VMware Cloud Foundation Better Together with VMware NSX Advanced Load Balancer
Executive summary
Need for a Cloud Operating Model
As organizations have started to selectively embrace the public cloud for a portion of their business needs, they increasingly realize the advantages of cloud infrastructure and operations. They now require a public cloud-like self-service experience for on-premises environments too.
While public cloud has its place in overall app development and digital initiatives, it is not a fit for everything. Certain apps and workloads may need to reside in on-premises environments due to compliance, integration and cost considerations. Self-service delivery models enable IT organizations to abstract services and provide users what they need, while IT retains the flexibility to move resources on the back end with control and compliance, optimizing the use of strategic corporate infrastructure resources at the same time.
IT needs to transform its operational model as the legacy models of running IT are not sufficient to accommodate the needs of the business. These needs include but are not limited to:
- Self-service through API or portal
- On-demand, anytime, anywhere
- Scalable and expandable when needed
- Pay for what you consume
This needs a change in how people, process and technology are aligned to the goal of supporting the digital transformation outlined in the various strategies. For people this means a shift in mindset in how they provide services. The mindset should focus on becoming a customer-focused, service delivery-oriented organization. This means that people need to be multi-disciplinary and work cross-functionally.
A future-ready IT organization must have clear objectives — with well-thought-out strategies to support its objectives. Its app, data, and cloud strategies must align with higher-level business strategies, initiatives, and outcomes. This is often referred to as the Cloud Operating model.
All of this needs the adoption of a mindset that is focused on delivering resources to the consumers of IT within the business. As a result, processes will need to be re-aligned to accommodate the transition towards a Cloud Operating Model. The focus should be to automate or broker the delivery of IT resources as much as possible and make them accessible through a self-service portal or API.
In this paper, we will learn the benefits of choosing an integrated Load Balancing solution with the VMware Cloud Foundation offering and it can help you deliver a superior application experience to your customers like no other.
VMware Cloud Foundation
VMware Cloud Foundation (VCF) makes self-service private cloud easy with a consistent operating, governance and consumption model. It provides quick time to value by enabling self-service consumption and delivery of private cloud resources, providing users and developers with a unified and consistent self-service layer. VCF customers can take advantage of the self-service private cloud with VMware Cloud Foundation solution to enable modern use cases, and help drive increased business and IT agility, productivity and efficiency.
NSX Advanced Load Balancer
For those who have realized the value of VCF, why not extend the same principles you have come to believe to application delivery too? With its genesis in the Software defined principles and backed by VMware’s validated designs, guided by simplified operations along with self-service automation, holistic visibility and overarching security that complements the network security, VMware NSX Advanced Load Balancer offers a superior load balancing solution like none other.
Why Advanced Load Balancing matters
Why advanced load balancing
We live in application driven economy. Enterprises are facing an unprecedented need to provide infrastructure that matches the agility of applications. The network team is under pressure to support remote employees, to deliver modern apps and support a much higher velocity of changes and updates to meet time-to-market considerations. Delivering great application experience is synonyms with business growth, better customer satisfaction and workforce productivity. Organizations are realizing the need for a modern, advanced load balancing solution to enable better application experience. Load balancing is a fundamental building block of as compute, storage, and network. One cannot realize the value of applications and digital transformation without load balancing.
NSX ALB load balancing highlights
NSX Advanced Load Balancer is designed to provide flexible deployment and simplified operations through automation and centralized management and as such support the Cloud Operating Model strategy. With a software-defined approach to application delivery infrastructure, NSX Advanced Load Balancer decouples the control plane from the data plane and provides consistent application delivery services across clouds and heterogeneous infrastructure, including bare metal servers, virtual machines (VMs), and containers. Unlike the legacy load balancers that are highly overprovisioned and hence wasteful, NSX ALB enables optimal capacity management and highly elastic fabric through automatic zero touch autoscaling features. Yet another disadvantage of the legacy load balancers is the inability to trouble shoot issues in time often resulting in friction among the application and the network teams. NSX ALB makes it easy to troubleshoot complex issues through rich and contextual analytics and stop the blame game. By its virtue of being completely integrated with the other VMware stacks, you can enjoy the benefits of validated designs, unified automation workflows and visibility for complete peace of mind knowing your applications will be delivered as intended.
NSX ALB Makes Your VMware Cloud Foundation Better
Customers continue to extract tremendous value from the VCF solution keeping in line with the principles of the cloud operating model. But the last mile challenges with application delivery remain. These are compounded by geographically disparate datacenters with wider attack surface and reduced analytics and visibility. This is where the NSX ALB adds tremendous value to the existing VCF customers. In addition to excellent server load balancing capabilities, the NSX ALB enables Global Server Load Balancing with Intelligence Traffic distribution across Data centers and address important use cases such as Disaster Recovery with ease. With the inbuilt WAF, NSX ALB can even provide application protection before traffic reaches the network. Last but not the least, it helps you Analyze and Optimize end to end Application Experience proactively while simplifying troubleshooting and automatically build a self-healing infrastructure. Here are a few ways NSX ALB makes your VMware Cloud Foundation investments better.
Intelligent Traffic Distribution for Scale and Resiliency
As the mandate for application modernization takes effect, it becomes increasingly necessary to load balance applications across geographies and clouds for high availability and address important issues such as disaster recovery and application upkeep. NSX ALB provides GSLB services, which provides load balancing of applications across multiple geographically dispersed locations, while providing centralized GSLB configuration, application monitoring, and analytics. That includes centralized provisioning with automated discovery of applications across sites as well as centralized application monitoring, logs, and analytics. In addition, the tight integration with VCF also ensures load balancing of individual elements like Log Insights, vROps, vRA as well as identity services like LDAP, Radius, DNS servers for better scale and resiliency. In the absence of an integrated solution like NSX ALB with VCF, these aspects of load balancing are too complex to address and often overlooked compromising application performance.
Optimized Application Experience
Infrastructure induced high latency is one of the top reasons for a suboptimal application experience. Deploying legacy or traditional software-based load balancers can often lead to high latency leading to sluggish application experience. NSX ALB reduces latency by eliminating hair pining of traffic seen with such external load balancers. It also offloads resource intensive services including connection management and Access Control List lookups from routers or switches, further accelerating application response times. The NSX ALB integration with VCF can also enable you to proactively optimize resources and troubleshoot with end-to-end visibility which is otherwise impossible with the legacy load balancers that are deployed as point solutions.
Stronger Security posture
In recent years, web application security has become increasingly important, especially as web application attacks are the most common reason for breaches. WAFs have become a critical component of web application security, and guard against web application vulnerabilities while providing the ability to customize the security rules for each application. As WAF is in line with traffic, some functions are conveniently implemented by a load balancer. This is an additional layer of protection at Layer 7 before the traffic reaches your network. The WAF can protect your applications from common threats including Cross-site Scripting (XSS), SQL injection, cookie poisoning, Layer 7 DoS and Web scraping. It is important to know that time to deploy and operational efficiency are extremely critical to a successful security strategy. Thanks to integration with NSX, the NSX ALB continues to provide consistent security policies and holistic visibility while reducing complexity and cost.
NSX ALB and VCF Benefits
Accelerate transition for cloud operating model
NSX ALB provides the technology to enable the agility, resiliency and security that businesses expect from cloud technologies like VCF. Load balancing provides the analytics and visibility into applications and their data to properly support and
protect them.
Build with confidence
Customers demand better application experience round the clock. To ensure maximum customer satisfaction, organizations must confidently build and deploy applications fast. There has never been a more pressing time to accelerate time to value. With complete end to end automation all the way from Layer 1 through 7, VCF customers can deploy NSX-ALB with utmost confidence knowing they have a backing of rigorously testing and validated designs from VMware. This curated prescriptive architectural approach which includes the load balancer ensures these implementations are never an afterthought nor are load balancers deployed in silos. This considerably reduces operational and testing efforts.
Enhanced agility
Speed alone is not enough when it comes to deploying applications fast. Consistency is the key to speed. With automated Contextual Bi-directional Network Configurations starting from the network all the way to the applications, you can deploy applications as fast as 30 minutes. Enterprise-wide Unified Workflow Automation with Zero-touch Scale-Out for Elasticity helps break silos across the application deployment and maintenance.
Security posture
Security is only as good as its weakest point. While NSX offers complete network security from L2-L3, the NSX ALB through WAF is an excellent L4-7 security solution. However, thanks to the built in synergies, this integrated solution is more powerful than the sum of its parts. The VCF with NSX ALB offers the most pervasive and most robust end to end L1-L7 security that helps reduce vendor and security fragmentation. It offers consistent and automated Distributed Firewall policies for NSX ALB deployments. This approach ensures the NSX ALB complements Network Security with App Security in the most seamless fashion possible.
Troubleshoot faster
Maintaining customer SLAs is paramount to the success of the entire organization. When things go south, blame games begin. This is alone enough to break the morale of the IT teams let alone the fallout that the customers must bear. Thanks to the VCF and NSX ALB integration by mapping apps to hosts, networks and flows, the NSX ALB break visibility Silos with holistic L1 to L7 visibility and analytics. This provides contextual Insights for faster Root Cause Analysis thus reducing MTTR and exceeding customer SLA and expectations in the process.
VCF Simplified Operations across the Lifecycle
In order to simplify operations and lifecycle management for large complex systems, it’s important to be able to automate steps across initial deployment (day 0), automated configuration and provisioning (day 1) and automated lifecycle management (day 2 and beyond).
By applying the Advanced Load Balancing for VMware Cloud Foundation validated solution, you implement centralized load balancing (LB) for your application workloads within VMware Cloud Foundation and can configure enterprise grade load-balancing, global server load balancing, application security, and container ingress services. With the joint solution, you can not only manage load balancers centrally across any environment but also create new virtual services in just minutes. This solution also helps you scale load balancing capacity dynamically based on traffic patterns and troubleshoot application issues without TCP dumps/log exports.
Day 0 automation through VMware Cloud Foundation provides automated deployment of private cloud infrastructure and management components in order to stand up and deploy infrastructure quickly. Day 1 automation provides configuration of these systems with provisioning of workload domains on demand – purpose built and scalable for traditional and modern apps. Day 2 and beyond is where most IT shops have difficulty, managing software updates and patching for large scale software systems, VMware Cloud Foundation provides automation for full lifecycle management including patching/upgrades, monitoring, scaling, and infrastructure management.
The table below summarizes some of the top capabilities of this integration and how it provides operational simplicity, agility, security and simpler troubleshooting from Day 0 to Day 2 and beyond.
| Day 0 & 1: Deploy & Configure | ||
| Benefits | Integration | Details |
| Agility | NSX-T | Automate the deployment of Virtual services and Service Engines with Automated Network Configuration |
| Agility | vCenter | Automate Service Engine Hosts Configuration using Automated discovery of vSphere objects by NSX ALB |
| Agility | Aria (VRO) | Automate various workflows tasks with enterprise-wide unified workflows |
| Agility | Tanzu | Scale to 100s of clusters with AKO without manual ingress configurations using automated K8S Objects to ALB Objects translation |
| Security | NSX-T Distributed Firewall | Automate and simplify security posture deployment using consistent Distributed Firewall Policies |
| Agility | SDDC Manager | Automated provisioning and complete Life Cycle Management |
| Day 2: Manage, Scale, Troubleshoot | ||
| Benefits | Integration | Details |
| Troubleshooting | Aria vRNI | Troubleshoot network problems faster by leveraging contextual L 2-7 visibility including networks, hosts and apps |
| Troubleshooting | vCenter | Troubleshoot Service Engine performance issues faster through compute usage visibility of SE Hosts directly in NSX Advanced Load Balancer |
| Visibility | Aria Operations (vROps) | Better operations using continuous ALB Health & Availability Monitoring through visibility across geographies both on-prem and across clouds |
| Visibility | Aria Operations | Centralized NSX ALB logs with Other Logs Events, client request, server response to troubleshoot |
| Operations and scalability | NSX-T and vCenter | Add or remove Service Engines without manual configurations through automated Elastic and Scale-out Configuration |
| Security | Tanzu | Complement Network Security with App Security in K8s through WAF and BOT management and reduce vendor fragmentation |
NSX ALB and VCF Integration Advantages
Unlike the legacy load balancers solutions available in the market that are either hardware based or derivates of the hardware bases solutions, NSX ALB’s software defined load balancer brings elastic scale, robust performance and intelligent analytics to every data center and cloud. Customers get enterprise-grade L4-L7 features with advanced automation and analytics while solving the significant operational challenges of hardware appliance-based load balancers. NSX ALB offers the following distinct advantages as compared to legacy load balancers:
Single Multi-Cloud Platform vs. Disjointed Point Products: Reduces operational complexities and delivers multi-cloud consistency for flexibility and application portability. This also eliminates the need to retrain staff on different products and point solutions.
Controller vs. Instance Manager: Software-defined architecture separates the control and data planes and delivers load balancing and WAF as an elastic fabric that auto-scales based on real time traffic.
Decision Automation vs. Task Scripting: API based approach and in-built automation makes intelligent decisions, scales, and simplifies multi-cloud application deployments supported by Closed-loop analytics that helps automate decisions with over 800 unique application metrics.
Optimal Resource Utilization vs. Over-provisioning: Elastic, fabric approach with active-active HA ensures minimal
unutilized capacity
In-built visibility and analytics, v/s bolt-on solutions: Analytics-first architecture with built-in visibility, compared to a bolt-on implementation by legacy load balancers ensures complete end to end L2-7 visibility with VCF integration.
While these advantages make the standalone NSX ALB load balancing solution a forerunner in the load balancing space, it is the integration with VCF that truly makes this solution shine. It is the integration with VCF that affords the solution automated deployment of virtual services and service engines. It is due to the integration that customers can enjoy enhanced agility consistently using enterprise-wide unified workflow automation with automated contextual bi-directional visibility from network to the applications. The integrated solution also ensures complete L2-7 security posture while reducing vendor and security fragmentation. Finally, thanks to the VCF and NSX ALB integration by mapping apps to hosts, networks and flows, the NSX ALB break visibility Silos with holistic L2 to L7 visibility and analytics. This provides contextual Insights for faster Root Cause Analysis thus reducing MTTR and exceeding customer SLA and expectations in the process.
NSX ALB better together with individual components
In this section, let us now double click on each of the components of the VCF solution and take a deeper look at some of the capabilities that customers can leverage to accelerate the adoption of Cloud Operating model.
NSX-T – integration benefits and details
Faster infrastructure provisioning is required to support the on-demand nature of modern applications. While most of the customers may have top-notch solutions from different vendors, which may provide best-in-class forwarding performance, managing these heterogenous systems are a huge threat to the simplicity and agility expected out of that infrastructure. Not with the NSX-T and NSX-ALB integration. In addition to Automated Network Configuration for NSX-ALB Lifecycle, the integration facilitates holistic contextual Visibility as well consistent and stronger security posture.
The combination of NSX ALB Networks and NSX-T enables NSX ALB Controller to be the single point of management via REST APIs. As developers and network admins configure app and load balancing instances, NSX ALB Controller automatically spins up the distributed load balancers (NSX ALB Service Engines), places the virtual IPs (VIPs) on the Service Engines, and places the network interfaces in the right overlay or underlay network, without manual intervention. NSX ALB also publishes rules by invoking NSX APIs and dynamically manages security for the load balanced resources. As application traffic increases, NSX ALB Controller scales out the resources by creating additional Service Engines and scale-in when traffic recedes.
Below are the highlights of the NSX-T and NSX ALB integration:
Enhanced Agility
- Automated discovery of NSX-T inventory & infrastructure objects by NSX ALB
- Automated config of Virtual Service: virtual IP allocation, registration in DNS, NSX-T
routing tables - Automated Service Engine connection to logical network segment
- Eliminate inefficient hair pinning of E-W traffic for better performance & latency
- Automated Elasticity and Scale-out
- New SEs auto configured with right network attributes
- Automated NSX-T IP route updates
- No config updates needed when you add/remove app servers in a NSgroup
Faster Troubleshooting
Discover and troubleshoot network connectivity issues faster with full L2-L7 visibility, and network, servers and apps correlation by VMware Aria Operations for Networks* (previously vRNI) integration
- Holistic contextual L1-L7 visibility with NSX-T (L2-L4) with NSX-ALB (L4-L7); NSX-T for Network,
NSX-ALB for applications, vCenter for servers; Supports third party devices - Stop the blame game- Determine if it is a network or server or application problem?
- Corelate NSX ALB, NSX-T and vCenter events, operational status and metrics with single pane of glass
- Network mapped to flows and applications
- Visibility for virtual services, pools, service engines, controller nodes, paths, topology, traffic patterns, packet drops, retransmission count, RTT, latency & more
Stronger Security Posture
- Consistent security posture with your existing NSX-T Distributed Firewall (DFW) policies
- Simplified and automated configuration
- User configured DFW rules using auto created NSgroups and service objects
- Better security posture with network security complemented by Application security (WAF, bot management, DDoS and API protection) with NSX-ALB
vCenter
This integration enables NSX Advanced Load Balancer Controller to interact with the vCenter Server and provide lifecycle management for the Service Engines. NSX ALB enables the automated discovery of vSphere objects. vCenter automated Service Engine is enhanced with automated object creation and deployment. Application elasticity and scale-out is automated with NSX ALB.
Below are the highlights of the vCenter and NSX-ALB integration:
Enhanced Agility
- Automated discovery of vSphere object
- ESXi hosts, Datastore, Networks by NSX ALB
- Automated Service Engine life cycle with vCenter
- OVA creation and upload
- ESXi hosts placement with anti-affinity rules for higher resiliency
- Automated config of virtual NICs of SEs to connect to right networks
- Automated Elasticity and Scale-out with vCenter and NSX-T
- New SEs added or removed automatically without any manual configuration
Troubleshoot faster
- Compute usage visibility in NSX-ALB with vCenter integration for faster troubleshooting
- Application Servers, Service Engines Instances and ESXi hosts performance statistics (e.g., CPU and memory usage)
Aria (vRealize)
Aria is a cloud management platform that unifies applications, infrastructure, and services across private, hybrid, and public clouds in a single platform with a common data model. With Aria, you can gain consistent operations of multi-clouds with VMware’s industry leading products and services for cloud management. Organizations can embrace a cloud operating model to drive innovation and support digital transformation initiatives.
We should call out vRA, vRO and vCD specifically – you can find the corresponding Aria new name but still refer to the old names as “previously known as” for people to relate.
Aria integration means automated workflows for application deployment and changes. The operational support for application availability and optimization is automated through NSX ALB and Aria. Advanced analytics mean closed loop automation can provide application resiliency and elasticity.
Below are the highlights of the Aria and NSX-ALB integration:
Enhanced Agility
- Automated workflow tasks with VMware Aria Automation Orchestrator (Previously vRO) integration
- Integrate NSX-ALB in your enterprise-wide unified automation workflows
- Create/Modify a virtual service or pool
- Create/Modify/Remove load balancer
- Add/Remove server or server ports or SSL certificates, Import SSL certificates
- Automate via GUI or writing scripts
- Faster deployment with pre-built templates
- Automated inventory of all existing virtual services, pools and certificates
- Generate machine names for controllers and SEs in compliance with naming scheme
- Achieve workflow automation by VMware Aria Automation (vRA) via vRO
Troubleshoot faster
- End to end visibility and monitoring across geos, on-prem & clouds with VMware Aria Operations (previously vROps) integration for better operations
- Continuous monitoring, object relationship visualization and unified alert reporting of all NSX ALB resources, metrices and properties for faster troubleshooting
- One-stop view of health and availability with pre-built dashboards for virtual services, virtual services configs, NSX ALB
- Discover and troubleshoot network connectivity issues faster with full L2-L7 visibility, and network, servers and apps correlation by VMware Aria Operations for Networks (previously vRNI) integration
- Centralized NSX ALB events, client request and server response log insights with Aria Operations for Logs integration
VMware Tanzu
Modern containerized applications are increasingly deployed in Kubernetes clusters and moved from test and dev labs to production environments. The need to provide reliable and secure application services is essential to application availability and responsiveness on-premises and across any cloud. VMware NSX Advanced Load Balancer together with VMware Tanzu brings the shortest path to production-ready Kubernetes clusters and consolidates L4-7 container networking services including local and global traffic management, web application firewall (WAF), and container ingress on a single
scalable platform.
VMware Tanzu provides an enterprise-ready Kubernetes runtime and cluster management solution with the promise of the fastest application experience. When deployed together with NSX ALB’s container networking capabilities, you enjoy the following benefits:
Integrated solution
A comprehensive set of services including load balancing, ingress controller, application security such as WAF, GSLB, DNS, and IPAM capabilities are offered on a single platform.
Operational simplicity
A single solution with central orchestration of policy, lifecycle management, API endpoint, and ease of troubleshooting lowers operational costs by more than 50%.
Rich observability
End-to-end visibility across multiple clusters and sets brings real-time telemetry and application insights across all components in a production Kubernetes deployment.
Cloud-native automation with elasticity
Elastic autoscaling based on closed-loop analytics and decision automation provides a resilient and secure backbone to scale out containerized applications.
Below are the highlight of the VMware Tanzu and NSX-ALB integration:
Enhanced Agility
- Include AKO (NSX ALB Kubernetes Operator) in your cluster's lifecycle
- Create new clusters with automated AKO configurations
- Leverage NSX ALB for Tanzu/K8s control plane API
- Leverage NSX ALB for Modern App(s)
- AKO configures NSX ALB based on K8s API calls
- NSX ALB assigns IP automatically for your external Load Balancer
- Register automatically your FQDN for your modern applications
- Automated Elasticity and Scale-out
- New SEs auto configured with right network attributes
- No config updates needed when you add/remove pods to your application
Stronger Security
- Comprehensive unified ingress app security for micro-services apps to reduce complexity, vendor and security posture fragmentation with NSX ALB
- WAF, Bot management, DDoS protection, API protection
- Consistent security posture for your traditional and modern apps) by NSX ALB
SDDC Manager
The cloud operations design for the SDDC management domain includes virtual infrastructure provisioning and life cycle management capabilities of the SDDC management components. The VMware component in this layer is SDDC Manager that is part of VMware Cloud Foundation. Operational day-to-day efficiencies are delivered through SDDC Manager, the core component of VMware Cloud Foundation. These efficiencies include full life cycle management tasks such as deployment, configuration, patching and upgrades.
Centralized provisioning and life cycle management is provided with NSX ALB along with other VCF stack building blocks. Scripts can be deployed to improve the operational support of applications for any changes that are required. As the application proxy, NSX ALB is a key component of application lifecycle management.
Summary
NSX ALB is a key component of VCF to enable the benefits that businesses want to achieve from cloud architectures. Operational support of clouds is complicated and NSX ALB with VCF simplifies the operations and expertise required to manage the cloud and its applications. Operational support of the cloud requires a change in how people, processes and technology are aligned and the combination of NSX ALB and VCF provides a solution that works better together to improve and simplify this alignment.
Through enhanced automation, improved security and application visibility, NSX ALB and VCF provides the platform to adopt the mindset required to adopt and embrace the Cloud Operating model that businesses are trying to achieve.