check-circle-line exclamation-circle-line close-line

vRealize Network Insight 4.1 | 18 Apr 2019 | Build 1554912495

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Here are the key features and capabilities of vRealize Network Insight 4.1:

  • vRealize Network Insight supports VMware NSX-T Data Center
    • VMware NSX-T Data Center version 2.4.
    • Supports converged NSX Manager appliance which merges policy, management, and central control services on a cluster of nodes. Features like Flows, Micro-Segmentation, Search mechanism, and Path Topology are enhanced with NSX Policies.
    • Alarms or Events are available on relevant dashboards.
  • VMware NSX Data Center for vSphere
    • You can now identify users who modified the changes in the NSX-V manager on the Timeline section. 
    • vRealize Network Insight now monitors the real-time reports of NSX audit log events for vSphere within 3-5 minutes.
  • Container Visibility and Security
    • vRealize Network Insight supports Native Kubernetes and VMware PKS with NSX-T as the fabric manager.
    • Kubernetes Entities includes Cluster, Namespace, Service, Nodes and Pods, and a Kubernetes Dashboard.
    • Flow Metrics and Analytics – Top talkers by Cluster, Namespace, Service, and Node.
    • Plan security of Kubernetes Cluster, Namespace, Node, or Service with micro-segmentation views and export network policy rules in YAML format.
  • Application Discovery and Visibility
    • You can automatically discover applications with vCenter Tags, Names using regular expression pattern-matches.
    • Application Discovery using ServiceNow CMDB.
    • Application dashboard consists of tier to tier connectivity, Network Topology, Micro-Segmentation View, Top Talkers and the metric information that represents network rate, CPU, memory, and disk information.
  • Public Cloud - AWS
    • AWS Master-Link account supports: 
      • Support Hierarchy - Single payer account which also acts as the Control Account.
      • Monitor accounts, AWS instances, and associated traffic flow under the supported hierarchy.
      • Enable or disable the flow log collection at Payer Account level and also limit the collection to a specific region.
    • You can view the IP address range of AWS subnet in the list and on the dashboard.
  • Third Party Device Support
    • F5 Load Balancer: 
      • Flow Stitching - You can visualize end-to-end client-server flows going through the load balancer using IPFIX collection.
      • Load balancer Dashboard - VIPS/Virtual Servers, Pool Members, Sessions, Healthy and unhealthy host counts
    • Huawei Devices - vRealize Network Insight supports the following Huawei Cloud Engine series:
      • 6800
      • 7800
      • 8800
    • Cisco ACI Enhancement - vRealize Network Insight supports the search for IP or MAC, and retrieves the corresponding port, EPG, and BD. 
  • Authentication: Integration with VMware Identity Manager for advanced login options, such as multi-factor authentication.
  • Event Management
    • Out-of-the-box and easy access to an event notification configuration.
    • User-Defined Events can be sent as SNMP Traps.
  • Licensing
    • vRealize Network Insight supports a Core license type with NSX Data Center Enterprise plus.
    • Audit check and warnings of license are exceeded and mixed-mode (Advanced and Enterprise) scenarios.
  • Other Enhancements
    • Micro-Segmentation view is also available in a list or a grid for easy accessibility.
    • The Flow details page includes a VM to VM path topology.
    • You can easily configure the threshold violation counts on the main page.
    • The indexing rate of the Indexer program is improved to 1 million versions per hour.
    • Self-service is now available for administrators and member users also.
    • Config store cleaner performance improved. Config store cleaner takes significantly less time to complete the daily clean up process.
    • vRealize Suite Life Cycle Manager 2.1 Product Support Pack 1 supports the installation of vRealize Network Insight 4.1. For more information, see KB 67851. For information about install and upgrade Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.
  • VMware Network Insight (VMware Cloud Service that offers the same capabilities as vRealize Network Insight)
    • VMware Network Insight supports service driven 30-Days Free Trial to all the new organizations.
    • The VMware Network Insight service is activated automatically as 30-Days Free Trial for every new VMware Cloud on AWS (VMC) customer.
    • There is a new Service Usage page to track the service usage and support physical endpoint meter.
  • The Voluntary Product Accessibility (VPAT) report is available for vRealize Network Insight. See, https://www.vmware.com/help/accessibility.html.

Product Upgrade

vRealize Network Insight 4.1 supports a direct upgrade from the 4.0 and 3.9  versions.

Refer to the Upgrading vRealize Network Insight section for more information on upgrade options.

The upgrade path is available at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#upgrade&solution=285.

Documentation

For additional information about new features, see the vRealize Network Insight documentation.

VMware Product Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Network Insight with other VMware products.

VMware MIB Files

For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file from the 1013445 KB article.

Resolved Issues

  • When NAT service is enabled for the NSX-T logical router(s), vRealize Network Insight does not show NSX-T edge firewall rules correctly in the VM to VM path.

  • After enabling web-proxy there was no traffic noticed on the web-proxy host.

  • In Cluster dashboard, Cluster Compute Resource displays incorrect calculation.

  • When you search for "VLANS of VM" in vRealize Network Insight, the search result in list view displays entity name as "Name not set".

  • In the Install and Support page, Software Version shows incorrect last update date.

  • No search suggestion displayed while typing a search query in vRealize Network Insight.

  • Elastic Search service not running correctly in vRealize Network Insight.

  • Unable to deploy vRealize Network Insight Platform OVA through the OVF Tool.

  • If you try to export rules when the session is timed out, Rest API layer restarts in vRealize Network Insight.

  • A specific type NSX Checklist rule failure is not visible in the list of failed rules at ‘What’s Happening’ section in vRealize Network Insight Home Page.

  • When polling for Security Tags in vRealize Network Insight, the result will max out at 1024 <sent query for more info>

  • In vRealize Network Insight, some Source IPs showing flows more than the defined flow limit.

  • On Platform appliance, when manually increasing VM limit through API, vRealize Network Insight does not reflect the increased VM capacity.

  • When you run a query for VM to VM path in vRealize Network Insight, the path is not visible for stretched layer 2 network.

  • The sub-interfaces on VRF for Cisco Nexus 7000/9000 are not supported.

  • vRealize Network Insight not working due to corrupt registration certificate.

  • vRealize Network Insight shows multiple VM entries for the same VM in list view

Known Issues

  • [New] When you search for Kubernetes Nodes in vRealize Network Insight, the search result displays the list of Master Nodes for native kubernetes cluster and not for VMware PKS.

  • [New] In absence of a firewall rule on a VM, default connectivity strategy applies to a VM in VMC.
    In such a case, the firewall icon isn't present in VM-VM path on VMC side as we do not get enough information about the realization of the default rule from the VMC SDDC.

  • [New] If you are using the Firefox browser and viewing the NSX-T VM path Topology, after you expand the ECMP group, you do not see the collapse option to minimize the detail view.

  • [New] When you attempt to export a pinboard in which the pinboard name contains a Non-ASCII character, vRealize Network Insight shows the incorrect file name on the Export to PDF window.

  • [New] When the count of VMs associated to a firewall rule’s source or destination gets updated from a non-zero value to zero, and if you run firewall rule query with source VM or destination VM as a filter, it may give an incorrect result.

  • [New] When you add a filter in the query result, the count shown in the filter are approximate.

  • [ New] If OpenID Connect (OIDC) authenticator is used for PKS or Native Kubernetes Cluster, then contact VMware Support.

  • [New] vRealize Network Insight does not detach the NSX-T logical ports from the unhealthy pods or nodes.

  • When you set the home page from My Preferences, it requires a page refresh to reflect that information in UI.

  • After upgrade, the system takes about two to three hours to settle down and to reflect the correct data in the UI.

  • When you attempt to add a Cisco ASA data source, you see a message to contact support with the following error: 

    Message missing required fields: vendorId
  • vRealize Network Insight reports proxy communication failure when the postgres service on the proxy server does not start automatically and the CollectorMain javaservice keeps restarting.

  • If the disk is full on a zookeeper leader node, check-service-health.sh command states that zookeeper is healthy while it is actually unhealthy. To fix this issue, restart zookeeper.

  • The auto-refresh counter restarts and keeps showing incorrect data even though auto-refresh is paused.

  • vRealize Network Insight may not be able to detect an out-of-sync system clock sometimes. If the clock is not in sync with NTP, some services may become unhealthy or stop working.

  • The bundle upload or extraction and the subsequent upgrade steps may fail if there is insufficient space in the /tmp directory. For single-click offline upgrade and online upgrade, ensure that there is a certain amount of disk space available in the /tmp directory.

  • The disk may run out of space for the vRealize Network Insight Platform VM. In large environments, the partition /var may become full and additional storage may be needed. See KB article 53550 for instructions on how to increase disk space.

  • The vRealize Network UI is not available when the partition /var is more than 85% full in the Platform VM. For validation and fix, contact VMware support.

  • An unwanted default rule is applied to certain NSX IPFIX flows. This is because sometimes, NSX IPFIX reports reverse packet in which client and server are flipped and the firewall rule is applied as per the flipped source and destination IP.

  • The Export to CSV feature for the flow data takes more than 30 minutes for 180,000 flows when all the fields are selected.

  • The Export to PDF feature for the PCI dashboard has the following known issues:

    • The changes that you make in the NetFlow flow diagram dashboard are not visible in the PDF.
    • For a particular widget, the number of properties that are exported as PDF is more than the number of properties that are actually selected in that widget.
    • The non-ASCII characters are not being exported correctly to the PDF. The workaround for this issue is to run the sudo apt-get install fonts-wqy-zenhei command on the vRealize Network Insight server to install the additional fonts.​
    • The metric properties are not exported in the PDF.
  • When you create a logical subnet or logical router, a new edge VM is dynamically created to serve this request. The events for this kind of VM are shown.

  • If issues such as upload failure or UI failure come up while performing the centralized upgrade, please contact VMware support.

  • The Plan Security page for the last 2 days takes around 3 minutes to load. A higher response time is seen while executing queries for about 24 hours after migration of a data source between collectors. This is because the same flows are reported, opened, and closed from two different collectors within a span of 24 hours. It leads to multiple versions created for the same flows.

  • Sometimes, the Export to CSV feature fails with the 502 error in the browser. The workaround is to retry the operation.

  • vRealize Network Insight does not support rollback or product downgrade. It is recommended that you take a backup.

  • The datastore metrics of a VM are not shown on vRealize Network Insight if it is hosted on vSAN Datastore.

  • If the vCenter and the associated NSX manager data sources are not attached to the same proxy server, you will not see the denied flows (when NSX IPFIX is enabled) and the Applied Firewall Rule will be missing in some flows.

  • The NAT rules on the NSX Edge version 5.5 or the previous versions are not supported.

  • The firewall rule section of the PCI Compliance dashboard may show incorrect rules if the selected scope is a nested security group in NSX or an application when multiple NSX managers are added as a data source.

  • In the Applied To grouping criteria, the NSX edge is not supported.

  • The platform cluster does not support the high availability configuration. All the platform nodes need to be up and running for the cluster to work at optimal performance levels.

  • The recommended firewall rules support only global rules creation. The creation of universal rules is not supported.

  • The plan topology widget has options to select all flows, all protected flows, and so on. The flows that are solely captured from VDS and not from NSX IPFIX only show up when the all flows option is selected because their protection status is classified as unknown not as protected or unprotected

  • The Export as CSV option is not supported for advanced searches that use group by, sum, max, and min functionality.

  • Some events such as Host network control plane mismatch are not raised if the datacenter is not at the top level and is located inside a folder in vCenter.

  • The product update notifications are supported only for the single-platform node deployment that is connected to Internet.

  • The support bundle creation on a medium sized system can take in excess of fifteen minutes.

  • There is a known issue in the list view for events search where sometimes facet counts are incorrect upon selection and no events are shown.

  • vRealize Network Insight shows the older version after the upgrade. Once the product upgrade is complete, refresh the browser after clearing the browser cache.

  • Upon the expiry of the Evaluation license, the data providers are disabled and they stop collecting data. After renewing the license, the data providers must be enabled again from the UI to start data collection.

  • To use Gmail® server as the choice of e-mail server, additional configuration settings as listed on Google Support are required.

  • After you remove a data source from the system, you can add the same data provider back only after two or more hours.