Setting Up HCX for Migrating from VMware Cloud on AWS to Amazon Elastic VMware Service

There are a few prerequisites that need to be accomplished before setting up HCX for your VMC on AWS to EVS migration. They are the following:

1. You will need to deploy an EVS environment with private HCX connectivity (remember this needs be configured at EVS deployment). Instructions can be found here. You can also use our Automated Setup for Amazon Elastic VMware Service CloudFormation template.
2. Connect the Amazon VPC where you have deployed EVS to an AWS Transit Gateway (TGW) using a VPC attachment. Instructions can be found here.
3. You will need to create an SDDC group that contains the source VMC on AWS SDDC, which will automatically create a Transit Connect (vTGW). Instructions can be found here.
4. You will then need to peer the vTGW of the SDDC group with the TGW for EVS. Instructions can be found here.
5. Make sure you have proper static routes between the vTGW and TGW in place to allow traffic flow between environments. Instructions can be found here.
6. (Optional) To test basic connectivity over the the vTGW and TGW, you can create a test EC2 instance in the EVS VPC and use that to connect to a test VM in the VMC on AWS SDDC. To do so, make sure you open the Security Group attached to the VMC on AWS linked account ENIs.
7. Make sure you have the same version of HCX running in both VMC on AWS and EVS. You will need at a minimum HCX version 4.11.3. You can find this information either in the vCenter Web Console where you have deployed the HCX appliance or for in the VMC on AWS web console. Instructions for installing HCX on VMC on AWS are here. Instructions for installing HCX on EVS are here. You will want to install HCX Cloud in EVS.

8. Once HCX appliances are deployed, make sure to allow outbound HCX traffic on the VMC on AWS NSX Gateway Firewall in the Management Gateway rules. Reference step 7 here.
9. Next, create the site pairing in HCX. To do this, we only have to initiate the site pairing from one side, either the EVS side or the VMC on AWS side. Moreover, there are downstream impacts on which side you select. The site you configure the pairing from will also be the side of HCX that you manage the migration from. Therefore, we recommend that you configure the site pairing from the VMC on AWS side, which will be the same side you manage the migrations from. Instructions for creating site pairs can be found here.

Once we have the prerequisites complete, you want to make sure you have your Compute and Network profiles setup correctly. On the VMC on AWS side, you will not be able to create any new network profiles as it is a managed service. You will want to setup the Compute Profile in the HCX web console. Click on Create Compute Profile:

Give the profile a name.

Select the HCX services you will be using for the migration. Below services should cover most migration needs.

Select the source SDDC you are migrating from.

Select the cluster, datastore, optional folder, and resource reservations where the appliances will be deployed in the SDDC.

Select the management network profile.

Select the uplink network profile.

Select the vMotion network profile.

While this example doesn't require a vSphere replication network profile, you would select one here if needed.

Select the distributed switch that will be used for network extensions.

Review the network connection rules that will be needed. You may need to have these rules added to firewalls and/or security groups depending on your particular setup.

Review the configuration and click Finish when done.

Your compute profile should look similar to this when created.

On the EVS side, you will need to create Network and Compute Profiles. I would recommend 4 available IPs in each of the network profiles, so make sure you are properly planning your VLAN CIDRs before deploying EVS. You will create a profile for VM management, vMotion, and HCX uplinks. You will select the corresponding distributed port group for each of the network profiles, input the IP addresses in the pool for the profile to use along with the prefix length and gateway. You will want to include 2 DNS server IP addresses and the DNS suffix that will be used. You will also need to make sure the correct HCX traffic type is selected for the profile by using the checkboxes.

Once you have created the network profiles, you can create the following compute profile in the EVS HCX environment:

When selecting the EVS network container, make sure to choose env-[YOUR_ENVIRONMENT_ID]-tz-overlay01.

Now that all of your profiles are setup, you will need to create the Service Mesh. Start by going to the HCX console and on the Interconnect tab, click Create Service Mesh.

Now you will select the EVS and VMC on AWS for the site and paired site.

Next you will choose the services that you want to include with HCX. If both compute profiles don't have the same services selected, you will get a warning and it will only include services setup on both compute profiles.

Next you will choose the services that you want to include with HCX. If both compute profiles don't have the same services selected, you will get a warning and it will only include services setup on both compute profiles.

For the advanced configuration, you can leave the default settings.

Review the Topology, then give the service mesh and name and click Create Service Mesh.

Once the service mesh is created, you will want to run the data plane diagnostics tools to make sure the service is in a good state. From the service mesh, click on View Appliances. Then click on the Data-Plane Diagnostics to verify the health of the service mesh.

Once the service mesh is setup, you can begin with setting up network extensions and VM migrations.