Service Engines deployed manually by the Avi Load Balancer administrator in No Orchestrator clouds requires the user to download a unique copy of the Service Engine image for each cloud configured in the system.
Avi Load Balancer administrator need to download only one Service Engine image for each type of image needed (ova/qcow2/docker). The same SE image can then be used to deploy Service Engines in any tenant and cloud configured in the system.
Authentication Token Identifies Tenant and Cloud
To authenticate and establish connectivity with the Avi Load Balancer Controller, each deployed Service Engine needs a unique authentication token that is checked out from Avi Load Balancer Controller. The authentication token for a running SE cannot be re-used for multiple SEs, even if it is not expired.
The authentication token generated on the Controller is uniquely associated with the tenant and cloud, in which context the token was generated. When the SE registers with the Controller after authenticating with it, it will automatically be assigned to the appropriate tenant and cloud.
Using Non-Default Service Engine Groups
SEs deployed in a particular tenant/ cloud are first assigned to that tenant/ cloud’s default SE group. If there are multiple SE groups, and it is desired to have the created SE belong to other than the default group, it needs to be manually moved from the default group to the desired user-created SE group.
Provider Mode
Avi Load Balancer defines provider mode as a configuration in which Service Engines are shared across tenants. Service Engines are always deployed in the default SE group of the cloud’s admin tenant. The authentication tokens for such Service Engines need to be checked out from the cloud’s “admin” tenant. Checking out authentication tokens from a non-admin tenant is not supported.
