Beginning with NSX Intelligence version 4.0.1, if a compute entity has had traffic flows within the past 30 days, NSX Intelligence attempts to classify that compute entity as either providing network infrastructure service or not. These infrastructure services include DNS, DHCP, LDAP, and Active Directory.

Purpose

By identifying the compute entities that provide network infrastructure services in your network, NSX Intelligence can help you decide whether those compute entities get included in the traffic flow visualization or from being included in the DFW policy recommendation analysis that you initiate.

Note:

This feature is available only with a valid NSX Advanced Threat Prevention license or an equivalent license.

How it works

After you activate NSX Intelligence 4.0.1 or later, each VM or physical server that is part of your network inventory is identified and listed in the Classifications table of the Plan & Troubleshoot > Configurations page.

At 2 o'clock AM your local time, an NSX Intelligence cronjob runs automatically in the background and again every 24 hours thereafter. If there are at least 30 days of correlated traffic flows and there are at least 5000 unique traffic flows identified, the cronjob attempts to make inferences about the compute entities in your network. The cronjob flags each compute entity that might be a network infrastructure based on the traffic flows that the compute entity was involved in during the past 30 days. To make the inferred infrastructure classifications, the NSX Intelligence cronjob uses a proprietary machine-learning algorithm.

After NSX Intelligence makes the classification inferences, it stores the information and updates the Classifications table. Each classification is in a Not reviewed state until you accept or modify the inferred classification. To accept the classification, click Accept. To change the classification, click Modify.

The following image shows an example of what the Classifications table might look like after the NSX Intelligence infrastructure classifier job has run .

Image of of the Classifications table in the Plan &; Troubleshoot > Configurations UI page.

The following information, such as the compute entity name, the ID assigned to it, and the compute entity type, are listed for each network inventory item.

  • The Name column lists the compute entity name and its corresponding icon. To indicate that the system-inferred infrastructure classification needs your review, an orange-hued circular badge appears in the upper-right section of the compute entity icon displayed in the Name column. For example, the infrastructure icon appears as infrastructure icon with the orange-hued review badge and the non-infrastructure icon appears as VM icon with the orange-hued review badge.

  • The ID column lists the ID number assigned to the VM or physical server.
  • The Workload Classifications column can have one of the following values.
    Workload Classification Value Description
    Classification Pending The initial classification value assigned to each compute entity until you manually assign a classification or the NSX Intelligence classification job makes an inferred classification.
    Infrastructure Service This value means the compute entity provides infrastructure services, such as DNS, DHCP, LDAP, and Active Directory. The value can be set by the system based on the inference classification cronjob or it can be set manually.
    Others (Non-infrastructure) This value means the compute entity does not provide any infrastructure service. The value can be set by the system based on the inference classification cronjob or it can be set manually.
  • The Last Classified By column initially has the Unknown value. The value then changes to System after the initial classification inference gets completed. When you manually classify a compute entity, the value for the column is set to User.

  • The Last Update On column indicates when the displayed classification was made manually or by the system.
  • The Review Status column initially has the Not applicable status. It can have one of the following statuses.
    Review Status Description
    Not applicable Indicates that the information displayed for the compute entity is based on the initial inventory identification that NSX Intelligence performed. You can manually classify each compute entity that is listed in the table by clicking Modify and selecting the classification.
    Not reviewed The NSX Intelligence infrastructure classifier job has inferred a classification for the compute entity based on the traffic activity that occurred within the past 30 days. The system-inferred classification is listed in the Workload Classification column. Click Accept if the classification is correct or click Modify to change the inferred classification.
    User Modified This status gets displayed when you click Accept to accept the system-inferred classification or Modify to manually select the classification.
  • The Type column can be either Virtual Machine or Physical Server.

Reviewing the classification

Review the classifications inferred by the NSX Intelligence infrastructure classification cronjob. Use the UI to accept or modify the inferred infrastructure classification. You can review the classifications using one of the following methods.

  • Click Plan & Troubleshoot > Configurations and select the Classifications tab. Click Accept or Modify.

  • In the Start New Recommendation dialog box, if you toggled Exclude Infrastructure Workloads to Activated, you can click View all infrastructure workloads here and use the Infrastructure Service Workloads to accept or modify the classifications.

  • Right-click a compute entity node, select <compute entity>Information from the drop-down menu. In the Infomation dialog box locate the Workload Type property. Next to the Classification Pending status, click Accept or Modify.

  • Click the gear icon settings gear icon in the upper-right section of the UI. In the NSX Intelligence Related Settings dialog box, click the Plan & Troubleshoot > Configurations.

When you accept the infrastructure classification, NSX Intelligence displays an infrastrcuture entity node for that compute entity in the visualization graph . You can also choose to exclude the infrastructure entity from the recommendation analysis when you are defining the new recommendation boundary in the Start New Recommendation dialog box.

See Administer the Infrastructure Classifications in NSX Intelligence for details.

Filtering the list of classifications

You can filter what compute entity gets displayed in the Classifications table. Click Filter and select one or more of the following criteria from the drop-down menu.

  • Name: Physical Server Name or VM Name

  • ID: Physical Server ID or VM ID

  • Classification

  • Last Classified By

  • Review Status

  • Type

Sort the list of classified entities

To sort the list of entities in the Classifications table, click Sort By, select Last Updated at and select Ascending or Descending.