Working with the Computes View in NSX Intelligence

A node in the Computes view represents one of the compute entities in your on-premises NSX environment. A compute entity is a virtual machine (VM), a physical server, or an IP address.

Computes View Selection

If you are not seeing the Computes view, click the down arrow next to Groups in the Security view selection area and select Computes. To display all the compute entities during the selected time period, you can select Select All Computes in the drop-down menu. To display only VMs, IPs, or Physical Servers, click Show All Types and select VMs, IPs, or Physical Servers from the drop-down menu.

You can also select specific compute entities from the Available Items list. Use the Search text box to filter the selection list. Click Apply after making your selections.

If you click away from the drop-down menu without making any selection or if you select Select All Computes in the drop-down menu, the Select All Computes option gets applied to the Computes view.

Clustering of Compute Nodes

Beginning with NSX Intelligence 4.0.1, when you select the Computes view, the compute entity nodes are displayed into clusters of nodes by default. The Clustering By Flows mode is the default clustering mode used. This mode is based on the traffic flows that occurred with the compute entities in your NSX environment when there are 30 days worth of traffic flow data. With the clustering feature, you can have a high-level view of the activities in your NSX environment during the selected time period and can help you decide where to focus your attention.

The following image illustrates a sample Computes view that shows one cluster that includes six compute entities that exchanged traffic flows and another cluster of two compute entities that did not have any traffic activity during the selected time period. The view is using the Clustering By Flows mode and displays the traffic flow activities that occurred in the last 12 hours.

A screenshot of the Plan & Troubleshoot > Discover & Take Action UI displaying a sample of the Computes view.

The number displayed on top of the cluster boundary indicates how many compute entities there are in that particular cluster visualization for the selected time period. To see more details about a specific cluster and the compute entities that are part of that cluster, zoom in the graph. As you zoom in closer to the nodes and arrows, the details about the compute entities and traffic flows become more visible and easier to select. To narrow which compute entities are displayed in the visualization graph, apply filters using the Apply Filters section.

To change the clustering mode used for the visualization, click the clustering control icon clustering control icon described by surrounding text located at the bottom right of the visualization graph and select Labels, Names, or Tags. The visualization graph gets updated immediately based on your selection.

Nodes in the Computes View

A node in the Computes view represents a compute entity (such as a VM, a physical server, or an IP address) or an uncategorized VM in your NSX inventory. Any node that is communicating with one of the compute entities in your NSX environment, but did not get identified as part of the NSX inventory, is also represented in the Computes view.

The following table lists the types of compute entity nodes you might see in the Computes view.


Type of compute entity node	Icon	Description
Regular VM		A Regular VM node represents a virtual machine (VM) that is part of your NSX environment. A VM can belong to more than one group.
Public IP		A Public IP node represents a public IP address, either an IPv4 or IPv6 , that is communicating to or from your NSX environment. Right-clicking this icon lists all the public IP addresses that had network traffic activity during the selected time period. Pointing on a traffic flow arrow connected to this node displays the actual IP address that participated in that traffic flow exchange.
IP		An IP node represents an IP address that participated in the network traffic activities during the selected time period. An IP address can be a unicast, broadcast, or multicast IP address.
Physical Server		This node represents a physical server that is part of your NSX environment. A physical server can belong to more than one group. The currently supported physical servers are as follows. RHEL Server release 7.9, 8.2, 8.4 Ubuntu 16.04, 18.04 CentOS 7.9, 8.4 SUSE 12 SP4 Windows Server 2016, 2019
Network infrastructure service entity		This node represents a compute entity that has been classified as providing core network infrastructure service, such as DNS, DHCP, LDAP, or Active Directory. An orange-hued badge on the upper right edge of the icon, as shown in this image , indicates that the system-inferred infrastructure classification for this compute entity needs your review. For more information, see Managing Compute Entity Classifications in NSX Intelligence.

Color of a Node

The color of the border of a node corresponds to the types of traffic flows that occurred with the compute entity during the selected time period. A compute entity that did not have any communication with any other compute entities during the selected time period gets placed together in a separate cluster.

A node with a red-hued border indicates that at least one unprotected traffic flow was detected, regardless of the number of blocked or allowed flows that were detected during the selected time period.
A blue-hued border on a node means that no unprotected traffic flows were detected, but at least one blocked flow was detected, regardless of how many allowed flows were detected during the selected time period.
A node with a green-hued border indicates that there were no unprotected or blocked flows detected during the selected time period, and at least one allowed flow was detected.
A node with a gray-hued border means that during the selected time period there were no traffic flows detected for that compute entity.

Arrows in the Computes View

The arrows between the compute entity nodes represent the traffic flows that have occurred between the compute entities during the selected time period. See Working with Traffic Flows in NSX Intelligence for more information.

Node Selection in Computes View

When you point to a compute entity node, some information about the compute entity is displayed, such its name and when it was discovered by the system. as shown in the following sample screenshot. Also listed are the number and types of flows that NSX Intelligence detected as having occurred with that compute entity during the selected time period. If the compute entity got added during the selected time period, the New badge icon and the details of when the compute entity got added are also displayed.
Image of information about the compute node that the pointer is currently pointing to.

Image of information about the compute node that the pointer is currently pointing to.

When you click a compute entity node, a dashed circle marks the selection as a pinned compute entity node. Other compute entity nodes that had traffic flows with that pinned node are also made more prominent in the Computes view. All other nodes become dimmed to make them less visible. To clear the pinned selection, click in any empty area of the Computes view.

When you zoom out of the Computes view and the details in the compute entity nodes are no longer visible, point to any visible part of the node. The details for the compute entity are displayed.

Selecting Multiple Compute Nodes

Beginning with NSX Intelligence 4.0.1, you can select multiple compute entity nodes and perform the same action, such as assign a label or start a recommendation analysis, on your selection of compute entities.

Click the selection control icon to select one or more of the compute entity nodes displayed in the visualization canvas. You can click and drag your pointer over the compute nodes that you want to select. You can also press the Shift+click specific compute nodes to make your selection.

The system displays the number of selected compute nodes in a new Selected panel that appears next to the Flows section. The panel looks similar to this sample image Selected Nodes panel . From this panel you can click the recommendation icon and start a new recommendation analysis. You can also click the label icon and assign a label for the selected compute entities. If you want to remove the label assignments to the selected compute entities, click the remove icon .

Alternatively, right-click any of the selected compute nodes to see the number of nodes you have selected and the actions available for you to apply to your selection.

Using Labels in the Computes View

You can assign a label to a selection of compute entity nodes. After you make your selection, right-click any of the selected node, select Assign a Label, select a label from the drop-down menu of available labels, and click Assign. See Managing Visualization Labels in NSX Intelligence for details.

Available Actions in the Computes View

A contextual menu of available actions is displayed when you right-click the node for a compute entity, as illustrated in the following image.

Contextual menu of available actions you can take when right-clicking a compute node. Each action are described the the table following this image.

The following table describes the available actions you can select from the drop-down menu.


Selection	Description
Filter By	The compute entity gets added to the visualization filter that is used for the current Computes view.
View Suspicious Network Activities `<n>`	If a suspicious network activity is detected involving this compute entity, this item will be selectable. The (n) indicates the number of detected suspicious activities. See Detecting Suspicious Network Traffic in NSX for more information.
View Recommendations (`<n>`)	The table of recommendations for the current compute entity is displayed. The (n) indicates the number of available recommendations. From the Recommendations table, you can view the recommendation details and perform the available actions. See Working with NSX Intelligence Recommendations for more information.
View `<Compute entity type>` Information	The details are displayed for the currently selected compute entity during the selected time period. Details depend on the type and can include the Name, IP Address, ID, operating system information, computer name, tags, BIOS ID, host transportation node, and infrastructure classification. Note: If a VM is attached to the segment profile as the default IP Discovery profile and has (Trust On First Use) TOFU enabled, the VM initially gets an IP address from DHCP. If the DHCP IP address is released and the VM IP address is changed to a static IP address, both the DHCP and static IP addresses are displayed in VM Information. If TOFU was disabled in the default IP discovery profile, when the initially assigned DHCP IP address is released and the VM IP address is changed to a static address, only the static IP address is displayed in VM Information.
View Related Groups	Displays the Groups table with information about groups to which the compute entity belonged during the selected time period.
View Processes	(For VM nodes only) Displays the Processes table, which displays the details about the processes that involved traffic flows where data was either sent, received, or both to the VM. To be able to view processes information, you must install guest components on the VMs. See the "Installing Guest Components" section of the NSX Administration Guide that is delivered with the VMware NSX Documentation set.
View Flow Details	Shows the details about the completed flows and the flows that are currently active with the compute entity during the selected time period. Note: The active flows during the selected time period are more than 2.5 minutes old at the time the details are displayed. The details include the following. flow type: completed or active flow's source and destination groups services that were used L7 information: application ID and FQDN type of the latest flow: unprotected, blocked, allowed time the flow ended You can click some of the details to obtain more information. See Working with Traffic Flows in NSX Intelligence for more information.
View User Login Information	(For VM nodes only) Shows user login information for the selected VM. To be able to view user login information, you must install guest components on the VMs. See the "Installing Guest Components" section of the NSX Administration Guide that is delivered with the VMware NSX Documentation set.
Start Recommendation	Displays the Start New Recommendations wizard. See Working with NSX Intelligence Recommendations for more details.