Automatic Assessment Mode

The Assessment mode of VMware NSX Migration for VMware Cloud Director tool verifies the migration preparedness of organization VDCs of the NSX Data Center for vSphere. It performs discovery of features used in all or specified NSX Data Center for vSphere backed organization VDCs and analyzes the suitability of each for migration. The assessment mode can be run on the VMware Cloud Director instance that has not yet been configured and prepared for NSX-T Data Center. It needs access only to the VMware Cloud Director API endpoint.

The Assessment mode creates Detailed and summary report files in the following format:

Detailed report: v2tAssessmentReport-DD-MM-YYYY-HH-MM-SS.csv
Summary report: v2tAssessmentReport-Summary-DD-MM-YYYY-HH-MM-SS.csv

Renaming Log Files In previous versions, the NSX Migration for Cloud Director saved log files directly without any association with the organization in which the Organization VDC is present. This led to more complexity in sorting the files according to organizations.

The naming convention for the log file was VCD-NSX-Migrator-Main-timestamp, and for the v2tAssessement report was ORG VDC-UUID-v2tAssessmentReport-Summary-timestamp.

Old Logs Format: old-log-file-format

Old Reports Format: old-report-file-format

In 1.4.0, the formatting of the Logs folder is modified to categorize the migration logs based on the instance of the VCD; the migration logs will also include the parent Org name for the Org VDC.

The logs structure is as follows:

 >Logs
    >VCD IP/FQDN
           >Migration
                  >OrgName-VCD-NSX-Migrator-preCheck-Log-timestamp
            >v2tAssessment
                  >VCD-NSX-Migrator-v2tAssessment-Log-timestamp

>Reports
     >VCD IP/FQDN
               >VCD-NSX-Migrator-v2tAssessment-timestamp

1.4.0-renaming-log-file

Summary Report

This shows accumulative data of all the organization VDCs combined with the following details:

Build Version of the tool
UUID of VMware Cloud Director
VMware Cloud Director version
Start and End Time of the Assessment
Total time taken for the Assessment
Number of Organization/s evaluated
Number of Organization VDC/s evaluated
Maximum number of networks to be bridged in a single migration
Count of organization VDC/s as per the categories, along with organization VDC RAM and number of VMs
Feature wise categorization along with the count of the Organization VDCs, Organization VDC RAM and number of VMs

Detailed Report

This shows report per organization VDC with the following details:

Organization Name of organization VDC
Name of organization VDC
UUID of organization VDC
Status (whether it can be automatically migrated with the current migration tool version or not)
Number of VMs in organization VDC
organization VDC RAM
Number of networks to be bridged
List of Unsupported features along with TRUE/FALSE/NA values stating which all are present in the specific organization VDCs.

Possible values for the Status column in the detailed report:

Can be migrated.
Automated migration not supported with the current version: Organization VDC includes one or more blocking features that prevent an automatic migration with the current version of the NSX Migration for Cloud Director tool.
Can be migrated with additional preparation work: Organization VDC includes features that can be mitigated to allow migration.
The Organization VDCs not accessible for assessments: In case the organization VDCs or their components are busy, critical, or not in a healthy state.

Note While running the assessment mode, the VMware Cloud Director should be in a stable state. If any organization VDC along with its components (undergoing evaluation) is in a critical or busy state, unexpected assessment failures can occur.

Possible Mitigation Steps for Features

Features	Mitigation Steps
Unsupported vApps/VMs	List of unsupported configurations for vApp migration: vApp in maintenance mode is expected to be busy with external 3rd party automation/tooling (backup): Exit the maintenance Mode. Suspended or partially suspended vApp : Power On/Off the suspended vApp/VM.
Unsupported Routed vApp Network Configuration	List of unsupported configuration for routed vApp network migration: Routed vApp parent network should not be a dedicated direct network External network used for routed vApp networks should be overlay backed Invalid NAT rule: if an internal port is ANY, the external port should also be ANY
Fencing enabled on vApps	NSX-T backed vApps do not support fencing mode. If possible disable the fencing on source vApp or else connect it to a different parent Org VDC network which does not create a MAC/IP address conflict and the need for fencing.
VM with independent disks having different storage policies and fast provisioning enabled	Disable fast provisioning for Organization VDC before migration
No free interface on edge gateways	Change the routed organization VDC network connection interface type from the internal to distributed or subinterface to free up one direct interface.
DHCP Binding: Binding IP addresses overlap with static IP Pool range	Make sure IPs are not overlapping between DHCP binding and the static pool
DHCP Relay: Domain names are configured	Use DHCP relay IP address instead of its domain name
DHCP Relay: More than 8 DHCP servers configured	Remove excessive DHCP servers from the VDC Gateway DHCP relay configuration.
Gateway Firewall: Gateway interfaces in rule	Replace with supported source/target (IP Set, security group).
Gateway Firewall: Networks connected to different edge gateway used	Replace with IPset based rule.
Gateway Firewall: Unsupported grouping object	Change to a supported grouping object (network) or an IPSet.
NAT: Range of IPs or network in DNAT rule	Change to specific IPs
IPsec: Unsupported Encryption Algorithm	Reconfigure the VPN to a supported encryption algorithm.
IPsec: DNAT rules not supported with Policy-based session type	Requires NSX-T 4.0 or later version. Migration won't be blocked, but it may not work as expected after migration with older versions of NSX-T
User-defined Static Routes	External static routes are not supported. Configure equivalent rules from NSX-T on the destination external network Tier-0/VRF.
LoadBalancer: Custom monitor	Remove custom configuration fields (Send, Receive, Expected, Url, Extension) from the health monitor.
LoadBalancer: Default pool not configured	Configure the default pool in all virtual services
LoadBalancer: Unsupported persistence	Switch to one of the supported persistence methods (client IP, HTTP cookie).
LoadBalancer: Unsupported algorithm	Switch to one of the supported algorithms (least connections, round robin, consistent hash)
LoadBalancer: Application profile is not added	Add the application profile
L2VPN service	Client needs to be reconfigured. The tenant needs to manually reconfigure VPN after the migration.
SSLVPN service	Follow the guidance provided in VMware Cloud Director Remote Access VPN Integration Guide and transition to other solutions prior to the migration
Syslog service	Disable Syslog service before migration
SSH service	Disable SSH service before migration
Distributed Firewall: Invalid objects in rule	Replace with equivalent supported objects (networks)
Distributed Firewall: Unsupported type is applied to section	Modify rule so it can be applied to the whole organization VDC
Distributed Firewall: Networks connected to different edge gateway used	Replace with equivalent IPset-based rule
Distributed Firewall: Layer 2 Rule	Replace with equivalent layer 4 rules
Distributed Firewall: Invalid Security Group objects in the rule	Replace with supported objects in Security Groups
Published/Subscribed Catalog	The published catalogs will be migrated as unpublished and publishing of catalogs has to be done manually after cleanup. The subscribed catalogs are not possible to be migrated, the provider has to remove the subscribed catalogs before cleanup.