Realizing I never covered proxy operation in the blog. Here is what I got to say about that…
A proxy server is an intermediary “message-forwarding agent” selected by a client via its local configuration for outbound HTTPS requests for security or shared caching. You can add a proxy server configuration in the HCX Site Manager to send HTTPS requests to a proxy server in the environment.
HCX Manager system makes various HTTPS requests during normal operation:
o HCX Site Manager -> connect.hcx.vmware.com (Activation / Entitlement)
o HCX Site Manager -> hybridity-depot.vmware.com (Update Downloads)
o HCX Site Manager -> Remote HCX Manager (Site Pair)
o HCX Site Manager -> Registered vCenter Server
o HCX Site Manager -> Registered vCenter Server’s ESXi Hosts
o HCX Site Manager -> Registered NSX Manager system
o HCX Site Manager -> Local Mobility Mesh Appliances
Considerations & Best Practices
- A proxy server is usually intended to handle internet-bound connections from internal systems (to endpoints that resolve to public IP addresses. Use the Proxy Server field in the HCX+ Site Manager’s Appliance Management Interface to enable proxy operation.
- For HCX to function correctly when a proxy server is configured, local connections should be excluded from proxy operation. Use the Proxy Exclusions field.
- The destination HCX Manager for site pairing should considered with the Local Connection when the IP address is internally reachable without traversing the proxy.
- A simple way to restrict Local Connections is to enter one large subnet that includes all internal IP address space for the datacenter in the Proxy Exclusions field. (Best Practice)
- Include the local environment domain names in the Proxy Exclusions field.
- Configure Proxy Exclusions in any and every HCX Site Manager using a Proxy Server configuration
If exclusions you forget, regret you will have.-Master Yoda
Aside from connect.hcx.vmware.com and hybridity-depot.vmware.com, does HCX SM makes connections to hcxplus.vmware.com and hcxplus-site.vmware.com? Last time I check, ports.vmware.com does not have a specific page for HCX+
LikeLiked by 1 person
I believe that is it.
HCX+ will get specific product entries in ConfigMax and ports & protocols soon. Work in progress.