VMware NSX Intelligence 3.2 Release Notes

VMware NSX Intelligence 3.2 \| 16 DEC 2021 \| Build 19067744 Check for additions and updates to these release notes.

VMware NSX Intelligence 3.2 | 16 DEC 2021 | Build 19067744

Check for additions and updates to these release notes.

Overview

VMware NSX® Intelligence™ is a distributed analytics solution that leverages granular workload and network context unique to NSX to deliver converged security policy management, analytics, and compliance with data center-wide visibility. NSX Intelligence provides a user interface via a single management pane within NSX Manager and provides the following features:

Real-time flow visibility for compute workloads in your environment.
Correlation of live or historic network traffic flows, user-defined firewall configurations, and compute workload inventory.
Ability to view past information about network traffic flows, user-defined firewall configurations, and compute workload inventory.
Automated micro-segmentation planning by recommending firewall rules, groups, and services.

What's New

NSX Intelligence 3.2.0 is a major release offering the following new and enhanced features.

NSX Intelligence Platform and Form Factor Changes

New Scale-out Architecture - To achieve higher scale and additional functionality, NSX Intelligence now runs on the NSX Application Platform. Starting with the 3.2 release, NSX Intelligence is no longer offered as an independent appliance (OVA) installation. Please note that since the NSX Application Platform runs on Kubernetes, a Kubernetes cluster must be already deployed and available prior to the installation of the NSX Application Platform and NSX Intelligence. See the following documentation for more information.
- Deploying and Managing the VMware NSX Application Platform for details about deploying the NSX Application Platform that hosts NSX Intelligence 3.2 and later.
- Activating and Upgrading VMware NSX Intelligence for information on installing NSX Intelligence on the NSX Application Platform.
NSX Intelligence Migration from Appliance to NSX Application Platform - When installing NSX Intelligence 3.2.0, you have the option to migrate and retain all historical data from your existing NSX Intelligenace 1.2.x installation. See the Upgrading NSX Intelligence section of the Activating and Upgrading VMware NSX Intelligence documentation for details.
NSX Intelligence integration with vSphere Lifecycle Manager - You can now run NSX Intelligence with ESX clusters that are vSphere Lifecycle Manager enabled.
NSX Intelligence Data Collection Settings - Provides the ability for you to selectively enable NSX Intelligence to collect data on a subset of ESXi hosts or clusters of hosts, which aids in scale management and license compliance. See Configure NSX Intelligence Settings for details.

NSX Intelligence Visualizations

Workload View Enhancements:
- Details about User Logout Time and VM Tools Version are added.
- Shows the latest group information for a unique flow.
- Shows aggregated flow attributes (Source and Destination IP addresses, Users, Process, FQDN, and more details) about a flow when you select Flow Details from a node's contextual menu.
Canvas View Enhancements: Enhances the Public IPs Group to specify an exact list of public IP addresses that are communicating to NSX objects in your NSX-T Data Center.
Performance: Improved performance when loading the landing page views for the compute and group views.

NSX Intelligence Recommendations

Group re-use partial match based on user-configured threshold .
Section re-use, if a recommended rule applies to an existing section, recommendation can update the rules in that section. If there is a new service, recommendation will create a new rule in that section.

Network Traffic Analysis

Detectors have been added to the network traffic analysis capability to increase the number of detectors to 14. The feature is now available from the Security > Suspicious Traffic section of the NSX Manager UI. For details, see the Detecting Suspicious Network Traffic in NSX-T Data Center section of the Using and Managing VMware NSX Intelligence documentation.

Data Upload/Download
Destination IP Profiler
DNS Tunneling
Domain Generation Algorithm
Netflow Beaconing
Port Profiler
Server Port Profiler
Unusual Network Traffic Pattern

System Requirements

For system requirements information, see Activating and Upgrading VMware NSX Intelligence. For information about ports and protocols required for NSX Intelligence, see the VMware Ports and Protocols information for VMware NSX Application Platform, which hosts the NSX Intelligence application.

Compatibility Notes

For NSX Intelligence and NSX-T Data Center interoperability information, see VMware Product Interoperability Matrices.
NSX Intelligence is interoperable with NSX Federation deployments but does not directly support NSX Global Managers. To use the NSX Intelligence user interface, you must access the Local Manager instead of the Global Manager. For deployments with NSX Federation, if an NSX Intelligence instance is deployed with the Local Manager on a specific site, you will see groups and flows from the Global Manager. However, the visualization will not reflect specifics from other sites. NSX Intelligence recommendations will also not function across various sites because NSX Intelligence does not integrate with the Global Manager of the NSX Data Center.

API and CLI Resources

See the NSX Intelligence & NSX Application Platform API Reference page for the available for NSX Intelligence REST API resources.

Available Languages

NSX Intelligence has been localized into multiple languages: English, German, French, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish. Because NSX Intelligence localization utilizes the browser language settings, ensure that your settings match the desired language.

Document Revision History

Revision Date	Edition	Changes
December 16, 2021	1	Initial edition.
April 18, 2022	2	Removed known issue 2374229, which is based on the NSX Intelligence appliance. Beginning with version 3.2.0, NSX Intelligence is based on the NSX Application Platform.
April 21, 2022	3	Added known issues 2879564, 2879667, 2885869, and 2889740.
May 5, 2022	4	Modified the information for known issue 2839668.
May 12, 2022	5	Added known issue 2908149.
February 17, 2023	6	In the Compatibility Notes section, added support information about NSX Federation deployments.
February 23, 2023	7	Added known issue 3095623.
April 14, 2023	8	Updated the workaround info for known issue 3095623 and also associated issue 3164022 to that known issue.
August 15, 2023	9	Updated the link to the VMware Ports and Protocols page.

Resolved Issues

Fixed Issue 2665452: NSX Intelligence visualization is slow in its loading or recommendation jobs fail under heavy load when Guest Introspection is in use.

When specifying a time range that is greater than one hour, the Groups view in the Plan & Troubleshoot > Discover & Take Action user interface is very slow to load in the visualization canvas. In addition, the /var/log/druid/sv/overlord-service.log file shows Druid compaction job failures for context tables. The issue is due to Druid segments growing faster than expected because compaction is not occurring.
Fixed Issue 2801225: The Recommendation job or Continuous Monitoring job might not be operating on the most recent version of a Group, Virtual Machine, Bare Metal, or Service entity in the Druid database.

The Continuous monitoring task might not set or reset the necessary rerun flag when a group membership has changed. The Recommendation job might not get the most recent version of the group or its members. This can result in an analysis that does not consider all of the members of the group.

Known Issues

Issue 3095623 and 3164022: After force deleting transport nodes (TNs) that were created using Policy style API, NSX Intelligence traffic flows are not visible for any newly added TNs.

When you use the Policy framework to configure the TNs and the policy paths contain a custom resource name, if any of those TNs are force deleted, data collection is not enabled on any newly added TNs. The old TNs will continue to send data. The NSX Data Collection group goes into an inconsistent state because the policy paths of the force deleted TNs did not get cleared.
Workaround: Use the following steps to clean up the Data Collection group so that it contains the valid policy path.
1. Fetch the NSX Application Platform (NAPP) registration results using the following API request.
```
GET https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration
```
2. Set the the NSX Intelligence enablement to false using the following API request and the cluster_id info from the registration API request results. Make sure to have "is_intelligence_enabled": false" in the PATCH API request payload.
```
PATCH https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration/<cluster_id>
{
  "cluster_id" : "<cluster_id>",
  "is_intelligence_enabled" : false
}
```
3. Set the NSX Intelligence enablement back to true using the same API. Make sure to have "is_intelligence_enabled": true" in the PATCH API request payload.
```
PATCH https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration/<cluster_id>
{
  "cluster_id" : "<cluster_id>",
  "is_intelligence_enabled" : true
}
```
Issue 2908149: After upgrading NSX Intelligence from version 1.2.x to version 3.2.0 or 3.2.0.1, the Redis /data directory gets filled up, the roll-up does not work, and NSX Intelligence does not function as expected.
The NSX Intelligence visualization does not display any visualization for the Now time period after upgrading NSX Intelligence 1.2.x to version 3.2.0 or 3.2.0.1. When this issue occurs, the output of the following command indicates that the /data directory for each of the Redis pods is at 100% utilization.
```
kubectl exec -it -n nsxi-platform <redis-pod-name> –df -kh /data
```
where <redis-pod-name> can be redis-master-0, redis-slave-0, or redis-slave-1.
Workaround: Use the following commands to manually delete the files indicated below from the redis-master pod and delete the redis-master-0 pod. After successfully running these commands, the redis-master pod will start up automatically and the redis-slave-n pods will be synced automatically to the redis-master pod.
1. Delete the appendonly.aof and dump.rdb files from the redis-master pod.
```
kubectl exec -it -n nsxi-platform redis-master-0 -- rm /data/appendonly.aof  
kubectl exec -it -n nsxi-platform redis-master-0 -- rm /data/dump.rdb
```
2. Delete the redis-master-0 pod.
```
kubectl delete pod -n nsxi-platform redis-master-0
```
Issue 2889740: A lag in processed traffic flows can occur after migrating to NSX Intelligence 3.2.0 and the UI does not display information about recent traffic flows.

After migrating an NSX Intelligence 1.2.x set up to NSX Intelligence 3.2.0, traffic flows stop being correlated by the processing pipeline. When this occurs the UI does not reflect the recent traffic flows. Historical flows are still visible in the UI.

Workaround: Restart the spark-operator pod.
Issue 2885869: Druid tasks are left in pending state after upgrading from NSX Intelligence 1.2.x to NSX Intelligence 3.2.0.

After you upgrade from NSX Intelligence 1.2.x to NSX Intelligence 3.2.0, some Druid tasks are in pending state. When in the Groups view or Computes view, you will not see any service details in the Flow Details dialog for the Allowed and Blocked flows.
Workaround: Use the following steps.
1. From the NSX Manager or the runner IP host (Linux jump host from which you can access the Kubernetes cluster), run the following command.
  
  kubectl -n nsxi-platform port-forward svc/druid-coordinator 18281:8281 --address 0.0.0.0
2. Open a Druid console using the following command: https://<VM IP>:18281, where VM IP is the runner IP.
3. Find the tasks which are in Pending state and perform a hard reset of all the supervisors related to those pending tasks.
4. Restart proton on all the NSX Managers using the systemctl restart proton command for triggering a full sync.
Issue 2879667: Traffic flows are not streamed through the PubSub channel after NSX Intelligence is migrated to version 3.2.0.

After migrating from NSX Intelligence 1.2.x to NSX Intelligence 3.2.0, the entries in the PubSub subscription table are not updated to point to the correct Kafka broker endpoint. Hence, there are no traffic flows being received from the subscription.

Workaround: Create a new data subscription.
Issue 2879564: Any custom NSX Intelligence configuration values that were set prior to NSX Intelligence 3.2.0 are overridden with the default values post migration.

If you made customizations to the host configuration in previous NSX Intelligence releases, those customizations are canceled after migrating to NSX Intelligence 3.2.0.

Workaround: To reapply the custom host configuration values, make the following call:

PATCH napp/api/v1/intelligence/data-collection/host-config
Issue 2885186: After upgrading from NSX-T 3.1 to NSX-T 3.2, unable to see the data when you apply filter or open group flow details.

Flow details dialog is empty after migration or doesn't report flows when applying filter.

Workaround: None. System should work normally after 30 minutes.
Issue 2839668: Old traffic flow data and configuration data from the previous NSX Intelligence deployment are still displayed after NSX Intelligence is reactivated.

If NSX Intelligence is deactivated, but the NSX Application Platform remains deployed, the old traffic flow data and configuration data from the previous NSX Intelligence deployment continue to be displayed after NSX Intelligence is reactivated. There is no easy way to clean up the old data and keep them from being displayed.

Workaround: Contact the VMware Support team for assistance with cleaning up the old data.
Issue 2599301: Some active sessions are not visible on the NSX Intelligence user interface for the Last 1 Hour view and are not picked up by the Recommendations module for recommending policies.

There are active traffic flows running on compute hosts, but these traffic flows are not visible in the Last 1 Hour view on the NSX Intelligence user interface. Starting a recommendation analysis for the involved compute hosts does not generate any recommendations for those traffic flows even though those traffic flows are unsegmented.

Workaround: Synchronize the timestamps across all the compute hosts that are exporting the network traffic flows.
Issue 2389691: Publish recommendation job fails with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."

If you try to publish a single recommendation job that contains more than 2,000 objects, it will fail with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."

Workaround: Reduce the number of objects to fewer than 2,000 in the recommendation job and retry the publication.