VMware vDefend Security Services Platform – Part 3: Onboard NSX & Activate Platform Features

Welcome to the 3rd part of the VMware vDefend SSP series. In the previous post, I discussed the deployment of the SSP installer and the SSP instance. This post focuses on demonstrating how to activate the platform features.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

Onboard NSX Manager

The first step in configuring the SSP instance is to onboard NSX Manager. To do so, login to the SSP instance by typing https://<ssp-fqdn>/ and entering the admin credentials set during the deployment.

Enter the workload domain NSX Manager IP/FQDN, NSX Enterprise Admin credentials, and the NSX Manager SSL certificate. 

Note: If VIP is configured for NSX Manager, upload the MGMT_CLUSTER REST VIP certificate. Otherwise, the node REST API certificate.

SSP checks the NSX manager compatibility with the SSP instance.Read More

Spread the Love

VMware vDefend Security Services Platform – Part 2: Deploy & Configure SSP

Welcome to the 2nd part of the VMware vDefend SSP series. In the first post of this series, I discussed what SSP is and how it helps secure a VCF private cloud by implementing true microsegmentation. In this post, I will demonstrate the deployment of the SSP installer appliance.

The vDefend SSP Installer is shipped in OVA form factor and is used to deploy the VMware vDefend Security Services Platform (SSP). After booting the SSP Installer VM and initial configuration, you can access its web interface to set up the actual SSP instance by uploading an SSP bundle and connecting to your vCenter and NSX managers.

Network/Subnet Requirements

  • SSP Installer: One IP address from the infrastructure management network.
  • SSP Node Pool: 16 IPs from the network where SSP nodes will be deployed.
  • SSP Service Pool: 11 IPs from the network where SSP nodes will be deployed.

DNS Requirements

Ensure that the following DNS records are in place before the deployment. Read More

Spread the Love

VMware vDefend Security Services Platform – Part 1: Introduction

Traditional data centre security has long relied on a perimeter-based approach—imagine a castle with high walls and a single guarded entrance. This model worked well when applications lived in predictable locations and traffic patterns were relatively simple. However, today’s dynamic, cloud-native environments have fundamentally changed the game.

Modern applications span multiple clouds, containers spin up and down in seconds, and workloads migrate freely across infrastructure. The traditional perimeter has dissolved. Attackers who breach the perimeter can move laterally through the network with alarming ease, exploiting the lack of internal segmentation. This is where the VMware vDefend Security Services Platform (SSP) revolutionizes the approach to network security. vDefend SSP simplifies how organizations achieve zero-trust and private cloud security goals by cutting through complexity and providing a comprehensive lateral security implementation. 

vDefend Security Services Platform

VMware vDefend SSP is a software-defined, hypervisor-integrated security solution architected to protect VCF private cloud workloads—including both critical and non-critical workloads.Read More

Spread the Love

F5 to Avi Load Balancer Migration – Part 7: Migrate Complex L7 VS with Policies

Welcome to part 7 of the F5 to Avi migration series. The previous post in this series discussed the migration method of complex L4 virtual services. In this post, I will demonstrate the migration of L7 virtual services that have policies configured.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to F5 to Avi Load Balancer Migration

2: Migration Strategy Framework

3: Avi Assessment Framework

4: F5 to Avi – Online Mode Migration

5: F5 to Avi – Offline Mode Migration

6: Migrate Complex L4 VS with Policies

The Avi Conversion Tool currently has a limitation when migrating virtual services with policies configured.  This is true for both L4 & L7 types vs. When you migrate such a VS, the ACT UI skips the policy part. 

In the converter.log, you will see an error similar to that shown below.Read More

Spread the Love

F5 to Avi Load Balancer Migration – Part 6: Migrate Complex L4 VS with Policies

Welcome to part 6 of the F5 to Avi migration series. The previous post in this series discussed the migration method for offline mode. In this post, I will demonstrate migrating complex L4 virtual services.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to F5 to Avi Load Balancer Migration

2: F5 to Avi – Migration Strategy Framework

3: Avi Assessment Framework

4: F5 to Avi – Online Mode Migration

5: F5 to Avi – Offline Mode Migration

Not all F5 virtual services can be migrated to Avi using the Avi Conversion Tool. The tool currently has a limitation of migrating L4 virtual services configured for SNI-based routing policy. When you attempt to convert such a VS to AVI format using the conversion tool UI, the tool skips the policies.

Migration of such virtual services is not possible through ACT UI, and you have to do this manually using the converter Python script.Read More

Spread the Love

F5 to Avi Load Balancer Migration – Part 5: Offline Mode Migration

Welcome to part 5 of the F5 to Avi migration series. The previous posts in this series discussed the online mode migration of the load balancer from F5 to Avi. In this post, I will demonstrate the offline mode migration.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to F5 to Avi Load Balancer Migration

2: F5 to Avi – Migration Strategy Framework

3: Avi Assessment Framework

4: F5 to Avi Online Mode Migration

Offline migration is typically needed when you want to migrate F5 BIG-IP configurations to AVI without direct connectivity between systems or in air-gapped environments. To convert the F5 objects, you manually upload the F5 configuration file (bigip.conf), certificates, and keys to the conversion tool.

To perform offline migration, login to the conversion tool and navigate to the Migrate tab, and click Start. Read More

Spread the Love

F5 to Avi Load Balancer Migration – Part 4: Online Mode Migration

Welcome to part 4 of the F5 to Avi migration series. The previous posts in this series aimed to provide a comprehensive framework for the F5 to Avi migration strategy and planning migration waves. In this post, I will demonstrate how to migrate load balancer objects between the 2 platforms.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to F5 to Avi Load Balancer Migration

2: F5 to Avi – Migration Strategy Framework

3: Avi Assessment Framework

Avi Load Balancer Conversion Tool

To migrate load balancer objects from F5 to Avi, VMware provides a migration tool called “Avi Load Balancer Conversion Tool (ALBCT),” a UI-based conversion tool that automates and simplifies migration of existing F5 load balancer configurations to the Avi Load Balancer platform. The conversion tool helps you:

  1. Import configuration files from existing load balancers (F5).
Read More
Spread the Love

F5 to Avi Load Balancer Migration – Part 3: Identifying Migration Candidates

Welcome to part 3 of the F5 to Avi migration series. Part 1 of this series discussed use cases of Avi migration, and part 2 dived into the migration framework that you should follow for a successful error-free migration. 

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to F5 to Avi Load Balancer Migration

2: F5 to Avi – Migration Strategy Framework

Overview

Not all F5 virtual services and configurations are equally suited for immediate migration to Avi. A strategic assessment helps prioritize migrations, manage risks, and allocate resources effectively. In this post I will try to provide a comprehensive framework for evaluating F5 objects and determining migration candidacy.

Step 1: Understand the Goal of Migration

Before identifying good candidates, clarify the purpose:

  • Are you moving to reduce licensing costs (F5 → NSX ALB built into NSX or vSphere+ licensing)?
Read More
Spread the Love

F5 to Avi Load Balancer Migration – Part 2: Migration Strategy Framework

In the first post of this series, I discussed the top reasons why an organization wants to move from F5 to Avi load balancer. In this post, I will discuss the migration strategy for a successful migration.

To migrate from F5 to Avi Load Balancer, VMware provides a free Avi Load Balancer Conversion Tool (ALBCT) that automates the translation of F5 BIG-IP configurations. The migration process involves using this tool to convert the F5 load balancer configuration and then cutting over traffic to the Avi-based environment.

Migration Strategy: An Eight-Stage Approach

The key to successful migration is meticulous planning, comprehensive testing, and leveraging Avi’s conversion tool to automate complex configuration transformations. With proper execution, organizations emerge with a modern, scalable, and easier-to-manage load balancing platform that supports their digital transformation initiatives.

The image below lists the various stages involved in the strategic planning for a successful migration.

Stage 1: Planning and Assessment

Before any technical work begins, thorough planning is essential.Read More

Spread the Love

F5 to Avi Load Balancer Migration – Part 1: Introduction

Introduction

In today’s digital-first world, enterprises are under constant pressure to modernize infrastructure, adopt hybrid and multi-cloud architectures, and deliver applications faster.  As enterprises accelerate their digital transformation journey, legacy load-balancing infrastructure is becoming a bottleneck. The rise of cloud-native applications, containerization, and the need for operational simplicity have prompted many organizations to evaluate modern alternatives.

F5 BIG-IP, while robust, lacks the agility, automation capabilities, and cloud-native architecture that modern applications demand. On the other hand, Avi Load Balancer, a software-defined, cloud-native alternative, offers organizations the flexibility to evolve their infrastructure with minimal disruption.

In this blog, I will cover the key use cases driving migration from F5 to Avi Load Balancer.

Use Cases for F5 to Avi Migration

Migrating from F5 to Avi helps organizations modernize their application delivery infrastructure, reduce operational complexity, and achieve cloud agility. Below are some common use cases for F5 to Avi migration.

1. Cloud and Multi-Cloud Strategy Enablement

Organizations are adopting multi-cloud architectures to avoid vendor lock-in and leverage best-of-breed services across providers.Read More

Spread the Love