Maximizing Efficiency and Security with VMware NSX Advanced Load Balancer: The EPFL Advantage
'%3E%3Cpath id='Rectangle_1' data-name='Rectangle 1' d='M0,0H800V300H0Z' transform='translate(2297 -300)' fill='%23E2F0D9'/%3E%3Cg id='Group_5' data-name='Group 5' transform='translate(-6 -3)'%3E%3Ctext transform='translate(2534 -152)' font-size='50' font-family='Roboto-Regular, Roboto'%3E%3Ctspan x='0' y='0'%3ECurated Assets%3C/tspan%3E%3C/text%3E%3Ctext transform='translate(2683 -99)' font-size='20' font-family='Roboto-Regular, Roboto'%3E%3Ctspan x='0' y='0'%3ECard%3C/tspan%3E%3C/text%3E%3C/g%3E%3C/g%3E%3C/svg%3E)
Industry
Education
Environment
vSphere, Aria Automation
Problem
- Hardware dependencies
- Lack of automation and scalability
- Performance impact from “traffic hairpinning” to load balancers
Solution
- API-based self-service portal and automation for routine tasks
- Enhanced visibility, ease of migration and streamlined upgrades
- A software-defined load balancing solution integrated with NSX
- Accelerated new load balancers' deployment time by 80%
Introduction and IT Team Background
École polytechnique fédérale de Lausanne (EPFL), a renowned technical university in Switzerland, has long been at the forefront of technology and innovation. Located in the heart of Europe, EPFL boasts a diverse international community of students, professors, and collaborators. With a mission centered around teaching, research, and innovation, EPFL collaborates extensively with partners across academia, industry, and more, all with the aim of making a tangible impact on society.
At EPFL, the Central IT team plays a pivotal role in providing the necessary IT infrastructure and resources for professors and users. This includes offering virtual machines (VMs), shared NAS volumes, S3 buckets, load balancing as a service, and much more. The team utilizes VMware NSX-T to implement micro segmentation, ensuring the security and isolation of various network segments. Additionally, EPFL operates Kubernetes clusters, employs robust monitoring solutions, and manages an array of hardware, including open networking switches from multiple manufacturers.
We interviewed Julien Demierre, the SDDC Architect at EPFL. Julien collaborates with a diverse team to design and seamlessly integrate various IT infrastructure components, delivering optimal solutions to meet EPFL's diverse needs. Our goal was to gain insights into his firsthand experience with VMware NSX Advanced Load Balancer (NSX ALB) as a valued customer.
Challenges before NSX Advanced Load Balancer
Before adopting NSX Advanced Load Balancer, EPFL faced several challenges:
- Scalability:
Facing scalability challenges with their previous load balancing setup of two boxes, one active and one standby, the team had to route all load-balanced traffic through a central IT-managed system. Julien commented, "Every upgrade became a major hassle as we struggled to manage the server lifecycle without disrupting traffic and customer services." NSX ALB's active mode introduced a transformative solution, enabling dynamic scaling by adding virtual machines in response to increased resource demands. Julien added, "With NSX ALB, we can seamlessly deploy new virtual machines and allocate the virtual services VIP as needed, and if necessary, remove virtual machines. It's a significant improvement in resource management for us.". - Proximity to VMs:
In the past, legacy load balancing often occurred at a considerable distance from the virtual machines (VMs), leading to suboptimal performance. Unlike these hardware legacy load balancers, which face architectural limitations in achieving close proximity to VMs, NSX ALB, when integrated with NSX-T, provides the advantage of bringing load balancing much closer to the VMs. This architectural advantage translates to significantly improved efficiency and performance for EPFL. - Integration with ALB Kubernetes Operator (AKO):
Integrating load balancing into Kubernetes clusters usually requires complex external configurations. With the introduction of the AKO, NSX Advanced Load Balancer (ALB) simplifies the integration process through its software-centric approach, enabling seamless internal load balancing operations within the cluster environment. This transformative shift not only streamlines operations but also delivers substantial efficiency gains, marking a significant improvement in infrastructure for EPFL.
VMware Better Together with NSX Advanced Load Balancer
EPFL's journey with NSX Advanced Load Balancer began when VMware acquired Avi Networks in 2018. Over time, as NSX Advanced Load Balancer evolved and integrated with vSphere and NSX-T, it became a powerful tool for EPFL. The seamless integration allowed for enhanced security and automation. Presently, as stated by Julien “Our seamless integrations with vSphere and NSX-T have proven to be highly effective and efficient.”. The NSX Advanced Load Balancer and NSX-T work harmoniously, automatically managing objects and security groups, ensuring consistency across the environment.
Julien is particularly impressed with the visibility capabilities of VMware NSX Advanced Load Balancer, especially in conjunction with VMware's vRealize Network Insight (vRNI). This integration has greatly improved EPFL's network monitoring and load balancing troubleshooting capabilities.
In his own words, Julien stated, "If I had to recommend a load balancer, I will definitely recommend the NSX Advanced Load Balancer directly because all other load balancers are more focused on hardware, and they are not evolving a lot."
He also highlighted the potential of NSX Advanced Load Balancer's software-defined approach, especially with the inclusion of web application firewall (WAF) features. EPFL appreciates NSX Advanced Load Balancer's continuous evolution and its alignment with VMware's product ecosystem.
Move from Legacy Load Balancer to Software Defined NSX ALB
EPFL previously relied on a legacy load balancer appliance, which presented challenges during upgrades and required careful management. With NSX Advanced Load Balancer, the migration process was smooth. DNS records were easily transferred to NSX Advanced Load Balancer, allowing for a seamless transition.
Benefits of Using NSX Advanced Load Balancer
The adoption of NSX Advanced Load Balancer brought several benefits to EPFL:
- Ease of Migration: NSX Advanced Load Balancer simplified the migration process, allowing EPFL to prepare load balancers and services in advance.
- Enhanced Visibility and Troubleshooting: NSX Advanced Load Balancer's controllers provide EPFL's teams with an extensive range of insights and monitoring tools, greatly enhancing their ability to visualize and swiftly resolve issues. Julien elaborated on the tangible advantages, stating, "Our teams can access logs and gain real-time visibility into the activities within our services and applications. They have the ability to track which IP addresses are interacting with their services, resulting in a level of transparency we didn't have previously. In the past, they had to create support tickets, and we would have to respond to those, causing delays. Now, they can proactively examine and address any concerns themselves." This feature represents a significant improvement in operational efficiency and responsiveness.
- Seamless Upgrades: NSX Advanced Load Balancer's active-active configuration guarantees uninterrupted service for VMs during upgrades, resulting in a streamlined process. Julien highlights this by stating, "The upgrade process is impeccably executed with a seamless active-active approach, ensuring zero disruption to VMs. We can now implement security measures within just 60 seconds, a capability we didn't have before."
- Micro-Segmentation: NSX Advanced Load Balancer enables micro-segmentation with NSX-T, even for load balancers, enhancing security.
- Integration: NSX Advanced Load Balancer seamlessly integrates with other VMware products, providing EPFL with a holistic solution for its IT infrastructure.
Future of EPFL with VMware NSX ALB
EPFL has ambitious plans for the future, prioritizing security, visibility, and disaster recovery. They aim to implement a robust web application firewall (WAF) and enhance visibility into application traffic. Additionally, the institution is actively exploring DR solutions, with a focus on seamless integration between on-premises and cloud-based NSX Advanced Load Balancers.
EPFL continues to appreciate the strong support provided by NSX Advanced Load Balancer, ensuring a smooth and successful journey as they evolve their infrastructure.
In conclusion, VMware's NSX Advanced Load Balancer has played a pivotal role in transforming EPFL's IT infrastructure, providing scalability, efficiency, and enhanced security. As EPFL looks toward the future, NSX Advanced Load Balancer remains an essential component of their IT ecosystem, enabling them to innovate and meet the evolving demands of a world-class technical institution.