This post is part of my VMware VCIX-NV Study Guide and is about monitoring.
Documentation
Index
- Configure and manage centralised logging for the NSX Manager and NSX Edge devices
- Create/Edit/Delete a Service Monitor
- Monitor and analyse networking and security metrics with vCenter Operations Manager
- Monitor security policies with Activity Monitoring and ensure they are being enforced correctly
- Monitor and analyse traffic to and from protected virtual machines with Flow Monitoring
- Monitor statistics, counters and health of networking services
- Monitor health and status of infrastructure components, such as vSphere, NSX Manager, and Control Cluster
- Enable data collection for single/multiple virtual machines
Monitoring your NSX installation
As with any other platform, configuring monitoring your NSX environment should be one of the first things you realise after it’s installed. There are several ways to keep tabs on the NSX network, ranging from sending events to a centralised syslog server to proactive alerts which allows you to respond to network issues in real-time. This chapter covers several methods of using the NSX tooling available to collect information from the NSX network.
Configure and manage centralised logging for the NSX Manager and NSX Edge devices
Requirements:
- NSX Environment, including NSX Edges.
VMware Documentation: NSX Manager: Specify Syslog Server, NSX Edge: Configure Remote Syslog Servers
Storing logs in a centralised database can help correlate messages, increase the log retention time and simply make it easier to read them and get better intel. We start by sending the NSX Manager logs to a central syslog server.
Configuring Syslog Server in NSX Manager
- Login to your NSX Manager.
- Navigate to “Manage Appliance Settings”.
- In the “Syslog Server” tab, click the “Edit” button.
- Enter the syslog server details (IP address or hostname, network port and protocol) and click “OK”.
Each NSX Edge Gateway you deploy, also has the ability to send the generated log entries to a central syslog server.
Configure Syslog Server on a NSX Edge
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “NSX Edges” menu.
- Choose the NSX Edge you want to modify and select the “Manage” tab.
- Then select the “Settings” sub-tab and select the “Configuration” sub-menu.
- In the “Details:” table, click “Change” next to the “Syslog servers” line.
- Enter the IP address or hostname in the syslog server field and click “OK” when you’re done.
Create/Edit/Delete a Service Monitor
I’m pretty sure VMware means the Service Monitor inside the Edge Load Balancer service, as there are no other references to a Service Monitor. Managing Service Monitors was covered in the Load Balancing post.
Monitor and analyse networking and security metrics with vCenter Operations Manager
You can already use vCenter Operations to monitor your virtual environment, storage, physical network, virtual machines and applications. Using the vCops Management Pack for NSX-vSphere, you can add NSX information to vCOps (or "vROps: vRealize Operations" these days) to enable a full information spectrum.
You’re encouraged to set up a test environment with vCops and the NSX Management Pack, but for time reasons I have not been able to get my own testlab up and running, so no live screenshots for this one. 🙁
Instead I offer an explanation from the VMware blogs:
The vC Ops Management Pack for NSX-vSphere 1.0 extends the operational management capabilities of vCenter Operations into the areas of virtual and physical data center networking. It provides the following operations capabilities for virtual administrators and network operations administrators, in highly virtualized network environments which use both vSphere and NSX technologies:
- Visibility of all NSX networking services deployed within each vSphere cluster including NSX manager, NSX controllers, and NSX data plane services (logical switch, routers, firewalls etc.). Several different pre-defined vCenter Operations widgets are leveraged for representing NSX services.
- Visibility of vSphere hosts in NSX transport zones, within or across multiple vSphere clusters (for seeing the mobility and routing spans).
- Search and drill down functions for obtaining the operations health of deployed NSX objects.
- Embedded dependency rules of both logical and physical networking relationships for problem alerting and root-cause problem solving. This includes detection and alerting of NSX configuration, connectivity, and health problems. All alerts are consolidated into a vCenter Operations Manager alert interface.
- Extension of the core vCenter Operations Manager health and risk analytics engine for the inclusion of NSX object key performance and health indicators.
NSX delivers a completely new operational model for networking that breaks through current physical network barriers allowing data center operators to achieve order of magnitude better speed, economics and choice.
Just like server virtualization enables IT to treat physical hosts as a pool of compute capacity, the NSX approach allows IT to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand.
For more information on NSX, please look here.
The following diagram details the NSX constructs and the Software Defined Data Center Operational Management Solutions:
Important information for this release (Release notes, documentation and download page) can be found at:
Source: https://blogs.vmware.com/management/2014/07/announcing-vmware-vcenter-operations-management-pack-nsx-vsphere-1-0.html
Monitor security policies with Activity Monitoring and ensure they are being enforced correctly
Requirements:
- Running virtual machines with open network communication.
VMware Documentation: Activity Monitoring,View Virtual Machine Activity Report, Enable Data Collection
The Activity Monitoring feature inside NSX is a way to monitor application traffic inside the virtual network. This feature is about actual user connections to applications and reports usernames, groups and all kinds of vCenter container objects and generating reports about connections between all of those objects.
Inside the Activity Monitoring page, you can generate reports for:
- Activity between source and destination VMs and application traffic.
- Inbound or outbound traffic from Active Directory groups to certain virtual machines.
- Inter Container network traffic from specific Active Directory groups to either desktop pools or security groups (which you might remember, can contain every type of vCenter object so the sky is the limit there)
Monitor and analyse traffic to and from protected virtual machines with Flow Monitoring
Requirements:
- Running virtual machines with open network communication.
VMware Documentation: Flow Monitoring
The Flow Monitoring inside NSX is a way to generate reports or generate live reporting of network flows going through the virtual network. This is somewhat like NetFlow, although limited in the time period that flows are stored. You can have the NSX Manager report on the top destination and source IP addresses or top services. Flows are also divided into "Allowed" and "Blocked" flows, which allows you to see which network flows have been blocked by the NSX services. The most powerful feature of the Flow Monitor is the Live Flow page, where you can start a live packet capture of a vNIC of a virtual machine.
Before Flow Monitoring kicks in, it needs to enabled first.
Enabling Flow Monitoring
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Flow Monitoring” menu.
- Choose the “Configuration” tab and click the “Enable” button to enable flow monitoring.
After enabling Flow Monitoring, NSX starts collecting the network flows going through the network. It might take a while before the data becomes available on the "Dashboard" and "Details by Service" – don’t panic if you don’t see any results right away.
What will give you direct data, is the "Flow Monitoring" page. Here you can select a specific vNIC of a specific virtual machine and start a live capture of the network flows going over that vNIC. This can be especially useful when troubleshooting a network issue pertaining to a specific virtual machine. Also, it’s pretty cool to see live flows running by.
Live Monitoring Network Flows
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Flow Monitoring” menu.
- Choose the “Live Flow” tab and click the “Browse” link to open the window to select a vNIC.
- In the popup window, look for the VM and the vNIC you want to capture.
- When you’ve got a vNIC selected, click the “Start” button to start the capture.
- Do your analysis on the output data.
- When you’re done, click the “Stop” button.
Monitor statistics, counters and health of networking services
We’ve covered this in other chapters or will cover in upcoming chapters, not much new to add here.
Monitor health and status of infrastructure components, such as vSphere, NSX Manager, and Control Cluster
Checking the health status for several infrastructure components.
Check controller health
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Installation” menu and “Management” tab.
- Check the controllers in the “NSX Controller nodes” table.
Check NSX Manager health
- Login to your NSX Manager.
- Click the “View Summary” button and check the health data.
Check ESXi Cluster nodes NSX health
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Installation” menu and “Host Preparation” tab.
- Check the ESXi nodes in the status table.
Check ESXi nodes health
- Login to your vSphere Web Client.
- Navigate to “Hosts and Clusters” and select a cluster, then the “Related Objects” and the “Hosts” tab in the related objects page.
- Check the ESXi nodes in the status table.
Enable data collection for single/multiple virtual machines
Requirements:
- Existing NSX Edge Services Gateway.
VMware Documentation: Enable Data Collection
Before you can run the Activity Monitor reports as explained above, you need to enable data collection on the virtual machine(s) you want to include in your report. There are two ways you can enable data collection on virtual machines; per VM and multiple VMs at the same time.
Enable Data Collection on a single VM
- Login to your vSphere Web Client.
- Navigate to “VMs & Templates” and browse to the virtual machine you’re looking for.
- In the “NSX Activity Monitoring” table, click “Edit”.
- Click “Yes” in the popup question if you’re really sure to enable data collection.
Enable Data Collection on Multiple VMs
- Login to your vSphere Web Client.
- Navigate to “Networking & Security” and select the “Service Composer” menu.
- Browse to the “Security Groups” tab, select the “Activity Monitoring Data Collection” group and click the “Edit Security Group” button.
- On the “Select objects to include” wizard page, manually select the VMs you want to monitor and click “Finish” to apply.
Leave a Reply