This section documents prerequisites to activate and start consuming an NSX Advanced Load Balancer Cloud Console subscription.

Prerequisites for Enterprise Tier Subscription

You need to have an active/ trial subscription for NSX Advanced Load Balancer with Cloud Console,

Or,

You need to have an active NSX Advanced Load Balancer serial key license purchased before 31 December 2021.

Note:

VMware serial key licenses will only allow a limited set of services offered by NSX Advanced Load Balancer Cloud Console.

Connectivity Requirements (Ports and Protocols)

Source

Destination URL

Destination Port(s)

Reason

Browser

portal.avipulse.vmware.com

443

Customer access to NSX Advanced Load Balancer Cloud Console portal.

Browser

customerconnect.vmware.com

443

VMware IDP used for authentication.

NSX Advanced Load Balancer Controllers

portal.avipulse.vmware.com

443

Deliver services from NSX Advanced Load Balancer Cloud Console.

Prerequisites for Enterprise Cloud Console Subscription

  • You need to have an active/ trial subscription for NSX Advanced Load Balancer with Cloud Console.

  • Your Controller version must be 21.1.3 or higher.

  • You have met the following connectivity requirement.

Note:

To successfully register the NSX Advanced Load Balancer with NSX Advanced Load Balancer Cloud Console, the user with organization member role must have 'support user' as an additional role.

Connectivity Requirements (Ports and Protocols)

Source

Destination URL

Destination Port(s)

Reason

Browser

portal.avipulse.vmware.com

443

Customer access to NSX Advanced Load Balancer Cloud Console portal.

Browser

console.cloud.vmware.com

443

VMware IDP used for authentication.

NSX Advanced Load Balancer Controllers

portal.avipulse.vmware.com

443

Deliver services from NSX Advanced Load Balancer Cloud Console.

NSX Advanced Load Balancer Controllers

downloads.avipulse.vmware.com

443

Optional, if Application Rule and IP reputation Database updates are requested.

NSX Advanced Load Balancer Controllers

cdn.prod.nsxti.vmware.com

443

Optional, if application rule and IP reputation Database updates are requested.

For debuglogs upload from the Controller you need to exempt below FQDN from firewall:

avisupportdata-prod.s3.<region>.amazonaws.com

where,

<region> in the urls evaluates to different regions like:

eu-west-1, eu-central-1, ap-northeast-1, ap-southeast-1, us-west-1 and so on. For instance, avisupportdata-prod.s3.eu-west-1.amazonaws.com.

Enhance Security by configuring a Forward Proxy to access NSX Advanced Load Balancer Cloud Console

Customers can enable a Forward Proxy to proxy all traffic between the Controller and NSX Advanced Load Balancer Cloud Console. This allows further security control and visibility. NSX Advanced Load Balancer Controllers natively support integrating with a Forward Proxy.

The following are the three modes of using a Forward Proxy for NSX Advanced Load Balancer Cloud Console traffic:

No Proxy:

All Cloud Consoles are directly accessed without any proxy from the Controller.

System Proxy:

All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be used system wide for all services configured to utilize a Forward Proxy.

Split Proxy:

All Cloud Consoles will be accessed through the configured Forward Proxy from the Controller. This Forward Proxy will be dedicated to be used to access NSX Advanced Load Balancer Cloud Console. There can be another Forward Proxy configured at the system level for all other services requiring a Forward Proxy.

The following section demonstrates how to configure a Forward Proxy on the NSX Advanced Load Balancer Controller using CLI. See CLI Access section of the Administration guide for details on accessing CLI.

System Proxy:

[admin:controller]: > configure systemconfiguration
[admin:controller]: systemconfiguration> proxy_configuration
[admin:controller]: systemconfiguration:proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN>
[admin:controller]: systemconfiguration:proxy_configuration> port <FORWARD_PROXY_PORT>
[admin:controller]: systemconfiguration:proxy_configuration> username <FORWARD_PROXY_USER>
[admin:controller]: systemconfiguration:proxy_configuration> password <FORWARD_PROXY_PASSWORD>
[admin:controller]: systemconfiguration:proxy_configuration> save
[admin:controller]: systemconfiguration> save
[admin:controller]: > configure albservicesconfig
[admin:controller]: albservicesconfig> no use_split_proxy
Overwriting the previously entered value for use_split_proxy
[admin:controller]: albservicesconfig> no split_proxy_configuration
[admin:controller]: albservicesconfig> save

Split Proxy:

[admin:controller]: > configure albservicesconfig
[admin:controller]: albservicesconfig> use_split_proxy
Overwriting the previously entered value for use_split_proxy
[admin:controller]: albservicesconfig> split_proxy_configuration
[admin:controller]: albservicesconfig:split_proxy_configuration> host <FORWARD_PROXY_IP_OR_FQDN>
[admin:controller]: albservicesconfig:split_proxy_configuration> port <FORWARD_PROXY_PORT>
[admin:controller]: albservicesconfig:split_proxy_configuration> username <FORWARD_PROXY_USER>
[admin:controller]: albservicesconfig:split_proxy_configuration> password <FORWARD_PROXY_PASSWORD>
[admin:controller]: albservicesconfig:split_proxy_configuration> save
[admin:controller]: albservicesconfig> save