VMware HCX 4.10 | 26 JUL 2024 | Build 24144741 (Connector), 24144740 (Cloud) Check for additions and updates to these release notes. |
VMware HCX 4.10 | 26 JUL 2024 | Build 24144741 (Connector), 24144740 (Cloud) Check for additions and updates to these release notes. |
VMware HCX delivers secure and seamless application mobility and infrastructure hybridity across both on-premises and in the cloud. HCX abstracts the distinct private or public vSphere resources and presents a Service Mesh as an end-to-end entity. HCX Interconnect can then provide high-performance, secure, and optimized multi-site connectivity to achieve infrastructure hybridity and present multiple options for bi-directional virtual machine mobility with technologies that facilitate the modernization of legacy data centers.
For more information, see the VMware HCX User Guide in the VMware Documentation Center.
For HCX deployment requirements, see Preparing for HCX Installation.
The following resources provide information related to HCX deployments:
For information regarding VMware product compatibility by version, see Product Interoperability Matrix.
For appliance limit information, see VMware Configurations Maximums.
For more information on where you can view port and protocol information for various VMware products in a single dashboard and to export an offline copy of the selected data, see VMware Ports and Protocols.
For information about General Availability (GA), End of Support (EoS), End of Technical Guidance (EoTG) for VMware software, see VMware Product Lifecycle Matrix.
Installing HCX 4.10.0
For sample installation workflows by deployment type, see Installing the HCX Manager Appliance.
Upgrading to HCX 4.10
With the introduction of single licensing framework and activation mode enhancements in HCX 4.9, and given product enhancements in HCX 4.9.1 and 4.10, upgrade procedures can vary based your HCX environment. For more about the impact of these changes, see Updating VMware HCX.
Upgrading to HCX 4.10 is supported from HCX 4.9.0 and 4.9.1 for both local and connected sites. See
HCX systems running versions earlier than 4.9 will not receive upgrade notification for 4.10 in HCX 443/Standalone/VC Plugin UI for both HCX Connector and HCX Cloud systems.
Upgrading to HCX 4.10 from all versions between 4.4 and 4.8.2 is a 2-step process and requires online upgrade to 4.9.1 first, using the HCX 443/Standalone/VC Plugin UI for both HCX Connector and HCX Cloud systems. See
Upgrading the HCX Manager for Connected Sites.
After upgrading to 4.9.1, use the upgrade procedures for either local or connected mode HCX deployments, depending on your environment, to upgrade to 4.10.
Upgrading to HCX 4.10 from all versions between 4.2.4 and 4.3.3 is a 3-step process which requires an offline upgrade to 4.8.2 first.
Refer to Upgrade HCX Manager for Local Sites to download the HCX 4.8.2 Connector and HCX 4.8.2 Cloud Manager upgrade bundle and use the HCX Manager appliance management interface, https://hcx-ip-or-fqdn:9443, to perform offline upgrade.
For HCX deployed in VMware Cloud on AWS infrastructure, the HCX Manager appliance management UI (:9443) interface won't be accessible for the end user. VMware Cloud on AWS customers running less than HCX 4.4 versions must open a support request with Broadcom to help assist with the HCX Cloud Manager upgrade.
HCX EoGS versions less than 4.2.4 are not qualified for upgrade and require full redeployment to the latest and supported build.
Upgrade support for HCX versions past the End of General Support date will be provided on a best-effort basis.
All site paired systems must be upgraded.
All Service Mesh appliances must be upgraded to 4.10.
For the appliance upgrade procedure, see Upgrading the HCX Service Mesh Appliances.
Upgrade snapshots:
During upgrades to HCX 4.10, HCX Manager snapshots are taken automatically.
Upgrade snapshots are only taken when an HCX Manager is deployed on the same vCenter Server registered to it. For other deployments, manual snapshots can be taken.
HCX retains automatic snapshots for 24 hours before deleting them.
Note: To restore the HCX Manager from a snapshot, contact VMware Support.
VMware sends administrative messages to HCX systems that are running out of support and require upgrade.
Upgrade compatibility information is available as a table in VMware Product Interoperability Matrix - Upgrade Path.
VMware HCX 4.10.0 is a minor release that provides new features, interoperability enhancements, usability enhancements, security enhancements and updates, known issues, and resolved issues.
In HCX 4.9.0, VMware by Broadcom introduced a single licensing framework for activating the suite of VMware Cloud Foundation and VMware vSphere Foundation (VVF) products. If you are upgrading to HCX 4.10 from a release prior to HCX 4.9.0, review the licensing and activation changes described in HCX 4.9.0 Release Notes.
It is recommended that all existing, non-hyperscaler HCX customers upgrade as soon as possible to ensure the highest level of product portability and support across VMware products moving forward.
Traffic Engineering Enhancements
Configurable Transport Encryption for Migration and Network Extension Traffic
By default, HCX migration and network extension traffic is encrypted. With this release, HCX provides a Service Mesh option to activate or deactivate encryption for either or both of these services. Unencrypted transports are optimized for higher performance for migration and network extension per traffic flow. Deactivating encryption is provided for environments in which the Uplink networks are known to be secure. See Create a Service Mesh for vSphere-based Site Pairs.
Uplinks networks must be verified as secure in the Network Profile before HCX will allow deactivation of traffic encryption. See Create a Network Profile.
Only Providers/System Administrator user is allowed to perform this network profile operation to specify the underlying network is secure.
Generic Receive Offload (GRO)
For inbound Network Extension traffic, you can configure Generic Receive Offload (GRO) in the Traffic Engineering settings for a Service Mesh. By enabling this feature, HCX reassembles inbound TCP packets into larger ones before delivery to the workload applications, thereby improving application performance. See Create a Service Mesh for vSphere-based Site Pairs.
Migration Enhancements
Site Pairing with Non-vSphere Sites for OS Assisted Migration (Single-site OSAM)
With this release, you can pair a non-vSphere site directly with either an HCX Connector or HCX Cloud Manager site for migrating non-vSphere (guest) workloads using OS Assisted Migration (OSAM). This change consolidates the need of having two HCX Managers and Service Mesh appliances (Interconnect, SGW, SDR), introducing a single Sentinel Replication Gateway (SRG) appliance. This will be deployed at the vSphere-based target site (HCX Connector or HCX Cloud Manager) to manage OS migrations from the non-vSphere site.
- Non-vSphere site pairs support only OSAM.
- Network Extension is not supported between vSphere and non-vSphere paired sites.
- The Compute Profile configuration must include the Guest Network configuration.
-The Compute Profile configuration for any vSphere-based site paired with a non-vSphere site must include OSAM. The Service Mesh configuration selected for pairing a vSphere-based site with a non-vSphere site must include the Guest Network.
HCX continues to support OSAM for guest workloads between vSphere-based HCX sites, providing access to the full range of HCX mobility and network extension services based on entitlement.
See Understanding HCX Sites, Add a Site Pair, and Create a Service Mesh for Non-vSphere Site Pair.
HCX Assisted vMotion
This new migration type works in conjunction with native cross-vCenter vMotion migration to orchestrate migrations between the VMware ESXi hosts associated with the source and destination vCenters.
HCX Assisted vMotion supports migration of vSphere encrypted VMs. See Understanding HCX Assisted vMotion (Direct).
HCX Assisted vMotion is not supported for VMware Cloud on AWS infrastructure.
OS Assisted Migration Guest OS Support
OSAM now supports additional Guest Operating Systems. See Supported Guest Operating Systems.
RHEL 8.9 , 9.0, 9.1, 9.2, 9.3 (64-bit) on KVM
Ubuntu 20.04, 22.04
Rocky Linux 8.4, 8.5, 8.6, 8.7, 8.8, 8.9
Rocky Linux 9.0, 9.1, 9.2, 9.3
Bulk Migration (per-VM EVC)
Bulk Migration now includes the option to deactivate per-VM Enhanced vMotion Compatibility (EVC). See Additional Migration Settings.
Migrate vCenter Tags
Extended options customize the characteristics of the migrated virtual machine without having to manually update the settings after migration. This release introduces replication of vCenter Tags from the source site to the destination site. See Additional Migration Settings.
Scale Enhancements for Bulk and Replication Assisted vMotion (RAV) Migrations
In the older HCX 4.7 release, a Knowledge Base article (KB93605) was published to premptively improve the scalability of HCX Managers by providing steps to:
Increase disk space to accommodate higher Kafka and Postgres file sizes
Increase memory allocation for app-engine service
Increase number of threads used by migration services
With the HCX 4.10 release, the above settings are configurable using a script executable by the customers using a "scale form factors" (i.e, default, medium and large). These form factors include pre-defined settings for disk space, memory allocation for app-engine and number of threads for different sizes of migrations executed on HCX Manager. For detailed instructions for scaling and tuning HCX Manager, refer to Knowledge Base article 373010.
Customers can now migrate up to 1000 VMs concurrently, and the overall time to configure/initialize those migrations has been reduced.
Interconnect Enhancements
HCX Intrasite Contol Network
HCX 4.10 introduces a new Network type: HCX Intrasite Contol Network. HCX uses this network for communication between the HCX Interconnect (HCX-IX) and WAN Optimization appliances, offloading task from the Management Network. You use the HCX Interconnect interface to configure resources and networks used for HCX services: Migration, Network Extension, and WAN Optimization. As part of that configuration, you create a Network Profile that specifies the networks to use for the HCX management and the mobility operations. See Create a Network Profile.
Both the HCX managers in the site pair must be running HCX 4.10 to use this network.
This network cannot be the same as any other network like Management, Uplink, vMotion, vSphere replication, or Guest.
CIDRs for the Intrasite Control Network at both the paired sites must be different.
Compute Profile Configuration
If your Compute Profile configuration includes multiple clusters, Virtual Switches (for Network Extension) and Network Profiles selected in each Compute Profile must span across all hosts in every selected deployment cluster. With this release, HCX validates that all Network Profiles associated with a Compute Profile span all clusters, and displays a message describing any connection issues.
If these switches or networks do not span all hosts, HCX appliances may deploy in a host that is missing the needed networks. In this case, the Service Mesh deployment can fail or services may not function properly.
Network Extension Enhancements
Allow Overlapping Subnets
By default, HCX blocks attempts to extend the same subnet to the same Tier 1 router at the destination site, which can result in a network outage. With this release, HCX provides the option to allow overlapping subnets for Network Extension. For example, you have two sites using the same IP subnet but backed by different vLANs, and you want to extend those networks to the same Tier 1 router. In this case, you can choose to allow overlapping subnets because the underlying vLANs are different. See Extending Networks Using VMware HCX.
Interoperability Enhancements
VMware Cloud Foundation 5.2
HCX 4.10.0 is VMware Cloud Foundation 5.2 ready. This latest VCF release delivers key enhancements across storage, networking, compute and lifecycle management to enable customers to scale their private cloud environments and improve resiliency.
VMware vSphere/vSAN 8.0 Update 3
HCX now supports vSphere environments running VMware vSphere/vSAN 8.0 Update 3. Interoperability with VMware vSphere/vSAN 8.0 U3 supports Bulk, vMotion, Cold, and Replication Assisted vMotion migrations for virtual machines using HW version 21. For more information, refer to Knowledge Base article 1003746.
For more information about supported versions, see Preparing for Installation and VMware Product Interoperability Matrix.
VMware vSphere Host-based Replication (HBR)
HCX 4.10.0 is compatible with vSphere HBR version 8.8.
VMware NSX 4.2
With this HCX release, all networking and migration features are compatible with vSphere environments running NSX 4.2.
VMware vSAN Max™
With HCX 4.10, you can use vSAN Max datastores as the destination datastore for migrated workloads.
User Interface Enhancements
For customers upgrading from a prior release, HCX 4.10 introduces changes to the user interface in the following areas: Site Pairs, Interconnect UI (Network Profile, Compute Profile, Service Mesh), and Network Extension:
Site Pairs Interface - Paired sites are now shown as separate cards with the site pairing being relative to the local HCX Manager. Non-vSphere sites also appear in the display.
Interconnect Interface - Local manager Interconnect selections related to configuring and managing the Network Profile, Compute Profile, and Service Mesh are now shown in-line.
Additional Service Mesh operations are also shown in-line.
Note that HA Management and Sentinel Management tabs appear only if OSAM and Network Extension scaling are selected in the Service Mesh.
Service Mesh Configuation - The Service Mesh workflow first asks for site pair information to determine which workflow to use when creating the Service Mesh: vSphere-based or non-vSphere (guest site).
Service Mesh Configuration for vSphere-based site pairs - The Service Mesh workflow for vSphere-based site pairs now displays as a set of in-line operations. The detailed steps for creating the Service Mesh remain the same.
Service Mesh Configuration for non-vSphere sites - For vSphere-based HCX sites paired with non-vSphere sites, HCX provides a separate configuration wizard for creating the Service Mesh.
Issue 3399623: HCX NE MON option is missing.
HCX MON enablement option missing at UI. Refer Knowledge base Article 370401.
Issue 3381008: Username and password strings appear in HCX app or web log.
HCX username and passwords strings appear in the /opt/vmware/log/app.log file.
Issue 3356295: Mobility Group resource_name missing.
Resource Name is not getting displayed under Mobility Migration UI.
Issue 3331022: An invalid MON Policy Route submission is shown as okay in the HCX UI.
If the user provides an invalid CIDR when MON is enabled, then the updation of policy routes to the NSX-T tier0 router fails but it shows as OK on the UI.
Issue 3346290: Linux OSAM migration fails when there is a bind mount that spans within the same filesystem on the source system.
Migration of such systems fail unless the bind mount is removed.
Issue 3385494: HCX does not indicate an appliance update is available for OSAM appliances.
Users do not know when new OSAM versions are available without update available message.
Issue 3374733: The "HCX Traffic Type" selections from the "Network Profiles" tab are not populated when networks edited from the "Computer Profile" tab.
With this issue, it is difficult to determine which network was assigned which HCX traffic type.
Issue 3371390: In the HCX UI Alerts page, many alerts have the internal identifier of HCX objects instead of the name set by the user.
It is not possible for the user to tell which HCX object (for example, Service Mesh or Uplink) raised the alert.
Issue 3362486: On the remote syslog server, log messages originating from Service Mesh appliances show in the logs as originating from HCX manager.
On the remote syslog server, it is not possible to tell which messages come from a Service Mesh appliance or from the HCX manager itself.
Issue 3289378: Perftest uplink test has been moved from port TCP 4500 to TCP 5201.
Changed service mesh diagnostics from TCP port 4500 to TCP port 5201 for IX and NE appliances.
Issue 3108692: Limiting kafka usage for High Availability (HA) group observer job.
Increased Kafka consumption can strain system resources, potentially leading to slower performance for other user actions such as migrations and SM creation.
Issue 3396219: OSAM replications (initial sync) get stuck because the response to the start replication command does not reach the Sentinel Data Receiver (SDR) in time.
Migrations appear stuck and do not complete.
Issue 3347481: Secrets should be restored to older ones if the password rotation fails.
HCX manager ends up in an unstable state due to incomplete password rotation.
Issue 3375454: An Unextend network request remains in progress and does not complete.
Users are unable to do a cut-over of extended networks or any other operation like migration, network extension or enabling MON.
Issue 3356211: HA group operations do not appear in activity log or audit log.
Connection to VMware
The hybridity-depot.vmware.com and connect.hcx.vmware.com endpoints for licensing, activation, and updates are now deprecated components in the HCX architecture and will be removed in a future release.
The hybridity-depot.vmware.com URL will be replaced with hybridity-depot.broadcom.com in an upcoming release. A change to the allowed listings would be required for hybridity-depot.broadcom.com URL to ensure given HCX Connector or HCX Cloud Manager is able to make HTTPS outbound connections during all future version upgrades.
Systems with active connections will transition to local licensing mode when available for their deployment in a future release. It is important to keep your systems up to date in preparation for this transition.
V2T Migration
HCX V2T workload migrations using NSX Migration Coordinator is now deprecated in HCX 4.10. It will be removed in a future release of HCX.
About NSX for vSphere systems in Extended Support
NSX for vSphere General Support ended on January 16, 2022.
NSX for vSphere systems in Technical Guidance (under Extended Support contracts) are only supported at the evacuation site (source), with HCX Connector.
To determine the HCX Connector version for evacuation, refer to Knowlege Base articles 82702 and 71398.
Note that HCX Cloud installations require current (Generally Available) VMware software components. NSX for vSphere is not suitable or supported for HCX Cloud installations.