vNIC

Virtual Networking Innovation Community

Why is Network Insight so hot?

The short answer is: Usability

And there is so much more to talk about it. The network virtualization layer mainly addresses the East-West traffic, so the Traffic IN our datacenter. We do have different scenarios: On prem Datacenters, logical Datacenters, Cloud Datacenters. With all that different kind of datacenter networks we do have basically connectivity through physical and virtual networks.

From an troubleshooting point of view it’s a network. Network Insight enables visibility across virtual and physical networks. From a developing perspective it was made to understand the communication from applications with the goal to plan security (Microsegmentation). To be more specific: Plan the least privilege security for your Datacenter.

Because it is a management software which is placed for Day 0 visibility and Day 2 operations it’s a part of the vRealize Family, so it’s call vRealize Network Insight (for the on Prem world). With our fast growing cloud services with have also a service in the Cloud (SaaS) called “just” Network Insight (NI).

vRealize Network Insight (vRNI) provides visibility and information on numerous entities that are part of your data center (hosts, virtual machines, storage, vlans, vxlans, ports, any many more) and the relationships between them. It is a combination of configuration data, entities and flows. This combination give us the possibility to create a new space of visibility. The more specific information is available, the better is the communication between departments. vRNI is not a network management suite exclusively, it neither a planning security suite. It’s build to understand communication and how the resources are used - for application which are running on the infrastructure. Following departments at our customer are using vRNI typically: Developer/Application owner, Virtualization, Network and Security.

Usability

It is not necessary to bind resources to use that product. It does not matter, if you are in a project, out for four weeks or even have no time to use it more. It is so easy to use, that you use it anytime. Of course, if your are use it more in detail, I’m sure you will get more out of it.

The search bar is similar to google and you can use operators to combine or define search elements:

  • Combine: and, or
  • Compare: = / like, != / Not like, <, >
  • Define: where, of
  • Arrange: order by, group by, asc, desc, limit
Click-Command

Almost everything which is green, should animate you to click deeper. The good thing is: Everything that you will click on, is a command. The command is visible and this gives you the opportunity to save this command (for the next time) or understand the power behind the search bar and using commands itself.

Example 1: Communication by port

The planning security section includes Dashboards. It’s easy to click on information to get more specific information. We want to have an overview who is using SSH in my environment. I tried to use the Dashboard and group the ports - and see following command/dashboard.

command: plan security in last 30 days



The overview here is good, at a customer we got a lot of results, too many to be honest. That’s why I need to use the search bar and just typed: flows by port=’22’ (we wanted to see telnet originally - but here we do use ssh to get results)



Which brings me to use the search bar even better with that:

command: flow where port = 22 order by Destination IP Address asc



Example 2: Software version (Hypervisor)

A customer started with vRNI and wanted to install NSX later, prepare the environment and understand the datacenter communication was the beginning. This gave us the opportunity to get an overview: Which versions of ESXi’s are in place: host group by OS

command: host group by os



The possibilities here are huge!

Data:

How do we collect those information? We are using configuration data and flow data for different devices (see Supported Products and Version) and call it Data source. These range from your vCenter, NSX installation to physical devices such as Cisco, HP, Checkpoint, Palo Alto or Cloud Services like AWS.


Supported Products and Version:
https://docs.vmware.com/en/VMware-vRealize-Network-Insight/3.8/com.vmware.vrni.install.doc/GUID-4BA21C7A-18FD-4411-BFAC-CADEF0050D76.html

We do have two virtual appliances. One is collecting data (vRNI proxy) and the second one is the Frontend/UI (vRNI platform). It is simple to start, you need to enroll these two OVA Appliances, add sources (flow within the vCenter will be enabled via API), wait a bit and that’s it. In one hour (in most cases) you are up and running.

We do support collection Flow-based data from physical switches/routers as well. This gives you the possibility to get more out of vRNI and your data.

The overview of your East-West Traffic:

We do normally say that 80% of the traffic is East-West. Every customer may have another business model and uses the infrastructure differently. That’s why you should get in touch with vRNI and understand how much East-West traffic you are using. You can go deeper into that numbers and see if you have switched or routed traffic, you can easily analyzes the flow within segments (VLANs, Clusters, IP Subnets, Datacenters) and understand the communication within your datacenter. That’s helps you by the way for a communication matrix, if you are planning a zoning/segmentation concept or that’s why I call it: day 0 visibility


Why is that important?

For security: Understand and planning security. A lot of internal traffic, traffic that is not protected or needs be protected. It’s a part of the least privilege - to allow what’s really necessary.

For network: Understand, troubleshoot and design the Datacenter infrastructure. How is my infrastructure being used? Are IP addresses/subnets being used that I am not aware of?

For virtualization:Capacity planning, how are my resources used and which applications are communicating a lot

For developer/Application owner: To understand that a server is even more communicating with infrastructure services than the application itself. To be aware about security and communication within the infrastructure.


How-To start:

You can download vRNI by yourself and do an assessment: Evaluation for 30 days, generates PDF reports to get an overview about your environement:

VMware Virtual Network Assessment (part of vRealize Network Insight) analyzes network traffic patterns within your data center. In 24 to 72 hours the assessment delivers:

  • Insights into the amount of East-West traffic in your network, which represents security risk
  • A preview of actionable NSX micro-segmentation recommendations for your network
  • Opportunities to optimize network performance with NSX As part of the 60-day free trial, once you’ve completed the assessment, you can toggle over to see the full dashboard and capabilities of vRealize Network Insight.

Network Insight Assessment: https://my.vmware.com/web/vmware/evalcenter?p=virtual-network-assessment


Want to see more of vRealize Network Insight? Good, please use the commands - more updates are to come.

Comments

Please sign in to comment!