With the business decision to move the consumption layer to policy, the existing configuration needs to be moved from NSX Manager to NSX Policy without data path disruption or deletion or recreation of existing objects. With this feature, you can promote objects created on NSX Manager to NSX Policy and can then later interact with the same objects through NSX Policy UI or NSX Policy APIs.
This feature is not supported on multi-tenancy as multi-tenancy is a policy-only feature.
- Collect all manager objects.
- Translate manager resources to corresponding policy resources intents and apply translated policy resources on policy.
- Link the obtained policy intents in Step 2 to corresponding existing manager objects.
- Report policy promotion progress and list the promoted objects.
- They are policy-only features
- They are not supported on policy yet
- They are deprecated features
- They have passthrough APIs to manager through policy
- AD Configuration
- Policy Based Routing (Forwarding policies)
- L2 forwarder
- LbTcpProfile
- Service insertion
- Traceflow
- End Point protection (Service insertion consumption)
- EVPN and EVPN Tenant
- Gateway QoS Profiles
- Multicast configuration R
- IDS
- Backup restore and proxy settings
- License Management
- Upgrade
- LRQoSProfile
- VRF config on routers
- Bridge Firewall
- Port mirroring session - Local Span and Remote Span
- Multicast config
- OSPF
- IP block subnet
- L2 VPN client session
A mixed mode is also not supported for promotion. Mixed mode is where configuration contains combination of policy and manager objects, for example, NAT rules on manager attached to routers created through policy and groups created through policy used in MP DFW rules.
On a Federation setup, you cannot promote objects created on NSX Manager to NSX Policy. If you want to onboard sites to GM in Federation, then first promote all manager objects to policy using this feature. Also, note that for post site and config onboarding this feature is not supported.When you log in to NSX, an application-level alert is displayed if objects are available for promotion along with a link to initiate the promotion. You can click the link to start the promotion. You can also start the promotion from the System tab. If you performed the promotion process earlier, you can also view a history of last five promotions performed and details of data of the last two successful promotions by clicking Recent Activity.
Once you initiate the promotion process and the process starts, the system displays a progress bar to show percentage of promotion performed. It also displays manager objects that are promoted to policy objects and status of promotion whether objects succeeded or failed the promotion. You can view failure details by clicking the object failed link against failed objects. Also, if any object fails to get promoted, you can skip it and continue the promotion or you can choose to stop the promotion. If you stop the promotion, the system rollbacks promoted objects to their previous states.Prerequisites
- You must start the migration coordinator service by running the following command on any one node of manager cluster nodes.
start service migration-coordinator
Note: The entire promotion process will run only on that single node on which you start the migration coordinator service. -
Take a backup before performing the manager to policy promotion. In case a rollback fails, we can revert the system to its original state using the backup.