This section documents prerequisites to activate and start consuming an NSX Advanced Load Balancer Cloud Console subscription.
Prerequisites for Enterprise Tier Subscription
You need to have an active/ trial subscription for NSX Advanced Load Balancer with Cloud Console,
Or,
You need to have an active NSX Advanced Load Balancer serial key license purchased before 31 December 2021.
VMware serial key licenses will only allow a limited set of services offered by NSX Advanced Load Balancer Cloud Console.
Connectivity Requirements (Ports and Protocols)
Source |
Destination URL |
Destination Port(s) |
Reason |
|---|---|---|---|
Browser |
portal.avipulse.vmware.com |
443 |
Customer access to NSX Advanced Load Balancer Cloud Console portal. |
Browser |
customerconnect.vmware.com |
443 |
VMware IDP used for authentication. |
NSX Advanced Load Balancer Controllers |
portal.avipulse.vmware.com |
443 |
Deliver services from NSX Advanced Load Balancer Cloud Console. |
Prerequisites for Enterprise Cloud Console Subscription
You need to have an active/ trial subscription for NSX Advanced Load Balancer with Cloud Console.
Your Controller version must be 21.1.3 or higher.
You have met the following connectivity requirement.
To successfully register the NSX Advanced Load Balancer with NSX Advanced Load Balancer Cloud Console, the user with organization member role must have 'support user' as an additional role.
Connectivity Requirements (Ports and Protocols)
Source |
Destination URL |
Destination Port(s) |
Reason |
|---|---|---|---|
Browser |
portal.avipulse.vmware.com |
443 |
Customer access to NSX Advanced Load Balancer Cloud Console portal. |
Browser |
console.cloud.vmware.com |
443 |
VMware IDP used for authentication. |
NSX Advanced Load Balancer Controllers |
portal.avipulse.vmware.com |
443 |
Deliver services from NSX Advanced Load Balancer Cloud Console. |
NSX Advanced Load Balancer Controllers |
downloads.avipulse.vmware.com |
443 |
Optional, if Application Rule and IP reputation Database updates are requested. |
NSX Advanced Load Balancer Controllers |
cdn.prod.nsxti.vmware.com |
443 |
Optional, if application rule and IP reputation Database updates are requested. |
For debuglogs upload from the Controller you need to exempt below FQDN from firewall:
avisupportdata-prod.s3.<region>.amazonaws.com
where,
<region> in the urls evaluates to different regions like:
eu-west-1, eu-central-1, ap-northeast-1, ap-southeast-1, us-west-1 and so on. For instance, avisupportdata-prod.s3.eu-west-1.amazonaws.com.
Enhance Security by configuring a Forward Proxy to access NSX Advanced Load Balancer Cloud Console
Customers can enable a Forward Proxy to proxy all traffic between the Controller and NSX Advanced Load Balancer Cloud Console. This allows further security control and visibility. NSX Advanced Load Balancer Controllers natively support integrating with a Forward Proxy.
The following are the three modes of using a Forward Proxy for NSX Advanced Load Balancer Cloud Console traffic:
- No Proxy:
-
All Cloud Consoles are directly accessed without any proxy from the Controller.
- System Proxy:
-
All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be used system wide for all services configured to utilize a Forward Proxy.
- Split Proxy:
-
All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be dedicated to be used to access NSX Advanced Load Balancer Cloud Console. There can be another Forward Proxy configured at the system level for all other services requiring a Forward Proxy.
The following section demonstrates how to configure a Forward Proxy on the NSX Advanced Load Balancer Controller using CLI. See CLI Access section of the Administration guide for details on accessing CLI.
System Proxy:
[admin:controller]: > configure systemconfiguration [admin:controller]: systemconfiguration> proxy_configuration [admin:controller]: systemconfiguration:proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN> [admin:controller]: systemconfiguration:proxy_configuration> port <FORWARD_PROXY_PORT> [admin:controller]: systemconfiguration:proxy_configuration> username <FORWARD_PROXY_USER> [admin:controller]: systemconfiguration:proxy_configuration> password <FORWARD_PROXY_PASSWORD> [admin:controller]: systemconfiguration:proxy_configuration> save [admin:controller]: systemconfiguration> save [admin:controller]: > configure albservicesconfig [admin:controller]: albservicesconfig> no use_split_proxy Overwriting the previously entered value for use_split_proxy [admin:controller]: albservicesconfig> no split_proxy_configuration [admin:controller]: albservicesconfig> save
Split Proxy:
[admin:controller]: > configure albservicesconfig [admin:controller]: albservicesconfig> use_split_proxy Overwriting the previously entered value for use_split_proxy [admin:controller]: albservicesconfig> split_proxy_configuration [admin:controller]: albservicesconfig:split_proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN> [admin:controller]: albservicesconfig:split_proxy_configuration> port <FORWARD_PROXY_PORT> [admin:controller]: albservicesconfig:split_proxy_configuration> username <FORWARD_PROXY_USER> [admin:controller]: albservicesconfig:split_proxy_configuration> password <FORWARD_PROXY_PASSWORD> [admin:controller]: albservicesconfig:split_proxy_configuration> save [admin:controller]: albservicesconfig> save
