An NSX Advanced Load Balancer Service Engine (SE) group is a collection of one or more SEs that can share properties such as network access and failover. An SE cannot scale out across or fail over to an SE which is in a different SE group, even if both SEs share the same physical host or network properties. Different applications can thus receive guaranteed data plane isolation when deployed on different SE groups.
Virtual services created in a new NSX Advanced Load Balancer deployment will be assigned to the Default-Group SE group. To deploy virtual services to a different SE group:
Create a new SE group.
Move or create the new virtual service in the new group using the Advanced tab of the Edit Virtual Service page.
When creating a new SE group in write access mode, no new SEs will be created until a virtual service is deployed to the SE group. In read access mode or no access mode deployments, the new SEs must be manually created. They will attempt to connect back to the Controller after they have booted up, at which point they will be added to the Default SE group. SEs in read access mode and no access mode deployments can be migrated to a new SE group, provided all virtual services deployed on the SE are deactivated.
SEs in write access mode deployments cannot be migrated to new SE groups. Instead, the old SE is deleted and a new SE is created. This process is automatic if the virtual services are migrated.
Service Engine Groups Page
The Service Engine Groups page lists the configured SE groups.
The table on this page contains the following information for each SE group:
Name: Lists the name of each SE group.
# Service Engines: Shows the number of SEs assigned to the SE group. Clicking the row on the table shows an expanded view with the names of SEs.
Maximum Number of Service Engines: Maximum number of SEs the group can contain.
# Virtual Services: Shows the number of virtual services assigned to the SE group. Clicking the row on the table shows an expanded view with the names of virtual services.
Maximum Number of Virtual Services per Service Engine: Maximum number of Virtual services the SE can contain.
HA Mode: High availability mode configured for the group. Clicking on the row of an SE expands the row to show the names of SEs and virtual services configured.
Only unused SE groups can be deleted. If the SE group is in use by a virtual service, a popup will warn that dependent virtual services must first be deleted or migrated to other SE groups through the
properties tab. A tenant must always have a minimum of one configured SE group. The default SE group can be modified, but not be deleted.High Availability Settings for SE Group
The High Availability tab contains the HA option settings for the SE group.
The HA options for SEs are described below. See the following for more information and deployment examples:
Elastic HA
Legacy HA
Elastic HA Options
High Availability Mode:
Elastic HA Active
Active Elastic HA N + M
Compact Placement: When enabled, new virtual services are placed on existing SEs with other virtual services. Deactivating this option places each new virtual service in its own SE until the maximum number of SEs for the SE group is reached. At that point, a new virtual service will be placed on the SE with the least number of virtual services. When this option set, the NSX Advanced Load Balancer will attempt to conservatively create new SEs.
Virtual Services per Service Engine: Controls the maximum number of virtual services that can be deployed on a single SE. Another SE must be created or used if this maximum is reached. If the NSX Advanced Load Balancer reaches the maximum number of SEs, no more virtual services can be deployed within the SE group.
Scale per Virtual Service - Minimum: The virtual service can be scaled across multiple SEs, which increases potential capacity and ensures recovery from any failure while minimizing impact. Setting the minimum above 1 ensures that every virtual service starts out scaled across multiple SEs regardless of capacity requirements.
Scale per Virtual Service - Maximum: Sets the maximum number of SEs across which a virtual service may be scaled.
Service Engine Failure Detection: Sets the maximum amount of time a primary SE can remain silent before the SE is declared dead by the Controller.
Standard: Primary SE can remain silent (stop sending heartbeats) for a maximum of 9 seconds before being declared dead.
Aggressive: Primary SE can remain silent (stop sending heartbeats) for a maximum of 1.5 seconds before being declared dead.
Buffer Service Engines: This option sets the value of M for elastic HA N+M mode. Compact placement must be left in its default state for N+M, which is OFF. The NSX Advanced Load Balancer will maintain spare capacity in the SE group to be used to replace any failed SE.
Health Monitoring on Standby SE: Enables the standby SE in a legacy HA configuration to send health checks to back-end servers.
Legacy HA Options
High Availability Mode:
Legacy Active/Standby HA.
Virtual Service per Service Engine: Same as elastic HA.
Floating IP Address: Optionally, a floating IP address can be assigned to an SE group configured for legacy HA. It is applicable when the SE interfaces are not in the same subnet as the VIP or source NAT (SNAT) IP addresses that will use the SE group.
Distribute Load: By default, the NSX Advanced Load Balancer concentrates all virtual services on one of the two SEs in a legacy HA group. Select the distribute load option to manually make virtual services you identify active on each SE in the pair. Any given virtual service active on one SE is made to stand by on the other. When a failure occurs, the affected virtual services immediately transition to the other SE.
Selection of this option causes a second Floating IP Address field to appear.
Auto-distribute Load: By default, virtual services that have failed over to the surviving SE will not be migrated back to the SE that replaces the failed one. Instead, the load will remain concentrated on the failover SE. Turn the Auto-redistribute Load option ON to make fail-back automatic.
Health Monitoring on Standby SE: Enables health monitoring of back-end servers by the standby SE in a legacy HA (active/standby) configuration. This option applies only to SE groups configured for legacy HA. The option is not applicable to elastic HA.
Service Engine Capacity and Limit Settings
Max Number of Service Engines: Defines the maximum number of SEs that can be created within the SE group. This number, combined with the virtual services per SE setting, is the maximum number of virtual services that can be created within an SE group. If this limit is reached, it is possible that new virtual services might not be able to be deployed and will show a gray, undeployed status. This setting can be useful for limiting the NSX Advanced Load Balancer from consuming too many virtual machines.
Per Application: Limits per-SE placement of virtual services to a maximum of 2 virtual services per SE.
This option affects how vCPUS are counted for Licensing (see Terms of NSX Advanced Load Balancer Software section in the VMware NSX Advanced Load BalancerAdministration guide.
Connection Memory Percentage: Adjusts the relative allocation of memory resources for connections versus buffer space.
Virtual Service Placement Policy
This section of the SE editor appears only when one of the elastic HA modes is chosen.
Auto-Rebalance: If this option is selected, virtual services will be automatically migrated when the load on the group’s SEs falls below a stipulated minimum threshold or goes above a maximum threshold. A rebalancing interval can be chosen with a resolution of one second. An alert is generated instead of automatically performing migrations. This option is relevant only to the two elastic HA modes.
Compact Placement: When enabled, new virtual services are placed on existing SEs with other virtual services. Deactivating this option places each new virtual service in its own SE until the maximum number of SEs for the SE group is reached. At this point, a new virtual service is placed on the SE with the lowest number of virtual services. When this option is set, the NSX Advanced Load Balancer will attempt to conservatively create new SEs.
Advanced Settings for SE Group
The Advanced tab in the Edit Service Engine Group popup allows configuration of optional functionality for SE groups. This tab appears only when the NSX Advanced Load Balancer is deployed in write access mode deployments.
This tab appears only when NSX Advanced Load Balancer is deployed in write access mode.
Service Engine Name Prefix: Enter the prefix to use when naming the SEs within the SE group. This name will be seen both within the NSX Advanced Load Balancer, and as the name of the virtual machine within the virtualization orchestrator.
For NSX Advanced Load Balancer 22.1 and later versions, use the Object Name Prefix in Cloud settings (similar to Service Engine Name Prefix); this supports “-” character.
For NSX Advanced Load Balancer 20.1.x/21.1.x versions, Service Engine Name Prefix does not support “-“ character.
Delete Unused Service Engines After: Enter the number of minutes to wait before the Controller deletes an unused SE. Traffic patterns can change quickly, and a virtual service may therefore need to scale across more SEs with little notice. Setting this field to a high value ensures that the NSX Advanced Load Balancer keeps unused SEs around in a sudden spike in traffic. A shorter value means the Controller may need to recreate a new SE to handle a burst of traffic, which can take a couple of minutes. This option is only applicable in write access mode.
Security
This section of the Advanced tab has the following option:
HSM Group: Applies a template of hardware security module (HSM) settings to the SE group.
For more information about HSM support, see:
Thales nShield Integration.
NSX Advanced Load Balancer Integration with SafeNet Network HSM.