Automatic Assessment Mode

The Assessment mode of VMware NSX Migration for VMware Cloud Director tool verifies the migration preparedness of organization VDCs of the NSX Data Center for vSphere. It performs discovery of features used in all or specified NSX Data Center for vSphere backed organization VDCs and analyzes the suitability of each for migration. The assessment mode can be run on the VMware Cloud Director instance that has not yet been configured and prepared for NSX-T Data Center. It needs access only to the VMware Cloud Director API endpoint.

The Assessment mode creates Detailed and summary report files in the following format:

  • Detailed report: <VCD-UUID>-v2tAssessmentReport-DD-MM-YYYY-HH-MM-SS.csv
  • Summary report: <VCD-UUID>-v2tAssessmentReport-Summary-DD-MM-YYYY-HH-MM-SS.csv

Summary Report

This shows accumulative data of all the organization VDCs combined with the following details:

  • Build Version of the tool
  • UUID of VMware Cloud Director
  • VMware Cloud Director version
  • Start and End Time of the Assessment
  • Total time taken for the Assessment
  • Number of Organization/s evaluated
  • Number of Organization VDC/s evaluated
  • Maximum number of networks to be bridged in a single migration
  • Count of organization VDC/s as per the categories, along with organization VDC RAM and number of VMs
  • Feature wise categorization along with the count of the Organization VDCs, Organization VDC RAM and number of VMs

Detailed Report

This shows report per organization VDC with the following details:

  • Organization Name of organization VDC
  • Name of organization VDC
  • UUID of organization VDC
  • Status (whether it can be automatically migrated with the current migration tool version or not)
  • Number of VMs in organization VDC
  • organization VDC RAM
  • Number of networks to be bridged
  • List of Unsupported features along with TRUE/FALSE/NA values stating which all are present in the specific organization VDCs.

Possible values for the Status column in the detailed report:

  • Can be migrated.
  • Automated migration not supported with the current version: Organization VDC includes one or more blocking features that prevent an automatic migration with the current version of the NSX Migration for Cloud Director tool.
  • Can be migrated with additional preparation work: Organization VDC includes features that can be mitigated to allow migration.
  • The Organization VDCs not accessible for assessments: In case the organization VDCs or their components are busy, critical, or not in a healthy state.

Note While running the assessment mode, the VMware Cloud Director should be in a stable state. If any organization VDC along with its components (undergoing evaluation) is in a critical or busy state, unexpected assessment failures can occur.

Possible Mitigation Steps for Features

Features Mitigation Steps
Empty vApps Delete the empty vApps.
Suspended VMs Power On/Off the suspended VMs
Unsupported Routed vApp Network Configuration List of unsupported configuration for routed vApp network migration:
  • Routed vApp parent network should not be a dedicated direct network
  • External network used for routed vapp networks should be overlay backed
  • Invalid NAT rule: if internal port is ANY, external port should also be ANY
Fencing enabled on vApps NSX-T backed vApps do not support fencing mode. If possible disable the fencing on source vApp or else connect it to a different parent Org VDC network which does not create a MAC/IP address conflict and the need for fencing.
VM with Independent disks having different storage policies and fast provisioning enabled Disable fast provisioning for Organization VDC before migration
No free interface on edge gateways Change the routed organization VDC network connection interface type from the internal to distributed or subinterface to free up one direct interface
DHCP Binding: Binding IP addresses overlap with static IP Pool range Make sure IPs are not overlapping between DHCP binding and the static pool
DHCP Relay: Domain names are configured Use DHCP relay IP address instead of its domain name
DHCP Relay: More than 8 DHCP servers configured Remove excessive DHCP servers from the VDC Gateway DHCP relay configuration.
Gateway Firewall: Any as TCP/UDP port Change rule to Any / Any without specifying protocol or use specific ports in the rule
Gateway Firewall: Gateway interfaces in rule Replace with supported source/target (IP Set, security group)
Gateway Firewall: Networks connected to different edge gateway used Replace with IPset based rule
Gateway Firewall: Unsupported grouping object Change to a supported grouping object (network) or to an IPSet.
NAT: Range of IPs or network in DNAT rule Change to specific IPs
IPsec: Unsupported Encryption Algorithm Reconfigure the VPN to a supported encryption algorithm
User-defined Static Routes Configure equivalent rules from NSX-T on the destination external network Tier-0/VRF
LoadBalancer: Custom monitor Remove custom configuration fields (Send, Receive, Expected, Url, Extension) from health monitor
LoadBalancer: Default pool not configured Configure the default pool in all virtual services
LoadBalancer: Unsupported persistence Switch to one of the supported persistence methods (client IP, HTTP cookie)
LoadBalancer: Unsupported algorithm Switch to one of the supported algorithms (least connections, round robin, consistent hash)
LoadBalancer: Application profile is not added Add the application profile
L2VPN service Client needs to be reconfigured. The tenant needs to manually reconfigure VPN after the migration
SSLVPN service Follow the guidance provided in VMware Cloud Director Remote Access VPN Integration Guide and transition to other solutions prior to the migration
Syslog service Disable Syslog service before migration
SSH service Disable SSH service before migration
Distributed Firewall: Invalid objects in rule Replace with equivalent supported objects (networks)
Distributed Firewall: Unsupported type in applied to section Modify rule so it can be applied to the whole organization VDC
Distributed Firewall: Networks connected to different edge gateway used Replace with equivalent IPset based rule
Distributed Firewall: Layer 2 Rule Replace with equivalent layer 4 rules
Distributed Firewall: Invalid Security Group objects in the rule Replace with supported objects in Security Groups
check-circle-line exclamation-circle-line close-line
Scroll to top icon