Orchestrator Access Modes
Overview
While Avi Vantage can be deployed within a virtualized environment or cloud, the access level that Avi Vantage has for communicating with the virtualization orchestrator (such as VMware vCenter) affects how the system operates and is configured. The level of communication that Avi Vantage has with the virtualization orchestrator is defined as the access mode.
Avi Vantage may be deployed in a number of different environments, both with or without an orchestrator (such as vCenter or OpenStack).
Figure 1: Add servers via Select Servers by Network autodiscovery
Access Modes
- No Access Mode: Avi Vantage has no access to the orchestrator, or is in an environment such as bare metal where there is no orchestrator. When in this mode, adding, removing, or modifying properties of a Service Engine requires an administrator to manually perform the changes. For instance, an administrator would need to install a new SE through the orchestrator, such as vCenter, by uploading the OVA and setting the resource and networking properties. If a new virtual service is created, admin access to vCenter may again be required to change the network settings to support the new virtual server. Servers and networks cannot be auto-discovered and must be manually configured. In this mode, the Avi Vantage cloud setting is configured as ”no orchestrator” regardless of the cloud/virtualization environment.
- Read Access Mode: This mode is specific to VMware vCenter. In this mode, Avi Vantage has read-only access to vCenter, enabling it to learn the resource utilization of virtual machines (servers) and discover network information. Avi Vantage cannot add, modify, or remove SEs, back-end servers, or network properties. Avi Vantage cannot gather resource information from servers, such as CPU or memory utilization. While in this mode, the Avi Vantage cloud setting is “VMware”, with access permission set to Read.
- Write Access Mode: This mode grants Avi Vantage full write access to the orchestrator. Avi Vantage can automatically create, modify, and remove SEs and other resources as needed to adapt to changing traffic needs. This is the recommended deployment mode when available for a cloud environment. Password access is required to the orchestrator. (An exception is Amazon Web Services [AWS]. AWS requires an access key ID and secret access key, or a preconfigured role for access.)
The following table shows the access modes available for each supported cloud environment.
None | Read | Write | |
vCenter | Yes | Yes | Yes |
vCenter w APIC | Yes | ||
OpenStack | Yes | Yes | Yes |
AWS | Yes | Yes | Yes |
Mesos | Yes | ||
Bare Metal | Yes |