You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-vmware/enable-hcx-access-over-internet.md
+17-6Lines changed: 17 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,14 +6,14 @@ ms.date: 7/19/2022
6
6
---
7
7
# Enable HCX access over the internet
8
8
9
-
In this article, you'll learn how to perform HCX migration over a Public IP address using Azure VMware Solution.
9
+
In this article, you'll learn how to perform HCX migration over a public IP address using Azure VMware Solution.
10
10
>[!IMPORTANT]
11
11
>Before configuring a public IP on your Azure VMware Solution private cloud, consult your network administrator to understand the implications and the impact to your environment.
12
12
13
-
You'll also learn how to pair HCX sites and create service mesh from on-premises to an Azure VMware Solution private cloud using Public IP. The service mesh allows you to migrate a workload from an on-premise datacenter to an Azure VMware Solution private cloud over the public internet. This solution is useful when the customer isn't using ExpressRoute or VPN connectivity with the Azure cloud.
13
+
You'll also learn how to pair HCX sites and create service mesh from on-premises to an Azure VMware Solution private cloud using Public IP. The service mesh allows you to migrate a workload from an on-premises datacenter to an Azure VMware Solution private cloud over the public internet. This solution is useful when the customer isn't using ExpressRoute or VPN connectivity with the Azure cloud.
14
14
15
15
> [!IMPORTANT]
16
-
> The on-premise HCX appliance should be reachable from the internet to establish HCX communication from on-premises to the Azure VMware Solution private cloud.
16
+
> The on-premises HCX appliance should be reachable from the internet to establish HCX communication from on-premises to the Azure VMware Solution private cloud.
17
17
18
18
## Configure public IP block
19
19
@@ -42,12 +42,15 @@ The static null route is used to allow HCX private IP to route through the NSX T
42
42
1. Under **Name**, enter the name of the route.
43
43
1. Under **Network**, enter a non-overlapping /32 IP address under Network.
44
44
>[!NOTE]
45
-
> This address should not overlap with any other IP addresses on the private cloud network and the customer network.
45
+
> This address should not overlap with any other IP addresses on the private cloud network and the customer network.
@@ -60,6 +63,8 @@ The static null route is used to allow HCX private IP to route through the NSX T
60
63
1. The DNAT Rule Destination is the Public IP for HCX Manager. The Translated IP is the HCX Manager IP in the cloud.
61
64
1. The SNAT Rule Destination is the HCX Manager IP in the cloud. The Translated IP is the non-overlapping /32 IP from the Static Route.
62
65
1. Make sure to set the Firewall option on DNAT rule to **Match External Address**.
66
+
:::image type="content" source="media/hcx-over-internet/hcx-sample-public-access-route.png" alt-text="Diagram showing a sample NAT rule for public access of HCX Virtual machine." border="false" lightbox="media/hcx-over-internet/hcx-sample-public-access-route.png":::
67
+
63
68
1. Create Tier-1 Gateway Firewall rules to allow only expected traffic to the Public IP for HCX Manager and drop everything else.
64
69
1. Create a Gateway Firewall rule on the T1 that allows your on-premises as the **Source IP** and the Azure VMware Solution reserved Public as the **Destination IP**. This rule should be the highest priority.
65
70
1. Create a Gateway Firewall rule on the Tier-1 that denies all other traffic where the **Source IP** is **Any** and **Destination IP** is the Azure VMware Solution reserved Public IP.
@@ -95,7 +100,9 @@ Before you create a Public IP segment, get your credentials for NSX-T Manager fr
95
100
1. Enter **Name**.
96
101
1. Under IP pools, enter the **IP Ranges** for HCX uplink, **Prefix Length**, and **Gateway** of public IP segment.
97
102
1. Scroll down and select the **HCX Uplink** checkbox under **HCX Traffic Type** as this profile will be used for HCX uplink.
98
-
1. Select **Create** to create the network profile.
103
+
1. Select **Create** to create the network profile.
104
+
You will see network profile using a public segment. See sample diagram below.
105
+
:::image type="content" source="media/hcx-over-internet/hcx-sample-network-profile-route.png" alt-text="Diagram showing a sample network profile using public segment." border="false" lightbox="media/hcx-over-internet/hcx-sample-network-profile-route.png":::
99
106
100
107
## Create service mesh
101
108
Service Mesh will deploy HCX WAN Optimizer, HCX Network Extension and HCX-IX appliances.
@@ -106,7 +113,11 @@ Service Mesh will deploy HCX WAN Optimizer, HCX Network Extension and HCX-IX app
106
113
1. Select the compute profiles for both sites and select **Continue**.
107
114
1. Select the HCX services to be activated and select **Continue**.
108
115
>[!Note]
109
-
>Premium services require an additional HCX Enterprise license.
116
+
>Premium services require an additional HCX Enterprise license.
117
+
118
+
:::image type="content" source="media/hcx-over-internet/create-network-extension.png" alt-text="Screenshot that shows selections for starting to create a network extension." lightbox="media/tutorial-vmware-hcx/create-network-extension.png":::
119
+
120
+
110
121
1. Select the network profile of source site.
111
122
1. Select the network profile of destination that you created in the **Network Profile** section.
0 commit comments