Saturday 9 April 2022

Step-by-step VMware Cloud Foundation 4.3 design and install vRNI

In my previous post Step-by-step VMware Cloud Foundation 4.3 design and install vRNI Binaries we have uploaded vrealize network insight binaries to the local repository which has enabled us for deployment of vRealize network insight.

As we have already discussed in our previous post that vRealize network insight is not a part of VMware cloud foundation bill of material. Its deployment is a little bit different from other vRealize suite products.

In this post we will be discussing how to deploy vRNI and how this deployment is different from other vRealize suite products. This is not the last product which can be integrated with VMware cloud foundation, this is the last product I am going to cover in this VCF design and deploy series.

    What is vRealize network insight?

    Well in simple words, VMware vRealize network insight is a very powerful network monitoring tool. It provides insightful information about the network (Virtual and Physical), which helps in an efficient use of network resources.

    But do not confuse it with just a monitoring tool, its more than that. It can manage network with application discovery. It helps in managing/operating an optimized, scalable, highly available and secure network. This is not limited to an op-prem datacenter but can be leveraged in a multi-cloud infrastructure.

    So if I have to summarize, I would say vRNI is a powerful network monitoring and management tool, which is getting matured and refined each passing day as VMware engineering teams are innovating it.

    One of my friend Bharath Babbur wrote a nice piece on vRNI, you can refer.

    What are the benefits of vRealize Network insight?

    We now know network insight is a network monitoring tool, but is that the only purpose it serves or can it do more?

    Well it does have other use cases, which will help you understand the capabilities of the product.

    1)    Single Pane of glass for network monitoring

    vRealize network insight is a product of VMware that signifies it has a tight integration with VMware's software defined network solution. Not only virtual but vRNI has integration with almost every major players in networking space. Which makes it a tool which can  not only monitor virtual, but physical network as well. 

    2)    Application Discovery and Visibility

    vRNI not only monitors, but helps network admins to look onto network flows which are aligned with application network requirements. For instance when vRNI collects the data, it starts using its machine learning capability and starts generating insightful information, which then helps network admins to understand application boundaries in network topologies, what are shared services, which one are independent flows. So in other words we can say that vRNI gives capability to network admin of looking into network flows from application view point. 

    3)    Dependency Mapping

    vRNI uses its machine learning capabilities and AI to present network admins with a application components dependent view based on traffic flow. Which is network admin to understand how application components are interacting with each other. Which can also be looked at by the application teams to verify if the interaction or flows are legit or not.

    4)    Micro-Segmentation Journey

    Micro-segmentation is not something which an organization can achieve over night, its a journey. Anyone who is planning for micro-segmentation should understand their network, servers and most importantly their applications connectivity model. As in how application components interact with each other. Dependency mapping does just that and vRNI AI provides recommendations with the rules which should be in place to allow necessary network flows, network admins can review the firewall rules and apply them before enabling Zero Trust Model, that's not just it, even in a brown field deployment or incase a new application is introduced in your organization vRNI will learn the flows and will help implementing policies easily and effectively which could have taken way more efforts.

    5)    Troubleshooting Network issues

    Well as vRNI gives if access to all the dataflow within your DC or hybrid cloud with nice grouping and filtering options. It helps or eases the troubleshooting for network admins. VMware calls it "The Donut Deep Dive" The “donut” in vRealize Network Insight is a way to visualize traffic flows, grouped by a category of your choosing and sliced up per grouping. It allows quick filtering to find the proverbial “needle in the haystack.”

    I am not saying it will present network admins with the cause which resulted in an incident, but it will make it easy for them to figure out the cause and result in a faster time to resolution.

    I would recommend you to review vRNI product page.

    Watch deployment video

    How to deploy VMware vRealize Network Insight?

    1)    In our previous post we have uploaded the binaries of vRNI into vrlcm repository. Now login to vRealize lifecycle manager using vcfadmin@local credentials.

    2)    Navigate to Locker to generate/import certificate for vRNI.

    3)    Click on generate to generate or import for importing a third party cert. I am generating the cert.

    4)    Now fill in all the required details, this the same cert which will be used for platform and proxy VM hence don't forget to mention names and IP for both appliances.

    5)    Once cert is successfully generated or imported, navigate to lifecycle operations.

    6)    Choose create environment.

    7)    Provide a name for vRNI environment, select default password, select datacenter and choose Activate SDDC manager Integration on the environment radio button.

    8)    Now choose vRNI from available products list, and choose deployment type. In production you should be going with cluster mode, hence while generating certificate make sure you include all cluster nodes and VIP in certificate. I am deploying this as standard mode.

    9)    Accept EULA and proceed next.

    10)    Now add or click on select to choose already added license.

    11)    Choose license.

    12)    Now validate association.

    13)    Choose certificate which we generated/imported.

    14)    For all other vRealize products Infrastructure and network tabs were pre-populated, where-in for network insight you need to provide these details. Here you can choose to integrate with identity manager (WSA).

    15)    First provide network details. t
    o use same DNS server as rest of the products click on edit server selection or click on add new server for adding new.

    16)    Choose the DNS server from the list.

    17)    Select checkbox for use NTP server.

    18)    Select VCF NTP server from the list.

    19)    Now check the box for creating an anti affinity rule for the appliances. and provide appliance details.

    20)    Perform pre-checks and all checks should be passed, finally submit the task.

    21)    Now keep an eye on the deployment status, if you observe any error then resolve it and restart the task.

    22)    Once all tasks are complete deployment is complete.

    This will conclude your vRNI deployment in VCF environment. You need to manually integrate vRNI to any addition workload domain you will provision in future.

    In my next post I will cover commissioning of a new host and cluster expansion. in VCF environment.

    I hope I was able to add value, if your answer is yes, then don't forget to share and follow. 😊

    If you want me to write on specific content or you have any feedback on this post, kindly comment below.

    If you want, you can connect with me on Linkedin, and please like and subscribe my YouTube channel VMwareNSXCloud for step by step technical videos.

    No comments:

    Post a Comment

    Popular posts