惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
IT之家
IT之家
Hugging Face - Blog
Hugging Face - Blog
Engineering at Meta
Engineering at Meta
爱范儿
爱范儿
博客园 - Franky
博客园 - 【当耐特】
MyScale Blog
MyScale Blog
雷峰网
雷峰网
月光博客
月光博客
云风的 BLOG
云风的 BLOG
博客园 - 司徒正美
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
WordPress大学
WordPress大学
罗磊的独立博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Y
Y Combinator Blog
Know Your Adversary
Know Your Adversary
宝玉的分享
宝玉的分享
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
L
LangChain Blog
K
Kaspersky official blog
P
Palo Alto Networks Blog
P
Privacy & Cybersecurity Law Blog
美团技术团队
Scott Helme
Scott Helme
B
Blog RSS Feed
T
Threat Research - Cisco Blogs
博客园_首页
L
LINUX DO - 热门话题
腾讯CDC
C
CERT Recently Published Vulnerability Notes
A
About on SuperTechFans
博客园 - 三生石上(FineUI控件)
J
Java Code Geeks
V
V2EX
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
人人都是产品经理
人人都是产品经理
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
S
Schneier on Security
AWS News Blog
AWS News Blog

VMware Blogs

Diagnostics for VMware Cloud Foundation (VCF) 9.1 with Old Versions of VCF Components Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 Avi Advantage: Automating Certificate Management of VCF Workloads More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How Broadcom Is Helping Enterprises Win the AI Security Sprint How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Kubernetes 1.36: What Actually Changed for Enterprise Platforms Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads
Ahmar Mohamm · 2026-04-29 · via VMware Blogs

VKS adoption is accelerating. Through our work with enterprise customers deploying production Kubernetes workloads on VMware Cloud Foundation, we’ve learned a critical lesson: the networking and security choices you make can either enable or undermine your Kubernetes success.

Traditional approaches create the exact friction Kubernetes was meant to eliminate: bolting legacy load balancers onto containers, layering point security products, relying on perimeter-only defense. Customers tell us they’re spending weeks on infrastructure configuration that should take hours. Security teams struggle to keep pace with developer velocity. And the comprehensive visibility needed for production operations simply doesn’t exist.

For enterprises leveraging VMware Cloud Foundation (VCF) and VMware vSphere Kubernetes Service (VKS), relying on fragmented, appliance-based security and load balancing solutions introduces high cost, operational complexity, scale-out challenges, and visibility gaps. The right architecture demands a software-defined approach to load balancing and lateral security, one that aligns with the fundamental characteristics of Kubernetes workloads: dynamic, scale-out, delivered as code and service, with comprehensive workload- and transaction-level visibility.

VMware Avi Load Balancer and VMware vDefend lateral security are built from the ground up on software-defined principles, with a centralized control plane and fully distributed data plane. This architecture is purpose-built for Kubernetes. Furthermore, by deeply integrating Avi and vDefend with VKS and VCF, organizations transform their infrastructure into a unified, secure, and highly resilient private cloud platform.

What VKS Customers Tell Us Matters Most

Modern enterprises require infrastructure that matches the velocity of their development teams. Through hundreds of VKS deployments, we consistently hear the same priorities:

  • Agility for Modern Apps: Infrastructure must be fundamentally built for speed, enabling self-service deployment while maintaining enterprise guardrails. Manual configuration bottlenecks eliminate the agility Kubernetes promises.
  • Shared Responsibility: Security teams need to enforce mandatory policies. DevOps teams need to operate without approval delays. Both requirements are non-negotiable. The solution must enable delegation without degrading security posture.
  • Reduced Complexity: Organizations are moving away from disparate point products for classic applications, modern containerized apps, and emerging AI workloads. Operational overhead multiplies when each workload type requires separate bolt-on tools, policies, and expertise.
  • Built-in Security: Best-of-breed security and load balancing functionality across all environments isn’t optional. It’s foundational. Organizations demand comprehensive protection from ingress through lateral traffic, integrated into the platform rather than bolted on afterward.

Why VMware’s Integrated Approach Delivers

  • Comprehensive Security for VKS Workloads: Multi-layer network and web application security integrated into the fabric of the private cloud platform. This provides defense-in-depth from ingress through lateral traffic, eliminating the gaps that exist with perimeter-only approaches.
  • Plug-and-Play Experience: Seamless integration specifically designed for VKS eliminates manual Helm deployments, network plumbing, and configuration complexity. What takes weeks with external solutions happens automatically at cluster creation.
  • Unified Consumption: Built for direct use by both DevOps and Infrastructure teams through consistent interfaces and policy models. Teams develop expertise that applies across traditional VMs, modern containers, and AI workloads, dramatically reducing training overhead.
  • Consistency Across Workloads: Identical capabilities work seamlessly for classic applications, modern containerized apps, and agentic AI workloads. This consistency simplifies operations and ensures security policies apply uniformly regardless of workload type.
  • Advanced Visibility: Deep application visibility and insights spanning the entire ingress traffic path. This comprehensive observability enables proactive operations instead of reactive troubleshooting.

Accelerate Deployment and Simplify Operations

  • Zero-Touch Deployment: Deep integration into VCF Supervisor workflows enables Avi and vDefend automatically across all VKS clusters. No separate installation, no configuration delays. Consistent deployment eliminates one of the most time-consuming aspects of Kubernetes networking and security.
  • Automated Lifecycle Management: Avi and vDefend updates are handled automatically as part of standard VCF updates. As VMware releases new capabilities or security patches, your networking and security infrastructure stays current without separate maintenance windows or manual intervention.
  • Native VPC Support: Direct integration with VPC networking means the network “plumbing” is already done. Teams no longer build complex manual network configurations. What traditionally requires weeks of network engineering reduces to hours of configuration.
  • Avi Analytics: Comprehensive insight into application traffic and latency enables rapid identification of performance issues. When problems arise, analytics correlate network performance with application behavior, cutting troubleshooting time from hours to minutes.
  • Validated Interoperability: Pre-tested and validated as a unified solution reduces the risk of downtime or configuration conflicts. VMware engineering validates these integrations together, eliminating compatibility concerns and providing a single support path.

Enable Teams Without Compromising Control

  • The most common Kubernetes adoption blocker: security teams that can’t enforce policies at developer velocity. The hierarchical policy model addresses this directly.
  • Hierarchical Tiered Policies: Security teams set mandatory, foundational “Admin” rules that provide organizational guardrails. These policies are immutable and apply globally, establishing the security baseline that cannot be circumvented.
  • Developer Autonomy: Within those guardrails, DevOps teams operationalize their own application-specific firewall policies without waiting for manual approvals. This enables the agility Kubernetes promises while maintaining the control security requires.
  • Reliable Guardrails: Kubernetes Network Policies created by developers cannot override mandatory security policies set by Security Administrators. This hierarchy ensures application-level policies enhance security within the broader framework rather than weakening it.

Secure Every Connection: Ingress Through Lateral Traffic

  • Stop Threats at the Edge: Avi serves as your container ingress solution with integrated WAF, DDoS mitigation, API rate limiting, authentication, and HTTP policies. This consolidated security and load balancing at the edge protects applications without additional infrastructure complexity.
  • Secure Lateral Movement: vDefend’s distributed firewall protects internal environments, securing traffic between pods, across clusters, and between modern containers and traditional VMs, all from unified management. Container-to-container traffic represents a significant attack surface; lateral security eliminates this blind spot.
  • Control Outbound Traffic: Granular egress policies prevent data exfiltration and unauthorized communication, applied at pod, namespace, or organizational level. This completes the security posture from inbound through lateral to outbound traffic.

Production-Grade Resiliency at Scale

  • Active-Active Availability: Avi Global Server Load Balancing (GSLB) manages traffic across multiple VKS clusters, ensuring applications stay online even if a cluster fails. This distributed architecture provides the high availability production workloads demand.
  • Automated Disaster Recovery: Avi GSLB automated failover redirects user traffic to DR sites or healthy locations when sites become unavailable, protecting applications from unexpected outages without manual intervention.
  • Secure Elastic Fabric: Automatic provisioning and dynamic scaling of Avi and vDefend matches microservices velocity. Infrastructure scales transparently with application demand.

Frictionless Migration to VKS

  • Modernize on Your Schedule: Avi’s Multi-Cluster Kubernetes Operator (AMKO) enables seamless workload migration from other Kubernetes platforms to VKS, supporting modernization timelines that align with business priorities.
  • Risk-Free Cutovers: Weighted traffic shifts allow testing new environments before full commitment, ensuring seamless end-user experience during migrations. This phased approach reduces risk and enables confident platform transitions.

Moving Forward

Managing and securing Kubernetes shouldn’t require juggling disparate vendor products. VMware Avi consolidates Layer 4 and Layer 7 load balancing, GSLB, WAF, DNS, and IPAM into a single software-defined solution. VMware vDefend provides zero-trust lateral security for VKS workloads. Both advanced services deliver a consistent operating model across VMs, containers, and AI environments on VMware Cloud Foundation.

We’re seeing strong momentum in VKS adoption as enterprises recognize that production Kubernetes requires more than orchestration. It demands purpose-built application delivery and comprehensive security integrated into the platform foundation. By leveraging Avi and vDefend for VKS, organizations gain a production-hardened Kubernetes environment on VCF private cloud that delivers the velocity developers need with the security and operational simplicity enterprises require.

This integrated approach represents our strategic investment in enabling customer success with VKS. The architecture scales. The operations simplify. And the results deliver measurable business value.

Additional Resources


Discover more from VMware Cloud Foundation (VCF) Blog

Subscribe to get the latest posts sent to your email.