxy Exclusions field for broad or granular configurations.
A simple way to restrict Local Connections is to enter one large subnet that includes all internal IP address space for the data center in the Proxy Exclusions field. Alternatively, restrict Local Connections by specifying granular subnets in the Proxy Exclusions field.
- Kerberos and Windows NTLM Proxy Servers are not supported.
Important: Configuring a proxy server without the local exclusions typically results in migration failures and errors during
HCX operation. See VMware KB 89180.
Note: HCX Service Mesh does not support proxy server configuration.