There is nothing to date from VMware that actually shows you how to setup HCX with Direct Connect on the VMC on AWS with the change to Service Mesh. With limited permissions and out-dated manuals this has been a challenge. We have a customer who needed this config and we were able to get a VMware tech on a call to step up through the procedure.
NOTE: These steps are not “completely” verified but they are a result of a call directly with VMware. We will be testing these and updating with any missing/wrong info.
- The AWS Direct Connect with Private Virtual Interface is only supported on VMC SDDC backed by NSX-T networking.
- The SDDC must be configured to use the Direct Connect Private Virtual Interface. HCX can be installed before or after Direct Connect is setup.
- Choose a Network Segment to be “second management network” to be used for the Direct Connect. This network can be anything that is not used already either by the VMC or On-Prem. It will be best to check with the customer to verify an available range. This network must be AT LEAST a /29 but if the customer has several DVSs they want to extend to the VMC this range should be larger.
- Existing VMware HCX Interconnect, Optimization Network Extension appliances must be removed before beginning this configuration. They will be redeployed over the Direct Connect network with IPs out of the range mentioned above. This is done by deleting the Service Mesh. All HCX appliances will be deleted if the Service Mesh is deleted.
1.Log in to the VMC Console at vmc.vmware.com.
2. On the Add Ons tab of your SDDC, click OPEN HCX on the Hybrid Cloud Extension card.
3. Navigate to the SDDCs tab and click OPEN HCX. The click OPEN HCX again in the connect.hcx.vmware.com window.
4. Enter the firstname.lastname@example.org user and credentials and click LOG IN.
5. Navigate to the Interconnect section of the Infrastructure drop-down and click Network Profiles.
6. Locate the Network Profile with Type: directConnectNetwork1 Click Edit.
7. Here is where you use the “second management network” chosen in the prerequisites section.
9. Now reconfigure the Service Mesh and choose the revised directConnectNetwork1 network profile for the uplink.
10. Once the Service Mesh is created you should be able to see the new “second management network” range advertised in the BGP routes. This is located in the Networking & Security > Direct Connect > Advertised BGP Routes section.
- Add Groups and then Firewall rules for:
- “connect.hcx.vmware.com” ( 126.96.36.199 )
- “hybridity-depot.vmware.com” ( 188.8.131.52 )
- Port is 443
- Create Firewall rule in the Mgmt Gateway to allow On-Prem to VMC HCX
- Create Firewall rule in the Mgmt Gateway to allow HCX to On-Prem on 443
- Edit the Host file on the On-Prem HCX Manager to point to the private IP of the HCX Manager in the VMC (i.e. hcx.sddc-33-222-44-333.vmwarevmc.com 10.2.224.23)
When the VMware HCX Interconnect services are deployed from the VMware HCX Enterprise console on-premises, the VMware HCX Interconnect appliances are deployed using uplink IP addresses that are reachable over the AWS Direct Connect.
Roughly 7 billion people in the world and only 3,211 people wanted to read this..???