After you have resolved all configuration issues, you can migrate the configuration. When the configuration is migrated, configuration changes are made in the NSX-T Data Center environment to replicate the NSX-v configuration.

If needed, you can roll back the configuration that is migrated. Rolling back does the following:
  • Remove the migrated configuration from NSX-T.
  • Roll back all the resolved issues in the previous step.

See Roll Back or Cancel the NSX-v Migration for more information.

Prerequisites

Verify that you have completed the Resolve Configuration step.

Procedure

  1. From the Migrate Configuration page, click Start.
    The NSX-v configuration is migrated to NSX-T.
  2. Verify that all the migrated configurations are displayed in your NSX-T environment.

    You can verify the migrated configurations either in the NSX-T NSX Manager interface or by running the NSX-T APIs.

    Important:
    • During the Migrate Configuration step, Security Tags from NSX-v are not migrated to NSX-T. Therefore, the Security Tag-based migrated dynamic Groups and Groups with static memberships in NSX-T are empty after this step is finished. The reason is that in NSX-v, a Security Tag is an object, whereas in NSX-T, a tag is an attribute of a VM. The tags are applied to the workload VMs only after the workloads are migrated to NSX-T during the Migrate Hosts step.
    • When the configuration is migrated to NSX-T, the configuration changes are made in the NSX-T NSX Manager database, but it might take some time for the configuration to take effect. You must verify that all expected NSX-v configurations appear on the NSX Manager interface or API in NSX-T before you proceed to the Migrate Edges step. For example, firewall configuration, logical switches, transport zones.
    Caution: This caution note applies only when you are using an NSX for vShield Endpoint license in your virtualized environment. This license is included in all vSphere editions. It enables you to use NSX-v to offload only anti-virus processing (Guest Introspection service) on VMs to service appliances that are provided by VMware partners.

    In a Guest Introspection service migration, Security Groups with only dynamic VM membership criteria are supported. If tags-based dynamic Security Groups are used in your NSX-v environment, the Security Tags are not migrated to NSX-T. As no host migration is involved, the migrated dynamic Groups in NSX-T are empty. After the Migrate Configuration step is finished, you must manually create the equivalent tags in NSX-T, and attach them to the VMs that require an endpoint protection.