VMware vRealize Network Insight 3.2 Release Notes

vRealize Network Insight 3.2 | 08 DEC 2016 | Build 1480511973

Check regularly for additions and updates to these release notes.

Last updated on 20 FEB 2017

The release notes cover the following topics:

What's New

The new and enhanced features in this release are as follows:

  • Application Centric Micro-segmentation
    This feature supports the following:
    • Users can define the grouping filters. They can define the custom application tiers for determining micro-segmentation firewall rules.
    • The visualization of traffic/flows between tiers is available.
    • The security group recommendations are based upon groupings.

  • XML Export of Firewall Rules
    The user can perform the export of recommended firewall rules and services configuration. This is imported into NSX Manager

  • Visualization of NSX Edge NAT North/South Gateways
    This feature supports the following:
    • Configuring the View All mode for seeing the NSX NAT instances.
    • Including the Edge NAT gateway when visualizing VM to VM communication paths.
    • Listing of NSX Edge NAT rules by clicking the NAT services icons.
    • Supporting SNAT, DNAT and nested NAT

  • SNMP Traps for outbound alerting to 3rd party SNMP platforms
    This feature supports the following:
    • MIBs published on VMware MIB repository
    • Compatibility of SNMP v2c and v3
    • Administrator selects problem alerts within Network Insight in which to forward as traps
    • Forwarding of GUI representation of alerts
    • SNMP outbound test function

  • NSX Distributed Firewall Rules Analytics and Visualization Enhancements
    This feature supports path visualization that include only rules that are enabled (active).

  • NSX configuration assurance, health and capacity checks
    This feature includes 31 additional checks with coverage for controllers, edge services, Virtual Tunnel endpoints (VTEPS) and NSX Manager

  • On-Line Upgrading
    This feature allows customers to upgrade Network Insight that are connected to internet. It supports the following:
    • Version checking and upgrade recommendations
    • GUI based upgrading with status indicators


  • Platform security enhancements
    The platform security enhancements are:
    • Icon within the system admin console for seeing storage capacity/utilization
    • Ability to add additional capacity within vCenter
    • Post addition, recalculation of storage capacity

  • Level 1 Japanese Language Support
    This feature supports Japanese language versions of VMware vCenter and NSX.

Compatibility

vRealize Network Insight 3.2 supports the following VMware products.

  • VMware vSphere 5.5 up to Update 3
  • VMware vSphere 6.0 up to Update 2

For IPFIX, VMware ESXi versions:

  • VMware ESXi 5.5 Update 2 (Build 2068190) and above
  • VMware ESXi 6.0 Update 1b (Build 3380124) and above

VMware NSX versions:

  • VMware NSX 6.0.x
  • VMware NSX 6.1.x
  • VMware NSX 6.2.1 to 6.2.4

Documentation

vRealize Network Insight 3.2 includes the following product documentation.

Product Upgrade

Refer to KB article at kb.vmware.com/kb/2148271 to get information on upgrade options.

Resolved Issues

  • The LDAP group restriction fails with an error Please use unique entries error is fixed
  • “NSX Universal objects support issue that caused certain data to be duplicated in rare circumstances is fixed.
  • More than one VRF is supported for Cisco Catalyst® switches.
  • VM to VM path feature supports multiple VMs with same name.
  • VMware NSX® disabled firewall rules are supported.
  • The Applied To setting for a VMware NSX® firewall rule is supported.
  • Archived problems are no longer displayed on the home page.
  • Recommended firewall rule functionality now supports protocol.
  • The issue of displaying the archived events on home page is fixed.

Known Issues

The known issues and limitations for vRealize Network Insight 3.2 are as follows:

  • New: If an IPset is created out of physical IPs (non-vm) and a security group is created out of this IPset, we do not assign such IPsets or security group to corresponding flows.
  • New:A cumulative patch is made available that fixes the following issues:
    • A part of the UI home page and NSX Manager page becomes unresponsive when the VTEP MTU mismatch event is raised.
    • In a rare case, key infrastructure service (Kafka) restarts frequently affecting the processing of data.
    See KB https://kb.vmware.com/kb/2148271 for instructions on how to apply this patch.
  • NAT rules on NSX Edge version 5.5 or below are not supported.
  • Export of NSX firewall rules supports only Security Groups.
  • vRealize Network Insight 3.2 does not support direct upgrade from version 3.0
  • After upgrade to 3.2, the entire data is re-indexed due to an internal schema change. No data is lost during this process but some features such as search will not return correct results. Depending on the amount of data it might take a few minutes to an hour for the indexing to finish.
  • In the “Applied To” grouping criteria, VNIC and Edge are not supported.
  • For Security Group Exclusion, exclusion criteria based on VNIC, Directory Group, MAC Set and vApp are not supported.
  • Central CLI should be enabled in environments where NAT is being used.
  • Browser needs to be refreshed after clearing browser cache once the product upgrade is complete
  • To configure group restriction in LDAP, the user provided to validate credentials must belong to one of the groups.
  • SNMP v1 is no longer supported.
  • Platform cluster feature does not support High Availability (HA) configuration. All the platform nodes need to be up and running for the cluster to work at optimal performance levels.
  • There is a known issue in events search list view where sometimes facet counts are incorrect upon selection and no events are shown.
  • LDAP feature does not support group hierarchies. Access granted to a group does not automatically grant access to its subgroups.
  • LDAP feature does not support restricting group access based on the Active Directory Primary Group
  • Upon Evaluation license expiry, data providers are disabled and stop collecting data. After renewing license, the data providers must be enabled from the UI to start data collection.
  • To use Gmail® server as the choice of Mail server, additional configuration settings as listed on https://support.google.com/accounts/answer/6010255?hl=en are required.
  • Export to CSV feature can export a maximum of 20,000 rows.
  • During deployment, if a vRealize Network Insight Proxy Appliance is configured with incorrect IP address and incorrect shared secret, then the appliance goes in an unrecoverable state and has to be redeployed.
  • Once a data provider is removed from the system, the same data provider can be added back only after two or more hours.
  • Support bundle creation on a medium sized system can take in excess of fifteen minutes of time.
  • NSX Manager Data Provider requires Enterprise role. If Central CLI is to be enabled, System Admin user credentials are required for NSX Manager Data Provider.
  • When number of VMware vCenter® flows (4-tuples) exceed 3 million, the processing of flow data on a Proxy VM is paused.  It resumes only when number of active flows in the system are less than this limit. To reduce the number of flows, remove some of the vCenter data sources or disable IPFIX on some if the DVS.
  • A flow in vRealize Network Insight is a 4-tuple of (source IP, destination IP, destination port, protocol).
  • More than 100,000 unique IP addresses are not supported for flow based analytics.
  • Recommended firewall rules only supports global rules creation and universal rules creation is not supported.
  • Product update notifications are supported only for single platform node deployment connected to internet.

Top of Page