VMware NSX Advanced Load Balancer

What is Avi?

VMware NSX Advanced Load Balancer (Avi) is an API (Application Programming Interface) first, self-service Multi-Cloud Application Services Platform that ensures consistent application delivery, bringing software load balancers, web application firewall (WAF), and container Ingress for applications across data centers and clouds. 

VMware’s Avi is a modern, software-defined elastic application delivery fabric. It is composed of a central control plane and a distributed data plane. VMware Avi Controller provides a centralized policy engine which delivers full life-cycle management for applications. Avi Service Engines (ASE) are the load-balancers that can be deployed across on-premises and clouds, natively in a fully orchestrated fashion by the Avi Controllers. The combination of Avi and NSX enables Avi Controller to be the single central point of management. As developers and network admins configure apps and load balancing instances, Avi Controller automatically spins up distributed load balancers (ASEs), and automatically places the virtual IPs (Internet Protocol) on the ASEs. 

Why Avi?

Unlike traditional load balancers, Avi eliminates the problem of overprovisioning and overspending by scaling load balancers elastically based on real-time traffic. It also provides a self-healing fabric, a single point of control and multi-cloud support. Furthermore, Avi enables monitoring and visibility into client, security, and application insights through advance analytics that simplify troubleshooting and automates decisions. It is also worth noting that 89% of companies have multi-cloud strategies to deliver these applications1. More than 50% of the data is expected to originate at the edge and every other company plans to use containerized microservices².

 

 

Industry standard deployment and orchestration tools

Being a self-service and API-first solution, getting started with VMWare Avi is easy. You can deploy Avi controller using any of your preferred orchestration tools, be it Python SDK (Software Development Kit), Ansible, Terraform, Go or Java libraries provided by VMware. Once deployed, you can further choose the preferred public cloud or on-premises deployment. The Avi controller further utilizes the intent of the user to provide a load balancing service that automatically creates the service engines or the load balancing entities for those applications, performs discovery and all the lifecycle management of these load balancing entities across multiple clouds. You can further integrate the Avi controller for operational simplicity using tools like Grafana, Prometheus, Splunk and thus provide more flexibility to automate API driven tasks. This simplicity depicts the VMware vision of any cloud, any device, any application. 

Benefits of Avi solution

VMware Avi offers enterprises automation, elastic scale, agility, flexibility, speed, and cost effectiveness – for both the network layer (L2-3) and networks services layers (L4-7).  

Valuable Return on Investment (ROI): Customers can realize an Impressive ROI up to 573% over three years with rapid payback in short five months. ³ 

Autoscaling: 97% faster scale to capacity with self-service provisioning and agility needed for providing load balancing capacity. ⁴ 

Automation and visibility: Automated and real time reconfiguration of application services with changes in applications or networks  

Real-time application health:  Real-time analytics track application response times, examine connection logs, and monitor end user experience  of applications to ensure satisfactory performance.  

Efficient Application Delivery Controller (ADC): Unlock the value of ADC solutions with 52% reduction in overall costs and realize up to 43% management efficiencies. Full application delivery and next-gen security capabilities like WAF (Web Application Firewall), application security, GSLB (Global Server Load Balancing), and container ingress in one single platform. ⁵  

Robust security with Web Application Firewall (WAF): With simplified and highly scalable application security, Avi delivers a distributed web security fabric with central policy management, on-demand autoscaling and built-in analytics 

Optimized operations: With the Avi solution, customers realize 47% lower cost of operating and Improve application developers’ productivity by 8%. Thanks to software-defined load balancing, no overprovisioning, subscription-based licensing, and central management of distributed load balancers. ⁶ 

Use Cases

Avi’s modern and scalable architecture allows customers to shift from monolithic and rigid appliances to an elastic, multi-cloud application services fabric with centralized policies and full lifecycle management. 

 

 

Modern Load Balancing for SDDC (Software Defined Data Center)

Customer challenges:

• Capacity Management: hardware load balancers require manual VIP (virtual IPs) placement, cause costly overprovisioning, and lack capacity pooling. ​ 
• Operational Complexity: legacy architecture causes cumbersome management of individual instances, painful upgrades, and manual steps.​

Solution:

• Software-defined, advanced load balancing, WAF, and application analytics. Platform enables elastic autoscaling of capacity based on real-time traffic analytics.​
• A centralized controller manages all the distributed service engines with consistent policies

Benefits:

• 90% faster application deployments across on-premises data centers and public clouds. ​
• Troubleshoot issues in seconds with the only load balancer that delivers advanced app insights
• ​The industry’s only complete L2-L7 network stack for NSX environments ​

 

Container Ingress

Customer challenges:

• Modern application architectures require infrastructure teams to respond faster to more frequent changes. This is in addition to meeting existing applications and IT requirements.
• Container technologies, tooling and ecosystems are constantly changing, making it hard to deploy, scale and maintain production-ready clusters.

Solution:

• Modern architecture: software-defined application services (load balancing, WAF and analytics) across bare metal servers, VMs (virtual machines), and containers.​
• Production-ready: enterprise-class ingress gateway for Kubernetes clusters to ensure scalability, security, and observability for the N/S traffic.

Benefits:

• Consistent application services extended seamlessly across traditional and microservices architectures.​
• The best integration with industry leading NSX solution for E/W traffic micro-segmentation. 

​​​​​​​​

Public/Private cloud

Customer challenges:

• Native public cloud solutions do not offer the same level of enterprise features as on-prem load balancers, and they only work in a single cloud. ​
• Public migration efforts are not trivial. Project delays are common and siloed solutions lack multi-cloud consistency. Your ops team take on the burden while you must compromise on security, consistency and / or control. ​

Solution:

• No lock-ins: Software-defined architecture agnostic to underlying infrastructure across bare metal servers, VMs and containers in the data centers and public clouds.​
• Simple and proven: A single platform battle-tested with business-critical applications on-prem or in clouds with intrinsic security and efficiency.​

Benefits:

• Multi-cloud application services that deliver consistent load balancing, WAF and analytics across on-premises data centers and public clouds.​
• Best of both worlds: enterprise-grade features and support + public cloud agility including automation and self-service with 100% RESTful APIs. 

 

Web Application Firewall (WAF)

Customer Challenges:

• Policy Complexity: Deployment is not easy ​exacerbated by complex policy tuning - increased false positives. ​Requirements for configuring more than one appliance​.
• Lack of Visibility: Multiple products required to support and show ​LB (load balancer) and WAF analytics​. Lack of granular logging and insight to troubleshoot incidents​ in addition to inability to react to security attacks.
• Poor Performance and Scalability: No horizontal scale​ or performance metrics such as number of packets/payloads, payload processing time​. Significant performance degradation.

Solution:

• Versatile security services: WAF, app rate limiting, bot management, DDos (Distributed Denial of Service) protection, AV (App Volumes) malware protection, user authentication, encryption, and L3-L7 ACLs (Access Control Lists).
• Security insight: Security score, attack, and SSL (Secure Socket Layer) insights in addition to WAF analytics.

Benefits:

• Simplified and Comprehensive Security: Automatic app learning, app-specific policy, OWASP (Open Web Application Security Project) top 10 signatures. ​Simplified policy tuning and reduced false positives​.
• Rich Visibility and Insight: Real-time intelligence on attack patterns. Accurate modeling of attack behaviors​ and fast response and fine-grained logging​.
• Elastic Scale and High Performance: Horizontal scaling with metrics on number of packets/payloads processed. High-performance engines​ with optimized security pipeline.

 

Summary and Additional Resources

Unlike traditional load balancers, Avi eliminates the problem of overprovisioning and overspending by scaling load balancers elastically based on real-time traffic. It also provides a self-healing fabric, a single point of control and multi-cloud support. Furthermore, Avi enables monitoring and visibility into client, security, and application insights through advance analytics that simplify troubleshooting and automates decisions.

To learn more about how VMware Avi can simplify application delivery for your organization, please visit: https://www.vmware.com/products/nsx-advanced-load-balancer.html

Sources: ¹ Flexera 2022 State of the Cloud, ² Gartner 2020: Gartner Hyper Cycle for Edge Computing 2020,
^3-6 IDC 2020. The Business Value of VMware NSX Advanced Load Balancer.