The NSX Intelligence Recommendations feature can provide you with recommendations to help you micro-segment your applications.

Generating an NSX Intelligence recommendation involves recommendations of security policies, policy security groups, and services for the application. The recommendations are made based on the traffic pattern of communication between VMs in your NSX-T Data Center. There are multiple ways to generate a recommendation using the NSX Intelligence UI. The following procedure describes the three available methods to use.

Prerequisites

Install NSX Intelligence. See Installing and Upgrading VMware NSX Intelligence.

Procedure

  1. From your browser, log in with enterprise administrator privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Initiate the generation of a new recommendation.
    Use the following table to decide which of the three available methods to use.
    Method Steps
    Select Plan & Troubleshoot > Recommendations. Click Start New Recommendation.
    In the VMs view, select a VM and right-click. From the contextual menu, select Start New Recommendations.
    Select Plan & Troubleshoot > Discover & Take Action.
    1. In the Security Posture filter, click the down arrow and select VMs.
    2. Select the VMs that comprise the application boundary and click Apply.
    3. Click the Recommendations wand icon .
    4. On the Recommendations dialog box, click Start New Recommendation.
  3. In the Start New Recommendations wizard, optionally change the default value for the Recommendation Name.
  4. Define or modify the VMs that are to be used as the boundary for the security policy recommendation.
    1. Click Select VMs or the number of VMs Selected.
    2. In the Select VMs dialog box, select the VMs that you want to use as the boundary for the analysis and deselect the ones you do not want included.
      You can select up to 100 VMs to use for the recommendation boundary. You can also begin entering the name in the selection bar to filter the VMs to select.
    3. Click Save.
      The number of VMs selected is indicated on the Discover New Recommendation dialog box.
  5. Expand More Options to change the default values for Description and Time Range that are used for the recommendation analysis. The default Time Range value is Last 1 Month, which means the network traffic flows that occurred in the last one month between the selected VMs are used during the recommendation analysis.
  6. Click Start Discovery.
    Recommendations are processed serially. On average, it can take anywhere from 3 to 4 minutes to finish each recommendation, depending on whether there are other recommendations that are pending to be processed. If there are numerous traffic flows between VMs that must be analyzed, the generation of a recommendation can take anywhere between 10–15 minutes. The status can be tracked from the Recommendations tab. The status progresses from Waiting, to Analyzing, and finally to Ready to Publish. The following screenshot shows the three different statuses of the generated recommendations.

    After a recommendation is published successfully, the status is changed to Published.

What to do next

Review the generated recommendation and decide whether to publish it. See Review and Publish a Generated Recommendation.