The micro-segmentation recommendations that NSX Intelligence generates include security policies, policy security groups, and services for applications.
The NSX Intelligence recommendations are based on the network traffic flow patterns that occurred between the compute members of a selected policy group, VMs, or physical servers. The recommendations can assist you with enforcing a more dynamic security policy by correlating traffic patterns of communication that have occurred within your NSX-T Data Center environment.
- The security policy recommendations are of the East-West distributed firewall (DFW) security policies in the application category.
- The security group recommendations consist of the VMs or physical servers, whose traffic flows were analyzed for the time period and the boundary you had specified.
- The service recommendations are service objects that were used by applications in the VMs or physical servers that you had specified, but the services are not yet defined in the NSX-T Data Center inventory.
There are multiple ways to request the NSX Intelligence recommendations, but the most straightforward one is by using the tab and clicking Start New Recommendation. You provide the input compute entities (groups, VMs, or physical servers) and the time range in which the network traffic flows are to be analyzed for those specific entities. See Generate a New NSX Intelligence Recommendation for more information.
After the recommendation analysis is finished, you can view the details of the recommendation and, if necessary, modify the recommendation before publishing it. See Review and Publish Generated NSX Intelligence Recommendations for details.
You can also export a generated NSX Intelligence recommendation into a JSON-formatted file. If necessary, modify that JSON file using an external REST API tool before submitting it to NSX Policy Manager for processing. See Export NSX Intelligence Recommendation as a JSON File for more information.
