At VMware Explore 2025, we announced significant innovations to meet the increasing demands for faster application deployments, streamlined operations, improved efficiency, and stronger protection against sophisticated security threats. The latest Avi release empowers customers to experience the benefits of this commitment, driving them towards a more resilient and secure future centered around plug and play experience and cloud-like simplicity.
Key highlights include:
- Simplified Avi Deployments for VCF with Avi Quick Start Wizard that accelerates Day-0 deployments in vSphere and NSX Cloud with minimal efforts.
- Fortified Web App Security through Web application firewall (WAF) evaluation mode, Application Security Reports and Post-Quantum Cryptography (PQC) support .
- Enhanced Application Resiliency with seamless failover ability with automated leader change for improved Global Server Load Balancing (GSLB).
- Native K8s DevOps experience with Custom Resource Definitions (CRDs) for tighter alignment with automated deployment pipelines, enhanced security with end-to-end mutual TLS (mTLS) authentication for Kubernetes and Gateway API HTTPRoute Enhancements allowing customers to apply Avi web application security.
- TLS Performance acceleration with Intel Quick Assist Technology (QAT) for boosted SSL/TLS performance in NSX and vCenter deployments for QAT enabled hosts.
- Simulated upgrades (Upgrade Dry Run) that offers a non-disruptive and automated approach to validate upgrades.
Simplified Avi Deployments for VCF
Rapid Deployments Made Easier with Avi Quick Start Wizard
The Avi Quick Start Wizard simplifies Day-0 deployment in vSphere and NSX Cloud by offering an “easy button” experience. This wizard streamlines the deployment process with minimal effort, guiding customers through rapid setup using common configurations and step-by-step UI instructions along with visual cues and progress feedback. Here is a short demo.
Scale Out Web Application Security – Now Further Simplified
Protect Your Web Apps with WAF Evaluation
Many customers hesitate to enable Web Application Firewall (WAF) due to uncertainty of evolving attack patterns, impact on overall application performance due to nondeterministic resource consumption and costs. WAF Evaluation Mode provides a non-disruptive way to assess WAF effectiveness prior to full deployment. Customers can enable WAF without increasing Service Engine (SE) CPU utilization to get visibility into potential threats without affecting live application traffic. Unlike generic best practices, the evaluation mode offers customers application-specific security performance recommendations tailored to their traffic patterns and threat profile.
Customers can begin with Evaluation Mode for gathering insights, reduce false positives by progressing to Detection Mode, and ultimately transition to Enforcement Mode for comprehensive application protection. This staged approach ensures security policies are fine tuned for each environment.
Maintain Audit-ready Application Security Reports
Web application and ransomware attacks are unrelenting. It is critical to have a quick and easy assessment of potential threats, attack vectors and application security posture periodically. Avi Application Security Reports includes critical information on top attacks, top IP addresses, geo locations where the attacks emerged from and more. Avi supports one click generation and download of these reports, offering comprehensive visibility into the security posture and risk assessment for all applications.
Fortify Web Security with Post-Quantum Cryptography (PQC) Support
Quantum computing presents an imminent threat to current encryption methods, as “harvest traffic now, decrypt later with quantum” can jeopardize the security of web applications and services. To mitigate this, regulatory bodies including National Institute of Standards and Technology (NIST) – in partnership with security-sensitive commercial and government organizations – are specifying PQC, which are quantum-resistant cryptographic algorithms.
NIST-approved algorithms, including MLKEM, x25519MLKEM, and MLDSA are supported. Additionally, hardware security module (HSM) integration with Thales Luna is also available.
Enhanced Application Resiliency
Seamless Failover with Automatic GSLB Leader Change for Better Application Resiliency
Managing Global Server Load Balancing (GSLB) across numerous sites can be challenging, especially when a primary leader site fails. Avi solves this with an automated leader election process that promotes a designated backup site as the new leader without manual intervention. This reduces downtime and operational overhead by maintaining continuous service availability and configuration synchronization, even during failures. Large enterprises with extensive GSLB deployments will benefit from this feature through simplified management and improved operational efficiency, allowing them to focus more on innovation rather than firefighting outages.
Enabling Native DevOps Experience and Enhanced Security for VKS Workloads
Enjoy Kubernetes-Native Experience with additional Custom Resource Definitions (CRDs) Support
Avi introduces additional Custom Resource Definitions (CRDs) which enable configuration of Avi objects such as Health Monitors and Application Profiles directly in Kubernetes using YAML manifests. DevOps teams can now manage load balancing and application delivery resources natively within their Kubernetes environments. This results in seamless alignment with DevOps teams and a natural fit into the automated deployment pipelines with substantial benefits including self-service, automation with CI/CD pipelines, multi-tenancy support, and policy-driven controls.
Secure Gateway API with WAF and End-to-End mTLS Authentication
Avi enables customers to simplify and secure their Kubernetes environments, including VMware Kubernetes Service (VKS) on VCF, with application security, observability and WAF inspection. Avi will provide:
- End-to-end API to Kubernetes cluster enables customers to simplify and secure their Kubernetes environments with cryptographic certificate based trust for both client and server connections.
- Secure Gateway API with web app security (WAF, bot detection and HTTP security policies)
- Enhanced Gateway API HTTPRoute allowing customers to leverage custom health monitors, persistence profiles, backend TLS and CRDs.
Upgrade with Better Assurance: Avi Controller Dry Run
Upgrading critical load balancing infrastructure can sometimes be stressful and risky, often causing unplanned downtime and uncertainty. Avi’s Controller Dry Run eliminates this concern by replicating the entire upgrade process before the actual upgrade. This offers several key benefits including proactive issue identification, reduced upgrade failures, pre-check enforcement and comprehensive reporting that serves as a pre-upgrade checklist.
Learn More
- Register for Webinar : What’s New in the Latest Avi and AKO Releases | November 19, 8:00 am PST
- For more details on these key features and more, please refer to the Avi and AKO Release Notes:
- VMware Avi Workshops
