Endpoint monitoring enables users to map specific processes inside the guest OS to the network connections the processes are using.

About this task

Note:

After data is gathered, it is purged daily at 2:00 a.m. During the data purge the number of flow records across all sessions combined is checked, and any records above 20 million (or ~4GB) are deleted. Deletion begins with the oldest session, and continues until the number of flow records in the database is below 15 million records. If a session is in progress during the data purge, some records could be lost.

Prerequisites

  • Endpoint Monitoring is supported on following Windows Operating systems:

    Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 2012, Windows 10, and Windows 2016. It is not supported on Linux.

  • Guest introspection must be installed on Virtual Machines (VMs).

  • VMware Tools must be running and current on your Windows desktop VMs.

  • Security Groups with 20 or fewer VMs are needed for data collection before Endpoint Monitoring can begin. See Create a Security Group for more information.

  • Data collection must be enabled for one or more virtual machines on a vCenter Server before running an Endpoint Monitoring report. Before running a report, verify that the enabled virtual machines are active, and are generating network traffic.

Procedure

  1. Log in to the vSphere Web Client, then select Networking & Security from the left navigation pane.
  2. Select Endpoint Monitoring.
  3. On the Summary tab, click Start Collecting Data.
  4. On the Start Data Collection for Security Groups pop-up window, select the security groups for which you want to collect data. Click OK.

    The VMs are listed in the field box.

  5. Turn data collection ON.
  6. Click OK.

    The main Endpoint Monitoring Screen appears. In the left hand corner the status is Collecting Data.

  7. Click Stop Collecting Data to end the data collection.

    The EndPoint Monitoring screen appears with the Summary tab populated with data.