Avi Vantage Interaction with vCenter
Avi Vantage may be deployed with a VMware cloud in either no access or write access mode. Each mode results in escalating functionality and automation, but also requires higher levels of privilege for the Avi Controller within VMware vCenter.
Refer to Orchestrator Access Modes for more information on access modes, and Installing Avi Vantage for VMware vCentre KB article for instructions on installing Avi Vantage into a VMware vCenter environment.
Note: Avi Controller and Service Engines are supported in an environment with VMware HA, DRS enabled. For more details on HA DRS, refer to Avi Vantage High Availability in VMware vCenter Environment guide.
- In case of planned maintenance, the Avi Controller spins up a new SE on a different host and non-disruptively migrates all applications (virtual services) to the new SE.
- In case of a host outage, as part of Avi Vantage’s self-healing capability, the Avi Controller automatically moves virtual services to a different SE (spinning up a new SE if needed). Furthermore, if elastic active/active HA has been configured, there is no disruption to application traffic.
The Avi Controller retrieves the following objects from vCenter in write access modes.
- Datacenter: Discovered datacenters are provided as a list for the user to select the specific datacenter for more detailed discovery.
- Networks: This includes all networks (standard/distributed port group)
- Networks: It provides networks as a list for the user to select Management Network.
- IP Subnet: The IP subnet for each port group based on vNiCs in that port group (if
vmtoolsis running on the VM). The IP subnet learned is used for placing the virtual service on appropriate networks.
- Hosts: Used to execute the placement algorithms for creating SE VMs.
- Clusters: Used to constrain the set of ESX hosts to be considered while creating the SE VMs.
- Virtual Machines: All the virtual machines in the datacenter are discovered. This is to retrieve the IP subnet for each network. Discovered virtual machines also aid in the pool server selection.
- Datastores: The user can select which datastore to use for SE VM creation (only shared datastores are considered).
Service Engine VM Creation (Write Operation)
The Avi Controller interacts with vCenter’s OVF Manager to spawn an SE VM. The Controller needs the following access:
- Folders: The Avi Controller creates the SE VM in the default AviSeFolder or a folder the user specifies. It creates the folder AviSeFolder if it is not present.
- Datastores: The Avi Controller performs the data transfer for the SE VM directly to the ESX host’s datastore.
- Network: Nine out of ten vNICs for the SE VM are placed in the Management PG portgroup of vSwitch0. All the ten vNICs are placed in Management PG. First NIC is in connected state and all other nine NICs are in disconnected state.
- vApp: The Avi Controller updates OVF parameters of the SE VM which relate to vApp functionality.
Notes: Check if the management portgroup has sufficient port-groups present.
It is preferable to set port allocation to elastic for the distributed port group so that vCenter expands the port group used.
Elastic: The default number of ports is eight. When all ports are assigned, a new set of eight ports is created.
A sufficient number of free ports are available in the port group so that the SE creation can be successful.
Management PG port group will not be used for the new SE creation starting from NSX Advanced Load Balancer version 22.1.1.
Existing SE post upgrade will still continue to work with NSX Advanced Load Balancer version 22.1.1 but further virtual service placement will change the port group to the management port group.
VS Placement and VM Deletion
- VS Placement: When placing a virtual service on an SE VM (Write Operation), the Avi Controller moves vNICs of the SE VM from Management PG to the required port group (standard/distributed). This stitches the network connectivity for the VS while in write access mode.
- VM Deletion: The Avi Controller deletes the SE VM by interacting with vCenter.
The Avi Controller retrieves stats from vCenter for virtual machines and hosts. This data is for metrics-based analytics, such as assigning resource penalties. This data is queried by Avi Vantage while in write access modes.
Custom vCenter Roles
The custom vCenter role is available at VMware User Role guide.
vCenter Connectivity Probes
Avi Vantage takes the following measures to verify connectivity with vCenter on an ongoing basis.
- Initial login to vCenter: When a vCenter cloud is configured in Avi Vantage, a user login request is sent to the vCenter. The response time for the login request is measured. If it is greater than 10 seconds, an error is displayed in the Avi UI. Concurrently, a system event (
VCENTER_ACCESS_SLOW) is generated.
- 5-second probe: Avi Controller polls the vCenter every 5 seconds for changes in objects such as virtual machines, datacenters, clusters, networks, and ESX hosts.
- 1-minute probe: The Avi Controller polls the vCenter once every minute to retrieve vCenter performance stats for the SE VMs and back-end server VMs configured in the pools.
- 5-minute probe: The Avi Controller issues an
sshprobe to all the ESX hosts present in the datacenter. This ensures that connectivity is still intact between the Avi Controller and the ESX host. The
vmdkfor the SE VM gets transferred directly to the ESX host.
Avi Controller also initiates a new connection request every 5 minutes to ensure that the user credentials configured for the vCenter cloud are valid. vCenter credentials are changed once every 6 months or 1 year, depending on the customer’s security policy.
In case of Write Access Integration, the Avi Controller can take the following steps to ensure high availability of applications:
In case of planned maintenance, the Avi Controller spins up a new SE on a different host and non-disruptively migrates all applications (virtual services) to the new SE.
In case of a host outage, as part of Avi Vantage’s self-healing capability, the Avi Controller automatically moves virtual services to a different SE (spinning up a new SE if needed). Furthermore, if elastic active/active HA has been configured, there is no disruption to application traffic.
Note: Avi Controller and Service Engines are supported in an environment with VMware HA, DRS enabled. For more details on HA DRS, refer to VMware HA DRs guide.
Document Revision History
|July 15, 2022
|Changed 10 probe to 5 probe