vRealize Network Insight

Persona Based Pinboards in vRealize Network Insight

VMware vRealize Network Insight can be a great visualization tool to simplify network & security operations for virtual, physical and cloud environments. Because Network Insight correlates all aspects of your environment together, it can be used as a monitoring and troubleshooting tool across multiple disciplines. These disciplines, or personas, all want different bits of data displayed prominently and have different reports about either the virtualization, security or network infrastructure. This blog post goes into how to create custom pinboards to cater to the different personas for the vSphere, network, and security administrators.

Network Insight has a number of entities representing the data center. For example; virtual machines, vSphere hosts, AWS EC2 instances, physical switches, firewalls, and so on. Every major entity has a specific dashboard displaying important information about that entity. A dashboard has multiple widgets that displays insightful information about the entity. For entity searches (such as VMs), the results are displayed in a list view. Clicking on the result takes the user to the specific dashboard for that entity. Each of these widgets and results has a pin icon, meaning they can be saved to a custom pinboard.

You can create their own pinboards in Network Insight and can be created to suit specific monitoring and information visualization needs.

Let us go through a few examples of users that have different monitoring needs. Namely, the vSphere Administrator (VI), Network and Security Administrator

Creating a Pinboard

The simplest way to create a new pinboard is by clicking on the “pin” shapes on any of the widgets as shown below:

Count of VMs

Create a new Pinboard

Select ‘Create New Pinboard’ and give it an appropriate name. A best practice is to put only the required or related set of pins on a pinboard. Multiple pinboards can be created for different monitoring requirements. Once a pinboard is created, it can be configured to refresh itself periodically. Enable auto-refresh as shown below:

Enable auto refresh

Following are the example pinboards of the three user personas (vSphere admin, Network admin, Security admin)

vSphere Admin

On this dashboard, we will be putting information pertaining to the health of the vCenter.
Let’s begin with the count of entities. These numbers can also be segregated per vCenter.

    1. Count of vms [where vcenter = xxx]
    2. Count of hosts
    3. Count of datastores
    4. Count of flows
    5. Count of vMotion Event

These widgets all return a number and will be seen as:

Numbered widgets

Next section can have information related to problems identified by Network Insight

  1. problems [where manager = xxx]

Next section can have top usages pins:

  1. Top 5 hosts by Memory Usage
  2. Top 5 hosts by CPU usage
  3. Top 5 Datastore by RW IOPS
  4. Top 5 datastore by Used Space Percent

Next section can have all widgets related to vMotion:

  1. VMotion Event group by anchorEntities (search results all vMotion’ed VMs)
  2. vmotion event group by currHost.name (group no of vMotion events by hostnames)
  3. vmotion event group by currHost.cluster (group no of vMotion events by cluster)
  4. bytes of flow where port = 8000 and Flow Type = ‘Source is VMKNIC’ and flow type = ‘Destination is VMKNIC’ (volume of vMotion traffic)

Next section should have the information related to the health of VMs

  1. vm where not in (vm where Power State = ‘POWEREDON’ in last 30 days) (VMs that are not powered on in last 30 days)
  2. vms order by Snapshot Count
  3. Max latency of VMware VM
  4. cpu cores of vm (at times people are shocked to see such high powered VMs)
  5. Active Memory of VMware VM

Network Admin

Section with top n:

  1. sum(bytes) of flows group by vm
  2. Top 5 vms order by Rx Packet Drops
  3. Top 5 switch ports by Network rate
  4. sum(bytes) of flows group by L2 Network (Top L2 networks by flow volume)
  5. sum(bytes) of flows group by port (Top ports by flow volume)
  6. sum(bytes) of flows group by Service Endpoint (Top service endpoints [Dest IP, Dest Port] by flow volume)
  7. flows where flow type = ‘Multicast’ group by Source IP Address (Top sources sending multicast IPs)
  8. switch ports where Max Network Rate and vendor = ‘VMware, Inc.’ (traffic on physical nics of ESXi as reported by vCenter)

Top 5 switch ports by usage
3. Top 5 switch ports by Network rate

Next section can have widgets related to traffic flow.

  1. sum(packets) of flows group by cluster order by max(Bytes) where Dc = ‘xxx’ (Total traffic flowing through DC as reported by netflow DVS)

Security Admin

Search for ‘security’ [as shown below], it will give security dashboard w.r.t. NSX-V. There are widgets which give important numbers regarding the security posture of the data center.

Security pinboard

NSX Firewal VM exclusions

It also has important things like:

  1. Data center machines accessed from internet
  2. Internet services accessed by data center machines
  3. Unused firewall rules
  4. Virtual machines that are excluded from firewall
  5. Unused security side entities

NSX Unused entities

Click on the pin icons for these widgets to get them on security admin pinboard.
There is important information available in flow analytics dashboard which can be added on to this dashboard.

Flow analytics

Once you click on “Flow Analytics”, refer “Whats New” section as:
Flow analytics will give statistics of all flows that are selected by the search. This gives the ability to have these analytics widgets defined for different flow queries.

Flow analytics - What's new

Along with traffic that is sent to and from internet, it also has widgets like new firewall rules that are hit in last 1 day and new services [IP, Dst Port pair] which has blocked [information that is received from NSX-V] flows.

These queries can help in finding out how dense or sparse are defined as security groups, ipsets, firewall rules:

    1. vms group by Firewall Rule
    2. vms group by security groups
    3. vms group by ipsets
    4. vms group by ipsets, security groups (this gives a nice list of VMs that are present in same ipset and different security groups and vice versa. You can select any specific ipset or security groups from the filters)

Group by IPset and Security Group

Conclusion

Using pinboards you can create a personalized dashboard with all the information you need to do a review and monitor specific parts of the infrastructure. Creating multiple pinboards for multiple personas is extremely easy and customizable, and brings instant value to either morning checks, troubleshooting procedures or to a monitoring dashboard in a big screen in the NOC.

 

Try VMware Network Insight free for 30 days.

 

This post was co-authored by Ashutosh Kulkarni and Nikhil Palshikar.

Comments

4 comments have been added so far

  1. This article was AWESOME. Is there a limit to how many of these searches I can put in one dashboard? I started placing them all in one and it seems I reached a limit.

    1. Thanks, Matthew! There is not a defined limit of the number of widgets, but we recommended to keep in the range of 15-20. Otherwise, the pinboard will also become too big.

      1. Hey Martijn, Dave Glading (VMware) said you were coming out with a book on vRNI, can’t wait! I wrote a book back in 2010 for the release of vSphere with Scott Lowe and Jase McCarty, so I know what that is like.

        I tried to put many of the above queries into one dashboard, and it got to the point where it wouldn’t let me organize new widgets to the bottom.

        Anyway, I am tasked with putting together an audit of our NSX environment and I need a comprehensive list of procedures to use for an audit. What would that complete list look like if you wanted to be certain to cover all the important things not just for an auditor but for your organization to succeed?

Leave a Reply

Your email address will not be published. Required fields are marked *