This section documents prerequisites to activate and use Avi Load Balancer Cloud Controller with Avi Cloud Console.

Prerequisites for Enterprise with Cloud Services Tier Subscription

You need to have an active/ trial subscription for Avi Load Balancer with Avi Cloud Console.

  • Your Controller version must be 21.1.3 or higher.

  • You have met the following connectivity requirement.

Note:

To successfully register the Avi Load Balancer with Avi Cloud Console, the user with organization member role must have 'support user' as an additional role.

Connectivity Requirements (Ports and Protocols)

Source

Destination URL

Destination Port(s)

Reason

Browser

portal.avipulse.vmware.com

443

Customer access to Avi Cloud Console portal.

Browser

console.cloud.vmware.com

443

VMware IDP used for authentication.

Avi Load Balancer Controllers

portal.avipulse.vmware.com

443

Deliver services from Avi Cloud Console.

Avi Load Balancer Controllers

downloads.avipulse.vmware.com

443

Optional, if Application Rule and IP reputation Database updates are requested.

Avi Load Balancer Controllers

cdn.prod.nsxti.vmware.com

443

Optional, if application rule and IP reputation Database updates are requested.

Browser and Avi Load Balancer Controllers

access.broadcom.com, login.broadcom.com, profile.broadcom.com and support.broadcom.com

443

Broadcom Authentication Portal

Prerequisites for Enterprise Tier Subscription

You need to have an active/ trial subscription for Avi Load Balancer with Cloud Console,

Or,

You need to have an active Avi Load Balancer serial key license purchased before 31 December 2021.

Connectivity Requirements (Ports and Protocols)

Source

Destination URL

Destination Port(s)

Reason

Browser

portal.avipulse.vmware.com

443

Customer access to Avi Cloud Console portal.

Browser

customerconnect.vmware.com

443

VMware IDP used for authentication.

Avi Load Balancer Controllers

portal.avipulse.vmware.com

443

Deliver services from Avi Cloud Console.

Browser and Avi Load Balancer Controllers

access.broadcom.com, login.broadcom.com, profile.broadcom.com and support.broadcom.com

443

Broadcom Authentication Portal

Enhance Security by configuring a Forward Proxy to access Avi Cloud Console

Customers can enable a Forward Proxy to proxy all traffic between the Controller and Avi Cloud Console. This allows further security control and visibility. Avi Load Balancer Controllers natively support integrating with a Forward Proxy.

The following are the three modes of using a Forward Proxy for Avi Cloud Console traffic:

No Proxy:

All Cloud Consoles are directly accessed without any proxy from the Controller.

System Proxy:

All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be used system wide for all services configured to utilize a Forward Proxy.

Split Proxy:

All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be dedicated to be used to access Avi Cloud Console. There can be another Forward Proxy configured at the system level for all other services requiring a Forward Proxy.

The following section demonstrates how to configure a Forward Proxy on the Avi Load Balancer Controller using CLI. See CLI Access section of the Administration guide for details on accessing CLI.

System Proxy:

[admin:controller]: > configure systemconfiguration
[admin:controller]: systemconfiguration> proxy_configuration
[admin:controller]: systemconfiguration:proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN>
[admin:controller]: systemconfiguration:proxy_configuration> port <FORWARD_PROXY_PORT>
[admin:controller]: systemconfiguration:proxy_configuration> username <FORWARD_PROXY_USER>
[admin:controller]: systemconfiguration:proxy_configuration> password <FORWARD_PROXY_PASSWORD>
[admin:controller]: systemconfiguration:proxy_configuration> save
[admin:controller]: systemconfiguration> save
[admin:controller]: > configure albservicesconfig
[admin:controller]: albservicesconfig> no use_split_proxy
Overwriting the previously entered value for use_split_proxy
[admin:controller]: albservicesconfig> no split_proxy_configuration
[admin:controller]: albservicesconfig> save

Split Proxy:

[admin:controller]: > configure albservicesconfig
[admin:controller]: albservicesconfig> use_split_proxy
Overwriting the previously entered value for use_split_proxy
[admin:controller]: albservicesconfig> split_proxy_configuration
[admin:controller]: albservicesconfig:split_proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN>
[admin:controller]: albservicesconfig:split_proxy_configuration> port <FORWARD_PROXY_PORT>
[admin:controller]: albservicesconfig:split_proxy_configuration> username <FORWARD_PROXY_USER>
[admin:controller]: albservicesconfig:split_proxy_configuration> password <FORWARD_PROXY_PASSWORD>
[admin:controller]: albservicesconfig:split_proxy_configuration> save
[admin:controller]: albservicesconfig> save