Securing Platform Communication in a vRealize Network Insight Cluster

Hi there! It’s been a while. How are you doing? In the last release of vRealize Network Insight, version 6.3, there’s a new feature called Secure Cluster Communication. By default, the communication between Platform and Collectors is encrypted via TLS. A Platform cluster, has a few data replication services (FoundationDB, Kafka,  running between them – which are not all encrypted by default. The Secure Cluster Communication feature allows you to set up VPN tunnels between the Platform nodes and encrypt all traffic going between them. 

It’s not recommended to split Platform nodes between different locations. But, if you do … Read more

Adding a second network interface to a vRealize Network Insight Collector

Sometimes networks are so firewalled off that you need management appliances with 2 network interfaces to manage the devices inside the quarantined network. This is sometimes true for network device management, where there’s no way to connect to the switch, router, firewall, or load balancer over the regular network and a jump host is always needed. If you want to monitor them, the monitoring appliances would have 1 interface in the quarantined network and 1 interface in a network where it can be accessed by admins. While it’s a different discussion about whether that’s safe or not (compromise the monitoring … Read more

Bulk Creating AWS VPC Flow Logs

vRealize Network Insight provides traffic visibility in AWS by ingesting the VPC Flow Logs. It correlates the flows to EC2 instances and adds more context, like the security groups, tags, and more. 

VPC Flow Logs are not enabled by default and need to be configured before vRNI can start ingesting the logs. That’s where this post comes in. The AWS lab that I use at VMware for demos is for the entire CMBU and has a bunch of smart people doing cool things. In other words, a ton of VPCs get created and deleted, EC2 instances deployed dynamically. I wanted … Read more

Managing GNS3 with PowerShell

If you’re a network engineer or like to play around with networks, you’ve used GNS3 (or something similar, like VIRL) to simulate networks to prepare for live configuration changes, preparing for certifications, and maybe keep a demo lab. Part of the demo lab I maintain for vRealize Network Insight, is collecting from a GNS3 network.

Sometimes, you need to restart all, or just some of the nodes. In my case, periodic node restarts are to simulate router crashes, and sometimes the storage underneath GNS3 would error and some of the nodes have kernel panics. All reasons to restart the … Read more

Using OAuth for VMware Cloud Authentication

API calls towards VMware Cloud are typically done using refresh tokens. Most examples you can find about the VMC API are around refresh tokens. These are personally bound to a VMC user. Which makes sense, you are doing something (creating an SDDC, or getting info, etc.). But, what if you’re building a service against VMware Cloud and need all API calls not to be bound to an individual? That’s where OAuth apps come in.

I wanted to document my tinkering to get an OAuth app to work and retrieving information around SDDCs, using that way of authentication. 

Create OAuth App

Read more

Using Terraform to deploy vRealize Network Insight Cloud Collector to VMware Cloud on AWS

That’s a long post title, right?! Well, a lot of moving parts for this one. 😉

Terraform is a powerful tool to achieve infrastructure-as-code. You can do many things, from configuring Cisco ACI to creating and maintaining a VMware Cloud on AWS and everything in between. There’s also a vSphere provider that allows you to deploy VMs from OVA templates. That’s where this story begins.

vRealize Network Insight Cloud has a platform where the data is stored and a collector, which does the collecting. This collector needs to be placed as close to the data source as possible. For VMware Read more

NSX-T Manager: Increasing API requests per second

By default, the NSX-T Manager has a protection mechanism in place to prevent the API from being overloaded. This is a good thing, protecting the NSX-T Manager.

But, the increasing integrations into NSX-T, make it so that more and more products are using the NSX-T API to monitor or configure NSX (vRealize Network Insight, vRealize Operations, vRealize Automation, etc.). I’ve hit this limit several times and needed to push that limit up. 

The API Guide states that the default maximum API request number is 100 per second. In the guide, there’s a reference to the API call to change the … Read more

© 2021 Lostdomain

Theme by Anders NorénUp ↑