Objective 8.3 – Monitor a VMware NSX Implementation

Knowledge

• Identify available monitoring methods (UI, CLI, API, etc.)
  • UI
    •  Web Client
      • High level view of the status of vSphere and NSX components.
    • Flow Monitoring
      • Flow Monitoring is a traffic analysis tool that provides a detailed view of the traffic to and from protected virtual machines. When flow monitoring is enabled, its output defines which machines are exchanging data and over which application. This data includes the number of sessions and packets transmitted per session. Session details include sources, destinations, applications, and ports being used. Session details can be used to create firewall allow or block rules.
    • Activity Monitoring
      • Activity Monitoring provides visibility into your virtual network to ensure that security policies at your organization are being enforced correctly. A Security policy may mandate who is allowed access to what applications. The Cloud administrator can generate Activity Monitoring reports to see if the IP based firewall rule that they set is doing the intended work. By providing user and application level detail, Activity Monitoring translates high level security policies to low level IP address and network based implementation.
  • CLI
    • Used for NSX Manager, Controllers, Edges & Hosts
      • Manager is mainly for config rather than monitoring
      • Controllers can show bridges, instances, interfaces, routers, stats and status
      • Edges can show firewall flows, routing protocol details, VPN details, loadbalancer details, service monitors, and general status.
  • API
    • The NSX API can be used to enable/disable Activity Monitoring Data Collection, and query user/inbound/outbound/VM/AD Group activity.
  • Syslog
    • All NSX components can be configured to send logs to a Syslog server.
• Monitor infrastructure components
  • Control Cluster Health
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click Installation
    • NSX Controller nodes are shown, including Software Version and health Status.
      
  • Manager Health
    • Log in to the NSX Manager Web Interface
      
  • Hypervisor Health
    • Log in to the vSphere Web Client.
    • Click Hosts & Clusters, then Related Objects, and Hosts
      
• Perform Inbound/Outbound activity monitoring
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then Activity Monitoring.
  • Select the Inbound Activity or Outbound Activity tab
  • Change the filters as desired and click Search
• Enable data collection for single/multiple virtual machines
  • Single
    •  Log in to the vSphere Web Client.
    • Click vCenter and then click VMs and Templates.
    • Select a virtual machine from the left inventory panel.
    • Click the Manage tab and then click the Settings tab.
    • Click NSX Activity Monitoring from the left panel.
    • Click Edit.
    • In the Edit NSX Activity Monitoring Data Collection Settings dialog box, click Yes.
  • Multiple
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then click Service Composer.
    • Click the Security Groups tab.
    • Select the Activity Monitoring Data Collection security group and click the Edit (Pencil) icon
    • Follow the wizard to add virtual machines to the security group.
      Data collection is enabled on all virtual machines you added to this security group, and disabled on any virtual machines you excluded from the security group.
• Perform virtual machine activity monitoring
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then Activity Monitoring.
  • Select the VM Activity tab
  • Change the filters as desired and click Search
• Monitor activity between inventory containers (security groups, AD groups)
  • Log in to the vSphere Web Client.
  • Click Networking & Security and then Activity Monitoring.
  • Select the Inter Container Interaction tab in the left pane.
  • Click the link next to Originating from.
    All groups discovered through guest introspection are displayed.
  • Select the type of user group that you want to view resource utilization for.
  • In Filter, select one or more group and click OK.
  • In Where the destination is, select is or is not to indicate whether the selected group should be included in or excluded from the search.
  • Click the link next to Where the destination is.
  • Select the group type.
  • In Filter, select one or more group and click OK.
  • Click the “During period” icon and select the time period for the search.
  • Click Search.
• Analyze network and security metrics in vCOPS
  • Need to have Management Pack for NSX loaded in vCOPs
    See VMworld recorded session MGT1878 for a walkthrough
  • NSX Main – can see top Logical Networks / VMs by traffic throughput
  • NSX Topology – can drill down to show topology, also show metrics for the selected object.
  • NSX Edge Services – Show high level view of Edge services and their metrics.
• Monitor logical networks and services
  • Identify available statistics/counters
    • Controller
      • Controller CLI:
        • show control-cluster logical-routers
        • show control-cluster logical-routers vdr-stats logicalRouterID
    • Edge
      • Log in to the vSphere Web Client.
      • Click Networking & Security and then NSX Edges
      • Double click on an NSX Edge and select Monitor and Statistics:
        Interface throughput (per interface)
        Concurrent connections (FW/LB)
  • Network/service health
    • Easily viewed through vCOPs with NSX Management Plugin. Heat map can be displayed for Virtual and Physical networks.
  • Configure and collect data from network
    • Log in to the vSphere Web Client.
    • Click Networking & Security and then Flow Monitoring
    • Select Configuration
    • Configure the Flow Collections, making modifications to Flow Exclusion if required
    • Click on IPFix and edit the IPFix domain, timeout and collector IPs as required.
    • Click Publish Changes

Tools

• NSX Administration Guide
• NSX Command Line Interface Reference Guide
• NSX Controller CLI
• vSphere Web Client
• vCenter Operations Manager (vCOPS)