vRealize Network Insight

Now Available: vRealize Network Insight 6.0!

We are incredibly excited to announce the availability of vRealize Network Insight 6.0, as of today. The announcement blog has a high-level overview of the new capabilities, and we’ll take you on a deep dive into the technical features in this post. Buckle up; it’s going to be a wild ride.

Because we’ve got so much to cover, here’s an index of topics in this post:

Let’s dive in!

New Charts & Graphs

Let’s talk about this first, as they will become your best friend. There is an entire new charts and graphs system in vRNI 6.0. These make it a lot easier to correlate different metrics with each other, get visibility on the right time window, and even see if there are network or security events triggered related to the issue you are troubleshooting.

All single metric charts (like network rate, flows, CPU usage, etc.) are updated to be cleaner and more interactive:

New Charts & Graphs

New is the ability to add multiple metrics into a single chart and correlate them on the same axis. These will be available on dashboards like the VeloCloud Enterprise, NSX Manager, Kubernetes Service, VM dashboards, and more.

Apart from adding more metrics to the same chart, you also can add multiple charts on the same page. This is extremely useful when you’re correlating multiple metrics for numerous devices, such as packet and flow metrics for multiple SD-WAN Edges, as seen here:

Multiple charts in a single view

Depicted above are two charts, one focused on flow packet counts, and the other focused on flow traffic. They both have 9 SD-WAN Edges selected, so the lines in the chart represent those individual edges. Notice the red dots? Those are the events that vRealize Network Insight is detecting on the SD-WAN.

Hovering over these charts will give a lot more detailed information about the metrics:

Chart tooltip with more details

The tooltip presents the legend, allows you to hide devices from view for a clearer picture, and includes the detected events on each device.

Network Assurance and Verification

This is the crown jewel of 6.0. While vRealize Network Insight already had a lot of data and information about the physical and virtual network devices, the new Network Assurance and Verification capabilities take it to a new level.

With this, we go from a VM-focused network view to a network-wide view. There’s a new complete map of the network; consider it to be the up to date Visio drawing of your network. We’ve extended the already existing VM to VM paths and make it possible to draw network paths between different switches, VLANs, router ports, and many more network components.

Besides this network-wide view, there’s also Intent Verification. These intents will check consistency throughout the entire network for configuration best practices, and you can even define your own intents.

We will have future publications (stay tuned!) around the Network Assurance and Verification topics, but I’d like to give you a quick introduction. Two main features make up this capability:

Network Map

Via the menu called Paths and Topology, you can find the Network Map. This page does exactly what the title says; it presents you with a network map with the network state.

Dynamically generated network topology map

In the background, vRealize Network Insight creates a network snapshot with all devices that are added as a data source and maps out the network topology by looking at the connections in the network. The result is an interactive map, which can be used to decipher network topologies, take device inventory, be alerted of problems with network devices, scroll back in time to see the topology of last week, and plan for upcoming changes.

The Paths feature is particularly impressive. You can not only look at VM to VM paths, but also vSphere host to host, or VLAN to VLAN, or host to a router, NSX-T logical router to physical router; the possibilities are endless.

Here’s an example of a path between two vSphere hosts:

Graphical user interface Description automatically generated

Notice the path details on the left side. The network snapshots’ beauty is that our mathematical calculations within that network snapshot result in all possible paths.

In other words: the network map can tell the difference between an actively used path and a redundant backup path and even paths that are blocked by misconfigurations (for example, a missing VLAN on a switch port).

There’s a lot more to the network map and the path feature; stay tuned for a future deep dive.

Intent Verification

With the network topology now fully visualized, vRealize Network Insight 6.0 uses that data to check the entire network for configuration best practices. Instead of focusing on low-level config checks (“is this specific port configured correctly?”), we abstract these best practices to a higher level, called Intents (“are the ports in the entire network configured correctly?”).

Graphical user interface Description automatically generated

There are out of the box (system) intents, and you can also define them yourself. The system intents will check the network for things like Port-Channel misconfiguration, VLAN mismatches, duplicate IPs, network loops, and more. They are enabled by default, and you’ll see if your network has any issues right away.

Trunk VLAN Mismatch event

In the above screenshot, you can see an example output of the Trunk VLAN Mismatch Intent. The intent is globally defined, but the event is triggers is extremely specific. It tells you which switches and ports are misconfigured, and even shows the list of VLAN IDs so that you can add the right VLANs.

User-Defined Intents are customizable. Pick only a part of your network (i.e., a specific tenant) to get alerts for or go for the reachability and segmentation intents to make sure certain parts of your network are always able to reach each other or make sure they are segmented from each other.

Stay tuned for more on these intents in a future post with a deep dive into Network Assurance and Verification.

VMware SD-WAN by VeloCloud

Continuing to provide more and more insights into the VMware SD-WAN by VeloCloud solution, vRealize Network Insight 6.0 adds flow latency metrics to SD-WAN traffic, hop-by-hop tunnel health visibility, and a new ISP dashboard.

Let’s start with the hop-by-hop tunnel visibility, as this is a big deal for troubleshooting on the SD-WAN. Traffic inside the SD-WAN can traverse different paths; it could go edge to edge directly, via a hub, or via a gateway. How do you know which part of the path is the problem, if you can’t get a hop-by-hop picture? You can’t.

That’s why there’s this new widget on every SD-WAN Edge dashboard:

SD-WAN hop-by-hop tunnel visibility

Focusing on the Bangalore, IN, Branch, this edge to edge tunnel topology displays a web of communication that’s occurring on the SD-WAN and shows which tunnels are health and which are not. It also shows you the Quality of Experience scores on each tunnel when you hover over a connection.

Hopefully, your SD-WAN looks a lot better than our demo setup. 😉

We’ve also added an unambiguous representation of which paths traffic is taking through the SD-WAN:

SD-WAN Edge flow visibility

This new flow visibility widget shows precisely how many traffic flows (and which) go to the internet or other branches, and which route it takes to get there. You can filter on client IPs, applications, flow paths, and even destination SD-WAN edge. Click on any part of the chart to dive deeper into the actual flows.

With the new ISP dashboard, it’s easier to find Internet Service Provider issues. On this dashboard, everything related to the ISP performance is listed. From which edges make use of this ISP, to the network traffic, the latency, packets per second, to the applications traversing this ISP.

SD-WAN ISP Dashboard

Quickly determine whether there is a widespread outage at a specific ISP? Check!

VMware HCX Integration

Our customers use vRealize Network Insight for application migration planning, and VMware HCX is used to make those migrations happen without downtime. You could say it’s a combination made for migration-bliss.

Using the vRealize Network Insight application discovery process to discover the application landscape, utilizing the network analytics to form migration waves, and then importing those migration waves into VMware HCX as Mobility Groups to run the migration, makes for a smooth ride.

vRealize Network Insight 6.0 takes it a step further and allows you to monitor the health of VMware HCX L2 Network Extensions during the migrations. I’ll cover this integration in an upcoming deep dive post; the executive summary is that network extensions are key for a simple migration, allowing VMs to keep the same IP when migration them. These extensions need to be monitored, as they can cause terrible headaches if you push them too far.

When you add VMware HCX (R140 and above) as a data source, vRealize Network Insight reads out the L2 Extension configuration from HCX and starts to match traffic flows to those extensions. You can find out which traffic flows are going over the extensions, how much traffic one extension or one HCX network extension appliance is enduring.

VMware HCX L2 Extension visibility

The above screenshot displays traffic flows going over L2 extensions, grouping them by the network, and providing you with a clear overview of which extended network is consuming how much traffic. This information can be used to keep an eye on the throughput, latency performance, and even determine whether an L2 Extension can be removed (after the migration is finished).

vRealize Operations Integration

Continuing with integrations, here’s another one! We already integrated vRealize Network Insight 5.3 and vRealize Operations 8.1, and vRealize Operations receives network & security events from vRealize Network Insight. Using those network events, you can determine a VM or vSphere host is having network issues and use the Launch in Context action to open a new window into vRealize Network Insight, with the specified VM dashboard.

We’ve enhanced the integration in a couple of ways. First, the Management Pack is now natively baked into vRealize Operations 8.2. You don’t have to install it anymore, it’s already there.

Second, vRealize Operations now ingests the applications that vRealize Network Insight has discovered in the network. Based on actual traffic going through the network, application boundaries are discovered and then passed onto vRealize Operations.

vRealize Operations - Application tree

vRealize Operations then correlates those applications and VMs to the compute, storage, and application monitoring and troubleshooting data that it already has. The end-to-end monitoring experience is getting better and better!

VMware Cloud on AWS

With a release of VMware Cloud on AWS, the embedded NSX-T implementation is tracking network traffic latency. If it’s tracked, vRealize Network Insight can use it!

For all network flows coming in and out of VMC on AWS, the round-trip-time latency is tracked. They will show up in the regular places, the Network Performance chart, where you can get an overview of how the flows are behaving (and highlight any abnormal flows).

Flow latency global overview

The latency metrics are also available inside the granular flows if you want to see how the latency was progressing during a specific flow.

Configuration Backup & Restore

Until now, the backup procedure of the platform appliances meant shutting down the VMs and using a snapshot-based backup solution. With vRealize Network Insight being a critical part of the monitoring stack, many customers opted not to create these backups (which generated a new risk).

I’m happy to announce that vRealize Network Insight 6.0 has a new configuration backup and restore feature, which allows creating backups on the fly without shutting down anything.

It can be used as an incidental backup or a regularly scheduled backup. Most of the configuration is included (like data sources, users, system settings, and user-defined events), and the backups can be sent to an FTP or SSH server.

If you lose the platform appliance for some reason, it’s now possible to restore a backup to a new, cleanly deployed platform.

Conclusion

vRealize Network Insight 6.0 is a major evolution in the area of network & security monitoring and troubleshooting. We will be unpacking some of the blockbuster features more soon. I haven’t even talked about the smaller features that will bring you joy, like being able to look up the search used on a pin. You can find all changes in the release notes, and the upgrade bundle here.

This is a major version release and it requires a new license. Be sure to upgrade your license in My VMware from 5.x to 6.x, before you start the upgrade.

Enjoy, and stay tuned for more deep-dive posts on this massive release!