What are the resource requirements for vRealize Network Insight?

Refer to the vRealize Network Insight Installation Guide for Resource Requirements.

What happens if I enter the incorrect key during vRealize Network Insight collector OVA deployment?

The secret key is not validated during vRealize Network Insight collector OVA deployment. The deployment completes even with incorrect secret key. However, pairing can fail and vRealize Network Insight collector does not show up as detected on vRealize Network Insight UI.

To correct the shared secret, log in to vRealize Network Insight collector CLI and run the set-proxy-shared-secret command to set the correct secret key. This command replaces the old key with the new one, and therefore, vRealize Network Insight platform detects vRealize Network Insight collector and pairs up.

How do I configure DNS after vRealize Network Insight collector OVA is deployed?

Log in to vRealize Network Insight collector CLI, and run the change-network-settings command. This interactive command will provide the user an option to add or modify DNS after which the vRealize Network Insight collector will be reconfigured with the new DNS.

If any of the network parameters is not configured correctly, use the change-network-settings command to modify the network configuration parameters.

How do I find out vRealize Network Insight collector VM IP from the UI?

Go to Settings page and select vRealize Network Insight Infrastructure menu option. The IP address of both, vRealize Network Insight Platform and vRealize Network Insight collector VMs is displayed.

What should I do if vRealize Network Insight collector is not detected in 5 minutes after deploying vRealize Network Insight collector OVA?

Log in to vRealize Network Insight collector using consoleuser (refer to the vRealize Network Insight Command Line Interface Guide) and verify the following:
  • Verify vRealize Network Insight platform pairing status with vRealize Network Insight collector using the CLI show-connectivity-status .
  • If the pairing stating is shown Passed, open the platform UI in a new browser window and login to check status.
  • If the pairing status is showing Failed, then the shared secret key specified during the vRealize Network Insight collector OVA deployment could be wrong. To fix this problem, use the set-proxy-shared-secret command to set the correct secret key. This command replaces the old key with the new one, and therefore, vRealize Network Insight platform can detect vRealize Network Insight collector.
  • If the show-connectivity-status shows network reachability to vRealize Network Insight Platform as Failed, then verify whether vRealize Network Insight platform is reachable from vRealize Network Insight collector VM using the ping command.
  • If it is not reachable, then verify if NTP, DNS, gateway, and other network parameters are configured correctly using show-config command.
  • If any of the network parameters is not configured correctly, use the setup command to modify the network configuration parameters.

What should I do if I forget my login credentials?

If you are the UI local user: Contact vRealize Network Insight UI administrator to reset the credentials for you.

If you are the administrator: From vRealize Network Insight 3.4, the UI credentials can be changed by using CLI modify-password. Refer the CLI guide for details. If you are working on vRealize Network Insight versions previous to 3.4, contact support.

How do I change the login password?

To change the login password:
  1. Go to Administrator > Settings, and then click My Profile on the left pane.
  2. On the Change Password page, fill in the required information and click Save.

What do I do if I get the login screen before detecting the vRealize Network Insight collector VM?

  • This behavior is expected when the browser is refreshed or URL is opened in a new window before detecting the collector.
  • Log in by using the credentials set during license activation for the admin@local username.

Does vRealize Network Insight support multiple vCenter Server/NSX Manager?

Yes, vRealize Network Insight supports multiple vCenter Servers and NSX Manager.

Which services of vRealize Network Insight need Internet access and why?

vRealize Network Insight supports remote home calling feature that requires Internet access. This feature or services allow the vRealize Network Insight team to gain a better understanding of customer environments and proactively troubleshoot or repair issues. The following services need Internet access:
  • Auto Update Service (svc.ni.vmware.com:443): vRealize Network Insight uses this service to contact the remote upgrade host and pull in newly released bits as it become available, and the user gets a UI notification when the updates are available. This service is enabled by default, but you can disable this service through UI or using online-upgrade command through CLI.
  • Performance Telemetry Service (svc.ni.vmware.com:443): Certain metrics related to key services and performance of vRealize Network Insight are periodically gathered and uploaded for the vRealize Network Insight. The support team monitors these metrics and identifies any anomaly in the environment so that the support team can act before it impacts any critical services. This service is disabled by default, but you can enable/disable this service using telemetry command through CLI. More information is available here: https://kb.vmware.com/s/article/59242
  • Support Service (support2.ni.vmware.com:443): This service establishes remote secured tunnels to the vRealize Network Insight support host that allow authorized personnel to remotely access and work on deployments. It is disabled by default and can be enabled/disabled through UI as well as "support-tunnel" CLI.
  • Registration Service (reg.ni.vmware.com:443): For registering the appliance with all external services. It will enable trusted communication between above mentioned services. When setup has access to internet, registration happens automatically. In an isolated environment it can be done using "offline-registration" CLI (Please refer to CLI guide for more details). It is required for enabling Support Tunnel.
Note: If the vRealize Network Insight platform is behind an Internet proxy, allow the following domain names and ports:
Table 1.
Service URL Port
Upgrade Service/Metric Service svc.ni.vmware.com 443
Support Tunnel Service support2.ni.vmware.com 443
Registration Service reg.ni.vmware.com 443

How to disable internet access from the appliance?

The following services use secure remote/internet services:
  • Auto Update Service
  • Performance Telemetry Service
  • Support Service
  • Registration Service
For information on how to enable or disable these services, see Which services of vRealize Network Insight need Internet access and why? FAQ. vRealize Network Insight needs internet access if any one of these services is enabled.

What is port aggregation and what is the mechanism to do it?

Port aggregation is built in to aggregate the ephemeral port flows – like dynamic FTP, Oracle, MS-RPC etc. This helps in reducing the number of flows in system and provide an aggregated view for large number of flows that are essentially for the same service.

The mechanism to do it is as follows:
  • For first three days of noticing a destination_ip, we will aggregate destination ports on that particular IP in buckets of 10K and start building a port-profile for that IP (build a port-profile per destination IP).
  • After three days, once we have built a profile, we will start aggregating port ranges where the port density is high (reflect ephemeral port opening pattern). The ranges themselves will be dynamic in size such as 100, 1,000, 10,000, and will be created depending on how many ports are being opened and how widespread they are in the given range of aggregation.
    Note: This decision happens independently for each server IP address.
  • This will enable high-port flows to be reported with no aggregation where there is no bulk port open activity happening and also let dynamic aggregation to be applied where such activity is happening.
  • The profile is continually updated in a time-decayed manner to account for new ports opening up or older ones being not used any more.

How do I change the IP Address, Gateway, or Netmask after vRealize Network Insight OVA is deployed?

To change vRealize Network Insight platform/collector network settings, log in to CLI and run the change-network-settings command. This interactive command will provide the user an option to modify the IP address, gateway, netmask, and so forth after which the vRealize Network Insight appliance is reconfigured with new details.
Note:
  • This task must be done using VM console session as the appliance reboots in the end.
  • If vRNI Platform IP is modified and it is paired with proxies then on each collector VM run this CLI command: 
    vrni-proxy set-platform --ip-or-fqdn <New_Platform_IP>
  • For more information on changing IP address of any collector or platform node using the CLI commands, see How to change IP of any platform node or a collector in a cluster?

How do I change from an Evaluation License to a Perpetual License?

Refer to the Add and Change License section in the vRealize Network Insight User Guide.

How are licenses characterized in vRealize Network Insight?

See the Comparing Feature Based on License Edition section in the User Guide.
Note: ALL licenses are capacitated per CPU socket and CCU (Concurrent Users). The evaluation licenses can be renewed or converted to Production with the updated key through UI -> Settings ->About. Refer to the user guide for more details.

How to take a backup of the VMs in vRealize Network Insight?

Refer to VMware Best Practices to take the backup of VMs such as VMware VADP/VDP API. It is recommended that you take a backup before creating or expanding clusters.