July marks the one-year anniversary of VMware’s acquisition of Avi Networks. In the past year, the engineering team has been busy enhancing and accelerating the product capabilities that helped propel Avi Networks as a powerful, enterprise-grade alternative in a market dominated by appliance-based ADC vendors. VMware NSX Advanced Load Balancer (formerly Avi Networks) v20.1 announced today is a result of that effort and is expected to be available in VMware’s fiscal Q2 FY21 which ends on July 31, 2020. More on the release and its capabilities is described below. The go to market effort with VMware has also been phenomenal enabling the NSX Advanced Load Balancer to grow customers by nearly 70% year over year since June 2019. And contrary to competitor FUD that describes NSX Advanced Load Balancer as primarily intended for VMware NSX use cases, non-NSX load balancing use cases continue to dominate, while the fit and integration with NSX is helping us with additional areas of growth. VMware NSX Advanced Load Balancer has displaced 7000+ appliance load balancers and continues its unique ability to address load balancing and WAF use cases across multi-cloud ecosystems (see figure below).
VMware NSX ALB Advanced Load Balancer v20.1 New Features and Capabilities
The latest version v20.1 of the platform announced today will include capabilities that continue to deliver on the promise of the Virtual Cloud Network– deliver the public-cloud-like experience for any app, across any cloud. The load balancing and web application security platform will add cloud networking enhancements including canary upgrades for global server load balancing (GSLB); load balancing for network components such firewalls and IPS; full-access integration and automated load balancer deployment and configuration in VMware NSX-T and Google Cloud Platform; a new architecture for consolidated Kubernetes Ingress Services optimized for multi-cluster, multi-site deployments; and live threat updates and automated customer support case creation via PULSE cloud services.
Canary GSLB Updates
A common challenge that enterprises face when making GSLB updates is the inadvertent propagation of erroneous updates across all the sites. This can result in global failure of GSLB/DNS which leads to application access failures across all sites. The new Canary GSLB update mechanism from NSX Advanced Load Balancer can alleviate GSLB config update headaches by validating the update on the leader site, propagate and validate the update on a single follower site, then by a few more follower sites, and finally to rest of the follower sites. This capability brings the advantages of CICD processes and practices used by webscale companies to GSLB configuration updates enabling enterprises to reduce downtime and limit the impact of any erroneous updates.
Best-in-class Load Balancing for VMware NSX and VMware Cloud Foundation
New full access integration with NSX-T will enable NSX Advanced Load Balancer to deliver complete automation for the provisioning and placement of Service Engines, automatically programming DFW rules, and autoscaling policies. This is the first in a series of planned integrations with the NSX-T platform which will enable seamless software-defined load balancing and WAF for NSX environments. VMware validated design for VMware Cloud Foundation will enable the platform to deliver cloud-like load balancing and security services for Cloud Foundation environments. In addition, VMware vRealize Operations plugins will enable automation of load balancing services through vRealize Automation.
PULSE Cloud Services
In most of today’s network environments fault detection happens through one of or a combination of three ways, wait for users to report any issues, using test suites, and alarms triggered by simple rules on monitored metrics.
PULSE cloud services will deliver proactive case management, live security feeds, central upgrade and licensing management, and configuration and backup.
Avi PULSE automated case management: If a service failure is detected by the system Avi PULSE cloud services will proactively alert and report potential customer issues. The assigned support engineer will contact the customer about the service failure and possibly provide a solution before the failure has been noticed. Customers can define the performance indicators that would qualify as failure events and use them to automatically generate customer cases. With this capability, administrators can sleep peacefully, knowing that even if a failure happens, VMware NSX Advanced Load Balancer support teams will be engaged proactively.
Live threat updates: For security, NSX Advanced Load Balancer features an Intelligent Web Application Firewall (iWAF) with a distributed web application security fabric to enforce security through closed-loop analytics. Real-time app security insights and analytics provide actionable insights on performance, end-users, and security events in a single dashboard with end-to-end visibility. PULSE cloud services will provide live feeds of new threat updates including IP reputation, CRS updates and more, and automatically minimize false positives with advanced security analytics, detection, and enforcement modes. With live threat updates, PULSE can enable disparate Avi Controller deployments to enforce a consistent, always up-to-date security posture, seamlessly.
Scalable Modern Apps with Kubernetes Ingress Services
To deliver comprehensive container services for both traditional and cloud-native applications, NSX Advanced Load Balancer’s Kubernetes Ingress Services will offer consolidated container services including ingress controller for north-south traffic management, performance monitoring, dynamic service discovery and security, local and global server load balancing (GSLB), web application firewall (WAF), and DNS/IPAM management. Combining L4 through L7 load balancing, GSLB, DNS/IPAM management, and security functionalities in a single solution, Kubernetes Ingress Services will provide operational consistency regardless of which on-prem, private-cloud or public-cloud environment the Kubernetes cluster is running on.
Please contact us or join us on a webinar August 6, 2020 at 8:00 am Pacific Time (registration link will be available on July 24 at https://avinetworks.com/webinars) to learn more about all the new features and feature enhancements made available in the 20.1 product release.
About the author: Murali Basavaiah was a cofounder of Avi Networks and is currently Vice President of R&D in the VMware Networking and Security Business Unit.