vRealize Network Insight 3.6 (vRNI) and Network Insight Service include a number of powerful new features designed to provide enhanced visibility for physical network switches. Network Insight also allows you to leverage your physical switch NetFlow data for micro-segmentation planning. Additionally we have added a flow analytics capability, a new AWS security group and firewall troubleshooting dashboard, Public REST APIs, additional device support, and support for NSX-T.
Collecting NetFlow data provides greater visibility of flow traffic without the need to use a Virtual Distributed Switch or NSX. NetFlow versions 5, 7, 8 and 9 are supported. Nexus 1k support is also included with this option. Simply add your switch as a datasource, configure NetFlow on the target device, and you are in business. If you’re unfamiliar with enabling NetFlow support, we have provided sample switch configuration instructions in the Network Insight documentation. You can also add DNS, subnet, and VLAN information to enhance the source and destination IP details included in the flow data. As with previous versions, detailed flow data is available within the flows UI. The screenshot above shows the resulting flow details that are available once the capability is fully configured. Additionally, there is the option to filter results based on the flow type, including physical-physical, VM-physical, and destination-physical.
For security Flow needs, the flow data is available to assist with micro-segmentation planning. If the goal is to use NetFlow data for micro-segmentation or to facilitate application security, physical flows are easily displayed once you choose a scope. In the example above the scope is set to group by VLAN/VXLAN and physical. The resulting analysis show NetFlow details between defined VLANs and the dotted line around VLAN segments tells us the associated entities are physical devices.
The new Flow Analytics dashboard shows information in a Top-N format and chart format, making it easy to spot heavy utilization of the network and outlier behavior. A frequent request is the ability to see top talkers and elephant flows in an environment. With the new flow analytics capability, Network Insight shows how entities are communicating, including new VMs on the network, new services, new firewall rules and blocked flows.
There’s also the ability to customize the data points in the Outliers chart to suit your needs. You have the option to choose outlier entities such as a VM, Cluster, L2 network, port, and service endpoint and several more. Understanding outlier behavior gives you the ability to rapidly understand where issues may be present, that require your attention.
Network Insight expands AWS integration with a new widget, which shows security group and firewall configurations across AWS instances. Choosing a VPC scope will display communication between security groups in AWS. This capability allow you to quickly view firewall rule configurations and spot gaps in your security posture. For example you can easily determine at a VPC level where one sided rules are misconfigured or whether ANY rules are in place when they shouldn’t be. Additionally, GovCloud support is now available to leverage the unique security requirements inherent to that AWS offering.
Public REST APIs are available and offer a truly extensible experience for workflow and data access scenarios. The API can be used to query object information, create micro-segmentation plans, build application and tier definitions, add data sources, and leverage firewall recommendations. The json output can be used in any number of scenarios. Only your creativity need limit the usefulness of this feature! For example, the firewall recommendations generated can be pulled from Network Insight and used to create firewall rules in NSX, AWS, or your firewall of choice with minimal effort. These firewall recommendations are based on the observed flows from your environment, including flows traversing your VDS, NSX, and physical switches.
Network Insight has offered a scale-out cluster capability for over a year. With the release of 3.6, we now provide the ability to add up to ten nodes to a cluster instance. This increase in scale will allow large organizations to fully monitor flow traffic traversing their overlay and underlay networks.
The newest release offers unparalleled capabilities to build, secure, and manage your network environment. Make sure to upgrade today or try out Network Insight from our Cloud Services webpage!