As organizations embrace the cloud and AI, they increasingly need to streamline operations, enhance efficiency, and bolster defenses against sophisticated web application and container security threats. VMware Avi Load Balancer – an advanced service for VMware Cloud Foundation (VCF) – is at the forefront of this transformation, leveraging AI-defined load balancing to simplify operations and accelerate application delivery. Furthermore, with the advent of AI/GenAI, there’s a unique opportunity to revolutionize how teams boost productivity through GenAI assistant, while addressing the elastic load balancing demands of agentic AI workloads.
Avi innovations include
- Accelerating Deployment with in-product quick start wizard to simply Avi deployment for VCF compute (vSphere) and networking (NSX) and reduce day 0 configs multifold
- Boosting Web App Security through web application firewall (WAF) security posture assessment, post-quantum crypto (PQC) support and end-to-end mutual TLS authentication for Kubernetes and VMware Kubernetes Service (VKS) workloads
- GenAI and Private AI Futureproofing* with GenAI assistant for Avi analytics insights and operational efficiency, Avi supports model context protocol (MCP) and can load balance agentic AI workloads on VCF Private AI Foundation (PAIF)
* Tech Previews: more details in this blog.
Avi Quick Start Wizard for VCF Delivers Load balancing at App Speed
Avi’s current integration with VCF supports lifecycle management, self-service load balancing and virtual private cloud (VPC). Additionally, VCF compute (vSphere) integration enables VM/host contexts and VCF networking (NSX) integration enables auto network routing of traffic.
Avi’s new Quick Start Wizard provides in-product workflows to drive rapid Avi deployment, simplify Day 0 operations to set up Avi for VCF’s vSphere and NSX environments. It will improve operational efficiency multifold with streamlined configuration. With Avi Wizard, only a handful of easy steps including a pre-requisite checklist, connectivity, service engine management and IPAM policies will be needed. Here is a short step-by-step demo of the Avi Quick Start Wizard.
WAF Audit and Assessment of Risk Posture for Faster Ransomware Protection
Web application and ransomware attacks are unrelenting. It is critical to have a quick and easy assessment of potential threats, attack vectors and application security posture. Avi WAF assessment includes critical information on top attacks, top IP addresses, geo locations where the attacks emerged from and more. Avi will support the generation and download of reports, offering comprehensive visibility into the security posture and risk assessment for applications.
Avi is introducing new capabilities for customers to assess the effectiveness of WAF with sample traffic. Once the security posture is validated and resource requirements are finalized, WAF can be applied to protect application traffic against OWASP top 10 attacks and more. Customers can get a non-distruptive preview of the benefits of enabling WAF and adopt Avi application security with high confidence to protect their web applications. It will help reduce the concerns over WAF’s resource-intensive nature and potential performance impact.
Future Proof Web Security with Post-Quantum Cryptography (PQC)
Quantum computing presents an imminent threat to current encryption methods, as “harvest traffic now, decrypt later with quantum” can jeopardize the security of web applications and services. To mitigate this, regulatory bodies including National Institute of Standards and Technology (NIST) – in partnership with security-sensitive commercial and government organizations – are specifying PQC, which are quantum-resistant cryptographic algorithms.
Avi will support PQC to secure data in transit, which is critical for web traffic traversing the load balancer. NIST-approved algorithms, including CRYSTALS-Kyber (a key-establishment algorithm or KEM), CRYSTALS-Dilithium, Falcon, and SPHINCS (digital signature algorithms) will be supported. Additionally, hardware security module (HSM) integration with Thales Luna will be available.
Securing Gateway API with WAF and End-to-End mTLS Authentication
Avi enables customers to simplify and secure their Kubernetes environments, including VMware Kubernetes Service (VKS) on VCF, with end-to-end application security, observability and WAF inspection. Avi will
- Enable end-to-end mutual TLS (mTLS) authentication from Gateway API to Kubernetes cluster
- Secure Gateway API with web app security (WAF, bot detection and HTTP security policies)
Gateway API is a community based standards approach to load balancing for Kubernetes environments. Avi enables customers to front end their Kubernetes with Gateway API. Avi can terminate TLS before traffic enters the cluster. It can then run all traffic through Avi’s comprehensive web app security then re-encrypt and authenticate with mTLS. Avi then passes the traffic to the correct service based on the intelligent Layer 7 traffic routing information that Gateway API and HTTProute provide while enabling rich visibility into north-south traffic flows.
AI/GenAI Tech Previews for Avi Load Balancer
According to Gartner’s Danielle Casey’s session where she projects that by 2028, 95% of organizations will have integrated Gen AI into daily operations, up from 15% in 2025, the evolution of AI/GenAI technologies is posing significant challenges for enterprises especially in agentic AI workloads. We are furthering Avi’s AI journey with the following tech previews:
- GenAI assistant for Avi to simplify operations and speed up application-related issue resolution. Customers will be able to derive valuable GenAI-driven insights from Avi’s powerful and built-in application analytics including application health score.
- Avi for load balancing agentic AI workloads. Avi’s elastic scale-out, ~7 Tbps performance, enterprise scale and built-in integration with VKS and Kubernetes are critical capabilities for securing AI and agentic AI workloads.
- Avi’s support for Model Context Protocol (MCP), which enables:
- MCP session persistence when load balancing across MCP service providers.
- JSON Web Token (JWT) authorization support based on job roles so that app owners and operators can have different accesses to MCP tools.
- MCP Server functionality, allowing AI agents to invoke Avi load balancing and web app security services programmatically.
For a deeper dive on the above tech previews, please check out our dedicated blog.
Avi at VMware Explore 2025
We invite you to experience Avi’s latest advancements first hand by joining our breakout sessions at VMware Explore and discover how Avi is redefining what’s possible in enterprise application delivery and web security. Your journey to a resilient, secure and AI-ready future starts now. More Application Networking and Security (ANS) news summary can be found here.
Editorial Notes: The information in this news release is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation to deliver any items presented herein.
