Designlet: Workload Migration from On-Prem SDDC to Alibaba Cloud VMware Service

Introduction

This document provides recommendations and guidelines for migrating workloads from the on-prem data center to Alibaba Cloud VMware Service (ACVS). This document also outlines the connectivity options for connecting the two sites.

Summary and Considerations

Use Case	With the workload migration capability, you can bring workloads to the Alibaba Cloud VMware Service. You can configure Alibaba Cloud VMware Service as your primary data center site or a DR site. You can also migrate workloads to the Alibaba Cloud VMware Service due to data center evacuation. Alibaba Cloud spans different geo-locations and regions, thus bringing workloads closer to the remote and edge locations with the workload migration capability.
Pre-requisites	Connectivity between the two sites via Express Connect or IPSec VPN with sufficient bandwidth and reliability. vSphere 6.5 or above on both the sites for cross vCenter Server vMotion. There are two operations that you can invoke to migrate virtual machines between the two sites. The vCenter Server that initiates the import or export task must be on version 7.0 Update 1c or later.
Performance Considerations	If migrating multiple VMs, ensure the minimum available network bandwidth is 250Mbps per concurrent vMotion process. The Round-Trip-Time (RTT) between the two sites should be less than 150ms. Use ExpressConnect to migrate large or bulk VMs.
Known Limitations	IPSec VPN allows a peak bandwidth of 200Mbps only, depending upon the region and location of the two sites. This does not allow you to perform bulk migration. Use Express Connect for the bulk migration.

Connectivity

There are two options to connect the on-prem data center and Alibaba Cloud VMware Service.

These are:

Alibaba Cloud Express Connect
IPSec VPN

Alibaba Cloud ExpressConnect

Express Connect lets you establish high bandwidth, reliable, secure, and private connections between different networks. Dedicated physical connections link your on-premise data centers with Alibaba Cloud, which improves the flexibility of your network topology and the performance of cross-network connectivity.

Customer Premises Equipment (CPE)

This is the gateway device on the on-prem data center.

Express Connect Circuit

Physical Link between the sites. Available bandwidth is 50Mbps to 100Gbps depending on the type of service subscribed. Dedicated as well as shared link options are available.

Virtual Border Router (VBR)

A VBR is a router between the customer-premises equipment (CPE) in a data center and an access point of Alibaba Cloud. After you connect your data center to an access point of Alibaba Cloud, you can create a VBR to exchange data between your data center and Alibaba Cloud.

Pros and Cons for using ExpressConnect for Workload Migration

Pros

Peak bandwidth of 100 Gbps
A dedicated physical link between On-Prem and Alibaba Cloud VPC
Suitable for data exchange at higher speed with higher efficiency
A secure connection between the two sites as data flows between the dedicated physical link and does not flow over the internet as in the case of IPSec VPN.

Cons

Increased cost compared to IPSec VPN

IPSec-VPN

IPSec VPN allows you to establish secure and reliable communication between the on-prem and Alibaba Cloud VPC. The traffic flows through an encrypted IPSec VPN Tunnel.

Gateway Device

An endpoint router device with a public IP address at the on-prem data center can route traffic to and from the internet. Any device that supports IKEv1 and IKEv2 can connect to the VPN gateway.

VPN Gateway

Gateway device on the Alibaba cloud site, securely connecting on-prem environment and Alibaba cloud VPC.

IPSec Tunnel

Encrypted connection between VPN Gateway and the customer gateway device. Providing encrypted, secure, and reliable communication between the two sites.

Pros

Low-cost connectivity solution
Easy to implement
Ready to use solution
Secure and encrypted communication over an existing internet link
Supports multiple tunnels through a single customer gateway and VPN gateway

Cons

Only 200 Mbps peak bandwidth available.
Not ideal for the bulk data migration.

Workload Migration with the Advanced Cross vCenter Server

Advance Cross vCenter Server vMotion (XVM) introduced in vSphere 7 Update 1 enables you to migrate virtual machines across vCenter Server, part of different Single Sign-On domains.

You have two operations available to migrate VMs to the target site.

From the source vCenter Server, you can invoke the export operation to migrate VMs from the source vCenter Server to the target vCenter Server.

From the target vCenter Server, you can invoke the import operation to migrate VMs from the source vCenter Server to the target vCenter Server.

General Considerations

vMotion requires a vmkernel interface on the source as well as the target ESXi host.
If migrating multiple VMs, ensure the minimum available network bandwidth is 250Mbps per concurrent vMotion process.
The Round-Trip-Time (RTT) between the two sites should be less than 150ms.
Create a destination network. This will be an Overlay NSX-T Segment on the Alibaba Cloud VMware Service. This operation is only allowed via Alibaba Cloud Console Only.
If required you can configure internet access by setting up the NAT rules. This operation is only allowed via Alibaba Cloud Console Only.

Known Limitations

Migration can scale depending upon the bandwidth available between the two sites. vMotion requires minimum 250Mbps bandwidth per concurrent vMotion process.

Conclusion

By using advanced cross vCenter Server vMotion, you can bulk migrate workloads from On-prem to the Alibaba Cloud VMware Service. It is preferred to use Express Connect over IPSec VPN as it meets the bandwidth requirements for the bulk migration.

Authors and Contributors

Jatin Purohit, Sr. Technical Marketing Manager, VMware