Another quarter, another vRealize Network Insight release! With version 6.2 generally available for on-premises and Cloud, we have some major news features coming in. Let’s dig in!
Flow-based Application Discovery
We’ve talked about Flow-based Application Discovery before, and it was already available on vRealize Network Insight Cloud. With version 6.2, we’re releasing it for the on-premises instances, with a ton of added functionality. There’s a deep dive available in a previous blog post, but here’s the gist of it.
Application discovery is crucial to understanding your application landscape. Sometimes documentation isn’t up to date, or there are multiple sources where applications are documented (CMDB, tags, naming conventions, wikis, etc.). vRealize Network Insight aims to centralize the applications about discovering them from all these sources to monitor, troubleshoot, or even migration these applications. But what if you can’t trust your documentation? This is where flow-based application discovery comes in.
Flow-based application discovery uses the network traffic that vRealize Network Insight records to determine application boundaries using a machine learning algorithm. It learns from the traffic what workloads are in your applications and categorizes tiers of similar behaving workloads. The result of the discovery is simply a list of applications with VMs in their tiers, which you can save to the system and start troubleshooting, monitoring, or planning the security of your apps.
In the previous releases, flow-based application discovery would name the applications and tiers based on common denominators in the VM names. You can now use a combination of VM names, tags, security groups, or security tags. The application name and tier name can use different methods if these are in different places. You can even upload a CSV file that maps the application and tier names to workloads.
Customizing the naming process makes it quicker to save the results, as you won’t have to rename the discovery applications when saving them.
Dynamic Application Updates
Modern applications are dynamic. New deployments happen periodically, tiers get resized based on the number of visitors they receive, and we, as infra-admins, need to keep up. Flow-based application discovery runs continuously and automatically discovers changes to the applications. Whether new VMs have been deployed to or removed from the application, vRealize Network Insight will detect it and tell you about it.
Changes are presented clearly, listing all added, removed VMs and/or tiers. Accepting the changes is as easy as clicking the Update button.
VMware Cloud on AWS
vRealize Network Insight 6.2 is also a monster release for our VMware Cloud on AWS integration. Maybe you’ve seen the recent release of the SDDC Groups and VMware Transit Gateway, which is a great way to scale out the number of SDDCs while keeping them interconnected in an easy way. These features add more networking components to the cloud, and you need to be able to monitor and troubleshoot these when things go wrong. Therefore, SDDC Groups and the VMware Transit Gateway are now supported within vRealize Network Insight!
SDDC groups are relatively straightforward; they are logical groups of multiple SDDCs. Then the VMware Transit Gateway (VTGW) connects those SDDCs. New dashboards are added that illustrate the most critical network and security aspects. Like this SDDC group dashboard:
Easy access to inventory like connected SDDCs, AWS VPC Attachments, Direct Connects, all the way to insight into traffic flows. The Flows widget has details around traffic going between SDDCs, SDDCs to AWS VPCs, and internet traffic.
If you dive into the VTGW dashboard, you’ll find traffic details for that specific VTGW, the attached routing tables, AWS VPCs, SDDCs, and their properties; region, AWS ID, VMware Cloud organization, things like that.
The last thing that I want to talk about in relation to VMware Cloud on AWS, are the new out of the box configuration maximum alerts. Using the VMware Configuration Maximums, vRealize Network Insight 6.2 and above will keep an eye out for you and prevent you from hitting those limits.
Note: Depicted limits are decreased from the regular limits to trigger the alerts
Monitored configuration items are:
- Policy-based IPsec VPN tunnels
- Network Segments
- Management Gateway Firewall Rules
- Compute Gateway Firewall Rules
- Security Groups
- Distributed Firewall Rules
- Direct Connect Virtual Interfaces per SDDC
Google Cloud VMware Engine (GCVE) Support
Following Azure VMware Solution recently, we now also completed the certification process for Google Cloud VMware Engine! From vRealize Network Insight 6.1 and above, you can add GCVE with the VMC on AWS – vCenter data source and NSX-T Manager data source. Similar to AVS, this is because of the permissions giving by Google to the vCenter. We will rename these data sources in a future version to avoid confusion.
All functionality of vRealize Network Insight will work on GCVE, but here’s a snapshot of what we’ve explicitly tested:
- Application Awareness: Discover, Plan Migration (Migrate using HCX) and Day 2 Operations
- Security: Flow Visibility, Planning, and Recommendations
- Alerts and Analytics: Proactive Alerting, Top-talkers, Outliers, Dynamic Threshold, Flow RTT/Rx-Tx metrics
- Dashboards: NSX-T Manager, vCenter, Hosts, VMs, Applications, and more.
- Hybrid Network Troubleshooting:
- Inter SDDC Path
- SDDC Path to Internet
- On-prem to SDDC over Policy-Based VPN via NSX
Thresholds on Switch Metrics
The last big topic I’d like to cover is new threshold types to monitor network device health. vRealize Network Insight already monitored the switch port usage and alerted when there was saturation. Now, network device utilization is also available.
When you create a threshold, you can select Switches or Switch Ports and set a boundary on memory usage or CPU usage for switches, or traffic rate, packet drops for switch ports.
Do you want to get a notification when your switches go over 80% of memory utilization? Or when a switch port goes over 80% traffic? vRealize Network Insight 6.2 has got you covered.
There’s too much goodness in 6.2 to go through in this post, but I wanted to highlight a few more:
- New 20-second granularity for vCenter metrics for deeper troubleshooting.
- New 5-minute polling interval for NSX-T to get metrics faster.
- Support for Cisco ASR 9k switches.
- MPLS Routing support in the Network Map topologies.
- Distinct learned routes via BGP.
- Comments on NSX-T Distributed Firewall rules are now shown.
- Public APIs to manage pinboards.
vRealize Network 6.2 and vRealize Network Insight Cloud dropped a ton of new features, but this is not all! For the complete list, check out the release notes.
If you’d like to see vRealize Network Insight 6.2 in a single view, including other resources, Karthic Kumar, Technical Product Manager, put together the below 6.2 poster. Click to download: