Here are the key features and capabilities of vRealize Network Insight 6.6:
VMware NSX-T Monitoring and Troubleshooting
- vRealize Network Insight supports VMware NSX Firewall for Bare Metal edges in network maps and intents.
- vRealize Network Insight introduces Crown Jewel Analysis to identify lateral movements that can occur during a security breach.
Network Assurance and Verification
- vRealize Network Insight supports for Arista BGP-EVPN in Network Map and VM-VM paths.
- vRealize Network Insight supports Cisco UCS FEX in Network Map.
- You can perform bulk actions on the data sources managed by vRealize Network Insight to enable, disable, delete, and update parameters such as credentials, polling intervals, and notes. This saves time and helps you manage multiple data sources in one go.
- You can specify a secure Network Time Protocol (NTP) server to get timestamps when deploying vRealize Network Insight. Secure NTP supports Network time and provides cryptographic security for the client-server mode of the Network Time Protocol.
- You can add physical devices such as routers and switches, in bulk using automated network discovery from command line interface.
- You can view the East-West and North-South IP ranges on the same screen. You can also add exceptions when editing IP ranges to override RFC 1918 specification for flow analysis.
Application Usability Enhancements
- While adding an application, you can now view the micro-segmentation wheel before saving the changes. This helps in improving your understanding of the application flow.
- You can now view the load balancers in the Application Topology map. You can also select the edge that runs between the load balancer hexagon and the tier hexagon to view the complete flow information.
- While performing Flow-based Application Discovery, you can select load balancers as your application naming preference. Also, the Flow-based Application Discovery time is reduced from 6 hours to 3 hours after the first 7 days of full discovery.
- vRealize Network Insight introduces Heartbeat message to inform a subscriber if the Databus streaming path is available. This is useful to troubleshoot when a subscriber does not see any incoming messages from the subscribed message groups.
- vRealize Network Insight introduces new message groups to support granular levels of metric data. Message groups for entity specific metrics include:
- vRealize Network Insight 6.6 uses Log4j 2.17.1.
For third-party components where a fix is not within the control of VMware, we have removed the JndiLookup class to mitigate the reported vulnerabilities. Also, the flag
log4j2.formatMsgNoLookups = truehas been set.
Note: The vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832 with CVSS3 score of 6.6 is exploitable if JDBC appender is used. vRealize Network Insight is not affected by this vulnerability because JDBC appender is not used.
To resolve the Log4j vulnerabilities for previous releases, see KB-87135.
- vRealize Suite Lifecycle Manager 8.7 Product Support Pack 1 supports the installation of vRealize Network Insight 6.6. See VMware vRealize Suite Lifecycle Manager 8.7 PSPAK 1 Release Notes. To install and upgrade vRealize Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.