Today I return to my HCX Series to try to complete HCX Series in the following weeks. In this third HCX – How to create Service Mesh and connect sites about HCX Series blog post, I will discuss how to create the HCX Service Mesh and connect sites.
In the previous HCX blog post, HCX – How to create Network and Compute Profiles I created the HCX Network Profiles and Compute Profiles, which means that both sites and infrastructures(compute profiles) are now connected and are visible in HCX. Now we must create the Service Mesh and connect sites to migrate VMs between both sites.
What is HCX Service Mesh?
The HCX Service Mesh consists of three components: a Service Mesh Profile, a Source Site Compute Profile, and a Destination Site Compute Profile. The Service Mesh Profile defines the source and destination locations and their associated settings. It also includes security requirements like access control lists (ACLs), firewall rules, and encryption settings. The Compute Profiles define the resources (CPU, memory, and storage) that can be allocated and managed within the environment.
Once created, the Service Mesh will define the connection between the two sites, enabling the secure and consistent transport of applications and data. It also provides an intuitive way to manage the network and security settings across the sites, such as setting up firewalls, configuring ACLs, and enforcing encryption. The Service Mesh can be monitored and managed from the HCX Central Dashboard, allowing the view status and performance of the services between the two sites.
HCX Service Mesh provides an effective way to configure end-to-end services between source and destination sites to securely and efficiently move applications, data, and workloads across cloud or on-prem infrastructures. In this blog post, we will create the HCX Service Mesh and then connect both sites(on-prem vCenters).
How to install HCX Service Mesh
In your HCX Connector, go to Interconnect option, and in the Service Mesh tab, click Create Service Mesh. Then the Service Mesh process starts.
The next option is selecting the source site(HCX Connector) and the destination site(HCX Cloud). Select the sites and click Continue.
Next, we select the Compute Profiles we created in the previous blog post in the HCX Series and click Continue.
As we also saw in the previous blog post, when creating Network Profiles, we must select which services we will enable in this Service Mesh. Each service will create an HCX Appliance stored in the Source and Destination vCenter.
In our case, we will enable all. Except for those unavailable because of license restrictions(as discussed in previous blog posts).
Select the services that you want to enable and click Continue.
Note: We can always return to the Service Mesh and, in the option, add more services to the Service Mesh.
In this option, we select the vCenter Network created in the previous HCX blog post that Service Mesh use for Network Extension Appliance.
Note: As is stated in the image, this option is when NSX-T is used in the destination to work with HCX and is mandatory(supported) to use an NSX-T overlay Transport Zone. I used my Transport Zone Overlay configured on my NSX-T and available in the destination vCenter.
Next, we will use the Network Profiles we created in the previous HCX blog post. Check the network you must select for Source and Destination(Networks existing in the vCenters).
In this section, you must set the HCX Networks, Uplink, Management, Replication, and vMotion. Those are the networks that Service Mesh will use for connection between Service Mesh Appliances and the networks that will use for the VMs migrations.
The last is the WAN. This is not mandatory(we selected it in the previous service Mesh), but it is crucial if you have low bandwidth networks. Or if you are migrating to Cloud environments.
As we can see in the HCX Service Mesh Network Topology, all networks are created and connected from Source to Destination.
Finish by giving a name to your Service Mesh, and you can click the summary to check all the Networks. Click Finish so that Service Mesh is created and all Service Mesh appliances are created.
When deploying HCX Service Mesh, we can have some errors, and the Service Mesh Appliances are not deployed.
Some are easy to fix and continue, while others need more troubleshooting to understand the problem (the most common is network issues).
After all the errors are fixed, we can continue our HCX Service Mesh deployment.
In the next image, we can see all the HCX Service Mesh appliances that will be deployed in Destination and Source, so there is an HCX network connection between both sites.
In the source, a new “dummy ESXi host” is created by HCX. It is called Mobility Agent. The Mobility Agent is a virtual host which is deployed by HCX Interconnect.
HCX Mobility Agent is used to perform migrations to a destination site, such as vMotion, Cold, and Replication Assisted vMotion (RAV). It is run on the source site’s virtual machines and enables them to be quickly and safely migrated to the target environment. This software is included with the HCX solution and is required for a successful migration.
The HCX Mobility Agent is responsible for securely transferring the VMs and their associated data over the network, allowing for the seamless migration of workloads between different environments.
After all Service Mesh appliances are deployed, we can double-check that they are all up and green. We can also see the information about each appliance(service, IP address, etc.).
And with the last task, we finish deploying HCX Service Mesh, and now both sites are connected and ready to launch the migration tasks.
In the next HCX series blog post, we will start migrating VMs between both sites.
- How to install-pairing HCX Manager and Connector
- HCX – How to create Network and Compute Profiles
- How to create Service Mesh and connect sites
- How to create Network Extension and migrate VMs(soon)
- … and more
- HCX Manager and HCX Connector DNS are not working after deploying
- HCX Login error access denied using the default SSO administrator
- HCX – Network Uplink Portgroup doesn’t have sufficient free IPs
- HCX – Unable to Create Service Mesh – NSX-T Only Overlay Transport Zone are supported
- HCX – IX appliance tunnel down – Service Mesh Service Pipeline status is down
Share this article if you think it is worth sharing. If you have any questions or comments, comment here, or contact me on Twitter.