| Routed vApps Network linked to VLAN-backed External Network |
With VMware NSX (NSX-T), a vApp Edge is backed by a standalone Tier-1 linked through Service interface (SI) to Org VDC community. The Org VDC community should be backed by an overlay section (GENEVE), as a result of VCD (VMware NSX backed) doesn’t help connecting vApp Edge to a VLAN-backed Org VDC community. If the Org VDC community is immediately linked to a VLAN-backed exterior community, such migration will not be supported due to the above. |
Create an External Network backed by a VMware NSX overlay section as a substitute and route it with NSX T0/T1 configured immediately in NSX. |
| Fenced vApps |
VMware NSX doesn’t help vApp fencing (routing between inner and exterior subnets with the identical subnet). |
Deploy the fenced vApp to an Org VDC community with a subnet that doesn’t overlap with the interior vApp community subnet. This should be accomplished previous to the migration, because the Vmware NSX Migration for Vmware Cloud Director instrument (MT) retains the supply topology. |
| VDC Group |
In NSX Data Center for vSphere (NSX-V) backed VDCs, VDC Groups (later renamed to Data Center Groups) enable for a number of Edge GWs and might be unfold throughout a number of VCD and NSX-V cases. However, Data Center Groups supported by Vmware NSX solely allow a single Edge Gateway in a single VCD occasion. Even with NSX Federation help in VCD 10.5 (permitting for a number of Vmware NSX cases in a single VCD occasion), there’s nonetheless not full characteristic parity. |
Remove the Data Center Groups earlier than migration, migrate the workloads, and recreate (comparable) networking topology after migration (NSX Multisite and stretched T0/T1 routers can be utilized). |
| IPsec Route-based VPN |
As of VCD 10.5, policy-based VPN on Tier-1 backed Edge Gateway is supported. VMware NSX helps route-based VPN with dynamic routing (BGP) presently solely on the Tier-0 degree. |
Deploy a devoted Tier-0 Gateway for a tenant that requires an IPsec route-based VPN and configure it immediately in VMware NSX. The BGP configuration might be accomplished in VCD. |
| SSL VPN |
VMware NSX doesn’t present SSL VPN help |
Depending on the specified mixture of options and help, choose various options, together with open supply or a third celebration industrial one. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vmware-cloud-director-remote-access-vpn-integration-guide.pdf https://blogs.vmware.com/cloudprovider/2020/11/vmware-cloud-director-vcd-cds-remote-access-vpn-integration-guide.html |
| L2 VPN |
NSX-V and VMware NSX L2 VPN protocols are incompatible. |
L2 VPN migration should be accomplished manually, through which the VPN should be eliminated earlier than migration after which reconfigured post-migration. This additionally consists of changing NSX-V standalone edges (if used) with autonomous VMware NSX Edges throughout the course of. https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-BE8A3D3C-5E0D-4777-B4F4-908E64FCB771.html |
| Load Balancer software guidelines |
NSX-V load balancer answer relies on HAProxy, whereas VMware NSX depends on the NSX Advanced Load Balancer (aka Avi). The software guidelines are mutually incompatible and must be rewritten. |
Starting from VCD 10.5, NSX Advanced Load Balancer HTTP Policies are uncovered. As such, it’s doable to take away the load balancing software guidelines earlier than migration, migrate and improve to VCD 10.5, after which reconfigure the applying guidelines. If an improve to VCD 10.5 will not be deliberate, the insurance policies might be configured from the backend of NSX ALB by the service supplier on behalf of the tenant administrator(s). |
| Load Balancer customized well being screens |
VCD presently doesn’t help configuring load-balancing customized well being screens with NSX ALB. |
Replace customized monitor with default screens supplied. |
| Syslog, CLI (SSH) on Edge Gateway |
The VCD Edge Gateway is backed by a Tier-1 gateway operating on VMware NSX Edge Node that may be shared with different Tier-1/Tier-0 objects. |
Providing tenants CLI (SSH) entry is just doable when the Edge Node is devoted to them. Similarly, the syslog information stream is shared throughout all objects. A Syslog filtering method might be utilized as described right here: https://fojta.wordpress.com/2022/10/03/multitenant-logging-with-vmware-cloud-director/ |
| OSPF dynamic routing |
VCD with VMware NSX presently doesn’t help OSPF. |
Replace the OSPF with BGP earlier than migration. |
| L2 Distributed Firewall (DFW) guidelines |
Currently not supported in VCD with VMware NSX. |
Replace with L3 DFW guidelines earlier than migration |
| NAT64 |
Currently not supported in VCD with VMware NSX. |
NAT64 solely permits an IPv6-only shopper to provoke communications to an IPv4-only server. As an alternative to the NAT64 rule, a Load Balancer Virtual Service with IPv6 VIP and IPv4 backend servers might be utilized in VCD. The Load Balancer IPv6 Service Network Specification requires DHCPv6 in SLAAC mode to be configured beforehand. |
