Version 2.0 was a major release with new features, including an improved Cloud Gateway and high-throughput Layer 2 appliances, feature improvements, and bug fixes. Some of these features changed in subsequent updates.

The Cloud Gateway is more powerful, and now requires 8 vCPU, 3-GB memory, and 1.5-GB disk space. If you are performing an upgrade, the increased resources are allocated automatically. The appliance incorporates intelligent flow routing and fast boot technology for increased performance.

The High Throughput service virtual appliance is fully supported in Hybrid Cloud Manager 2.0 and higher.

As of version 2.0, you can stretch a data path that uses SNAT rules, both to and from vCloud Air. The HT Layer 2 Concentrator supports up to three stretched networks per appliance.

The HT Layer 2 Concentrator incorporates intelligent flow routing and improved reboot speeds.

Proximity Routing ensures symmetrical forwarding between virtual machines connected to stretched and routed networks, both on-premises and in the cloud. This feature requires Advanced Networks Services with Dynamic Routing configured between the cloud and the customer premises.


VMware tools must be installed on any cloud-side virtual machine that participates in proximity routing. The VMware tools version must be at least 9.

Proximity routing must be applied when the forwarding path contains stateful firewalls or other inline equipment that must see both sides of the connection. To enforce path symmetry, Hybrid Cloud Manager automatically injects /32 host routes from the cloud to the customer premises. This feature also manages migration, vMotion, and new virtual machine creation use cases.

When virtual machines are migrated, or are created on the cloud side of a stretched network, Hybrid Cloud Manager injects host routes into the on-premises network.

When virtual machines are transferred to the cloud using vMotion, the route is not injected until the virtual machine is rebooted. Waiting until after the reboot ensures that the on-premises stateful devices continue to service the existing session until the cloud route is established.

Intelligent flow routing addresses the problem of "elephant and mice" flows, choosing the best connection based on the Internet path. The flow floods the entire connection so that workloads are moved as fast as possible.

When larger flows, such as backup or replication, cause CPU contention, smaller flows are routed to less busy CPUs, improving interactive traffic performance.

Cross-cloud vMotion transfers a live virtual machine from a vSphere vCenter to a vCloud Air virtual data center. This feature is also known as zero-downtime migration, and it is helpful for virtual machines hosting business critical applications. The vMotion transfer captures the active memory, execution state, IP address, and MAC address for the migrated virtual machine.

The minimum environment for Cross-cloud vMotion is a stretched network capable of at least 250-Mbps throughput. If the throughput is lower, you might experience network disruption.

As mentioned in the Known issues, the hardware version for a virtual machine must be at least 9, or cross-cloud vMotion might fail.

In version 2.0, cross-cloud vMotion for virtual machines with Changed Block Tracking was not supported. This issue is fixed in v2.0u1.

Cold migration uses the same data plane as cross-cloud vMotion to transfer a powered-off virtual machine over an extended network. Its IP address and MAC address are preserved. The virtual machine requirements and restrictions are the same as for vMotion.

The Policy Migration feature enables NSX distributed firewall rules to be moved from an on-premises vCenter to a vCloud Air virtual data center. Rules are constantly monitored, so changes to the policy are propagated to all VMs the policy affects in the vCenter and VDC affected by the policy.

Policy Migration is possible when you use low-downtime migration or vMotion to move a virtual machine over a network stretched with the High Throughput Layer 2 Concentrator.

In vSphere, the security policy is a single NSX Section, which can contain many rules. There can be only one Section (policy) per vCenter.

You can name a Set of IP addresses or MAC addresses to participate in the policy. The name of the MAC Set or IP Set cannot exceed 218 characters.

All rules in a Section must have a unique name. Do not leave a rule name blank.

Hybrid Cloud Manager supports rules that use IP addresses, IP sets, MAC addresses, and MAC sets. Rules that use security groups or application groups are not supported.