For optimum performance, you must match the minimum recommendations for the deployment.

Recommendations for the Platform Deployment

Table 1. Specifications for Platform Brick Size

Brick Size

Cores required

for 2.1 GHz CPU

Cores required

for 2.3 GHz CPU

Cores required

for 2.6 GHz CPU

RAM

Disk

Medium

10

9

8

32 GB

1 TB

Large

15

14

12

48 GB

1 TB

Extra Large

20

18

16

64 GB

2 TB

Note:
  • The reservation for the CPU speed and RAM for each node must be 100% of the value specified above.

  • If the disk in any of the platform nodes exceeds 95% of the capacity, VMware Aria Operations for Networks UI will not be accessible.

  • To match your setup to all the specifications, you might have to add the resources (RAM, Disk, CPU). See https://kb.vmware.com/s/article/53550 and Increase the Brick Size of Your Setup.

Table 2. Non-Cluster Deployment - Maximum Capacity

Brick Size

*Number of VMs

(K = Thousand)

Flows per Day

(M = Million)

Total Flows

(M = Million)

Flow Planning

(M = Million)

Number of Network Rules for Network Map and Intents

(K = Thousand)

*Number of Edges for VMware SD-WAN

(K = Thousand)

Number of VMs for Flow Based Application Discovery

Number of UI Entities in the Network Map Topology

Medium

4K

1M

4M

2M

Not Applicable

2K

Not Supported

Not Supported

Large

6K

2M

8M

4M

Not Applicable

2K

Not Supported

Not Supported

Extra Large

10K

2M

8M

4M

170K

4K

3K

5K

Note:
  • The Network Verification and Assurance (Network Map and Intents) and Flow Based Application Discovery (Flows) features are available only for Extra Large brick size only.

  • * The count of VMs and edges mentioned in the table is the maximum individual limit for a single deployment. So, if you have edges in your setup, you might have to reduce the VM count.

  • The count of VMs includes the templates on the VMware vCenter as well.

  • Total Flows is the maximum count of flows the system can store for the retention period.

  • Flow Planning is the total flows for which the system can perform security planning.

Table 3. Cluster Deployment - Maximum Capacity

Deployment Scenario

Brick Size

Cluster Size

*Number of VMs

(K = Thousand)

Flows per Day

(M = Million)

Total Flows

(M = Million)

Flow Planning

(M = Million)

Number of Network Rules for Network Map and Intents

(K = Thousand)

*Number of Edges for VMware SD-WAN

(K = Thousand)

Number of VMs for Flow Based Application Discovery

Number of UI Entities in the Network Map Topology

Scenario 1

Large

3

10K

2M

8M

4M

Not Applicable

4K

Not Supported

5K

Extra Large

3

18K

6M

24M

6M

170K

6K

3K

5K

Extra Large

5

30K

10M

40M

10M

170K

10K

3K

5K

Extra Large

7

58K

12M

48M

10M

170K

10K

3K

5K

Extra Large

10

100K

15M

60M

10M

170K

10K

3K

5K

Extra Large

15

150K

20M

80M

10M

170K

10K

3K

5K

Scenario 2

Extra Large

3

12K

3M

12M

4M

2M

6K

12K

100K

Extra Large

5

18K

6M

24M

6M

5M

10K

24K

100K

Extra Large

7

30K

10M

40M

10M

5M

10K

24K

100K

Extra Large

10

72K

13M

52M

10M

5M

10K

24K

100K

Extra Large

15

130K

18M

72M

10M

5M

10K

24K

100K

Note:
  • Scenario 1 focuses on VMs and flows while running automated Application Discovery and Network Assurance and Verification features with limited capacity. Scenario 2 is for an environment that needs to run automated Application Discovery and Network Assurance and Verification feature with full capacity.

  • The Network Verification and Assurance (Network Map and Intents) and Flow Based Application Discovery (Flows) features are available only for Extra Large brick size only.

  • The number of UI entities means the sum of nodes and edges supported in the Network Map topology.

  • The number of rules includes all forwarding entries, including layer 3, layer 2, access control, and NAT.

  • * The count of VMs and edges mentioned in the table is the maximum individual limit for a single deployment. So, if you have edges in your setup, you might have to reduce the VM count.

  • The number of VMs includes the templates on the VMware vCenter as well.

  • Cluster size is the total number of nodes in the cluster.

  • Total Flows is the count of flows in the system for the retention period.

  • The query to determine the Total Flows is count of flows in last 31 days, assuming the retention period as 31 days.

  • Flow Planning is the total flows for which the system can perform security planning.

  • VMware Aria Operations for Networks supports maximum 10,000 security groups and 10,000 IPSets for a cluster deployment of 10 XL.

Recommendation for the Collector Deployment

Table 4. Specifications for Collector Brick Size

Brick Size

Cores required for 2.1 GHz CPU

Cores required for 2.3 GHz CPU

Cores required for 2.6 GHz CPU

RAM

Disk

Medium

5

5

4

12 GB

200 GB

Large

10

9

8

16 GB

200 GB

Extra Large

10

9

8

24 GB

200 GB

2X Large

20

18

16

48 GB

300 GB

Note:

The reservation for the CPU speed and RAM for each node must be 100% of the value specified above.

Table 5. Collector Deployment - Maximum Capacity

Collector Size

Number of VMs

(K = Thousand)

Flows per Day

(M = Million)

Flow count in 4 days

(M = Million)

Number of Edges for VMware SD-WAN

(K = Thousand)

Medium

4K

2.5M

3.25M

4K

Large

10K

5M

6.5M

6K

Extra Large

35K

10M

13M

10K

2X Large

45K

17M

22M

10K

Note:
  • The count of VMs and edges mentioned in the table is the maximum individual limit for a single deployment. So, if you have edges in your setup, you might have to reduce the VM count.

  • The count of VMs includes the templates on the VMware vCenter as well.

  • For a single deployment with more than one collector, the limitation on the total flows across collectors is based on the capacity of the platform.

Other Requirements and Considerations

  • The maximum time skew between the platform nodes has to be lesser than 30 seconds.

  • The availability of the NTP service is critical to system operations. Ensure that you do not reboot the platform node or the collector node when the NTP service is not available.

  • When the existing compute resources are completely used by the other processes on the platform, VMware Aria Operations for Networks crashes and does not recover automatically. If the services fail to recover, reboot the platform node.

  • If the network latency between platform node and upgrade server is greater than 500ms, the VMware Aria Operations for Networks upgrade might encounter an error. So, the network latency must be less than 500ms.

  • The recommended network latency between platform VMs for optimal performance is up to 3ms. The system performance might degrade beyond the limit.

  • The recommended network latency between platform and collector VMs for optimal performance is up to 150ms. The system performance might degrade beyond this limit.

  • The recommended disk latency for optimal performance is up to 5ms. If the disk latency is greater than 5ms, the system performance degrades.

  • The recommended disk IOPS is 7500.

  • For optimum performance, the recommended bandwidth usage between the collector and the platform is 15 Megabytes per second (MBps) or 120 Megabits per second (Mbps).

    Note:

    These bandwidth recommendations are made considering the largest collector and the largest platform brick sizes mentioned in this topic.

  • For Network Map, the maximum supported firewall rules per VMware NSX-T Manager (including of DFW and edge rules) is 5000.

  • To use the Assurance and Verification feature in VMware Aria Operations for Networks, you must enable Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) (if supported) on the network devices.

  • As IPv6 addresses occupy more space in memory and disk, enabling IPv6 flow processing can reduce the platform and the collector capacity by up to 20%.

Supported TLS Versions

VMware Aria Operations for Networks supports Transport Layer Security (TLS) versions 1.2 and 1.3.

Supported Web Browser

  • Google Chrome: The latest two versions.

  • Mozilla Firefox: The latest two versions.

Recommendations to Support High Availability

You can customize vSphere HA options to enable vSphere high availability.

  • Host Failure - Restart VMs

  • Host Isolation- Deactivated

  • Guest not heartbeating- Deactivated