Migrate from NSX-V to NSX-T
Well it has been a while since my last blog but not without good reason. Between starting a new position, studying, being a Husband and a Dad, Xmas and the whole Rona lock down thing which made me buy toys on Ebay (stay tuned), things got away from me a bit, but here we are in 2022 so time to get cracking again.
So what to we want !!. NSX-T !!. When do we want it !!. Now ! … and you have no choice since NSX for vSphere went of general support as of the 16th January 2022, and to purchase maintenance is not a cheap path to go down and does not include any feature enhancements and allows you to keep the lights on.
For many organizations the thought of migrating to NSX-V to T is quite a daunting task, and guess what it is when you have multiple NSX environments, multiple clusters, hundreds of VXLAN networks, Universal Objects, Edges, DLRs, Thousands of firewall rules, Security Groups, IPSets, the list goes on and on.
So if you have your big boy brown pants on take a deep breath as VMware has got your back. There are multiple methods of migration depending on your appetite, from “In place migration” using the NSX for vSphere option to “Lift and shift” using the Distributed Firewall option in NSX-T Migration Coordinator.
Figure 1 – Migration Coordinator
Each migration method has its pros and cons.
For Example –
NSX for vSphere in place migration has very strict rules around your current NSX-V environment as there is only 5x supported Networking Topologies that can be migrated. If you do not fit into the 5x topologies or cannot remediate your infrastructure you are straight into the land of “Lift and Shift” using the Distributed Firewall migration method.
Refer to the follow VMware link on what is supported.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/migration/GUID-FA5EFF22-B7CA-4FF8-A0D3-C0CB013F10F1.html
Features that you currently use in your NSX-V environment may not be supported for migration, for example Security Groups with more than 5x Dynamic Members Sets.
To assist in trying to identify potential migration issues you can use the Migration Coordinator to identify the dependencies so you can either remediate or change your migration strategy.
Figure 2 – Example Security Groups That Cannot Migrate
Another considerations for the method of migration is can you accept downtime during the migration, do you wish to do a staged controlled migration over weeks and months, do you have the skill-set in house to rebuild rule-sets and overlay networks via API.
Each Migration Coordination migration mode except for the “NSX for vSphere” migration allows you to choose how you wish to migrate. You may wish to stand up new infrastructure, migrate all the rules and configuration, have complete role back options, however manually move virtual machines in multiple change windows. The point is that Migration Coordinator will assist you in your migration journey.
A good starting point with the journey of migrating from NSX-V to NSX-T is the Migration Coordinator documentation from VMware Networking and Security Tech Zone as it covers all the migration approaches in detail.
https://nsx.techzone.vmware.com/resource/nsx-v-nsx-t-3x-migration-coordinator#_Toc52349355
This blog is only a 100,000 foot view but is intended to point you in the right direction to start your migration journey, not to show you how to do it as each environment is different.
Good luck on with your migration, and note that even if you don’t have NSX-V you can migrate your VMware Distributed Switch Networking into NSX-T and start leveraging all the security and load balancing functionality that the platform provides.