This post is largely based on a project I executed with Atif Qadeer and I am reusing here some stuff he created. Atif is a vRNI super expert, Hands On Lab creator, Office of the CTO Ambassador for VMware.
vRealize Network Insight (vRNI) is a network operations management solution available On-Premise and SaaS that allows you to securely and confidently manage your network at scale with the following key capabilities:
- Intelligent Application Discovery,
- Network Optimization,
- Troubleshooting with Assurance and Verification.
In this post I’ll focus on the Application Discovery capability that is extremely appreciated among users as it provides a great support for some use cases such as:
- App migration to cloud,
- App modernization,
- App security assessment and recommendation.
vRealize Network Insight allows you to discover applications running in your environment and then builds relationships among applications and external services. To discover applications and their relationships vRNI provides some options that can be combined together to improve accuracy and completeness of the discovery process:
- Tags (vCenter Server or AWS tags),
- VM Names,
In my engagements with customers it is quite rare to find a situation where either tags, naming convention or a CMDB (ServiceNow) is there with the required accuracy and consistency to allow you identify application mapping to infrastructure. For this reason, in this post I focus on the Flow based discovery. vRealize Network Insight uses machine learning and statistical analysis to discover applications automatically and group the VMs into their respective applications and tiers.
Here I am assuming you have an instance of vRealize Network Insight On-Premise or Cloud already deployed and ready to go. The screenshots in the rest of this post are taken from vRNI Cloud, but the same applies to the On-Prem deployment.
To leverage Flow based app discovery you need an environment with the followings:
- You needs to have VMware vDS (Virtual Distributed Switch) as vRNI collects IPFIX (Netflow) from vDS
- IPFIX is supported on the following VMware ESXi versions:
- 5.5 Update 2 (Build 2068190) and later
- 6.0 Update 1b (Build 3380124) and later
- VMware vDS 5.5 and later
- You don’t need to enable IPFIX on vDS, this can be automatically enabled by vRNI when configuring data source in the solution.
Your vRNI Collector needs to access vCenter Server on HTTPs/443. If you are working with vRNI Cloud your Collector needs outgoing traffic through the firewall (optionally Proxy) to pd.ni-onsaas.com.
vCenter Account Privileges
You need and account on vCenter with the following privileges:
- Distributed Switch: Modify
- dvPort group: Modify
Configure vSphere Data Source
Start with adding data sources into vRealize Network Insight Cloud to collect data from your data center (vSphere).
From the left menu, click Settings > Settings
In the new page click on Accounts and Data Sources. From the Accounts and Data Sources section click the Add Source button in the upper right corner.
Click the VMware vCenter option
Input the required info to connect your vCenter and than click Validate. Once the access to vCenter is validated select Enable Netflow (IPFIX) on this vCenter to enable IPFIX. After enabling this option you can select those VDS’s to be IPFIX enabled.
Scroll down and click Submit to add the vCenter Server system.
Once the Data source configuration is complete, verify that it shows under the list in Accounts and Data Sources.
Before proceeding you need to allow the solution to collect data for at least 24 hours to ensure you get good and accurate data. Once you have waited at least 24 hours then proceed to next steps.
Configure Flow Based Application Discovery
From the Home page, click on Applications
Click on Discover Applications to configure the discovery process.
Under the Discover tab, click on Flows (1 in the picture below) and start the discovery (2 in the picture below) if paused or not enabled. Once the discovery is started wait for about 30 minutes.
Work with Discovered Applications
Review the list of applications that are automatically discovered, please note that the list of application will vary based on your vSphere and application footprint.
Save those applications that are accurate as per the vRNI provided confidence (e.g. high/medium) and your knowledge.
Give your application a friendly name and than click Submit and close this window.
Repeat the steps in this section for all the applications you’d like to save.
Explore Saved Applications
Disclaimer: here my intent is just to provide you an high level Application walkthrough in vRNI, I do not pretend to provide here a full Application analytics guide.
Click on the Applications tab and review saved applications (1 in the picture below) and toggle checkboxes to articulate application dependency (2 in the picture below). Click on the application name (3 in the picture below) to proceed.
By clicking on the application name you can start dissecting it. Here we will walk through some analysis. In my case, I clicked on the app named cp-app to explore its functionality.
The upper section of the application Overview let you get the application landscape, here you can find some useful insights. For instance, if this application is a target for a cloud migration it is quite useful to double click on the Countries to understand where traffic for this app is directed and coming.
Scrolling down a little you can get the Application Topology that lets you understand the tier communication. Please, note that we get all of these info and details without deploying any agent! Use legend to better understand what’s happening with your app.
If you further scroll down you can access the Metric section, which is key to support your analysis especially if you are working in a migration project. Use these data as a baseline for your application as-is to-be scenarios.
Just below Metric, click on Microsegmentation to start analyzing network security and traffic distribution for your application.
To catch up: vRealize Network Insight provides an extremely powerful yet super easy to setup application discovery capability. This can be used for application migration planning as well as the starting point for an app modernization journey. Hope this can be helpful for you.