Configure the Target Site

The target site is your Oracle Cloud VMware Solution SDDC. This article provides necessary background for properly configuring that component.

Before You Begin

Certain procedures in this Playbook are beyond its scope. To assure completion of this solution, you should first review these additional documents:

• Oracle Cloud Infrastructure documentation:
  • FastConnect
  • Connection Over IPSec VPN
• VMware Documentation:
  • Activating and Configuring HCX
  • Creating a Compute Profile
  • Deploying the Installer OVA in the vSphere Client

Understand Default Network Settings

Oracle Cloud VMware Solution deployment is one-click fully automated and ready to use. As part of the automation, the following network settings are configured by default.

VLANS	Network Security Groups (NSGs)	Route Tables
VLAN-S-vSphere VLAN-S-NSX VTEP VLAN-S-vSAN VLAN-S-vMotion VLAN-S-NSX Edge Uplink 1 VLAN-S-NSX Edge Uplink 2 VLAN-S-NSX Edge VTEP VLAN-S-HCX	NSG for VLAN-S-vMotion NSG for VLAN-S-vSphere NSG for VLAN-S-vSAN NSG for VLAN-S-NSX Edge Uplink 1 NSG for VLAN-S-NSX VTEP NSG for VLAN-S-NSX Edge VTEP NSG for VLAN-S-HCX	Route table for VLAN-V-vMotion Route table for VLAN-V-vSphere Route table for VLAN-V-NSX Edge Uplink 2 Route table for VLAN-V-NSX Edge Uplink 1 Route table for Subnet-V Default route table for VMware-SDDC-VCN Route table for VLAN-V-HCX

Subnet-V is the default subnet that’s created as part of the Oracle Cloud VMware Solution network setup. It’s used to host the VMware ESXi hosts. A separate security list called Security list for subnet-v is created for Subnet-V.

You need three separate port groups/VLANs for HCX implementation. However, you can also choose to have the same VLAN-S-vSphere port group for HCX-Management, HCX-vMotion, and HCX-Replication, and as an uplink interface. You can’t use existing ESXi Management or ESXi vMotion networks because the IP addresses are reserved from these VLANs for VMware SDDC cluster expansion.

If you plan to use segregated networking for this implementation, you must create the following VLANs and associated NSGs and route tables. We recommend using VLAN-S-vSphere for HCX-Management and creating separate networks for vMotion and replication traffic. For the same reason, HCX-Management is shown as optional. The decision to use an existing VLAN-S-vSphere for all networks or to create separate VLANs for each depends solely on your architectural requirements.

VLANS	Network Security Groups (NSGs)	Route Tables
VLAN-S-HCX-Management (optional) VLAN-S-HCX-vMotion VLAN-S-HCX-Replication	NSG for VLAN-S-HCXManagement (optional) NSG for VLAN-S-HCX-vMotion NSG for VLAN-S-HCX-Replication	Route table for VLAN-V-HCXManagement (optional) Route table for VLAN-V-HCXvMotion Route table for VLAN-V-HCX-Replication

Prepare Network and Connectivity

Understand the following considerations and prerequisites for networking and connectivity:

• The Oracle Cloud Infrastructure tenancy is connected to your on-premises data center through either FastConnect. The type of connectivity depends on your architectural and other operational requirements. We recommend using FastConnect for better performance and to meet high-speed hybridity requirements.
• The VMware HCX implementation between two Oracle Cloud VMware Solution systems requires peering gateways based on the requirement of hybrid cloud connectivity (optional scenario).
• The VLAN-S-vSphere network is used to host the HCX Enterprise Manager appliance and can also be used for HCX-Management.
• A dynamic routing gateway (DRG) is used to terminate the FastConnect traffic and accepts the communication between the on-premises SDDC and Oracle Cloud VMware Solution.
• Create a private subnet in the VCN to host the DNS server. This subnet uses the default security list and default route table.
• Create a public subnet in VCN to host the bastion server. This subnet uses the default security list and default route table.
• Create one internet gateway for public communication.
• Create one NAT gateway for internet access to the private subnet.
• Create one service gateway for access to Oracle Cloud Infrastructure services.
• Calculate the vSphere replication bandwidth requirement to analyze the link-speed requirement.
• Deploy and configure the DNS server according to the instructions in the article, About Oracle Cloud VMware DNS Configuration.

Configure Routing and Communication

Following are considerations and prerequisites for routing and communication:

• In the default route table for VMware-SDDC-VCN, add the following route rules:
  • Target type Internet Gateway for destination 0.0.0.0/0 to enable public access for the bastion host.
  • Target type Dynamic Routing Gateway for the on-premises destination network.
• In the route table for VLAN-V-vSphere, add the following route rules:
  • Target type NAT Gateway for internet access for HCX to communicate with connect.hcx.vmware.com, for activation and to download the updated versions of HCX.
  • Target type Dynamic Routing Gateway for the on-premises destination network.
• In the route tables for VLAN-HCX-Management, VLAN-HCX-vMotion, VLAN-HCX-Replication, add a route rule for target type Dynamic Routing Gateway for the on-premises destination network.
• In the route table for Subnet-V, add a route rule for target type Dynamic Routing Gateway for the on-premises destination network.

Configure Network Security and Network Security Groups

Following are considerations and prerequisites for security lists and network security groups (NSGs):

• Update the default security lists for VMware-SDDC-VCN and Subnet-V for communication between the Oracle Cloud VMware Solution and for the DNS server.
• Add an ingress rule in NSG for VLAN-S-vSphere to accept the communication from on-premises network subnets. This is required to establish communication between the on-premises HCX Manager and Oracle Cloud VMware Solution HCX Manager. For details, see HCX network requirement.
• Add an ingress rule in NSG for VLAN-S-vSphere to accept communication from the VCN subnet that hosts the DNS server, bastion host, and other such components.
• Add an ingress rule in NSG for VLAN-S-HCX-Management to accept communication from the on-premises HCX-Management network. This is required for the deployed HCX-IX, HCX-WAN-OPT, and HCX-NET-EXT appliances to communicate with each other. For details, see the HCX network requirements.
• Add an ingress rule in NSG for VLAN-S-HCX-vMotion to accept the network traffic from the on-premises ESXi vMotion network.

Obtain Access and Management Permissions

Ensure that required permissions are available to perform SRM operations on-premises and in Oracle Cloud VMware Solution. The default vCenter administrator can perform the HCX operations.

Network Connection Between Sites

For information about network connectivity between on-premises VMware environment and Oracle Cloud VMware Solution over FastConnect, see the FastConnect documentation, referenced in the "Before You Begin" topic, elsewhere in this Playbook.

Configure the DNS

To ensure that both sites can communicate with each other using FQDN, ensure that the primary and destination DNS servers have all the forward and reverse lookup entries for both sites’ VMware components that are part of the HCX implementation, such as vCenter, HCX , NSX, and Platform Services Controller (if it's external).