Automatic Assessment Mode

The Assessment mode of VMware NSX Migration for VMware Cloud Director tool verifies the migration preparedness of organization VDCs of the NSX Data Center for vSphere. It performs discovery of features used in all or specified NSX Data Center for vSphere backed organization VDCs and analyzes the suitability of each for migration. The assessment mode can be run on the VMware Cloud Director instance that has not yet been configured and prepared for NSX-T Data Center. It needs access only to the VMware Cloud Director API endpoint.

The Assessment mode creates Detailed and summary report files in the following format:

Detailed report: v2tAssessmentReport-DD-MM-YYYY-HH-MM-SS.csv
Summary report: v2tAssessmentReport-Summary-DD-MM-YYYY-HH-MM-SS.csv

In the 1.4.1 release, the assessment mode will generate the two additional reports:edgeGatewaysDetailedReport and loadBalancerDetailedReport

Detailed Edge Gateways report: edgeGatewaysDetailedReport-DD-MM-YYYY-HH-MM-SS.csv
Detailed Load Balancer report: loadBalancerDetailedReport-DD-MM-YYYY-HH-MM-SS.csv

Renaming Log Files In previous versions, the NSX Migration for Cloud Director saved log files directly without any association with the organization in which the Organization VDC is present. This led to more complexity in sorting the files according to organizations.

The naming convention for the log file was VCD-NSX-Migrator-Main-timestamp, and for the v2tAssessement report was ORG VDC-UUID-v2tAssessmentReport-Summary-timestamp.

Old Logs Format: old-log-file-format

Old Reports Format: old-report-file-format

In 1.4.0, the formatting of the Logs folder is modified to categorize the migration logs based on the instance of the VCD; the migration logs will also include the parent Org name for the Org VDC.

The logs structure is as follows:

 >Logs
    >VCD IP/FQDN
           >Migration
                  >OrgName-VCD-NSX-Migrator-preCheck-Log-timestamp
            >v2tAssessment
                  >VCD-NSX-Migrator-v2tAssessment-Log-timestamp

>Reports
     >VCD IP/FQDN
               >v2tAssessmentReport-DD-MM-YYYY-HH-MM-SS.csv
               >v2tAssessmentReport-Summary-DD-MM-YYYY-HH-MM-SS.csv
               >edgeGatewaysDetailedReport-DD-MM-YYYY-HH-MM-SS.csv
               >loadBalancerDetailedReport-DD-MM-YYYY-HH-MM-SS.csv

renaming-log-files

Summary Report

This shows accumulative data of all the organization VDCs combined with the following details:

Build Version of the tool
UUID of VMware Cloud Director
VMware Cloud Director version
Start and End Time of the Assessment
Total time taken for the Assessment
Number of Organization/s evaluated
Number of Organization VDC/s evaluated
Maximum number of networks to be bridged in a single migration
Count of organization VDC/s as per the categories, along with organization VDC RAM and number of VMs
Feature wise categorization along with the count of the Organization VDCs, Organization VDC RAM and number of VMs

Detailed Report

This shows report per organization VDC with the following details:

Organization Name
Name of organization VDC
UUID of organization VDC
Status (whether it can be automatically migrated with the current migration tool version or not)
Number of VMs in organization VDC
organization VDC RAM
Number of networks to be bridged
OrgVdcToBeMigratedTogether (additional Org VDCs that must be migrated at the same time due to vApps connected to a shared network)
List of Unsupported features along with TRUE/FALSE/NA values stating which all are present in the specific organization VDCs

Possible values for the Status column in the detailed report:

Can be migrated.
Automated migration not supported with the current version: Organization VDC includes one or more blocking features that prevent an automatic migration with the current version of the NSX Migration for Cloud Director tool.
Can be migrated with additional preparation work: Organization VDC includes features that can be mitigated to allow migration.
The Organization VDCs not accessible for assessments: In case the organization VDCs or their components are busy, critical, or not in a healthy state.

Note While running the assessment mode, the VMware Cloud Director should be in a stable state. If any organization VDC along with its components (undergoing evaluation) is in a critical or busy state, unexpected assessment failures can occur.

Detailed Edge Gateways Report

EdgeGatewaysDetailedReports provides information about the unsupported services which are configured on Edge Gateways. This will help providers/tenants to make changes to the Org VDC configuration accordingly before migration.

This report describes the following details of services configured in edge gateways per organization VDC:

Org Name
Org VDC Name
Edge GW name
Service Name
Service Validation Error
Additional details(Object Name/ID)(Contains the rule ID for services. Also contains Object name for Edge gateway services.)

Detailed Load Balancer Report

LoadBalancerDetailedReport provides information about the unsupported services which are configured in Load Balancer. This will help providers/tenants to make changes to the Org VDC configuration, configure only supported configs in the load balancer, and avoid trivial configuration issues.

This report describes the following details of load balancer services configured in edge gateways per organization VDC:

Org Name
Org VDC Name
Edge GW Name
LB Service
Object Name

Possible Mitigation Steps for Features

Features	Mitigation Steps
DC Group Org VDC Limit Exceeded	Maximum 16 Org VDC connected through a shared network can be migrated together: Reduce the number of Org VDC using a shared network to 16 or less.
Unsupported vApps/VMs	List of unsupported configurations for vApp migration: vApp in maintenance mode is expected to be busy with external 3rd party automation/tooling (backup): Exit the maintenance Mode. Suspended or partially suspended vApp : Power On/Off the suspended vApp/VM.
Unsupported Routed vApp Network Configuration	List of unsupported configurations for routed vApp network migration: Routed vApp parent network should not be a dedicated direct network. External networks used for routed vApp networks should be overlay backed. Invalid NAT rule: if an internal port is ANY, the external port should also be ANY.
Fencing enabled on vApps	NSX-T backed vApps do not support fencing mode. If possible disable the fencing on the source vApp or else connect it to a different parent Org VDC network which does not create a MAC/IP address conflict and the need for fencing.
VM with independent disks having different storage policies and fast provisioning enabled	Disable fast provisioning for Organization VDC before migration.
No free interface on edge gateways	Change the routed organization VDC network connection interface type from the internal to distributed or subinterface to free up one direct interface.
DHCP Binding: Binding IP addresses overlap with the static IP Pool range	Make sure IPs are not overlapping between DHCP binding and the static pool.
DHCP Relay: Domain names are configured	Use the DHCP relay IP address instead of its domain name.
DHCP Relay: More than 8 DHCP servers configured	Remove excessive DHCP servers from the VDC Gateway DHCP relay configuration.
Gateway Firewall: Gateway interfaces in rule	Replace with supported source/target (IP Set, security group).
Gateway Firewall: Negated firewall rule	Disable negate flag of the firewall rule.
Gateway Firewall: Networks connected to different edge gateway used	Replace with IPset based rule.
Gateway Firewall: Unsupported grouping object	Change to a supported grouping object (network) or an IPSet.
Gateway Firewall: Negated firewall rule	Disable negated flag at the gateway firewall rule.
NAT: Range of IPs or network in DNAT rule	Change to specific IPs.
IPsec: Unsupported Encryption Algorithm	Reconfigure the VPN to a supported encryption algorithm.
IPsec: DNAT rules not supported with Policy-based session type	Requires NSX-T 4.0 or later version. Migration won't be blocked, but it may not work as expected after migration with older versions of NSX-T.
User-defined Static Routes	External static routes where the next hop is on Tier-0/VRF connected network are not supported. Configure equivalent rules from NSX-T on the destination external network Tier-0/VRF.
LoadBalancer: Custom monitor	Remove custom configuration fields (Send, Receive, Expected, Url, Extension) from the health monitor.
LoadBalancer: Default pool not configured	Configure the default pool in all virtual services.
LoadBalancer: Unsupported persistence	Switch to one of the supported persistence methods (client IP, HTTP cookie).
LoadBalancer: Unsupported algorithm	Switch to one of the supported algorithms (least connections, round robin, consistent hash).
LoadBalancer: The application profile is not added	Add the application profile.
LoadBalancer: VIP IP address conflict	VIP IP address conflicts with a Gateway IP or another VM IP. Use a different IP for the VIP.
LoadBalancer: Pool member IP overlapping DNAT in transparent mode	Remove the DNAT rule with conflicting IP with the pool member.
LoadBalancer: Pool members using different ports in transparent mode	Configure the same ports for all members in the pool.
LoadBalancer: VIP overlapping with DNAT in transparent mode	Use unique IP for DNAT rule as it is conflicting with virtual server IP.
LoadBalancer: VIP overlapping with SNAT in transparent mode	Use unique IP for SNAT rule as it is conflicting with virtual server IP.
LoadBalancer: VIP overlapping with IPsec in transparent mode	Use unique IP for IPsec sites as it is conflicting with virtual server IP.
LoadBalancer: Pools are mixed and non- transparent	Configure all pools with either transparent mode enabled or disabled.
L2VPN service	Client needs to be reconfigured. The tenant needs to manually reconfigure VPN after the migration.
SSLVPN service	Follow the guidance provided in VMware Cloud Director Remote Access VPN Integration Guide and transition to other solutions prior to the migration.
Syslog service	Disable Syslog service before migration.
SSH service	Disable SSH service before migration.
Distributed Firewall: Invalid objects in rule	Replace with equivalent supported objects (networks).
Distributed Firewall: Unsupported type is applied to section	Modify rule so it can be applied to the whole organization VDC.
Distributed Firewall: Networks connected to different edge gateways are used	Replace with equivalent IPset-based rule.
Distributed Firewall: Layer 2 Rule	Replace with equivalent layer 4 rules.
Distributed Firewall: Invalid Security Group objects in the rule	Replace with supported objects in Security Groups.
Published/Subscribed Catalog	The published catalogs will be migrated as unpublished and the publishing of catalogs has to be done manually after cleanup. The subscribed catalogs are not possible to be migrated, the provider has to remove the subscribed catalogs before cleanup.