This section documents prerequisites to activate and use Avi Load Balancer Cloud Controller with Avi Cloud Console.
Prerequisites for Enterprise with Cloud Services Tier Subscription
You need to have an active/ trial subscription for Avi Load Balancer with Avi Cloud Console.
Your Controller version must be 21.1.3 or higher.
You have met the following connectivity requirement.
To successfully register the Avi Load Balancer with Avi Cloud Console, the user with organization member role must have 'support user' as an additional role.
Connectivity Requirements (Ports and Protocols)
Source |
Destination URL |
Destination Port(s) |
Reason |
---|---|---|---|
Browser |
portal.avipulse.vmware.com |
443 |
Customer access to Avi Cloud Console portal. |
Browser |
console.cloud.vmware.com |
443 |
VMware IDP used for authentication. |
Avi Load Balancer Controllers |
portal.avipulse.vmware.com |
443 |
Deliver services from Avi Cloud Console. |
Avi Load Balancer Controllers |
downloads.avipulse.vmware.com |
443 |
Optional, if Application Rule and IP reputation Database updates are requested. |
Avi Load Balancer Controllers |
cdn.prod.nsxti.vmware.com |
443 |
Optional, if application rule and IP reputation Database updates are requested. |
Browser and Avi Load Balancer Controllers |
access.broadcom.com, login.broadcom.com, profile.broadcom.com and support.broadcom.com |
443 |
Broadcom Authentication Portal |
Prerequisites for Enterprise Tier Subscription
You need to have an active/ trial subscription for Avi Load Balancer with Cloud Console,
Or,
You need to have an active Avi Load Balancer serial key license purchased before 31 December 2021.
Connectivity Requirements (Ports and Protocols)
Source |
Destination URL |
Destination Port(s) |
Reason |
---|---|---|---|
Browser |
portal.avipulse.vmware.com |
443 |
Customer access to Avi Cloud Console portal. |
Browser |
customerconnect.vmware.com |
443 |
VMware IDP used for authentication. |
Avi Load Balancer Controllers |
portal.avipulse.vmware.com |
443 |
Deliver services from Avi Cloud Console. |
Browser and Avi Load Balancer Controllers |
access.broadcom.com, login.broadcom.com, profile.broadcom.com and support.broadcom.com |
443 |
Broadcom Authentication Portal |
Enhance Security by configuring a Forward Proxy to access Avi Cloud Console
Customers can enable a Forward Proxy to proxy all traffic between the Controller and Avi Cloud Console. This allows further security control and visibility. Avi Load Balancer Controllers natively support integrating with a Forward Proxy.
The following are the three modes of using a Forward Proxy for Avi Cloud Console traffic:
- No Proxy:
-
All Cloud Consoles are directly accessed without any proxy from the Controller.
- System Proxy:
-
All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be used system wide for all services configured to utilize a Forward Proxy.
- Split Proxy:
-
All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be dedicated to be used to access Avi Cloud Console. There can be another Forward Proxy configured at the system level for all other services requiring a Forward Proxy.
The following section demonstrates how to configure a Forward Proxy on the Avi Load Balancer Controller using CLI. See CLI Access section of the Administration guide for details on accessing CLI.
System Proxy:
[admin:controller]: > configure systemconfiguration [admin:controller]: systemconfiguration> proxy_configuration [admin:controller]: systemconfiguration:proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN> [admin:controller]: systemconfiguration:proxy_configuration> port <FORWARD_PROXY_PORT> [admin:controller]: systemconfiguration:proxy_configuration> username <FORWARD_PROXY_USER> [admin:controller]: systemconfiguration:proxy_configuration> password <FORWARD_PROXY_PASSWORD> [admin:controller]: systemconfiguration:proxy_configuration> save [admin:controller]: systemconfiguration> save [admin:controller]: > configure albservicesconfig [admin:controller]: albservicesconfig> no use_split_proxy Overwriting the previously entered value for use_split_proxy [admin:controller]: albservicesconfig> no split_proxy_configuration [admin:controller]: albservicesconfig> save
Split Proxy:
[admin:controller]: > configure albservicesconfig [admin:controller]: albservicesconfig> use_split_proxy Overwriting the previously entered value for use_split_proxy [admin:controller]: albservicesconfig> split_proxy_configuration [admin:controller]: albservicesconfig:split_proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN> [admin:controller]: albservicesconfig:split_proxy_configuration> port <FORWARD_PROXY_PORT> [admin:controller]: albservicesconfig:split_proxy_configuration> username <FORWARD_PROXY_USER> [admin:controller]: albservicesconfig:split_proxy_configuration> password <FORWARD_PROXY_PASSWORD> [admin:controller]: albservicesconfig:split_proxy_configuration> save [admin:controller]: albservicesconfig> save