Merge pull request #171242 from shortpatti/hcx-mon

ShannonLeavitt · web-flow · commit dd8deca2ee8a · 2021-09-07T12:43:32.000-06:00
update to reflect HCX MON
diff --git a/articles/azure-vmware/configure-hcx-network-extension.md b/articles/azure-vmware/configure-hcx-network-extension.md
@@ -0,0 +1,28 @@
+---
+title: Create an HCX network extension
+description: Configure the  
+ms.topic: tutorial
+ms.date: 09/07/2021
+---
+
+# Create a HCX network extension
+
+This is an optional step to extend any networks from your on-premises environment to Azure VMware Solution.
+
+1. Under **Services**, select **Network Extension** > **Create a Network Extension**.
+
+   :::image type="content" source="media/tutorial-vmware-hcx/create-network-extension.png" alt-text="Screenshot that shows selections for starting to create a network extension." lightbox="media/tutorial-vmware-hcx/create-network-extension.png":::
+
+1. Select each of the networks you want to extend to Azure VMware Solution, and then select **Next**.
+
+   :::image type="content" source="media/tutorial-vmware-hcx/select-extend-networks.png" alt-text="Screenshot that shows the selection of a network.":::
+
+1. Enter the on-premises gateway IP for each of the networks you're extending, and then select **Submit**.
+
+   :::image type="content" source="media/tutorial-vmware-hcx/extend-networks-gateway.png" alt-text="Screenshot that shows the entry of a gateway IP address.":::
+
+   It takes a few minutes for the network extension to finish. When it does, you see the status change to **Extension complete**.
+
+   :::image type="content" source="media/tutorial-vmware-hcx/extension-complete.png" alt-text="Screenshot that shows the status of Extension complete.":::
+
+
diff --git a/articles/azure-vmware/configure-vmware-hcx.md b/articles/azure-vmware/configure-vmware-hcx.md
@@ -2,7 +2,7 @@
 title: Configure VMware HCX in Azure VMware Solution
 description: Configure the on-premises VMware HCX Connector for your Azure VMware Solution private cloud. 
 ms.topic: tutorial
-ms.date: 07/30/2021
+ms.date: 09/07/2021
 ---
 
 # Configure on-premises VMware HCX Connector
@@ -21,9 +21,15 @@ After you complete these steps, you'll have a production-ready environment for c
 
 - [VMware HCX Connector](install-vmware-hcx.md) has been installed.
 
-- If you plan to use VMware HCX Enterprise, make sure you've enabled the [VMware HCX Enterprise](https://cloud.vmware.com/community/2019/08/08/introducing-hcx-enterprise/) add-on through a [support request](https://portal.azure.com/#create/Microsoft.Support).
+- If you plan to use VMware HCX Enterprise, make sure you've enabled the [VMware HCX Enterprise](https://cloud.vmware.com/community/2019/08/08/introducing-hcx-enterprise/) add-on through a [support request](https://portal.azure.com/#create/Microsoft.Support). It's a free 12-month trial in Azure VMware Solution.
 
-- [Software version requirements](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-54E5293B-8707-4D29-BFE8-EE63539CC49B.html)
+- If you plan to [enable VMware HCX MON](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-0E254D74-60A9-479C-825D-F373C41F40BC.html), make sure you have:  
+
+   - NSX-T or VDS on-premises for HCX Network Extension (no standard switch)
+
+   - One or more active stretched network segment
+
+- [VMware software version requirements](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-54E5293B-8707-4D29-BFE8-EE63539CC49B.html) have been met.
 
 - Your on-premises vSphere environment (source environment) meets the [minimum requirements](https://docs.vmware.com/en/VMware-HCX/services/user-guide/GUID-54E5293B-8707-4D29-BFE8-EE63539CC49B.html).
 
@@ -33,7 +39,7 @@ After you complete these steps, you'll have a production-ready environment for c
 
 - [Define VMware HCX network segments](plan-private-cloud-deployment.md#define-vmware-hcx-network-segments).  The primary use cases for VMware HCX are workload migrations and disaster recovery.
 
-- Review the [VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-BFD7E194-CFE5-4259-B74B-991B26A51758.html) for information on using HCX.
+- [Review the VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-BFD7E194-CFE5-4259-B74B-991B26A51758.html) for information on using HCX.
 
 ## Add a site pairing
 
@@ -199,31 +205,18 @@ For an end-to-end overview of this procedure, view the [Azure VMware Solution: C
    >
    >:::image type="content" source="media/tutorial-vmware-hcx/hcx-service-mesh-datastore-host.png" alt-text="Screenshot showing the HCX service mesh datastore and host." lightbox="media/tutorial-vmware-hcx/hcx-service-mesh-datastore-host.png":::
 
-For an end-to-end overview of this procedure, view the [Azure VMware Solution: Service Mesh](https://www.youtube.com/embed/COY3oIws108) video.
-
-## Create a network extension
-
-This is an optional step to extend any networks from your on-premises environment to Azure VMware Solution.
+The HCX interconnect tunnel status should indicate **UP** and in green. You're ready to migrate and protect Azure VMware Solution VMs using VMware HCX. Azure VMware Solution supports workload migrations (with or without a network extension). So you can still migrate workloads in your vSphere environment, along with on-premises creation of networks and deployment of VMs onto those networks. For more information, see the [VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/index.html). 
 
-1. Under **Services**, select **Network Extension** > **Create a Network Extension**.
 
-   :::image type="content" source="media/tutorial-vmware-hcx/create-network-extension.png" alt-text="Screenshot that shows selections for starting to create a network extension." lightbox="media/tutorial-vmware-hcx/create-network-extension.png":::
 
-1. Select each of the networks you want to extend to Azure VMware Solution, and then select **Next**.
-
-   :::image type="content" source="media/tutorial-vmware-hcx/select-extend-networks.png" alt-text="Screenshot that shows the selection of a network.":::
-
-1. Enter the on-premises gateway IP for each of the networks you're extending, and then select **Submit**.
-
-   :::image type="content" source="media/tutorial-vmware-hcx/extend-networks-gateway.png" alt-text="Screenshot that shows the entry of a gateway IP address.":::
+For an end-to-end overview of this procedure, view the [Azure VMware Solution: Service Mesh](https://www.youtube.com/embed/COY3oIws108) video.
 
-   It takes a few minutes for the network extension to finish. When it does, you see the status change to **Extension complete**.
 
-   :::image type="content" source="media/tutorial-vmware-hcx/extension-complete.png" alt-text="Screenshot that shows the status of Extension complete.":::
+## Next steps
 
-For an end-to-end overview of this procedure, view the [Azure VMware Solution: Network Extension](https://www.youtube.com/embed/gYR0nftKui0) video.
+Now that you've configure the HCX Connector, you can also learn about:
 
-## Next steps
+- [Create a HCX network extension](configure-hcx-network-extension.md)
 
-If the HCX interconnect tunnel status is **UP** and green, you're ready to migrate and protect Azure VMware Solution VMs using VMware HCX. Azure VMware Solution supports workload migrations (with or without a network extension). You can still migrate workloads in your vSphere environment, along with on-premises creation of networks and deployment of VMs onto those networks. For more information, see the [VMware HCX Documentation](https://docs.vmware.com/en/VMware-HCX/index.html).
+- [VMware HCX Mobility Optimized Networking (MON) guidance](vmware-hcx-mon-guidance.md)
 
diff --git a/articles/azure-vmware/includes/azure-vmware-solutions-limits.md b/articles/azure-vmware/includes/azure-vmware-solutions-limits.md
@@ -20,8 +20,8 @@ The following table describes the maximum limits for Azure VMware Solution.
 | hosts per private cloud | 96 |
 | vCenter per private cloud | 1  |
 | HCX site pairings | 25 (any edition) |
-| AVS ExpressRoute max linked private clouds | 4<br />The virtual network gateway used determines the actual max linked private clouds.  For more details, see [About ExpressRoute virtual network gateways](../../expressroute/expressroute-about-virtual-network-gateways.md) | 
-| AVS ExpressRoute portspeed | 10 Gbps<br />The virtual network gateway used determines the actual bandwidth. For more details, see [About ExpressRoute virtual network gateways](../../expressroute/expressroute-about-virtual-network-gateways.md) | 
+| Azure VMware Solution ExpressRoute max linked private clouds | 4<br />The virtual network gateway used determines the actual max linked private clouds.  For more details, see [About ExpressRoute virtual network gateways](../../expressroute/expressroute-about-virtual-network-gateways.md) | 
+| Azure VMware Solution ExpressRoute portspeed | 10 Gbps<br />The virtual network gateway used determines the actual bandwidth. For more details, see [About ExpressRoute virtual network gateways](../../expressroute/expressroute-about-virtual-network-gateways.md) | 
 | Public IPs exposed via vWAN | 100 |
 | vSAN capacity limits | 75% of total usable (keep 25% available for SLA)  |
 
diff --git a/articles/azure-vmware/install-vmware-hcx.md b/articles/azure-vmware/install-vmware-hcx.md
@@ -11,7 +11,7 @@ VMware HCX Advanced and its associated Cloud Manager are no longer pre-deployed
 
 HCX Advanced supports up to three site connections (on-premises to cloud or cloud to cloud). If you need more than three site connections, use HCX Enterprise Edition. To activate HCX Enterprise Edition, which is currently in public preview on Azure VMware Solution, open a support request to have it enabled. Once the service is generally available, you'll have 30 days to decide on your next steps. You can also turn off or opt-out of the HCX Enterprise Edition service but keep HCX Advanced as it's part of the node cost.
 
-Downgrading from HCX Enterprise Edition to HCX Advanced is possible without redeploying. First, ensure you’ve reverted to an HCX Advanced configuration state and not using the Enterprise features. If you plan to downgrade, ensure that no scheduled migrations, features like RAV and MON aren't in use, and site pairings are three or fewer.
+Downgrading from HCX Enterprise Edition to HCX Advanced is possible without redeploying. First, ensure you’ve reverted to an HCX Advanced configuration state and not using the Enterprise features. If you plan to downgrade, ensure that no scheduled migrations, features like RAV and [HCX Mobility Optimized Networking (MON)](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-0E254D74-60A9-479C-825D-F373C41F40BC.html) aren't in use, and site pairings are three or fewer.
 
 >[!TIP]
 >You can also [uninstall HCX Advanced](#uninstall-hcx-advanced) through the portal. When you uninstall HCX Advanced, make sure you don't have any active migrations in progress. Removing HCX Advanced returns the resources to your private cloud occupied by the HCX virtual appliances.
@@ -21,14 +21,16 @@ In this how-to, you'll:
 * Install HCX Advanced through the Azure portal
 * Download and deploy the VMware HCX Connector OVA
 * Activate HCX Advanced with a license key
-* Uninstall HCX Advanced
+
 
 After you're finished, follow the recommended next steps at the end to continue with the steps of this getting started guide.
 
 ## Prerequisites
 
 - [Prepare for HCX installations](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-A631101E-8564-4173-8442-1D294B731CEB.html)
 
+- If you plan to use VMware HCX Enterprise, make sure you've enabled the [VMware HCX Enterprise](https://cloud.vmware.com/community/2019/08/08/introducing-hcx-enterprise/) add-on through a [support request](https://portal.azure.com/#create/Microsoft.Support). It's a free 12-month trial in Azure VMware Solution.
+
 - [VMware blog series - cloud migration](https://blogs.vmware.com/vsphere/2019/10/cloud-migration-series-part-2.html)
 
 
diff --git a/articles/azure-vmware/media/tutorial-vmware-hcx/default-hcx-mon-policy-based-routes.png b/articles/azure-vmware/media/tutorial-vmware-hcx/default-hcx-mon-policy-based-routes.png
diff --git a/articles/azure-vmware/media/tutorial-vmware-hcx/hcx-mon-user-case-diagram-1.png b/articles/azure-vmware/media/tutorial-vmware-hcx/hcx-mon-user-case-diagram-1.png
diff --git a/articles/azure-vmware/media/tutorial-vmware-hcx/hcx-mon-user-case-diagram-3.png b/articles/azure-vmware/media/tutorial-vmware-hcx/hcx-mon-user-case-diagram-3.png
diff --git a/articles/azure-vmware/toc.yml b/articles/azure-vmware/toc.yml
@@ -16,7 +16,7 @@
     href: tutorial-expressroute-global-reach-private-cloud.md
   - name: 4 - Install the VMware HCX Connector
     href: install-vmware-hcx.md
-  - name: 5 - Configure on-premises VMware HCX Connector
+  - name: 5 - Configure on-premises HCX Connector
     href: configure-vmware-hcx.md
 - name: Tutorials
   items:
@@ -108,12 +108,16 @@
       href: configure-l2-stretched-vmware-hcx-networks.md
     - name: Configure DNS forwarder
       href: configure-dns-azure-vmware-solution.md
+    - name: Configure HCX network extension
+      href: configure-hcx-network-extension.md
     - name: Configure port mirroring
       href: configure-port-mirroring-azure-vmware-solution.md
-    - name: Enable public internet access
-      href: enable-public-internet-access.md
     - name: Configure a site-to-site VPN in vWAN
       href: configure-site-to-site-vpn-gateway.md
+    - name: Enable public internet access
+      href: enable-public-internet-access.md
+    - name: HCX Mobility Optimized Networking (MON) guidance 
+      href: vmware-hcx-mon-guidance.md  
   - name: Configure storage policies
     href: configure-storage-policy.md 
   - name: Configure Windows Server Failover Cluster
@@ -148,6 +152,8 @@
       href: ecosystem-migration-vms.md
   - name: VMware solutions
     items:
+    - name: Configure HCX network extension
+      href: configure-hcx-network-extension.md    
     - name: Configure vRealize Operations
       href: vrealize-operations-for-azure-vmware-solution.md
     - name: Deploy VMware Horizon
diff --git a/articles/azure-vmware/vmware-hcx-mon-guidance.md b/articles/azure-vmware/vmware-hcx-mon-guidance.md
@@ -0,0 +1,57 @@
+---
+title: VMware HCX Mobility Optimized Networking (MON) guidance
+description: Learn about Azure VMware Solution-specific use cases for Mobility Optimized Networking (MON).  
+ms.topic: reference
+ms.date: 09/07/2021
+---
+
+# VMware HCX Mobility Optimized Networking (MON) guidance
+
+[HCX Mobility Optimized Networking (MON)](https://docs.vmware.com/en/VMware-HCX/4.2/hcx-user-guide/GUID-0E254D74-60A9-479C-825D-F373C41F40BC.html) is an optional feature to enable when using [HCX Network Extensions (NE)](configure-hcx-network-extension.md). MON provides optimal traffic routing under certain scenarios to prevent network tromboning between the on-premises and cloud-based resources on extended networks. 
+
+Throughout the migration cycle, MON optimizes application mobility for:
+
+- Optimizing for virtual machine (VM) to VM L2 communication when using stretched networks 
+
+- Optimizing and avoiding asymmetric traffic flows between on-premises, Azure VMware Solution, and Azure
+
+
+In this article, you'll learn about the Azure VMware Solution-specific use cases for MON.
+
+
+## Optimize traffic flows across standard and stretched segments on the private cloud side 
+
+In this scenario, VM1 is migrated to the cloud using the NE, which provides optimal VM to VM latency. As a result, VM1 needs low latency to VM3 on the local Azure VMware Solution segment. We migrate the VM1 gateway from on-premises to Azure VMware Solution (cloud) to ensure an optimal path for traffic (blue line). If the gateway remains on-premises (red line), a tromboning effect and higher latency are observed. 
+
+>[!NOTE]
+>When you enable MON without migrating the VM gateway to the cloud side, it doesn't ensure an optimal path for traffic flow.  It also doesn't allow the evaluation of policy-based routes.
+
+:::image type="content" source="media/tutorial-vmware-hcx/hcx-mon-user-case-diagram-1.png" alt-text="Diagram showing the optimization for VM to VM L2 communication when using stretched networks." border="false":::
+
+
+
+## Optimize and avoid asymmetric traffic flows 
+
+In this scenario, we assume a VM from on-premises has been migrated to Azure VMware Solution and participates in L2, and L3 traffic flows back to on-premises to access services. We also assume some VM communication from Azure (in the Azure VMware Solution connected vNET) could reach down into the Azure VMware Solution private cloud.
+
+>[!IMPORTANT]
+>The main point here is to plan and avoid asymmetric traffic flows carefully. 
+
+By default and without using MON, a VM in Azure VMware Solution on a stretched network without MON can communicate back to on-premises using the ExpressRoute preferred path. Ideally, and based on customers use case one should evaluate how a VM on an Azure VMware Solution stretched segment enabled with MON should be traversing back to on-premises either over the NE or the T0 gateway via the ExpressRoute, but keeping traffic flows symmetric.
+
+If choosing the NE path for example, the MON policy-based routes have to specifically address the subnet on the on-premises side; otherwise, the 0.0/0 route is used. Policy-based routes can be found under the NE segment, selecting advanced. By default, all RFC1918 routes are included in the MON policy-based routes defined. 
+
+:::image type="content" source="media/tutorial-vmware-hcx/default-hcx-mon-policy-based-routes.png" alt-text="Screenshot showing the default policy-based routes.":::
+
+Policy-based routes are evaluated only if the VM gateway is migrated to the cloud. The effect of this configuration is that any matching subnets for the destination get tunneled over the NE appliance.  If not matched, they get routed through the T0 gateway.
+
+>[!NOTE]
+>Special consideration for using MON in Azure VMware Solution is to give the /32 routes advertised over BGP to its peers; this includes on-premises and Azure over the ExpressRoute connection. For example, a VM in Azure learns the path to an Azure VMware Solution VM on an Azure VMware Solution MON enabled segment. Once the return traffic is sent back to the T0 as expected, if the return subnet is an RFC1918 match, traffic is forced over the NE instead of the T0.  Then egresses over the ExpressRoute back to Azure on the on-premises side.  This can cause confusion for stateful firewalls in the middle and asymmetric routing behavior. It's also a good idea to determine how VMs on NE MON segments will need to access the internet, either via the T0 in Azure VMware Solution or only through the NE back to on-premises.
+
+:::image type="content" source="media/tutorial-vmware-hcx/hcx-mon-user-case-diagram-3.png" alt-text="Diagram showing the RFC1918 egress and egress traffic flow." border="false":::
+
+As outlined in the above diagram, the importance is to match a policy-based route to each required subnet. Otherwise, the traffic gets routed over the T0 and not the NE.
+
+ 
+To learn more about policy-based routes, see [Mobility Optimized Networking Policy Routes](https://docs.vmware.com/en/VMware-HCX/4.1/hcx-user-guide/GUID-F45B1DB5-C640-4A75-AEC5-45C58B1C9D63.html).
+
