vRealize Network Insight

Revision 1 posted to Networking - Wiki by Kevin Oliver on 1/19/2017 10:38:55 PM

vRealize Network Insight

Description

VMware vRealize Network Insight 3.0 (vRNI 3.0) delivers intelligent operations management for software-defined networking and security. It helps optimize network performance and availability with converged visibility across virtual and physical networks, provides planning and recommendations for implementing micro-segmentation based security, and operational views to quickly and confidently manage and scale VMware NSX deployment. It can optimize network performance with 360˚ visibility with topology mapping across physical and virtual networks. It can ease micro-segmentation deployment with comprehensive net flow analysis, recommendations and ensure compliance with post deployment monitoring. It can ensure health and availability of NSX deployments with an intuitive UI, natural language search.

Technical Issues that vRNI addresses:

Visibility: There are multiple layers, technologies and vendors involved in an SDDC across the overlay (virtual) and underlay (physical) network layers. Getting end to end visibility of how these layers are connected, and what’s happening within each layer and what’s flowing through them can be challenging. Adding public cloud (AWS) to the mix further blurs out visibility.
Modeling Application behavior for Micro-segmentation: Understanding application behavior and how different tiers communicate is a challenge but absolutely necessary to model security policies and firewall rules in an accurate and predictable fashion.
Operationalizing NSX based environments. Today’s operations team are trained and skilled in managing and monitoring physical networks and the tools they have been using have not changed. Virtual networking introduces new constructs and additional complexity. Organizations are still trying to get a grasp of the best practices to implement and operate VXLANs and Virtual Firewalls. Troubleshooting could become a challenge with the siloed tools and skillset gap that exists in organizations.
Audit & Compliance: Virtual firewalls and networks are subject to the same kind of compliance and audit requirements as their physical counterparts. However, due to distributed nature of these technologies and separation of planes (control, management, data), it is harder to keep track of the changes and maintain compliance.

How vRNI specifically addresses these issues:

Visibility: vRNI 3.0 provides converged visibility across overlay and underlay, virtual and physical, private and public cloud. vRNI 3.0 does it by integrating deeply with Virtual (NSX) and Physical layers (physical switches, routers, firewalls), and connecting the dots between the two, across vendors and cloud. The VM to VM path and VXLAN views are proof points. Organizations have implemented vRNI 3.0 in their state of art SDDC that contains VMware NSX and other vendors.
Modeling Application Behavior for Micro segmentation: vRNI 3.0 collects and analyzes Network flow flows in real time and puts all the flows in the context of the VMs and Applications that they are originating from or terminating to. By tying network (IP) flows to compute (VM names and Application boundaries), users can easily understand who is talking to whom and what flows need to be allowed and what could be blocked. Thus, using vRNI 3.0, a very accurate real life micro segmentation model could be achieved. Nebraska Medicine has been securing their apps on NSX with lot of speed and accuracy using vRNI 3.0.
Operationalizing NSX based environments: vRNI 3.0 provides simple “Google-like” search and intuitive UI to operate NSX based environments. Using day to day networking and data center verbiage, admins and operators can easily manage and troubleshoot NSX without requiring lot of additional training. vRNI 3.0 provides best practice checks to guide users through their VXLAN and firewall implementation and alerts them of any pitfalls in their design and implementation of NSX.
Audit and Compliance: vRNI 3.0 provides a data center time machine that tracks all the changes for audit and compliance purpose. Customers can go back in time and look at historical changes and how they impacted security of a virtual machine.

Customer phases for vRNI utilization:

Assess:

When a customer is assessing different options, vRealize Network Insight helps the customer

Understand Data Center Traffic Profile (East-West, North-South, V-to-V, V-to-P) – in fact, most customer environments have at least 75% EW traffic and may not even know it
Identify Security Gaps & Network Optimization Opportunities with the Micro-Segmentation recommendations
Quantify Benefits of NSX. You can also take the output of the NSX Assessment report and plug it into the NSX Business Calculator to calculate the ROI.

Deploy:

Deploying Micro-Segmentation may be a manual process. Micro-Segmentation Modeling & Best Practices NSX Deployment

Avoid Trial & Error and Ensure Best Practices Deployment for VXLANs, Distributed Firewalls and NSX
Model Application Behavior, Security Groups and Firewall Rules for Micro-Segmentation
Accelerate Time to Value for NSX (and NetX Partner) Firewalls and VXLANs

Operate:

Visibility, Monitoring, Troubleshooting & Compliance

Deep Visibility & Rapid Problem Resolution across Overlay-Underlay
Change Management, Audit & Compliance for Virtual FWs
Simplified Operations for NSX and Entire SDDC. Ensure Smooth NSX Transition to Operations Team. Has a great Google-like search function that makes it easy to use.

Expand:

Hybrid Cloud Network & Security Operations