Author: Karthic K

How to Integrate vRNI with VMC

In this blog post, we’ll see how to integrate VMC (VMware Cloud on AWS) instance to vRNI as a data source.

Supported Versions:

  • vRNI 4.0
  • VMC Datacenter with build version above M5P2 

Process:

  • Step1: Open all required firewall rules
  • Step2: Create required permissions / CSP refresh token
  • Step3: Add VMC vCenter : Login to vRNI –> Settings –> Accounts and Data sources –> Add Source –> Under Public Clouds –> Select “VMware Cloud on AWS(vCenter)
  • Step4: Provide IP Address of the VMC vCenter & Cloud admin credentials –> Click on Validate
  • Step5: After successful validation –> Provide Nickname(For identification) and Click Submit
  • Step6: Add VMC NSX manager: Login to vRNI –> Settings –> Accounts and Data sources –> Add Source –> Under Public Clouds –> Select “VMware Cloud on AWS(NSX Manager)
  • Step7: Select VMC vCenter and Collector: Enter IP address of the NSX manager and put CSP Refresh token– > Click Submit
  • Step8: Allow few hours (usually 24 hours) to collect data from VMC vCenter and NSX manager

References – Documentation Links:

  • Adding VMC vCenter as a Data Source: https://docs.vmware.com/en/VMware-vRealize-Network-Insight/4.0/com.vmware.vrni.using.doc/GUID-5644520F-3D7B-40EA-8CFD-B1D8F98C0C0B.html

How to Get vCenter IP and credentials for vRNI

Login to VMC : https://vmc.vmware.com

Welcorne to 
VMware Cloud Services

Select VMware Cloud on AWS

Select your desired SDDC (Incase you have more than 1)

AWS 
Software-Defined Data Centers (SDDC) 
83 GHz 
512 GB 
Storage 
10 TB 
SXT 
83 GHz 
Mem 
512

Click on Settings to get IP address & Credentials:

PRD-NSXT-M5P2-
  • Adding VMC NSX Manager as a Data Source: https://docs.vmware.com/en/VMware-vRealize-Network-Insight/4.0/com.vmware.vrni.using.doc/GUID-324354BB-6292-4F6E-A65C-8275097D0A7A.html

Deployment considerations:

vRealize Network Insight supports the following deployment models for VMC: 

  • Collector deployed in VMC: 
    1. In this deployment model, the collector is deployed as a workload in Compute Gateway in VMC. The platform is deployed in the SDDC on-premises version. 
    2. The firewall rules of Management Gateway allow communication to VMC vCenter and VMC NSX Manager over HTTPS. 
    3. The collector communicates to the platform using the existing communication mechanisms over VPN or Direct Connect. 
  • Collector and Platform deployed in the SDDC on-premises version 
    1. In this deployment model, the collector and the platform are deployed in the SDDC on-premises version. 
    2. The firewall rules of Management Gateway allow communication to vCenter and policy using HTTPS over VPN. 
    3. The VPN connectivity between SDDC (on-premises or SaaS version) and VMC allows data to be fetched by the collector. 

The prerequisites for the above deployment models are: 

  • There should be connectivity between the platform or collector (on-premises) and VMC SDDC. It could either be over VPN or DX if the vRealize Network Insight installation is in the private SDDC. In case of the SaaS version, the standard connectivity mechanism between the platform and the collector is sufficient. 
  • There should be a Management Gateway firewall rule to allow the vRealize Network Insight collector to invoke vCenter and NSX Manager APIs over HTTPS (443). 
  • There should be a Compute Gateway rule within the gateway firewall to allow the collector to communicate with the on-premises Platform or the SaaS platform. 

Note:

  • For a single node SDDC in VMC, you should set the CPU resource reservation for the proxy VM to 1251 MHz. Currently, the proxy OVA delivered as a part of the release has the resource reservation set to 2048 MHz. After importing this OVA in the SDDC vCenter, you have to modify the settings of the proxy VM to use the maximum allowed CPU reservation of 1251 MHz.



Introduction to vRealize Network Insight

VMware vRealize Network Insight is a Security planning, Network visualization & debugging tool especially designed for SDDC & NSX.

I would recommend all NSX users to deploy & try vRNI for better visibility and security planning.

Top Use-cases:

  • Micro-segmentation Planning: Identify network segments and flows between them, get firewall rules recommendations
  • 360 Visibility & Troubleshooting: Unify troubleshooting across the virtual and physical infrastructure
  • Manage & Scale NSX: Scale across multiple NSX Managers with powerful visualizations for topology and health

Key Features:

  • Google like Natural language search
  • East-West traffic analytics (Server to Sever Internal Traffic)
  • Visualize VXLAN to VLAN logical path mappings

Short Overview Video:

 

Resources & Links:

In the next article, we will see how we can use vRNI for micro segmentation planning and security.

 

 

vRealize Network Insight useful Search Queries

Flow Related Queries

Show VMs per L2 segment (can restrict with where vlan = xyz). Replace vlan with vxlan if using logical switches.

vm by vlan where vlan = “xyz”

Show a list of VMs with their gateway, network, VLAN etc:

L2 Network , vlan, ip address, default gateway of vms

Search a MAC address or IP address. Just type the address into the search bar.

00:50:56:a6:31:cc

Show me all network traffic going to the internet

flows where Flow Type = 'Src is VM' and Flow Type = 'Dst is Internet' by bytes

Show me all network traffic out to the internet but total bytes:

sum(bytes) of flows where Flow Type = 'Src is VM' and Flow Type = 'Dst is Internet'

Show me all network traffic going to physical

flows where Flow Type = 'VM-Physical' by bytes

Show me the same thing, but totals:

sum(total bytes) of flow where Flow Type = 'VM-Physical'

Say you have two data centres (separate vCenter per site). Show me traffic totals between them (i.e. DCI link utilisation)

sum(bytes) of flows where (Dst Manager = 'abc' AND src manager = 'cba') OR (Dst Manager = 'cba' AND src manager = 'abc')

Total amount of VTEP traffic:

sum(bytes) of flows where Flow Type = 'Src is VTEP' or flow type = 'Dst is VTEP'

VTEP traffic grouped by VMkernel IP (Can’t see this in the vRNI demo labs – has to be in a real life lab):

sum(bytes) of flows where Flow Type = 'Src is VTEP' or flow type = 'Dst is VTEP' group by src ip

Show internet traffic totals for every src IP

sum(bytes) of flows where Flow Type = Internet' group by src ip

Series of 3 days where each point is an aggregate of 2 hours (7200 seconds) of metrics. The aggregate function being applied is supplied in the query – max, sum etc.

series(max(byte rate), 7200) of flows where flow type = 'Src is Physical' and flow type = 'Dst is Internet' in last 3 days

Find switch-ports or router-interface having packet drops

show Max Packet Drops, total packet drop ratio, network Rate of Switch Ports by Total Packet Drop Ratio

Network rate of all hosts (ordered by the highest)

network rate of host order by Max Network Rate

Show total flows grouped by ports

sum(bytes) of flow group by port

Look at Internet flows grouped by port with traffic totals:

sum(bytes) of flows where Traffic Type = 'INTERNET_TRAFFIC' group by port

Information about VMs

Show which network segments have the highest VM count:

vm group by l2 network

Which datastores have highest VM count:

vm group by datastore

ESX Host Information

Show me a list vSphere versions installed in the environment and a total of hosts:

host group by version

Show me a list of vSphere builds and how many hosts they have:

host group by OS

Show me hosts with how many VMs they contain:

vm group by host

Firewall rules

Show rules which have an any source (can combine with specific port if you like)

vm where incoming rules.Source Any

Show VMs with an affected rule of xyz

vm where Firewall Rule = 'Prod MidTier to Prod DB - DBService'

Show firewall rules where any port is allowed

firewall rule where action = allow and service any = true

Not operator:

!=

Not like

Aggregations:

max(byte rate) of flows

sum(total bytes)

sum(bytes)

avg(CPU Usage Rate), avg(memory utilization) of VMs

Troubleshooting

Show which VNIs my controllers are responsible for:

controller of Vxlan group by controller

Which controller is responsible for my Prod-Midtier segment?

Primary Controller of Vxlan 'Prod-Midtier'

Where is my Prod-Midtier-1 VM and what info do I want to know about it (i.e. MAC, IP, host it’s on)?

mac address, ip, vxlan, host of vm 'Prod-Midtier-1'

Show routes for Provider edge 3:

routes where vrf = 'Provider Edge 3'

Show routes of DMZ DLR:

routes where VRF = 'LDR-DMZ'

Free Ebooks

Advanced Threat Protection for Dummies

Advanced Evasion Techniques for Dummies

Agile for Dummies

http://www.developer.com/ebooks/137456110/95910/1613990/206754

Application Aware Storage for Dummies

http://info.tintri.com/rs/tintri/images/App-aware-storage-for-Dummies-Final.pdf

Archiving for Dummies

http://www.oracle.com/oms/hardware/extremeperformance/assets/ept-eb-dummies-archiving-1641455.pdf

Backup for Dummies

http://promo.acronis.com/Backup-for-Dummies-NAM-2014-Email.html

Big Data Analytics for Dummies

Cloud Architecture for Dummies

Cloud Services for Dummies

http://www.ibm.com/cloud-computing/files/cloud-for-dummies.pdf

CRM for Dummies

http://www.preact.co.uk/preact_blog/free-ebook-crm-for-dummies

DevOps for Dummies

Enterprise Agile for Dummies

Enterprise Cloud Infrastructure

http://i.zdnet.com/whitepapers/ORACLE_Enterprise_Cloud_Infrastructure_for_Dummies.pdf

Enterprise Mobility for Dummies

http://media.wiley.com/assets/5037/80/9781119960294_custom.pdf

Flash Storage for Dummies

Hadoop for Dummies

HP Virtual Connect for Dummies

HP Virtual Connect for Dummies®

Hybrid Cloud for Dummies

http://www.netapp.com/us/media/rp-hybrid-cloud-dummies.pdf

IT Policy Compliance for Dummies

https://www.qualys.com/forms/ebook/it-policy-compliance-for-dummies/

IT Security for Dummies

Modern Malware for Dummies

http://www.dummies.com/Section/id-810201.html

Network Security in Virtualized Data Centers

https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/education/NSVDC%20for%20Dummies%20Unlimited%20Download%20eBook%20File.pdf

Next-Generation Firewalls for Dummies

http://media.paloaltonetworks.com/documents/ebook_NGFW_dummies.pdf

Operational Decision Management for Dummies

https://www-01.ibm.com/software/de/beweglich-bleiben/pdf/IBM_ODM_for_Dummies.pdf

PCI Compliance for Dummies

https://www.qualys.com/forms/ebook/pcifordummies/

Process Intelligence for Dummies

http://www.softwareag.com/gc/pifordummies.html

Process-Driven Master Data Management for Dummies

http://www.softwareag.com/corporate/products/wm/mdm/process_driven_mdm_book.asp

Rapid Application Development for Dummies

https://www.progress.com/~/media/Progress/Documents/Pacific/eBook/rapid-application-development-for-dummies-ebook.pdf

SOA Adoption for Dummies

Server Virtualisation for Dummies

http://www.oracle.com/oms/hardware/extremeperformance/assets/ept-eb-dummies-server-1641465.pdf

Service Virtualization for Dummies

Software Defined Data Centers for Dummies

http://info.nexenta.com/rs/nexenta/images/Nexenta-SDDC-for-Dummies.pdf

Software Defined Storage for Dummies

http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=PM&subtype=BK&htmlfid=DCM03004USEN

Storage Virtualization for Dummies

Systems Engineering for Dummies

https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-rtl-sd-wp&S_PKG=eb_sys-eng-dummies

Unified Threat Management for Dummies

http://www.fortinet.com/sites/default/files/whitepapers/FTNT_UTM_For_Dummies.pdf

Unified Storage for Dummies

http://www.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp?p_dlg_id=9483153&src=7011671&Act=78/

Virtual Learning for Dummies

Virtualization for Dummies

Vulnerability Management for Dummies

Web Application Security for Dummies

https://www.qualys.com/forms/ebook/wasfordummies/

Powershell 4.0 for Newbies

powershell_for_newbies_getting_started_powershell4

Microsoft Free e-books

Microsoft Blogs for e-books

Rapid Application Development

https://bizappstoday.progress.com/2014/11/learn-rapid-app-dev-for-dummies-guide.html

Enterprise NoSQL

http://info.marklogic.com/nosql-for-dummies/?cid=email

What is vRealize Network Insight ?

What is vRNI ?

vRNI is a Security planning, Network visualization & debugging tool for VMware SDDC

 Use Cases:

–Micro-segmentation Planning

–360 Visibility & Troubleshooting

–Manage and Scale NSX

Unique Features:

–Natural language search

–East-West traffic analysis(Server to Sever Internal Traffic)

–VXLAN to VLAN logical path mappings

vCloud Availability for vCloud Director service

 

https://www.youtube.com/watch?v=vqkzCcWOMrw

 

vCloud Availability for vCloud Director is a Disaster Recovery-as-a-Service (DRaaS) solution that provides simple and secure asynchronous replication and failover for vSphere managed workloads. The service operates through a vCloud Air Network Service Provider, and each installation provides recovery for multiple tenants. The service provides the following features:

Self-service protection, failover and failback workflows per VM

Recovery point objective (RPO) from 15 minutes to 24 hours

Initial data seeding by shipping a disk

For the service provider, vCloud Availability for vCloud Director:

Integrates with existing vSphere environments

Multi-tenant support

Built-in encryption of replication traffic

Supports multiple vSphere versions

Supports multiple ESXi versions

Individual systems are isolated as virtual machine files

Full integration with vCenter web client

Automation provided through standard web service APIs

Failover from On-Premises to Cloud

Replicates data from on-premises vSphere workloads to service provider cloud environments. After the virtual machines are replicated, failover support for executing the workloads in the cloud. Recovery Point Objective (RPO) can be configured from 15 minutes to 24 hours.

Fail back to on-premises

For failover loads that have been migrated to the cloud, changes can be replicated back to the on-premise environment. Workloads can then failback for execution in the on-premise environment.

Multiple Point In Time (MPIT) Recovery

Up to 24 restore points can be created. Depending on the RPO configuration, restoration is available from any recovery point.

The architecture of the solution relies on the service provider environment that provides the replication target and the customer, or tenant, environment that employs vSphere replication to move the data to the service provider. In the service provider environment, multiple components operate together to support replication, secure communication, and storage of the replicated data. Each service provider can support recovery for multiple customer environments that can scale to handle increasing loads for each tenant, and for multiple tenants.

On the tenant side, a single VM instance is deployed in the tenant vSphere environment. This provides management service that is used to oversee the replication operation for each replicated VM. Standard vSphere Replication is used to exchange this information with the service provider infrastructure.

vCloud Availability for vCloud Director

 

Read the FAQ here

Download Here