VMware NSX Intelligence 4.0.1 Release Notes

VMware NSX Intelligence 4.0.1 \| 13 OCT 2022 \| Build 20606727 Check for additions and updates to these release notes.

VMware NSX Intelligence 4.0.1 | 13 OCT 2022 | Build 20606727

Check for additions and updates to these release notes.

What's New

VMware NSX® Intelligence^TM 4.0.1 is the first release that interoperates with VMware NSX 4.0.x releases. New known issues identified since the NSX Intelligence 3.2.1 release have been added to the Known Issues section.

This release provides the following new enhancements in the visualization and firewall rule recommendation functionalities.

The NSX Intelligence visualization graph user interface has new visualization options.
- NSX Intelligence attempts to classify compute entities that provide infrastructure core services. After you confirm the infrastructure classification, a new graphic icon represents the infrastructure entity in the NSX Intelligence visualization graph. See Managing Compute Entity Classifications in NSX Intelligence for more information.
- You can create temporary visualization labels to assign to compute entities. These visualization labels are only used within the context of NSX Intelligence to help you organize and manage multiple related compute entities while working with the NSX Intelligence visualization and recommendation features. See Managing Visualization Labels in NSX Intelligence.
- The multiview support is now available in the visualization graph. You can use one of the following clustering modes.
  - by flows, by name, or by tags in either the Groups view or Computes view
  - by labels in the Computes view only
New NSX Intelligence Recommendation feature enhancements are introduced.
- Compute entities that have been classified and confirmed as infrastructure entities can be excluded from the DFW rule recommendation analysis.
- Recommended DFW rules can now be exported in CSV file formats. See Export an NSX Intelligence Recommendation as a CSV File.
- You can now cancel recommendation jobs that have the Waiting status or the Discovery in Progress status.

System Requirements

For system requirements information, see Activating and Upgrading VMware NSX Intelligence. For information about ports and protocols required for NSX Intelligence, see the VMware Ports and Protocols information for VMware NSX Application Platform, which hosts the NSX Intelligence application.

Compatibility Notes

For NSX Intelligence and NSX interoperability information, see VMware Product Interoperability Matrices.
NSX Intelligence is interoperable with NSX Federation deployments but does not directly support NSX Global Managers. To use the NSX Intelligence user interface, you must access the Local Manager instead of the Global Manager. For deployments with NSX Federation, if an NSX Intelligence instance is deployed with the Local Manager on a specific site, you will see groups and flows from the Global Manager. However, the visualization will not reflect specifics from other sites. NSX Intelligence recommendations will also not function across various sites because NSX Intelligence does not integrate with the Global Manager of NSX Data Center.

API and CLI Resources

See the NSX Intelligence and NSX Application Platform API Reference page for the available NSX Intelligence REST API and CLI resources.

Available Languages

NSX Intelligence has been localized into multiple languages: English, German, French, Italian, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish. Because NSX Intelligence localization utilizes the browser language settings, ensure that your settings match the desired language.

Document Revision History

Revision Date	Edition	Changes
October 13, 2022	1	Initial edition.
November 8, 2022	2	Added resolved issue 3021103.
February 17, 2023	3	In the Compatibility Notes section, added support information about NSX Federation deployments.
February 23, 2023	4	Added known issue 3095623.
April 14, 2023	5	Updated the workaround info for known issue 3095623 and also associated issue 3164022 to that known issue.
July 11, 2023	6	Added known issue 3034560. Removed known issue 2885186. It is no longer observed beginning with the 3.2.1 release.
August 15, 2023	7	Updated the link to the VMware Ports and Protocols page.

Resolved Issues

Fixed Issue 3021103: When using NSX Intelligence 3.2.1 with NSX 3.2.2 and the multi-NSX feature is activated, you can see both the prepared and unprepared clusters displayed in the Data Collection tab of the System Settings > NSX Intelligence user interface. Activating or deactivating data collection on the unprepared cluster is nonfunctional.

Although it appears that you can activate and deactivate data collection on the unprepared clusters, the action is actually nonfunctional. You can only edit the data collection mode on prepared clusters.

Known Issues

Issue 3034560: Kafka logs filled up the ephemeral storage causing the Kafka pods to be restarted.

The /opt/kafka/log directory became full causing the Kafka pod to be restarted with the message:Pod ephemeral local storage usage exceeds the total limit of containers 1Gi. While the Kafka restarts, the system is unable to perform any activities, such as monitoring the network traffic or generating a new recommendation.

Workaround: See VMware knowledge base article 91737.
Issues 3095623 and 3164022: After force deleting transport nodes (TNs) that were created using Policy style API, NSX Intelligence traffic flows are not visible for any newly added TNs.

When you use the Policy framework to configure the TNs and the policy paths contain a custom resource name, if any of those TNs are force deleted, data collection is not enabled on any newly added TNs. The old TNs will continue to send data. The NSX Data Collection group goes into an inconsistent state because the policy paths of the force deleted TNs did not get cleared.
Workaround: Use the following steps to clean up the Data Collection group so that it contains the valid policy path.
1. Fetch the NSX Application Platform (NAPP) registration results using the following API request.
```
GET https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration
```
2. Set the the NSX Intelligence enablement to false using the following API request and the cluster_id info from the registration API request results. Make sure to have "is_intelligence_enabled": false" in the PATCH API request payload.
```
PATCH https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration/<cluster_id>
{
  "cluster_id" : "<cluster_id>",
  "is_intelligence_enabled" : false
}
```
3. Set the NSX Intelligence enablement back to true using the same API. Make sure to have "is_intelligence_enabled": true" in the PATCH API request payload.
```
PATCH https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration/<cluster_id>
{
  "cluster_id" : "<cluster_id>",
  "is_intelligence_enabled" : true
}
```
Issue 3046291: Recommendation jobs might fail to complete when the NSX Intelligence, NSX Network Detection and Response, and NSX Malware Prevention features are all activated.

An NSX Intelligence recommendation job can get stuck in the ANALYSIS_IN_PROGRESS state when the NSX Intelligence, NSX Network Detection and Response, and NSX Malware Prevention features are activated on an Advance form factor. If the minimum Kubernetes cluster resource requirements are not met, the recommendation job cannot run to completion because the existing cluster resources are insufficient.

Workaround: Scale out the nodes used by the NSX Application Platform, as described in the "Scale Out the NSX Application Platform" topic in the Deploying and Managing the VMware NSX Application Platform documentation that is delivered with the VMware NSX Documentation set. After the scale out is performed, more memory and CPU resources become available in the cluster and can be allocated to complete the recommendation job.
Issue 3008628: In network environments that use mixed IPv4 and IPv6, some of the network traffic analytics (NTA) detection capabilities in the NSX Suspicious Traffic feature are degraded.

In network environments that have traffic from VMs that use IPv4 and IPv6, some pods used by the NSX Suspicious Traffic feature in NSX Intelligence might fail silently and stop processing the network traffic altogether. Some anomaly detection capabilities are lost and it is possible that some anomalous activity in the network might go undetected. As a result of the missing detections, some NSX Network Detection and Response campaigns might not get created.

The following detectors are affected: Data Upload/Download, Destination IP Profiler, DNS Tunneling, Domain Generation Algorithm (DGA), Netflow Beaconing, Port Profiler, Server Port Profiler, and Unusual Network Traffic Pattern.

Workaround: None. Note that you can still activate the NSX Suspicious Traffic feature in NSX Intelligence. The following detectors are not affected by this issue and remain fully functional: Horizontal Port Scan, LLMNR/NBT-NS Poisoning and Relay, Network Traffic Drop, Remote Services, Uncommonly Used Port, and Vertical Port Scan.
Issue 2389691: Publish recommendation job fails with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."

If you try to publish a single recommendation job that contains more than 2,000 objects, it will fail with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."

Workaround: Reduce the number of objects to fewer than 2,000 in the recommendation job and retry the publication.
Issue 2599301: Some active sessions are not visible on the NSX Intelligence user interface for the Last 1 Hour view and are not picked up by the Recommendations module for recommending policies.

There are active traffic flows running on compute hosts, but these traffic flows are not visible in the Last 1 Hour view on the NSX Intelligence user interface. Starting a recommendation analysis for the involved compute hosts does not generate any recommendations for those traffic flows even though those traffic flows are unsegmented.

Workaround: Synchronize the timestamps across all the compute hosts that are exporting the network traffic flows.
Issue 2839668: Old traffic flow data and configuration data from the previous NSX Intelligence deployment are still displayed after NSX Intelligence is reactivated.

If NSX Intelligence is deactivated, but the NSX Application Platform remains deployed, the old traffic flow data and configuration data from the previous NSX Intelligence deployment continue to be displayed after NSX Intelligence is reactivated. There is no easy way to clean up the old data and keep them from being displayed.

Workaround: Contact the VMware Support team for assistance with cleaning up the old data.