Service Engines deployed manually by the Avi Load Balancer administrator in No Orchestrator clouds requires the user to download a unique copy of the Service Engine image for each cloud configured in the system.

Avi Load Balancer administrator need to download only one Service Engine image for each type of image needed (ova/qcow2/docker). The same SE image can then be used to deploy Service Engines in any tenant and cloud configured in the system.

Authentication Token Identifies Tenant and Cloud

To authenticate and establish connectivity with the Avi Load Balancer Controller, each deployed Service Engine needs a unique authentication token that is checked out from Avi Load Balancer Controller. The authentication token for a running SE cannot be re-used for multiple SEs, even if it is not expired.

The authentication token generated on the Controller is uniquely associated with the tenant and cloud, in which context the token was generated. When the SE registers with the Controller after authenticating with it, it will automatically be assigned to the appropriate tenant and cloud.

Using Non-Default Service Engine Groups 

SEs deployed in a particular tenant/ cloud are first assigned to that tenant/ cloud’s default SE group. If there are multiple SE groups, and it is desired to have the created SE belong to other than the default group, it needs to be manually moved from the default group to the desired user-created SE group.

Provider Mode

Avi Load Balancer defines provider mode as a configuration in which Service Engines are shared across tenants. Service Engines are always deployed in the default SE group of the cloud’s admin tenant. The authentication tokens for such Service Engines need to be checked out from the cloud’s “admin” tenant. Checking out authentication tokens from a non-admin tenant is not supported.

Deploying Service Engine using Authentication Token

Generate unique authentication token for Tenant and Cloud desired and provide the authentication token based on the underlying infrastructure on which the Service Engine is being deployed.

The sample workflow below is illustrated using VMware vCenter as the underlying infrastructure on which the Service Engine is being deployed.

  1. Create custom cloud “test-cloud” with No Orchestrator selected and download Service Engine OVA image from the Controller.



  2. Create custom Tenant, named 'engineering'.



  3. Create Non Admin tenant named 'engineering'.



  4. Download the OVA Image from admin tenant and Deploy the image in vCenter.

  5. Download Service Engine OVA Image from controller. To deploy the Service Engine in your custom Tenant and newly created cloud, check out Authentication Token from the custom tenant view for the appropriate cloud.

    Note:

    The token expires in 60 minutes.

  6. Fill in the OVF properties for the Service Engine VM including Authentication Token, Controller IP, Management Interface IP, and so on.



  7. Provide Authentication token when deploying the Service Engine.

  8. After the Service Engine deployment is complete, it will automatically be placed in the appropriate Tenant and cloud.