Realizing I never covered proxy operation in the blog. Here is what I got to say about that…

A proxy server is an intermediary “message-forwarding agent” selected by a client via its local configuration for outbound HTTPS requests for security or shared caching. You can add a proxy server configuration in the HCX Site Manager to send HTTPS requests to a proxy server in the environment.

HCX Manager system makes various HTTPS requests during normal operation:

Outbound Connections

o   HCX Site Manager -> connect.hcx.vmware.com (Activation / Entitlement)
o   HCX Site Manager -> hybridity-depot.vmware.com (Update Downloads)
o   HCX Site Manager -> Remote HCX Manager (Site Pair) 

Local Connections

o   HCX Site Manager -> Registered vCenter Server 
o   HCX Site Manager -> Registered vCenter Server’s ESXi Hosts
o   HCX Site Manager -> Registered NSX Manager system  
o   HCX Site Manager -> Local Mobility Mesh Appliances

Considerations & Best Practices

• A proxy server is usually intended to handle internet-bound connections from internal systems (to endpoints that resolve to public IP addresses. Use the Proxy Server field in the HCX+ Site Manager’s Appliance Management Interface to enable proxy operation.
  
• For HCX to function correctly when a proxy server is configured, local connections should be excluded from proxy operation. Use the Proxy Exclusions field.
  
• The destination HCX Manager for site pairing should considered with the Local Connection when the IP address is internally reachable without traversing the proxy.  
  
• A simple way to restrict Local Connections is to enter one large subnet that includes all internal IP address space for the datacenter in the Proxy Exclusions field. (Best Practice)
  
• Include the local environment domain names in the Proxy Exclusions field.
  
• Configure Proxy Exclusions in any and every HCX Site Manager using a Proxy Server configuration

—

Gabe

If exclusions you forget, regret you will have.

-Master Yoda