With the business decision to move the consumption layer to policy, the existing configuration needs to be moved from NSX Manager to NSX Policy without data path disruption or deletion or recreation of existing objects. With this feature, you can promote objects created on NSX Manager to NSX Policy and can then later interact with the same objects through NSX Policy UI or NSX Policy APIs.

The promotion process has the following workflow:
  1. Collect all manager objects.
  2. Translate manager resources to corresponding policy resources intents and apply translated policy resources on policy.
  3. Link the obtained policy intents in Step 2 to corresponding existing manager objects.
  4. Report policy promotion progress and list the promoted objects.
Promotion of objects occurs based on their dependency order, for example, a group is promoted first and then any rule that consumes that group. Also, note that some configurations and entities are not supported for promotion for any of the following reasons:
  • They are policy-only features
  • They are not supported on policy yet
  • They are deprecated features
  • They have passthrough APIs to manager through policy
Objects that are not supported for promotion are as follows:
  • AD Configuration
  • Policy Based Routing (Forwarding policies)
  • L2 forwarder
  • LbTcpProfile
  • Service insertion
  • Traceflow
  • End Point protection (Service insertion consumption)
  • EVPN and EVPN Tenant
  • Gateway QoS Profiles
  • Multicast configuration R
  • IDS
  • Backup restore and proxy settings
  • License Management
  • Upgrade
  • LRQoSProfile
  • VRF config on routers
  • Bridge Firewall
  • Port mirroring session - Local Span and Remote Span
  • Multicast config
  • OSPF
Supported objects, but unsupported configurations are as follows:
  • IP block subnet
  • L2 VPN client session

A mixed mode is also not supported for promotion. Mixed mode is where configuration contains combination of policy and manager objects, for example, NAT rules on manager attached to routers created through policy and groups created through policy used in MP DFW rules.

On a Federation setup, you cannot promote objects created on NSX Manager to NSX Policy. If you want to onboard sites to GM in Federation, then first promote all manager objects to policy using this feature. Also, note that for post site and config onboarding this feature is not supported.

When you log in to NSX-T, an application-level alert is displayed if objects are available for promotion along with a link to initiate the promotion. You can click the link to start the promotion. You can also start the promotion from the System tab. If you performed the promotion process earlier, you can also view a history of last five promotions performed and details of data of the last two successful promotions by clicking Recent Activity.

Once you initiate the promotion process and the process starts, the system displays a progress bar to show percentage of promotion performed. It also displays manager objects that are promoted to policy objects and status of promotion whether objects succeeded or failed the promotion. You can view failure details by clicking the object failed link against failed objects. Also, if any object fails to get promoted, you can skip it and continue the promotion or you can choose to stop the promotion. If you stop the promotion, the system rollbacks promoted objects to their previous states.

Prerequisites

  • You must start the migration coordinator service by running the following command on any one node of manager cluster nodes.

    start service migration-coordinator

    Note: The entire promotion process will run only on that single node on which you start the migration coordinator service.
  • Take a backup before performing the manager to policy promotion. In case a rollback fails, we can revert the system to its original state using the backup.

Procedure

  1. Navigate to System > General Settings > Manager Objects Promotion
  2. Click Start Objects Promotion.
    The system displays summary of manager objects.
  3. Click Continue.
    The system starts the promotion and displays the progress and status of promotion. If any object fails to get promoted, the system displays an error. You can click Skip and Continue to continue the promotion, or you can click Cancel to stop the promotion.
  4. Once the promotion is completed successfully, the system displays the Manager to Policy Objects Promotion page.