by: VMware Director, Solutions Engineering Swapnil Hendre and VMware Staff Solutions Engineer John Tompkins
VMware customers often ask us what IT uses to manage networking and security in our private cloud. We answer that VMware vRealize® Network Insight™ is our secret to success. It helps us build and manage a highly available and secure network infrastructure across our private cloud.
More importantly, the tool accelerates micro-segmentation deployments and minimizes risks when implementing an application. Below are two uses cases describing how we use vRealize Network Insight to fully leverage the benefits of NSX Data Center.
vRealize Network Insight for Micro-Segmentation
As part of the micro-segmentation planning process, we enable the discovery and capture of all source and target system IP addresses and port numbers, including those connecting to and from the application. IT calls this the “application discovery process.” It’s a critical step that precedes pre-production testing.
Prior to vRealize Network Insight, the application discovery process was performed manually, which was very time-consuming. In some cases, this manual approach significantly delayed our micro-segmentation deployment.
Using vRealize Network Insight to provide east-west traffic analytics support right out of the box makes planning very efficient. The tool helps model security groups and firewall rules prior to implementing micro-segmentation and monitors compliance postures over time. Placing the flows in the context of the VMs and applications (originating from / terminating to), we can easily see what traffic to allow and what to block. The result is a highly accurate micro-segmentation model.
Throughout the implementation of the micro-segmentation process, we use vRealize Network Insight to control and track our virtual distributed firewalls. This provides a significant advantage when it comes to meeting audit and compliance requirements.
The screenshots below illustrate micro-segmentation planning and implementation using vRealize Network Insight.
Using vRealize Network Insight for Day 2 Operations
We also use vRealize Network Insight to manage our private cloud. Currently, it’s monitoring more than 200,000 VMs running on more than 3,000 ESXi hosts. These numbers will increase over time as the private cloud expands.
vRealize Network Insight provides operational visibility across the virtual and physical aspects of the private cloud. Because of its deep integration with NSX Data Center and the physical layers across our private cloud, vRealize Network Insight assists in both troubleshooting and optimizing NSX Data Center performance.
vRealize Network Insight alerts our Cloud Operations team of any deployment issues and provides IT teams added visibility into issues that would have been previously considered “black holes.” We can resolve many NSX Data Center issues before they need to be escalated to our networking experts. vRealize Network Insight pinboards are used for sharing information among teams to streamline troubleshooting and shorten the mean time to resolution. As a result, IT can manage and scale its NSX Data Center deployments on a much faster timeline.
The screenshot below illustrates the type of information vRealize Network Insight provides. It shows the path from a VM named “failover-test-2” to the Internet through the NSX Data Center network. This is an example of what we can view. In addition, our environment includes network hops and an Internet firewall that are not managed through this specific vRealize Network Insight instance but are integral to securing our infrastructure.
Faster, Better Analysis
vRealize Network Insight plays an integral role in our NSX Data Center deployments by providing an analytical toolbox for IT, especially when it comes to best practices for deployment and security compliance. It helps us enforce consistent application security and networking policies across our private cloud.
NOTE: vRealize Network Insight is also available as a VMware Cloud Service (full-scale and feature parity with on-premises deployment). To give it a test drive in the VMware Hands-on Labs, click here.
VMware on VMware blogs are written by IT subject matter experts sharing stories about our digital transformation using VMware products and services in a global production environment. Contact your sales rep or firstname.lastname@example.org to schedule a briefing on this topic. Visit the VMware on VMware microsite and follow us on Twitter.