Scaling Out the VMware vDefend Security Services Platform

March 19, 2026 Manish Jha

The VMware vDefend Security Services Platform (SSP) was built for scale-out from day one. Whether you’re expanding a proof-of-concept deployment to a production deployment, enabling ATP services (minimum 5 nodes), or going to a full-blown ten-node production deployment, the path is consistent. This post walks you through everything you need to know.

Why Scale-Out Matters for Modern Private Clouds

Traditional perimeter-based security assumed that traffic patterns were predictable and applications sat in stable locations. That world no longer exists. East-west traffic inside a VMware Cloud Foundation (VCF) private cloud can be four times greater than north-south traffic, and the volume keeps growing as application estates expand.

vDefend SSP is Broadcom’s answer to this problem: a self-contained, Kubernetes-backed security analytics platform that sits alongside NSX and processes Security Intelligence, Network Detection and Response (NDR), Malware Prevention, and Network Traffic Analysis (NTA). When your workloads grow, your security analytics capacity grows with them.… Read the rest

Cleanup NSX After Force Install of vDefend SSP

March 19, 2026March 19, 2026 Manish Jha

Recently, while deploying vDefend SSP in my nested lab, I encountered an issue in which the SSP platform became unstable as soon as I activated platform services.

When platform services (Security Intelligence/Rule Analysis, etc.) are activated, SSP creates new pods. If, at that moment, the CPU on the worker nodes is stuck due to resource constraints on the physical host, the overall platform health degrades. The pods that make up the core service are restarted frequently, and they never come back.

You can use the SSPi diagnostic tool to have visibility into problematic worker nodes and the namespace/pods.

To view pod information, SSH to the SSPI VM and list the pods.

The SSP UI won’t let you login and throws weird errors. An example is shown below

If you attempt to query the platform status, you will see gateway timeout error.

The root cause of this problem was that each worker node is deployed with 16 vCPU, and a minimum of 4 worker nodes is deployed.… Read the rest

How to Deploy Avi 30.x/31.x in VCF 9.x

February 24, 2026February 27, 2026 Manish Jha

By default, VCF 9 deploys the v22.x of Avi, which is too old. To use newer versions of Avi in the VCF 9.x setup, Broadcom provides a shell script. This script uploads the newer Avi OVA and updates the SDDC Manager manifest file so that the new Avi can be selected in the SDDC Manager UI.

The shell script and helper files can be downloaded from the Avi GitHub repo

This shell script performs the following tasks:

Uploading the Avi bundle to the SDDC manager.
Uploading the SDDC manager root certificate to the NSX manager as a trusted CA.
Registering the Avi enforcement point in NSX Manager.

Analyze the Shell Script

The shell script (vcf_tools.sh) contains 2 helper files:

1: pvc.json: This file contains the information of the Avi install bundle name and the build number. If the build number of the Avi installer bundle that you downloaded from Broadcom’s portal is not in the JSON file, update it.… Read the rest

VMware vDefend Security Services Platform – Part 8: Segmentation Planning

December 14, 2025February 24, 2026 Manish Jha

Welcome to the 8th part of the VMware vDefend SSP series. In the previous post, I discussed the SSP Security Journey workflow and its stages. This post will showcase segmentation planning, which is a sub-feature of security intelligence.

If you are not following along with this series, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

3: Onboard NSX Manager & Activate Platform Features

4: SSP Integration with Core Infrastructure Services

5: vDefend SSP Rule Analysis

6: Security Segmentation Report

7: Security Intelligence Overview

In the previous post, we saw that the security journey is a staged workflow, with each stage providing a different capability. After you complete a stage, you must mark it as completed and move to the next stage.

Note: I covered stage 1 in the 6th part of this series, so I am not repeating the steps.… Read the rest

VMware vDefend Security Services Platform – Part 7: Security Intelligence Walkthrough

December 10, 2025February 24, 2026 Manish Jha

Welcome to the 7th part of the VMware vDefend SSP series. In the previous post, I discussed the SSP Segmentation Report feature and how you can leverage it to plan micro-segmentation. This post will provide a high-level overview of the security intelligence feature and the security journey workflow.

If you are not following along with this series, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

3: Onboard NSX Manager & Activate Platform Features

4: SSP Integration with Core Infrastructure Services

5: vDefend SSP Rule Analysis

6: Security Segmentation Report

Security Intelligence is an SSP feature that provides tools for planning network segmentation, visualizing traffic patterns, and monitoring data flows across applications, enabling the planning and implementation of micro-segmentation at scale.

Security Intelligence delivers two primary capabilities:

Visual representation of network components, including security groups, virtual machines, IP addresses, and traffic flows.

… Read the rest

VMware vDefend Security Services Platform – Part 6: Security Segmentation Report

November 26, 2025February 24, 2026 Manish Jha

Welcome to the 6th part of the VMware vDefend SSP series. In the previous post, I discussed the SSP Rule Analysis feature. This post focuses on the SSP Segmentation Report.

If you are not following along with this series, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

3: Onboard NSX Manager & Activate Platform Features

4: SSP Integration with Core Infrastructure Services

5: vDefend SSP Rule Analysis

Traditional security architectures often resemble fortified castles—strong perimeter walls with limited internal protections. Once adversaries breach these external defences, they can navigate through internal networks with minimal resistance. This reality makes network segmentation not just a best practice but a critical security requirement.

Effective segmentation minimizes attack surfaces, protects sensitive data, and helps organizations meet regulatory compliance standards. However, implementing segmentation without proper visibility and measurement can lead to incomplete protection or operational complexity.… Read the rest

VMware vDefend Security Services Platform – Part 5: SSP Rule Analysis

November 22, 2025February 24, 2026 Manish Jha

Welcome to the 5th part of the VMware vDefend SSP series. In the previous post, I discussed SSP integration with core infrastructure. This post focuses on demonstrating the Rule Analysis feature of SSP.

If you are not following along with this series, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

3: Onboard NSX Manager & Activate Platform Features

4: SSP Integration with Core Infrastructure Services

What is SSP Rule Analysis?

The rule analysis feature automatically analyzes DFW rules to identify inefficiencies and security misconfigurations. It helps optimize policies by flagging issues such as duplicate, redundant, or overly permissive rules, contributing to a more robust and efficient security posture.

The main benefits of the rule analysis feature are outlined below:

Improves Security Posture: Identifies potential security misconfigurations and improves the overall security posture of the DFW.

… Read the rest

VMware vDefend Security Services Platform – Part 4: SSP Integration with Core Infrastructure Services

November 18, 2025February 24, 2026 Manish Jha

Welcome to the 4th part of the VMware vDefend SSP series. In the previous post, I discussed NSX Manager onboarding in SSP and activating platform features.

This post focuses on demonstrating how to integrate SSP with core infrastructure services, such as Syslog, LDAP, and SFTP.

If you are not following along with this series, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

3: Onboard NSX Manager & Activate Platform Features

SSP Integration with Syslog

To integrate the vDefend Security Services Platform (SSP) with a syslog server, you must configure the SSP to forward its log messages to the remote server through its web interface.

Log in to the SSP web interface using admin credentials and navigate to the System > Server Configurations > Syslog Server Configuration tab. Click Add Server.… Read the rest

VMware vDefend Security Services Platform – Part 3: Onboard NSX & Activate Platform Features

November 14, 2025February 24, 2026 Manish Jha

Welcome to the 3rd part of the VMware vDefend SSP series. In the previous post, I discussed the deployment of the SSP installer and the SSP instance. This post focuses on demonstrating how to activate the platform features.

If you are not following along, I encourage you to read the earlier parts of this series from the links below:

1: Introduction to VMware vDefend Security Services Platform

2: Deploy & Configure SSP Instance

Onboard NSX Manager

The first step in configuring the SSP instance is to onboard NSX Manager. To do so, login to the SSP instance by typing https://<ssp-fqdn>/ and entering the admin credentials set during the deployment.

Enter the workload domain NSX Manager IP/FQDN, NSX Enterprise Admin credentials, and the NSX Manager SSL certificate.

Note: If VIP is configured for NSX Manager, upload the MGMT_CLUSTER REST VIP certificate. Otherwise, the node REST API certificate.

SSP checks the NSX manager compatibility with the SSP instance.… Read the rest

VMware vDefend Security Services Platform – Part 2: Deploy & Configure SSP

November 11, 2025February 24, 2026 Manish Jha

Welcome to the 2nd part of the VMware vDefend SSP series. In the first post of this series, I discussed what SSP is and how it helps secure a VCF private cloud by implementing microsegmentation. In this post, I will demonstrate the deployment of the SSP installer appliance.

The vDefend SSP Installer is shipped in OVA form factor and is used to deploy the VMware vDefend Security Services Platform (SSP). After booting the SSP Installer VM and performing initial configuration, you can access its web interface to set up the actual SSP instance by uploading an SSP bundle and connecting to your vCenter and NSX managers.

Network/Subnet Requirements

SSP Installer: One IP address from the infrastructure management network.
SSP Node Pool: 16 IPs from the network where SSP nodes will be deployed.
SSP Service Pool: 11 IPs from the network where SSP nodes will be deployed.

DNS Requirements

Ensure that the following DNS records are in place before the deployment.… Read the rest