Sometimes networks are so firewalled off that you need management appliances with 2 network interfaces to manage the devices inside the quarantined network. This is sometimes true for network device management, where there’s no way to connect to the switch, router, firewall, or load balancer over the regular network and a jump host is always needed. If you want to monitor them, the monitoring appliances would have 1 interface in the quarantined network and 1 interface in a network where it can be accessed by admins. While it’s a different discussion about whether that’s safe or not (compromise the monitoring … Read more
vRealize Network Insight provides traffic visibility in AWS by ingesting the VPC Flow Logs. It correlates the flows to EC2 instances and adds more context, like the security groups, tags, and more.
VPC Flow Logs are not enabled by default and need to be configured before vRNI can start ingesting the logs. That’s where this post comes in. The AWS lab that I use at VMware for demos is for the entire CMBU and has a bunch of smart people doing cool things. In other words, a ton of VPCs get created and deleted, EC2 instances deployed dynamically. I wanted … Read more
If you’re a network engineer or like to play around with networks, you’ve used GNS3 (or something similar, like VIRL) to simulate networks to prepare for live configuration changes, preparing for certifications, and maybe keep a demo lab. Part of the demo lab I maintain for vRealize Network Insight, is collecting from a GNS3 network.
Sometimes, you need to restart all, or just some of the nodes. In my case, periodic node restarts are to simulate router crashes, and sometimes the storage underneath GNS3 would error and some of the nodes have kernel panics. All reasons to restart the … Read more
API calls towards VMware Cloud are typically done using refresh tokens. Most examples you can find about the VMC API are around refresh tokens. These are personally bound to a VMC user. Which makes sense, you are doing something (creating an SDDC, or getting info, etc.). But, what if you’re building a service against VMware Cloud and need all API calls not to be bound to an individual? That’s where OAuth apps come in.
I wanted to document my tinkering to get an OAuth app to work and retrieving information around SDDCs, using that way of authentication.
Create OAuth App… Read more
That’s a long post title, right?! Well, a lot of moving parts for this one. 😉
Terraform is a powerful tool to achieve infrastructure-as-code. You can do many things, from configuring Cisco ACI to creating and maintaining a VMware Cloud on AWS and everything in between. There’s also a vSphere provider that allows you to deploy VMs from OVA templates. That’s where this story begins.
vRealize Network Insight Cloud has a platform where the data is stored and a collector, which does the collecting. This collector needs to be placed as close to the data source as possible. For VMware … Read more
By default, the NSX-T Manager has a protection mechanism in place to prevent the API from being overloaded. This is a good thing, protecting the NSX-T Manager.
But, the increasing integrations into NSX-T, make it so that more and more products are using the NSX-T API to monitor or configure NSX (vRealize Network Insight, vRealize Operations, vRealize Automation, etc.). I’ve hit this limit several times and needed to push that limit up.
vRealize Network Insight (vRNI) captures all traffic going through the network. It stores the traffic in flow records, and these are made up out of a source, destination, protocol, and port number. The metrics are attached so you can get a nice graph of the traffic behavior.
After creating the flow, vRNI goes on and attaches a lot of context to that flow: Is it coming from a VM? Is there a firewall rule attached? Which vCenter is this flow going through? What kind of SD-WAN Policies are attached? If any of this context changes (i.e., a VM got renamed), … Read more