vRealize Network Insight 3.5 | 5 SEPTEMBER 2017 | Build 184.108.40.2062978926
Check regularly for additions and updates to these release notes.
Last updated on 01 DECEMBER 2017
The release notes cover the following topics:
The new and enhanced features in this release are as follows:
- PCI Compliance Dashboard (Enterprise Edition)
vRealize Network Insight helps assess the PCI Compliance for environment with NSX-V firewalls. The dashboard provides analysis of data for specific PCI sections.
- Support for NSX IPFIX
vRealize Network Insight supports NSX IPFIX along with VDS IPFIX for dropped flows and NSX DFW firewall to flows mapping.
- Enhanced NSX Edge dashboard
The NSX Edge dashboard provides enhanced visibility with new layer 3 topology and new widgets showing NAT rules, default gateway, and downstream routers.
- Platform Enhancements
- vRealize Network Insight now allows migration of datasource from one collector to another and removal of collector from platform.
- Collector VMs can now be given nickname for easy identification.
- Enforces capacity limits based on brick size of Platform and Collector VM at the time of addition of vCenter datasource.
- Support for multiple license types and cumulative entitlements.
- ECMP support in VM to VM Path VM to VM path dashboard provides ability to visualize all paths in case of ECMP. Users can also dock topology while scrolling through the dashboard.
- Expanded support for third Party datasources
- Check Point Firewall (Virtual and Physical) - R80
- HP One View
- Brocade MLX
vRealize Network Insight 3.5 includes the following product documentation.
The upgrade to vRealize Network Insight 3.5 is allowed only from version 3.4.
Refer to KB article at https://kb.vmware.com/kb/2151392 to get information on upgrade options.
- The export of firewall rules to CSV does not contain proper service fields.
- The VM underlay topology does not load when VM to IP path query is executed.
- The datasources cannot be stopped or deleted if collector is not reachable.
- The support bundle names now contain "platform" or "proxy" keyword for easy identification.
- The invalid credentials error when HTML escape special characters are used in the password for datasources is now resolved.
- The IP Address of vRealize Network Insight Platform VMs could not be changed. It can be changed now by using the
update-IP-change CLI commands.
- The event notification emails had the same subject for all events. The subject of the email now contains an event name.
- The assessment report was not available in the production mode. The assessment report can also now be generated in the Non-EVAL license Mode. It is available in the Plan Security page under the Traffic Distribution Widget > More options menu item.
The known issues and limitations for vRealize Network Insight 3.5 are as follows:
- vRealize Network Insight 3.5 does not support rollback or product downgrade. It is recommended that you take a snapshot.
- New:vRealize Network Insight 3.5 raises a false alarm for the NSX VIB or host module not detected on host event if the NSX version is 6.3.3 and the vSphere ESXi host version is 6.0 or later. This is due to the change in the NSX VIB names on the ESXi host. Refer to the KB article at https://kb.vmware.com/kb/2151868 for more details.
- If a vCenter data source is added without Global > Settings permission prior to upgrade to 3.5, then the post upgrade UI shows the following error:
Failed for unknown reason, please retry or contact support.
To resolve this error, add Global > Settings permissions to the vCenter user.
- The NAT rules on the NSX Edge version 5.5 or the previous versions are not supported.
- The firewall rule section of the PCI Compliance dashboard may show incorrect rules if the selected scope is a nested security group in NSX or an application when multiple NSX managers are added as a data source.
- The sub-interfaces on VRF for Cisco Nexus 7000/9000 are not supported.
- In the
Applied To grouping criteria, the NSX edge is not supported.
- The platform cluster does not support the high availability (HA) configuration. All the platform nodes need to be up and running for the cluster to work at optimal performance levels.
- The LDAP feature does not support restricting group access based on the Active Directory Primary Group.
- The recommended firewall rules support only global rules creation. The creation of universal rules is not supported.
- The plan topology widget has options to select all flows, all protected flows, and so on. The flows that are solely captured from VDS and not from NSX IPFIX only show up when the all flows option is selected because their protection status is classified as unknown not as protected or unprotected.
- The Export as CSV option is not supported for advanced searches that use
- Some events such as
Host network control plane mismatch are not raised if the datacenter is not at the top level and is located inside a folder in vCenter.
- The NSX Manager data provider requires Enterprise role access. If the central CLI is enabled, then the user credentials of the system administrator are required for the NSX Manager data provider.
- You must enable NSX central CLI in the Settings page to get visibility into the NSX NAT settings.
- The product update notifications are supported only for the single-platform node deployment that is connected to Internet.
- There is a known issue in the list view for events search where sometimes facet counts are incorrect upon selection and no events are shown.
- vRealize Network Insight shows the older version after the upgrade. Once the product upgrade is complete, refresh the browser after clearing the browser cache.
- Upon the expiry of the Evaluation license, the data providers are disabled and they stop collecting data. After renewing the license, the data providers must be enabled again from the UI to start data collection.
- To use Gmail® server as the choice of mail server, additional configuration settings as listed on https://support.google.com/accounts/answer/6010255?hl=en are required.
- The Export to CSV feature can export a maximum of 20,000 rows.
- After you remove a data provider from the system, you can add the same data provider back only after two or more hours.
- The support bundle creation on a medium sized system can take in excess of fifteen minutes.
VMware MIB Files
For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file at http://kb.vmware.com/kb/1013445.
Top of Page