This section documents prerequisites to activate and start consuming an NSX Advanced Load Balancer Cloud Services subscription.
Prerequisites for Enterprise Tier Subscription
You need to have an active/ trial subscription for NSX Advanced Load Balancer with Cloud Services,
Or,
You need to have an active NSX Advanced Load Balancer serial key license purchased before 31 December 2021.
VMware serial key licenses will only allow a limited set of services offered by NSX Advanced Load Balancer Cloud Services.
Connectivity Requirements (Ports and Protocols)
Source |
Destination URL |
Destination Port(s) |
Reason |
|---|---|---|---|
Browser |
portal.avipulse.vmware.com |
443 |
Customer access to NSX Advanced Load Balancer Cloud Services portal. |
Browser |
customerconnect.vmware.com |
443 |
VMware IDP used for authentication. |
NSX Advanced Load Balancer Controllers |
portal.avipulse.vmware.com |
443 |
Deliver services from NSX Advanced Load Balancer Cloud Services. |
Prerequisites for Enterprise Cloud Services Subscription
You need to have an active/ trial subscription for NSX Advanced Load Balancer with Cloud Services.
Your Controller version must be 21.1.3 or higher.
You have met the following connectivity requirement.
To successfully register the NSX Advanced Load Balancer with NSX Advanced Load Balancer Cloud Services, the user with organization member role must have 'support user' as an additional role.
Connectivity Requirements (Ports and Protocols)
Source |
Destination URL |
Destination Port(s) |
Reason |
|---|---|---|---|
Browser |
portal.avipulse.vmware.com |
443 |
Customer access to NSX Advanced Load Balancer Cloud Services portal. |
Browser |
console.cloud.vmware.com |
443 |
VMware IDP used for authentication. |
NSX Advanced Load Balancer Controllers |
portal.avipulse.vmware.com |
443 |
Deliver services from NSX Advanced Load Balancer Cloud Services. |
NSX Advanced Load Balancer Controllers |
downloads.avipulse.vmware.com |
443 |
Optional, if Application Rule and IP reputation Database updates are requested. |
NSX Advanced Load Balancer Controllers |
cdn.prod.nsxti.vmware.com |
443 |
Optional, if application rule and IP reputation Database updates are requested. |
For debuglogs upload from the Controller you need to exempt below FQDN from firewall:
avisupportdata-prod.s3.<region>.amazonaws.com
where,
<region> in the urls evaluates to different regions like:
eu-west-1, eu-central-1, ap-northeast-1, ap-southeast-1, us-west-1 and so on. For instance, avisupportdata-prod.s3.eu-west-1.amazonaws.com.
Enhance Security by configuring a Forward Proxy to access NSX Advanced Load Balancer Cloud Services
Customers can enable a Forward Proxy to proxy all traffic between the Controller and NSX Advanced Load Balancer Cloud Services. This allows further security control and visibility. NSX Advanced Load Balancer Controllers natively support integrating with a Forward Proxy.
The following are the three modes of using a Forward Proxy for NSX Advanced Load Balancer Cloud Services traffic:
- No Proxy:
-
All Cloud Services are directly accessed without any proxy from the Controller.
- System Proxy:
-
All Cloud Services will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be used system wide for all services configured to utilize a Forward Proxy.
- Split Proxy:
-
All Cloud Services will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be dedicated to be used to access NSX Advanced Load Balancer Cloud Services. There can be another Forward Proxy configured at the system level for all other services requiring a Forward Proxy.
The following section demonstrates how to configure a Forward Proxy on the NSX Advanced Load Balancer Controller using CLI. See CLI Access guide for details on accessing CLI.
System Proxy:
[admin:controller]: > configure systemconfiguration [admin:controller]: systemconfiguration> proxy_configuration [admin:controller]: systemconfiguration:proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN> [admin:controller]: systemconfiguration:proxy_configuration> port <FORWARD_PROXY_PORT> [admin:controller]: systemconfiguration:proxy_configuration> username <FORWARD_PROXY_USER> [admin:controller]: systemconfiguration:proxy_configuration> password <FORWARD_PROXY_PASSWORD> [admin:controller]: systemconfiguration:proxy_configuration> save [admin:controller]: systemconfiguration> save [admin:controller]: > configure albservicesconfig [admin:controller]: albservicesconfig> no use_split_proxy Overwriting the previously entered value for use_split_proxy [admin:controller]: albservicesconfig> no split_proxy_configuration [admin:controller]: albservicesconfig> save
Split Proxy:
[admin:controller]: > configure albservicesconfig [admin:controller]: albservicesconfig> use_split_proxy Overwriting the previously entered value for use_split_proxy [admin:controller]: albservicesconfig> split_proxy_configuration [admin:controller]: albservicesconfig:split_proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN> [admin:controller]: albservicesconfig:split_proxy_configuration> port <FORWARD_PROXY_PORT> [admin:controller]: albservicesconfig:split_proxy_configuration> username <FORWARD_PROXY_USER> [admin:controller]: albservicesconfig:split_proxy_configuration> password <FORWARD_PROXY_PASSWORD> [admin:controller]: albservicesconfig:split_proxy_configuration> save [admin:controller]: albservicesconfig> save
