Last Updated on: 20 DECEMBER 2018
vRealize Network Insight 4.0 | 20 DECEMBER 2018 | Build 1545292702
Check regularly for additions and updates to these release notes.
The release notes cover the following topics:
Here are the key features and capabilities of vRealize Network Insight 4.0:
- VMware Cloud on AWS (VMC) Integration as a data source
- Traffic analysis and micro-segmentation planning for VMC workloads
- Migration planning from on premises to VMC
- Hybrid network path troubleshooting (VMC-to-on-premises, gateways, VPN)
- VMware Cloud on AWS release: 1.6
- Cluster size: 5 nodes
- Virtual Machine count (inventory): 5000 on VMware Cloud on AWS
- Traffic flows: 1.2 Mil (from hybrid data sources each contributing a portion of flows: VMC's SDDC, NSX-T and NSX-V)
- New capabilities in AWS
- Geo blocking support to limit the AWS API calls to certain AWS regions
- VM-VM path for the network visibility for network troubleshooting between the following two components:
- On-premises SDDC and AWS
- On-premises VMs and AWS EC2 instances
Note: VMware Network Insight was tested for the following scale limits:
By providing your CSP Refresh Token for VMC SDDC, you are allowing Network Insight to operate on your behalf through your CSP organization. This is not a privilege that the VMC SDDC has by default. Please carefully consider the contents of your CSP organization before providing these credentials. If, for example, your organization contains any VMC SDDC that you do not intend to monitor using Network Insight, or if you have other vSphere Cloud Administrators operating your SDDCs who do not already have equivalent organization-level access to yours, you might want to proceed with caution.
Day 2 Operations Enhancements
- VMware NSX-T Data Center Enhancements
- Support for additional events to monitor NSX-T health along with the enriched metrics for logical switch, logical port, router interface, and firewall rules
- Support for NAT in VMware NSX-T Data Center. This release supports
- Third-party support
- Cisco ACI as physical underlay visibility includes End Point Groups, dashboards, search queries, and the VM-VM path topology over the leaf/spine arch.
- Cisco BGP-EVPN overlay detection as the physical underlay connectivity
- sFlow ingestion for the underlay traffic or the flow analysis
- F5 BIG-IP (as a routing hop only)
- Cisco ASA firewall
- Check Point Firewall Enhancements
- Support for Multi-Domain Management Server
- Support for Virtual System Extensions (VSX)
- Configure static and dynamic baseline and thresholds for the VMs and the flows to proactively troubleshoot network performance for the applications and virtual infrastructure
Scaling and Performance Enhancements
- Introduction of 10 node XL cluster
- Increased support up to 100K VMs
- Increased support for 10k VMs & 10 million flows through a single XL proxy
- Concurrent update to all components - optimizes upgrade sequence and time
- Site Recovery Manager (SRM) support to migrate platform VMs
- Improved Search and its documentation
Other Capabilities and Enhancements
- Pinboard Enhancements: Set as homepage, quick navigation, search pinboards, and duplicate pinboards
- System-Level Audit Logs to keep track of all administrative actions such as Create, Edit, Update, Delete, Login, and Logout
- The firewall masking service has been enhanced to include the IP definition of IPSets used in the
Destination, and the
Applied Toattributes of the NSX firewall rules.
- Save configuration for CSV Export as template for users to export the results of any search query or data displayed on any widget
- Support for Internationalization level 1 (i18n L1) with Non-english OS and input/output
vRealize Suite Life Cycle Manager 2.0 with patch 2 supports the installation of vRealize Network Insight 4.0. For more information, see KB 65098. For information about install and upgrade Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.
The following documentation is available at vRealize Network Insight Information Center:
- vRealize Network Installation Guide
- vRealize Network Insight User Guide
- vRealize Network Insight Command-Line Interface Reference Guide
- vRealize Network Insight Frequently Asked Questions
- vRealize Network API Documentation
vRealize Network Insight 4.0 supports direct upgrade from the 3.9 and 3.8 versions.
Refer to the Upgrading vRealize Network Insight section to get information on upgrade options.The upgrade path is available at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#upgrade&solution=285 .
The resolved issues for vRealize Network Insight 4.0 are as follows:
- The UI of vRealize Network Insight 3.9 is not accessible from Chrome version 71. Apply the vRealize Network Insight Patch for Chrome 71 Support on all the platforms that have vRealize Network Insight 3.9. For more information, see KB 60368.
- The upgrade to vRealize Network Insight 3.9 fails if the pre-upgrade patch is not applied. Apply the pre-upgrade patch before you upgrade to vRealize Network Insight 3.9 from the 3.7 or 3.8 versions. For more information, see KB 59443.
- The Check Point firewall does not show up in the VM-VM path.
- The default rule ID in the alert or the warning within the UI of vRealize Network Insight does not match with the default rule ID in the NSX manager firewall.
- During vRealize Network Insight 3.7 to 3.9, the Postgres DB password is prompted during the upgrade of P2 and P3 through CLI.
- Gateways are not showing up in vRealize Network Insight although the correct data source is added.
- The VLAN IDs from HPOneView are not propagated.
- The bundle upload failed during upgrade.
- MLXe is configured with an old cyphersuite on SSH.
- Adding a PAN IP gives an error.
- The multiple instances of HBaseFsck run on Platform1.
- The metrics for Brocade Switches are not available.
- The system level alert shows up erroneously.
- The flow count hits the threshold repeatedly and the platform nodes frequently reboot.
- Large SDMs drop and restart the container.
- Some flows do not have any reporters attached.
- Cisco Nexus 7000 does not show the interface VLAN. Instead Cisco Nexus 6000 from a different data center shows up along the path.
- The support bundle creation fails.
- Large number of
- The Check Point gateways are not fetched in vRealize Network Insight.
- High number of Host SCSI disk versions.
- The uplink is not found for the distributed virtual port group boundary.
The known issues and limitations for vRealize Network Insight 4.0 are as follows:
- [New] When you set the home page from My Preferences, it requires a page refresh to reflect that information in UI.
- [New] After upgrading vRealize Network Insight 3.8 or 3.9 cluster setup to the 4.0 version, the Timeseries cache server failed to initialize correctly error message comes up. It remains on UI for about two hours after upgrade. This issue is applicable only for the cluster (multi-platform nodes) setup.
- [New] After upgrade, the system takes about two to three hours to settle down and to reflect the correct data in the UI.
- [New] When you attempt to add a Cisco ASA data source, you see a message to contact support with the following error:
Message missing required fields: vendorId
- [New] After upgrade, you are unable to log in to vRealize Network Insight 4.0. You see the Invalid username or password message.
- vRealize Network Insight reports proxy communication failure when the postgres service on the proxy server does not start automatically and the CollectorMain javaservice keeps restarting.
- If the disk is full on a zookeeper leader node, check-service-health.sh command states that zookeeper is healthy while it is actually unhealthy. To fix this issue, restart zookeeper.
- The auto-refresh counter restarts and keeps showing incorrect data even though auto-refresh is paused.
- vRealize Network Insight may not be able to detect an out-of-sync system clock sometimes. If the clock is not in sync with NTP, some services may become unhealthy or stop working.
- The bundle upload or extraction and the subsequent upgrade steps may fail if there is insufficient space in the /tmp directory. For single-click offline upgrade and online upgrade, ensure that there is a certain amount of disk space available in the /tmp directory.
- The disk may run out of space for the vRealize Network Insight Platform VM. In large environments, the partition /var may become full and additional storage may be needed. See https://kb.vmware.com/s/article/53550 for instructions on how to increase disk space.
- The vRealize Network UI is not available when the partition /var is more than 85% full in the Platform VM. For validation and fix, contact VMware support.
- An unwanted default rule is applied to certain NSX IPFIX flows. This is because sometimes, NSX IPFIX reports reverse packet in which client and server are flipped and the firewall rule is applied as per the flipped source and destination IP.
- The Export to CSV feature for the flow data takes more than 30 minutes for 180,000 flows when all the fields are selected.
- The Export to PDF feature for the PCI dashboard has the following known issues:
- The changes that you make in the NetFlow flow diagram dashboard are not visible in the PDF.
- For a particular widget, the number of properties that are exported as PDF is more than the number of properties that are actually selected in that widget.
- The non-ASCII characters are not being exported correctly to the PDF. The workaround for this issue is to run the
sudo apt-get install fonts-wqy-zenheicommand on the vRealize Network Insight server to install the additional fonts.
- The metric properties are not exported in the PDF.
- When you create a logical subnet or logical router, a new edge VM is dynamically created to serve this request. The events for this kind of VM are shown.
- If issues such as upload failure or UI failure come up while performing the centralized upgrade, please contact VMware support.
- The Plan Security page for the last 2 days takes around 3 minutes to load. A higher response time is seen while executing queries for about 24 hours after migration of a data source between collectors. This is because the same flows are reported, opened, and closed from two different collectors within a span of 24 hours. It leads to multiple versions created for the same flows.
- Sometimes, the Export to CSV feature fails with the 502 error in the browser. The workaround is to retry the operation.
- vRealize Network Insight does not support rollback or product downgrade. It is recommended that you take a backup.
- The datastore metrics of a VM are not shown on vRealize Network Insight if it is hosted on vSAN Datastore.
- If the vCenter and the associated NSX manager data sources are not attached to the same proxy server, you will not see the denied flows (when NSX IPFIX is enabled) and the Applied Firewall Rule will be missing in some flows.
- The NAT rules on the NSX Edge version 5.5 or the previous versions are not supported.
- The firewall rule section of the PCI Compliance dashboard may show incorrect rules if the selected scope is a nested security group in NSX or an application when multiple NSX managers are added as a data source.
- The sub-interfaces on VRF for Cisco Nexus 7000/9000 are not supported.
- In the Applied To grouping criteria, the NSX edge is not supported.
- The platform cluster does not support the high availability configuration. All the platform nodes need to be up and running for the cluster to work at optimal performance levels.
- The recommended firewall rules support only global rules creation. The creation of universal rules is not supported.
- The plan topology widget has options to select all flows, all protected flows, and so on. The flows that are solely captured from VDS and not from NSX IPFIX only show up when the all flows option is selected because their protection status is classified as unknown not as protected or unprotected.
- The Export as CSV option is not supported for advanced searches that use group by, sum, max, and min functionality.
- Some events such as Host network control plane mismatch are not raised if the datacenter is not at the top level and is located inside a folder in vCenter.
- The product update notifications are supported only for the single-platform node deployment that is connected to Internet.
- There is a known issue in the list view for events search where sometimes facet counts are incorrect upon selection and no events are shown.
- vRealize Network Insight shows the older version after the upgrade. Once the product upgrade is complete, refresh the browser after clearing the browser cache.
- Upon the expiry of the Evaluation license, the data providers are disabled and they stop collecting data. After renewing the license, the data providers must be enabled again from the UI to start data collection.
- To use Gmail® server as the choice of mail server, additional configuration settings as listed on https://support.google.com/accounts/answer/6010255?hl=en are required.
- After you remove a data source from the system, you can add the same data provider back only after two or more hours.
- The support bundle creation on a medium sized system can take in excess of fifteen minutes.
The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Network Insight with other VMware products.
For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file from the 1013445 KB article.