Endpoint Monitoring enables visibility into specific application processes and their associated network connections.

Summary Tab

After data collection is completed, the summary screen displays the details of the NSX manager, the security group and the time slot of the collected data. The number of running virtual machines (VMs) and the total number of processes generating traffic is shown in the first box. Clicking the number of virtual machines running takes you to the VM Flows tab, described below. Clicking the number of processes generating traffic takes you to the Process Flows tab, described below.

The second box displays a donut with the total number of flows. A flow is any unique stream of network traffic as identified by its packet type, source and destination IP, and port. Hover the cursor over each section and the number of flows within the security group or outside the security group is shown.

VM Flows Tab

This screen displays the details of the flows within the VMs including:
  • VM name - Name of the VM that is being monitored
  • Flows within security group - Traffic flowing between the VMs where the source or destination is inside the monitored security group
  • Flows outside security group - Traffic flowing between the VMs where the source or destination is outside the monitored security group
  • Shared service flows outside group - Shared service flows such as DHCP, LDAP, DNS, or NTP, outside the monitored security group
  • Shared service flows inside security group - Shared service such as DHCP, LDAP, DNS, or NTP, inside the monitored security group
Clicking on a specific VM name in the table displays a bubble graph that shows the following:
  • flows between VMs in the same security group
  • flows that contain shared services
  • flows between different security groups
Click on a bubble to view the details of the VM. The detailed flow view includes the process name, version and number of flows being generated by each process. If it contains shared services there is a special icon that is visible. Clicking on a line between two VM bubbles displays the process flow details of the flows between those two VMs including:
  • Source process - Name of application/exe generating traffic and initiating the flow
  • Source version - File version of source
  • Protocol - TCP
  • Destination process - Name of the server application/exe of the process that is the destination of the flow
  • Destination port - Port number of the destination

Process Flows Tab

This screen displays a list of all the applications that are generating flows. The table displays the following:
  • Process Name - Name of application generating traffic
  • VM name
  • Flows within security group - Traffic flowing between the VMs where the source or destination is inside the monitored security group
  • Flows outside security group - Traffic flowing between the VMs where the source or destination is outside the monitored security group
  • Shared flows within security group - Shared flows, within the monitored security group
  • Shared flows outside security group - Shared flows, outside the monitored security group
The bubble graph depicts the flows that are occurring with the process or application on the selected VM as the anchor. Click on any of the bubbles for the process name and version. Click on any line to display the following:
  • Source VM - Name of client VM that is hosting the client process
  • Source IP - IP address of the flow
  • Protocol - TCP
  • Destination VM - Name of the server VM that is hosting the server process
  • Destination IP- IP address of the destination
  • Destination port - Port number of the destination

AD User Flows Tab

This screen displays the flows by all AD Users on AD joined VMs that are part of a security group. There are three tables:
  • AD User Table -Lists all users that have initiated network flows from or to VMs that were part of the selected security group.
  • AD Sessions Table - Lists all the sessions that were created by a user selected from the AD User Table. There are as many sessions as the number of unique pairs of users, source VM IPs.
  • AD User Flows Table - When a user clicks on a session, this page appears, providing additional flow details