Routed vApps Community linked to VLAN-backed Exterior Community  With VMware NSX (NSX-T), a vApp Edge is backed by a standalone Tier-1 linked through Service interface (SI) to Org VDC community. The Org VDC community should be backed by an overlay phase (GENEVE), as a result of VCD (VMware NSX backed) doesn’t assist connecting vApp Edge to a VLAN-backed Org VDC community. If the Org VDC community is straight linked to a VLAN-backed exterior community, such migration isn’t supported due to the above.  Create an Exterior Community backed by a VMware NSX overlay phase as a substitute and route it with NSX T0/T1 configured straight in NSX.  Fenced vApps  VMware NSX doesn’t assist vApp fencing (routing between inner and exterior subnets with the identical subnet).  Deploy the fenced vApp to an Org VDC community with a subnet that doesn’t overlap with the inner vApp community subnet. This should be completed previous to the migration, because the Vmware NSX Migration for Vmware Cloud Director software (MT) retains the supply topology.  VDC Group  In NSX Knowledge Heart for vSphere (NSX-V) backed VDCs, VDC Teams (later renamed to Knowledge Heart Teams) enable for a number of Edge GWs and will be unfold throughout a number of VCD and NSX-V situations. Nonetheless, Knowledge Heart Teams supported by Vmware NSX solely allow a single Edge Gateway in a single VCD occasion.  Even with NSX Federation assist in VCD 10.5 (permitting for a number of Vmware NSX situations in a single VCD occasion), there may be nonetheless not full characteristic parity.  Take away the Knowledge Heart Teams earlier than migration, migrate the workloads, and recreate (comparable) networking topology after migration (NSX Multisite and stretched T0/T1 routers can be utilized).  IPsec Route-based VPN  As of VCD 10.5, policy-based VPN on Tier-1 backed Edge Gateway is supported. VMware NSX helps route-based VPN with dynamic routing (BGP) presently solely on the Tier-0 degree.  Deploy a devoted Tier-0 Gateway for a tenant that requires an IPsec route-based VPN and configure it straight in VMware NSX. The BGP configuration will be completed in VCD.  SSL VPN  VMware NSX doesn’t present SSL VPN assist  Relying on the specified mixture of options and assist, choose various options, together with open supply or a third get together business one.  https://www.vmware.com/content material/dam/digitalmarketing/vmware/en/pdf/merchandise/vmware-cloud-director-remote-access-vpn-integration-guide.pdf  https://blogs.vmware.com/cloudprovider/2020/11/vmware-cloud-director-vcd-cds-remote-access-vpn-integration-guide.html   L2 VPN  NSX-V and VMware NSX L2 VPN protocols are incompatible.   L2 VPN migration should be completed manually, by which the VPN should be eliminated earlier than migration after which reconfigured post-migration. This additionally consists of changing NSX-V standalone edges (if used) with autonomous VMware NSX Edges in the course of the course of.  https://docs.vmware.com/en/VMware-NSX/4.1/administration/GUID-BE8A3D3C-5E0D-4777-B4F4-908E64FCB771.html  Load Balancer utility guidelines  NSX-V load balancer answer is predicated on HAProxy, whereas VMware NSX depends on the NSX Superior Load Balancer (aka Avi). The appliance guidelines are mutually incompatible and need to be rewritten.  Ranging from VCD 10.5, NSX Superior Load Balancer HTTP Insurance policies are uncovered. As such, it’s attainable to take away the load balancing utility guidelines earlier than migration, migrate and improve to VCD 10.5, after which reconfigure the appliance guidelines. If an improve to VCD 10.5 isn’t deliberate, the insurance policies will be configured from the backend of NSX ALB by the service supplier on behalf of the tenant administrator(s).  Load Balancer customized well being screens  VCD presently doesn’t assist configuring load-balancing customized well being screens with NSX ALB.  Exchange customized monitor with default screens supplied.  Syslog, CLI (SSH) on Edge Gateway  The VCD Edge Gateway is backed by a Tier-1 gateway working on VMware NSX Edge Node that may be shared with different Tier-1/Tier-0 objects.  Offering tenants CLI (SSH) entry is barely attainable when the Edge Node is devoted to them.  Equally, the syslog information stream is shared throughout all objects. A Syslog filtering method will be utilized as described right here:  https://fojta.wordpress.com/2022/10/03/multitenant-logging-with-vmware-cloud-director/  OSPF dynamic routing   VCD with VMware NSX presently doesn’t assist OSPF.  Exchange the OSPF with BGP earlier than migration.  L2 Distributed Firewall (DFW) guidelines  At the moment not supported in VCD with VMware NSX.  Exchange with L3 DFW guidelines earlier than migration  NAT64  At the moment not supported in VCD with VMware NSX.  NAT64 solely permits an IPv6-only shopper to provoke communications to an IPv4-only server. As an alternative choice to the NAT64 rule, a Load Balancer Digital Service with IPv6 VIP and IPv4 backend servers will be utilized in VCD. The Load Balancer IPv6 Service Community Specification requires DHCPv6 in SLAAC mode to be configured beforehand.