The Avi Networks product and engineering teams have continued their rapid pace of innovation through the VMware acquisition and are excited to share a few of the highlights from the latest release of VMware Advanced Load Balancer — Avi 18.2.6 made available on November 4. For full details and release notes, please click here.
Flexible Upgrades for Load Balancer
One of Avi’s Fortune 500 customers, who has a large installed base of hardware load balancers recently explained their frustration with upgrading load balancers. They said, “Our load balancer upgrade process is like painting the Golden Gate bridge – the process to upgrade all of our load balancers takes so long that by the time we are done with one upgrade, it is time to go back to the first load balancer to perform the next upgrade.” It is no wonder that many customers have to dedicate entire teams to perform these load balancing upgrades.
Upgrading load balancers is a pain… well, at least it used to be. Upgrading hardware and virtual appliances is extremely time-consuming and complex. If you’re trying to fix a bug or patch in a feature you have to apply the upgrade across a fleet of active/standby pairs and deal with versioning, dependencies, failover — it’s a big headache.
Avi’s software-only approach removed the appliance problem by separating the control plane (centralized Avi Controller) from the data plane (Service Engines). Upgrading Avi is much easier as the user only has to run the upgrade through the controller to upgrade all the service engines (opposed to manually upgrading each pair). 18.2.6 takes this to the next level by making the control plane and data plane upgrades independent from each other. This means you can patch the controller without impacting the data plane, helping you deliver non-disruptive, headless operations without needing failover.
We call this “Flexible Upgrades” because it gives you more choice. You control when you upgrade, how you upgrade, and what you upgrade. For example, if you have an application that needs the latest feature or service from Avi, you can upgrade a Service Engine group exclusively for that app without affecting any other Service Engines or applications. This gives customers the ability to apply small upgrade and continue or rollback the upgrade based on Analytics Engine data.
Positive Security and Learning Mode for iWAF
Avi v18.2.6 is a security focused application delivery release with many enhancements to iWAF. The Avi Networks Intelligent WAF (iWAF) services are provided by the same Service Engines that deliver traffic management and analytics services. And because the Avi Controller automatically and infinitely scales Service Engines, you don’t need to worry about the load balancer and WAF competing for resources — you’ll always utilize the right amount of capacity for load balancing and WAF.
The big security update in 18.2.6 is the introduction of the Positive Security with Learning Mode. VMware’s security philosophy is about “ensuring good” as opposed to “chasing bad”, and iWAF has been aligned that philosophy since it was originally introduced. Positive Security with Learning Mode uses machine learning to identify valid application behavior. The ability to detect and categorize traffic patterns enables only the validated traffic passes through while new types of threats and attacks are strictly enforced. The Positive Security with Learning Mode follows the principles outlined in by OWASP.org in their positive security model description and makes it easier than ever to automatically tune your WAF to better secure your applications and provide better performance to the validated traffic.
Please refer to our documentation to learn more about these features or contact your VMware rep to get started.