After the release of VMware vRealize Network Insight 3.7 back in March, it is time for a service update and hence, the release of VMware vRealize Network Insight 3.8. It is essentially an evolution of 3.6 but with some important features introduced or improved upon.

Before talking about some of the release highlights, I’d like to say that it’s great to see VMware keeping feature parity between the on-premises and services versions of the product. This is something that is traditionally not the case and shows the importance given to the service versions of the product.

The following slide summarizes the key highlights of this update:

vRNI 38 - Release Highlights

It seems that VMware has arranged the highlights in the sequence they see as the order of importance. I mostly agree with it and will highlight the ones I am most interested in.

Outlier Detection

This functionality is to detect anomalies in traffic patterns for a particular machine when it’s part of a group and is behaving differently to others.

RNI 38 - Outliers Detection

That behaviour is detected by analytics and shown in a chart. As a picture is worth a thousand words, it clearly identifies the culprit amongst others and shows comparative traffic patterns. Additional information such as amount of traffic, session count, name, IP etc. is revealed when looking at a particular data point.

It runs every 3 hours but when viewing, one can adjust the graph to look the results over a variable length of time period and for various traffic characteristics e.g. port numbers, application groups etc.

This capability is quite useful in identifying compromised VMs or misconfigured load balancers etc. quite easily and is viewable at a glance.

AWS Enhancements

There isn’t a huge amount added to AWS side of things but what has been done is pretty important to aid troubleshooting. People with experience of managing AWS environments will tell you that it’s essential to know which availability zone the instance is in when troubleshooting as it might be an important factor in determining what is actually happening to the instance in question.

vRNI 38 - AWS Enhancements

Enhancements in AWS support includes that visibility and there’s now a filter to select availability zones while browsing or searching. In addition, naming changes have been made in the interface to clearly identify instances as EC2, rather than just instance or VM. That will go a long way in removing any confusion about which environment the machine belongs to.

Integration with Log Insight

This is one of the best features in this update, in my opinion. With this integration, one will be able to enable sending of webhook notifications to Network Insight immediately when a particular event of interest happens.

vRNI 38 - Integration with Log Insight

Typically, it could be 10 minutes or so before events turn up in Network Insight but there are certain events that one wants to be notified of as soon as possible e.g. deletion of a security group, membership changes to a group etc. as they relate to security and/or could impact functionality.

Setup is quick and easy and instructions are available in the interface. Once setup, notifications are received by vRNI which in turn, fetches the changed security group data immediately rather than waiting for the next polling cycle.

What else?

As mentioned in the summary above, there are many other great enhancements in this update; most notably the API, enablement of export of PDF reports, especially in the context of PCI compliance and recommended firewall rules, disk usage monitoring and guidance etc.  For more information, see the release notes: vRealize Network Insight 3.8 Release Notes

All in all, this is an important update to the product and hence a recommended install.