The micro-segmentation planning topology shows all the flows that are present in your environment by dividing the flows into segments.
In vRealize Network Insight , a flow is a 4-tuple. It includes:
You can analyze the flows by selecting scope and segment them accordingly based on entities such as VLAN/VXLAN, Security Groups, Application, Tier, Folder, Subnet, Cluster, VM, Port, Security Tag, Security Group, and IPSet. The blue lines denote the outgoing flows, the green lines denote the incoming flows, and the yellow lines denote the flows that are bidirectional. You can click any of the segments to view its details.
The VMs that are outside the selected scope are grouped as Other Entities in the micro-segmentation planning topology.
You can also analyze the flows by creating subgroups as per Physical, Other Virtual, and Internet categories.
Each group is expanded into a wedge. In the following topology, the wedge for Physical group is seen.
There is also a Traffic Distribution pin that shows the amount of traffic that is flowing in different parts of your data center.
The Flows pin shows that the flows for different time intervals segregated by ports. You can either view all the flows or view the flows between two entities. You can filter the flows by Allowed and Blocked flows. Flows can be viewed by either Total Bytes or by Allowed Session Count. For the flows that are protected by a firewall, a Protected by Firewall sign is used to denote that the flows in that port that are protected by a firewall.
An application is a collection of tiers. Each tier in an application is a collection of VMs based on the user-defined filter criteria. The applications allow you to create a hierarchical group of VMs and visualize traffic/flows between the tiers of the same application. The traffic/flows can be visualized between applications.
To add application:
In the Search box, type application, and press Enter.
Click Add Application.
On the Add Application page, in the Application Name box, type a name for the application, which you want to create.
In the Tier section, type a name of the tier, which you want to create under Application (parent level). You can create a tier for VMs or physical machines as per requirements.
In the Virtual Machines/IP Addresses box, select the appropriate VMs by any of the following conditions:
VM Names - Name of the VMs, which you want to group in the tier you are creating
IP Addresses - IP Addresses of the VMs or physical machines, which you want to group in the tier you are creating. The count of the IP addresses is shown at the right side of the field.
VMs with Service Ports - Service ports of the VMs, which you want to group in the tier you are creating
Custom Search - It is an open search
Application - Select this option if the VMs are located in any previously created application
Cluster - Select this option if the VMs are located in any cluster
Folders - Select this option if the VMs are located in any folder
VXLAN - Select this option if the VMs are located in any VXLAN
VLAN - Select this option if the VMs are located in any VLAN
For entering multiple values, set apart the individual values by comma.
Optional: In case, you want to create multiple tiers under one application, click Add Tier.
Select Analyze Flows to view the flows before you finally add the application. You will be able to see the tiers based on VMs or physical addresses accordingly.
Click Save to create the application.
You can export rules as XML for the entire topology. You can find this option in the Micro-Segmentation Planning page as follows:
You can also export rules related to the underlying security groups belonging to multiple NSX managers. To import these rules in NSX, you can use scripts. Contact vRealize Network Insight support to get a copy of the sample script.