This post is designed to help you get all the right prerequisites in place to get VMware Cloud on AWS (VMC) and Hybrid Cloud extension (HCX) up and running and start migrating workloads.
This is a good guide if you are setting up a VMC pilot or production environment and need to start moving workloads into VMC fast.
If you are in charge of architecture for the end state VMC environment I highly recommend you start with the VMware Techzone link below. Review all the modules.
VMware Cloud on AWS Design Guide (TechZone)
VMware Cloud on AWS & Hybrid Cloud Extension Deployment
To keep things simple I have broken down the deployment of VMC and HCX into 5 easy steps.
- Deploy VMC
- Configure Connectivity between Data Centers and VMC
- Configure Firewall Rules
- Deploy HCX within VMC
- Deploy HCX On Premises
Each of the 5 steps will have some prerequisites, which i will cover in some detail.
1. Deploy VMC
To deploy VMC follow this post Deploying VMware Cloud on AWS.
The following is what you are going to need for the deployment.
- Have a My VMware account and review the Onboarding Checklist
- Know which region you will be deploying VMC into. The available VMC regions can be found here
- Have a AWS Account with a VPC and Subnet configured. This will be used as the connected VPC, you can see the connected AWS Account in the diagram above in the bottom right hand corner. The requirements of the AWS Account, VPC and subnet can be found here
- Management CIDR, this will be used for the Management Subnet within VMC (The Management Subnet is the network where vCenter, NSX, ESXi, HCX and any other VMware managed appliances will reside) The requirements for the Management CIDR are:
- A private subnet range (RFC 1918) to be used for vCenter Server, NSX Manager, and ESXi hosts
- Choose a range that will not overlap with other networks or SDDC group members that connect to this SDDC
- Minimum CIDR sizes: /23 for up to 27 hosts, /20 for up to 251 hosts, /16 for up to 4091 hosts
- Reserved CIDRs: 10.0.0.0/15, 172.31.0.0/16
2. Configure Connectivity
There are three main ways to connect to VMC:
- Over the internet, you may not want to connect your on premise data center to VMC at all. If this is the case, but you still need to migrate workloads, we can let HCX take care of the connectivity, so you can move onto step 3.
- Connect via VPN, please follow this guide
- Connect via Direct Connect, please follow this guide
3. Configure Firewall Rules
The first rule you will need to create is a rule to access vCenter this guide will help with creating the firewall rule, and any others you may need to create
4. Deploy HCX in VMC
To deploy HCX in VMC and On premises please follow my blog Deploying HCX
Deploying HCX in VMC is very easy, you click a button and HCX gets deployed. If you are using a Direct Connect there is an additional step, you need to setup a Direct Connect Network Profile for HCX, you can follow this guide.
HCX with Direct Connect will require a CIDR (separate to the VMC Management CIDR). Ensure the IP Address Range configured does not overlap with the VMware Cloud on AWS management subnet CIDR block or any other IP range already in use for services in VMC. Overlap can cause routing and network reachability issues for those other components. This guide will show you how to setup the HCX CIDR.
5. Deploy HCX on premises
To deploy HCX in VMC and On Premises please follow my blog Deploying HCX
There are a number of prerequisites for getting HCX On Premises up and working, a full list can be found here
The Key prerequisites for deployment day are:
- Admin account for On Premises vCenter
- 3 IP Addresses from the Management Network (for the HCX appliances)
- 1 IP Address from the vMotion Network (for the HCX appliances)
- Distributed Switch if you want to extend layer 2 networks
- Management and or the network that HCX Appliances get deployed to cannot be layer 2 extended
- The following external firewall rules are required
| Port | Protocol | Source | Destination |
| 4500 | UDP | Network Extension (HCX-NE On-Prem) | Network Extension (HCX-NE in VMC) |
| 4500 | UDP | Interconnect (HCX-IX On-Prem) | Interconnect (HCX-IX in VMC) |
| 443 | TCP | HCX Manager (On-Prem) | HCX Manager (VMC) |
| 443 | TCP | HCX Manager (On-Prem) | hybridity-depot.vmware.com |
| 443 | TCP | HCX Manager (On-Prem) | connect.hcx.vmware.com |
- Full list of Network Ports requirements should be reviewed here
Once you have all the above, you are ready for an easy deployment.
Great post! Well done mate. Can we get a post on tips for BKK?