Security Intelligence (formerly known as VMware NSX Intelligence) 4.2.0 | 23 JUL 2024 | Build 24124098

Check for additions and updates to these release notes.

What's New

Security Intelligence (formerly known as NSX Intelligence) 4.2.0 introduces new features and enhancements for network visibility and security.

This release includes an updated Intelligence dashboard, improved flow insights, and a new flow ingestion option. These new features and enhancements offer improved control, visibility, and insights, enabling you to maintain a secure and efficient network environment.

Branding Update

  • VMware NSX Intelligence has been rebranded as Security Intelligence.

New Intelligence Dashboard Enhancements

  • Pending Actions: Track and manage pending tasks easily to maintain an organized workflow.

  • Security Posture: Obtain comprehensive insights into the security status of your network.

  • Flow Trends: Visualize and analyze traffic flow trends over time to better understand network behavior.

Flow Insights Enhancements

  • Rules/Groups: Identify frequently used rules and groups to optimize security policies.

  • Computes: Highlight the highest compute resources based on traffic to ensure efficient resource allocation.

  • Ports: Monitor the most used ports to detect and manage critical entry points.

  • Layer 7 Application ID: Discover the top Layer 7 Application IDs to understand application-level traffic patterns.

  • Links to Filtered View: Quickly access detailed filtered views for in-depth analysis and troubleshooting.

Flow Ingestion Improvement

  • Dynamic Retention Option: When the flow storage capacity limit is reached, you can select the desired action. New flows are paused by default until corrective measures, such as scale-out, are implemented. Alternatively, older flows can be purged by dynamically reducing the retention period to manage data storage effectively.

System Requirements

For information on system requirements, see Activating and Upgrading VMware NSX Intelligence. You can also install Security Intelligence (formerly known as NSX Intelligence) 4.2.0 using NSX Application Platform 4.2.0. See Deploying and Managing NSX Application Platform.

For information about ports and protocols required for Security Intelligence (formerly known as NSX Intelligence), see the VMware Ports and Protocols information for VMware NSX Application Platform, which hosts the application.

Compatibility Notes

  • For Security Intelligence (formerly known as NSX Intelligence) and NSX interoperability information, see VMware Product Interoperability Matrices.

  • Security Intelligence (formerly known as NSX Intelligence) is interoperable with NSX Federation deployments but does not directly support NSX Global Managers. To use the Security Intelligence (formerly known as NSX Intelligence) user interface, you must access the Local Manager instead of the Global Manager. For deployments with NSX Federation, if an Security Intelligence (formerly known as NSX Intelligence) instance is deployed with the Local Manager on a specific site, you will see groups from the Global Manager and traffic flows from workloads that are connected to the global objects. However, the visualization will not reflect specifics from other sites. Security Intelligence (formerly known as NSX Intelligence) recommendations will also not function across various sites because Security Intelligence (formerly known as NSX Intelligence) does not integrate with the Global Manager of NSX Data Center.

Available Languages

The number of supported localization languages will be reduced with the next major release. 

The following languages will no longer be supported:

  • Japanese, Spanish, French, Italian, German, Korean, Traditional Chinese, and Simplified Chinese.

Customer Impact:

  • Customers using the deprecated languages will no longer receive updates or support in these languages.

  • All user interfaces, help documentation, and customer support will be available only in English.

Since Security Intelligence (formerly known as NSX Intelligence) localization relies on browser language settings, ensure that your settings match the desired language.

Resolved Issues

  • Fixed Issue 3392505: NSX Intelligence flow export might intermittently fail on the ESX 7.x host.

    When NSX Intelligence is activated, the connection from the NSX exporter on the ESX 7.x host to the broker on the NSX Application Platform intermittently fails due to an SSL handshake error. This error makes the flow export to NSX Intelligence to become unavailable.

  • Fixed Issue 3386295: NSX Intelligence recommendation analysis process might take a long time to complete.

    The delays in the NSX Intelligence recommendation analysis are caused by the large number of external IP addresses in the traffic flows of certain VMs or groups, which consume a significant amount of computation resources.

  • Fixed Issue 3382488: NSX Intelligence recommendations remain indefinitely in the waiting status.

    When a user starts a recommendation analysis, it remains in the waiting status because the status of the continuous monitor application Spark app is not updated. This problem prevents the recommendation analysis from progressing to discovery mode.

  • Fixed Issue 3403381: In the Suspicious Traffic page, events generated from the "Port Profiler" and "Server Port Profiler" cannot be expanded.

    Attempting to expand an event generated by the "Port Profiler" or "Server Port Profiler" detectors in the Suspicious Traffic UI, an error occurs, and the details pane displays the message 'No details found'.

  • Fixed Issue 3399401: In the Suspicious Traffic feature, the VM exclusion configuration for the "Netflow Beaconing" detector is ignored.

    The VM exclusion configuration is ignored by the Netflow Beaconing detector.  As a consequence, this detector monitors all VMs including those that may be configured as excluded and may generate events for these VMs.

  • Fixed Issue 3310161: Post NSX Application Platform upgrade, the NTA detection page displays an error.

    The NTA detection becomes non-functional after the NSX Application Platform upgrade. The NTA server logs show the llanta pod is in a crash loopback status.

  • Fixed Issue 3312216: During NSX Intelligence redeployment, dangling Kubernetes resources causes the redeployment to fail.

    NSX Intelligence fails to deploy successfully if version 4.1 or earlier is installed and uninstalled, but NSX Application Platform remains deployed and upgraded to 4.2.0, and NSX Intelligence is redeployed using version 4.2.0.

  • Fixed Issue 3291764: Due to missing pubsub JVM server option values, NSX Intelligence takes a long time to activate and fails.

    If the pub-sub JVM server options are missing xmx and xms values during NSX Intelligence activation, the duration takes a long time and fails with an error message: The feature activation took too long. Either the Kubernetes pods failed to come up or the registration with NSX Manager failed. Please contact your Infrastructure Administrator for assistance.

Known Issues

  • New - Issue 3411924: Due to the nta-flow-driver pod crash, the Horizontal Port Scan and the Uncommonly Used Port detectors omit some suspicious traffic events, causing an unstable NSX Application Platform status.

    In the previous release of the NSX Application Platform, the nta-flow-driver pod might crash when it receives an overwhelming number of large flows that it cannot handle. This crash causes the Horizontal Port Scan and the Uncommonly Used Port detectors to omit some suspicious traffic events, causing the NSX Application Platform status to appear unstable.

    Workaround: Upgrade to NSX Application Platform 4.2.0 release version.

  • Issue 3410511: The App strategy default deny-list shows no workload when filtered from the Top Rules Dashboard or searched in the visualization UI.

    All Connectivity Strategy rules are set to a null path in the database, causing the visualization UI to display flows for all rules, instead of only the expected default_deny_rule.

    Workaround: Retrieve the Rule ID from the DFW policy section. In the visualization UI, select Rule > ID and enter the rule ID to filter the traffic flowing to the default deny rule.

  • Issue 2599301: Some active sessions are not visible on the NSX Intelligence user interface for the Last 1 Hour view and are not picked up by the Recommendations module for recommending policies.

    There are active traffic flows running on compute hosts, but these traffic flows are not visible in the Last 1 Hour view on the NSX Intelligence user interface. Starting a recommendation analysis for the involved compute hosts does not generate any recommendations for those traffic flows, even though those traffic flows are unsegmented.

    Workaround: Synchronize the timestamps across all the compute hosts exporting the network traffic flows.

Document Revision History

Revision Date

Edition

Changes

August 15, 2024

3

Added known issue 3411924.

August 05, 2024

2

Added known issue 3410511.

July 24, 2024

1

Initial edition.
check-circle-line exclamation-circle-line close-line
Scroll to top icon