This section is focused on the security of NSX Advanced Load Balancer Service Engines and Controllers.
VMware strives to ensure the highest level of security, adhering to rigorous testing and validation standards. NSX Advanced Load Balancer includes numerous security-related features to ensure the integrity of the NSX Advanced Load Balancer system and the applications and services it protects.
Industry Validation
Many of the largest and most trusted brands on the Internet have subjected NSX Advanced Load Balancer to their own testing or testing by third-party companies such as Qualys and Rapid7. This continuous testing ensures that, in addition to the proven success of NSX Advanced Load Balancer in public and private networks, it has been thoroughly vetted by known industry security leaders.
The following are a few examples of web UI and other attack vectors tested through external penetration testing:
SQL injection
Cross site request forgery (CSRF)
Cross site scripting (XSS)
Arbitrary code execution
Credential disclosure
Clickjacking
Improper cookie settings
Password protection through PBKDF2
Encryption of SSL certificate’s private keys
Role based access control
Strong output validation to guard against disclosure of sensitive fields such as passwords, export of keys
Patching Security Issues
Despite the best attempts to proactively resolve any potential threat before the code release, it is essential to ensure a solid plan of action if a security hole is discovered in customer deployed software.
VMware strongly recommends key administrators subscribe to NSX Advanced Load Balancer's mailing list. Security alerts are proactively sent to customers to notify them if an issue has been found and the potential mitigation required. Subscribe through VMware customer portal. It also publishes responses to Common Vulnerabilities and Exposures (CVEs) of note, which include known vulnerabilities in NSX Advanced Load Balancer or software used by it, such as SSL and Linux. NSX Advanced Load Balancer may also publish CVE responses to issues that do not impact NSX Advanced Load Balancer to inform our customers that they are protected. These CVEs are posted to the NSX Advanced Load Balancer documentation site but not sent proactively through email alerts.
See also the following guides:
Hardening NSX Advanced Load Balancer
With a basic deployment of NSX Advanced Load Balancer, the system is secured and reasonably locked down. However, many administrators may wish to customize the security posture or tighten policies regarding who can access NSX Advanced Load Balancer. VMware strongly recommends thoroughly reviewing the choices for securing NSX Advanced Load Balancer, which is essential to guarantee its security in production environments where the potential exposure to malicious attacks is more severe.
See the following guides for more information:
User Authentication and Authorization topic in VMware NSX Advanced Load BalancerAdministration guide.
Protocol Ports Used by NSX Advanced Load Balancer for Management Communication
NSX Advanced Load Balancer Service Engine to Controller Communication section in VMware NSX Advanced Load BalancerInstallation guide.
Access Settings topic in VMware NSX Advanced Load BalancerAdministration guide.