What's New

Custom Dashboards

You can now create custom dashboards in vRealize Network Insight. You can click Create New Dashboard from the home page and create a dashboard using a curated list of widgets provided in the Widget Library.

You can also click the pin icon on any widget, click Create New Dashboard, enter a name and description, and create the dashboard by pinning that widget.

After creating a dashboard, you can also edit the dashboard to make further customizations as required.

When you upgrade to this version of vRealize Network Insight, your existing pinboards are automatically migrated and saved as dashboards.

Support for Secure SSH Encryption Algorithms

By default, vRealize Network Insight now allows only currently considered secure SSH encryption algorithms while adding third-party devices such as routers and switches.

If you have previously added any device that uses insecure SSH encryption algorithms, then data from those devices are not collected until you reconfigure the device to use secure SSH algorithms.

If you want to explicitly continue using insecure SSH algorithms for data collection, please contact VMware support.

Support for VMware Cloud on AWS Outposts

You can now add VMware Cloud on AWS Outposts as a data source in vRealize Network Insight.

After adding VMware Cloud on AWS Outposts as a data source, you can gain visibility into the SDDCs associated with the data source, view metric charts, and view entity dashboards.

Flow-based Application Discovery

• To further improve the accuracy of flow-based application discovery, vRealize Network Insight now considers the load balancer configuration to detect pool members.

• A new top bar is added to the flow-based Application discovery page to display the current naming parameters. The top bar also provides the Edit Discovery button to update the app and tier naming preference, and the application discovery scope.

• You can now enable multiple naming sources for an application. vRealize Network Insight selects the naming preference for a flow-based application based on your selected naming preference and order. This ordered list is processed until a match is found during the discovery.

• You can now upload a CSV file for naming applications and tiers, and add the CSV file to your ordered list of naming preference. The CSV file that you upload can also include regular expressions.

• You can continue to use VM names as your default application naming preference. In addition, you can also apply regular expressions or use the pattern builder to build names.

VM-VM Path for VMware HCX 

You can now visualize the VM-VM path overlay for VMs communicating over VMware HCX Network Extensions. You can use this enhancement to:

• Observe the communication path for VMs communicating over networks extended by VMware HCX Network Extension.

• Observe hair-pinning scenarios.

• Observe VMs communicating in V-shape HCX Network Extension topologies or L-shape HCX Network Extension topologies.

Network Assurance and Verification

• You can now edit the network topology map to rename groups, add or remove members from a group, and change any group’s color.

• The following intents are now enhanced for new scenarios.

  • The Duplicate IP Intent is enhanced for the following scenarios:

    • If NVE interfaces use primary and secondary IP addresses.

    • If you use exclusions on Cisco ASA BVI member interfaces to avoid triggering Duplicate IP Address alerts.

    • If you use the same loopback address on multiple TORs while using the MLAG and Arista EVPN for Active/Active configuration.

  • The HSRP / VRRP Configuration Error Intent  is enhanced for the following scenarios:

    • When handling more than one HSRP standbys.

    • If there is a mismatch in Virtual IPs within the same subnet or a different subnet.

    • If there is a mismatch in Group IDs.

• The Port Mode Mismatch Intent now supports virtual host switches. Ports or port channels having sub-interfaces with encapsulation dot1q VLAN connected to the peer port in trunk mode do not raise alerts.

• The Port Trunk Allowed VLAN Mismatch Intent now supports:

  • Sub-interface VLAN tags.

  • Port channel configuration.

• Reachability and segmentation Intents are now more robust. When you define a reachability intent or segmentation intent on vRealize Network Insight, you can specify these additional configuration details:

  • Bidirectional as the default traffic direction.

  • Protocols

  • Source port

  • Destination port

• You can now see an alert message on the Manage Intents page when an intent definition is no longer valid due to a change in the configuration or the entity scope. You can fix the invalid intent to get intent alerts.

Notifications Post Migration to VMware Cloud

When you successfully migrate 10% to 20% of your workloads to VMware Cloud, you will receive a series of in-product notifications to add your cloud endpoint into vRealize Network Insight so that you can start monitoring your network and gaining insights.

NSX-T Manager

vRealize Network Insight now supports Incomplete TCP sessions metrics for VMs. Using this metric, you can discover a possible malicious act on your network or any application-specific issue.

Guided Network Troubleshooting

You can now see red upside-down triangles on metric graphs where anomalies are detected. 

Third-party Devices

• You can add Cisco Catalyst 9K series as a data source in vRealize Network Insight. After adding the data source, you can:

  • Collect the configuration data, inventory data, and metrics for these devices.

  • Visualize these devices on the network map and path topology.

  • Define intents for these devices.

• You can query locally defined policies on PAN devices.

• You can use the new public API to export all firewall policies and their configuration details across NSX-T devices and third-party firewalls (such as PAN and Check Point Firewall) to a single CSV file.

Others

• Deprecation Notices - Adding NSX Data Center for vSphere as a data source in vRealize Network Insight is deprecated in 6.9. From next release onwards, you can't add NSX Data Center for vSphere as a data source in vRealize Network Insight.

Product Upgrade

Documentation

VMware Product Compatibility

VMware MIB Files

Resolved Issues

• When you upgrade to vRealize Network Insight 6.9 and call pinboard public APIs, these APIs will perform operations on custom dashboards instead of pinboards.

• On the Accounts and Data Sources page, if you switch between the All, With Problems, and With Recommendations tabs, and then filter the data sources by Type and Data Collection options, you see a blank page.

• vRealize Network Insight does not support network security group (NSG) flow logs in Native Azure Cloud when the NSGs are associated at the Subnet level.

• vRealize Network Insight shows higher metric value on NSX-T entities like logical ports, logical switches, routers, router interfaces, firewall rules, and transport nodes.

• In the Network Map, if you load the Network Topology at a past time, the sub-groups of a group might be drawn at an incorrect location.

• Metrics for the Cisco UCS Fabric Interconnect Management interface are not updated in the metric entity page.

• After you upgrade to version 6.8, the Network Map is not available if you try to load the Network Map in the past time.

• FDB becomes unhealthy as churn in the INTERFACEID_NETOPA_ENTITY_ASSOCIATION object type takes up a significant amount of memory and causes inaccessibility of UI.

  If you delete a VNIC or PNIC when the NSX latency metric collection is enabled in vRealize Network Insight, delete the reference of INTERFACE_PNIC_PAIR_INFO or INTERFACE_PAIR_INFO from the INTERFACEID_NETOPA_ENTITY_ASSOCIATION for both the associated VNIC and PNIC.

• In the Network Map, the path search for MPLS BGP VPN with VLAN interface for Cisco Catalyst does not work.

• vRealize Network Insight fails to collect SNMP metrics if you select AES as a Privacy Type while enabling SNMP v3 using public API.

• On Network Map, links to vSphere Distributed Switches (VDS) disappear at a high zoom level when those switches are not visible in the viewport.

• In the Application Dashboard, the Security section of the Application Health Summary widget might show an incorrect count of Unprotected/Dropped Flows. Also, you might get an error when you click the Unprotected/Dropped Flows link in the Application Distribution widget.

• In some instances, Flow Based Application Discovery (FBAD) doesn't get enabled automatically due to brick or cluster size change.

  To discover applications using FBAD, Go to Applications >Discover >Flows and click Start Discovery. 

• In a very high-scale environment, if data collection does not take place for a long period, you may notice spikes in disk usage.

• You can't search all the users and groups which are shown in the vRealize Network Insight while adding a new vIDM user.

Known Issues

• New - Cisco UCS FEX devices displays incorrect host-side port channels, in addition to actual fabric port channels.

• New - The web proxy is not paired with the Platform when it is enabled for automation-based deployments such as ovftool and saas.

• New - When you add VMware NSX-T Manager version 4.1.0 or higher in vRealize Network Insight 6.8, you see the Data collection failed due to an error. Please wait for some time error on the Accounts and Data Sources page.

• New - The path topology for Kubernetes Service to Kubernetes Service/Kubernetes Pod breaks if you change the default source or destination.

• New - If you have pinned a widget to the Pinboard with a custom time range, after migrating to Custom Dashboard, you see the corresponding widget in the Custom Dashboard does not show the information as per the previously selected custom time range.

• New - Additional secondary IP addresses configured on VLAN interfaces of Arista, Cisco Catalyst, and Cisco Nexus devices are not processed by vRealize Network Insight.

• New - On the Network map, when you edit a compressed user-defined group (which display only the count of entities but not the sub-entities), the entities list in the edit dialog box does not show any information. However, if you zoom in further on the network map where you can see the sub-entities and then try to edit the group, the entities list is displayed accurately.

• New - On the Network map, when you edit a compressed user-defined group (which display only the count of entities but not the sub-entities) multiple time consecutively, the user-defined group may show incorrect members.

• New - When you define Reachability and Segmentation intents, vRealize Network Insight allows adding invalid values for source and destination ports. Also, if you do not enter any value for the source and destination ports, the intent processing gets stuck in the Verifying state.

  To resolve this issue, delete Reachability and Segmentation intents with invalid parameters.

• New - When you upgrade vRealize Network Insight to version 6.9, you will see a slight delay in viewing the final status of the upgrade. During the delay, the upgrade modal can be blank with no details.

  To resolve this issue, if the upgrade modal does not refresh automatically in five minutes, refresh the current page to see the latest upgrade status and proceed to the login page.

• On the Home page, the Service Mesh heatmap under the HCX tab in the Environments widget shows incorrect problems count.

• Application Summary shows two intents even if application intents are not enabled during application creation.

• In Tag based Application Discovery, if VM tags contain special characters, such as *,{,}, \, ?, and +, then when you save the discovered applications, the saved applications show zero members.

  To resolve this issue, you must escape these special characters using “\” in the tier criteria while saving or editing the application.