VMware NSX Intelligence boosts data center visibility, security

The new NSX Intelligence distributed analytics engine is part of VMware NSX-T 2.5. Learn how it gives networking teams deep visibility into virtualized and containerized workloads.

VMware NSX Intelligence, the newest component of VMware NSX Data Center, provides an innovative approach to virtual networking and security. It's a network analytics component that enables administrators to see almost real-time flow within their environments, as well as view past information about flows, user configurations and workload inventory.

NSX Intelligence's distributed analytics engine ingests data from different data sources, such as vRealize Network Insight or VMware AppDefense. Future releases of NSX Intelligence will also integrate with VeloCloud and Avi Networks as a data source.

How NSX Intelligence works

NSX Intelligence Data Platform receives the data streams from NSX Manager and transport nodes. Flows are sent at five-minute intervals and are distributed and optimized at the source. NSX Intelligence learns the content and the flow within the Layer 7 context of the apps running in the environment and provides the admin with recommendations for applying firewall rules. The admin can review and either accept or modify those recommendations before creating the new rules.

The admin can see the flows, user configurations and workload inventory. NSX Intelligence enables admins to plan microsegmentation and recommend firewall rules, groups and services to secure the environment.

Deployment options and system requirements

NSX Intelligence will make microsegmentation much easier and faster. It's almost like self-driving for microsegmentation operations.

VMware distributes the NSX Intelligence stand-alone product as a virtual appliance. IT organizations must have NSX-T version 2.5 running before implementing NSX Intelligence 1.0 and enough resources for not only the server side, but also for the client side where the views are displayed.

The whole application, running as a VM, consumes a lot of resources. For a production environment or large deployment option, systems require 128 GB of RAM, 32 vCPU and 2 TB of disk space. A proof-of-concept environment, or small deployment option, consumes 64 GB of RAM, 16vCPUs and 2 TB of disk space. The client must have a supported browser, such as Chrome, Firefox or Microsoft Edge, and browser resolution set to a minimum of 1200 x 800 pixels.

NSX Intelligence benefits and drawbacks

Admins who don't use a tool like NSX Intelligence to analyze their environments must manually check every app in every workload and manually create rules in the distributed firewall. Although they can, this method isn't effective for large-scale deployments.

NSX Intelligence can automatically show the admin a configuration, which he or she can review and possibly modify, before accepting and letting the application create those rules. The product can eliminate traffic duplication and network degradation.

NSX Intelligence can benefit for large-scale enterprise networks, but it can also consume too many resources to be used for smaller enterprises or SMBs. Also, NSX Intelligence comes at an additional cost on top of NSX-T.

Overall, NSX Intelligence makes microsegmentation much easier and faster. It's almost like self-driving microsegmentation operations.

NSX user interface
The NSX Intelligence UI gives admins several capabilities and views

NSX Intelligence user interface

NSX Intelligence has an HTML 5 web-based UI that gives admins access to:

  • Data flow view. NSX Intelligence provides almost real-time flow information on data between workloads in the environment. Information, including VMs, external IPs and public IPs, is displayed within and outside the NSX domain.
  • Rules generation. NSX Intelligence generates distributed firewall policy sections, groups and services, which admins can either accept or modify for microsegmentation planning. The software also generates new inventory groups or services.
  • Group and users view. The group view shows the flow of information between objects at all levels. V1.0 of the product supports up to 100 VMs per session.
  • Filtering views. Admins can filter the communication map to the VM level, view correlated VM and network context, and show flow details and related groups.
Options to filter groups or VMs
Admins can access filtering views

NSX Intelligence provides a centralized view of analyzed data across the NSX domain. A Recommendation wizard lets the admin select rules, groups and services, accept or reject the choice and then validate to create the distributed firewall rules.

Hopefully, future versions of NSX Intelligence include more autoconfiguration features that analyze the environment and provide several different security options. Resource optimization would also be helpful, as the product currently requires a significant amount of resources.

Overall, NSX Intelligence can help large enterprises, as it gives a networking team deep visibility into virtualized and containerized workloads. The automated microsegmentation planning by recommending firewall rules, groups and services and could benefit security admins working in an enterprise environment.

Dig Deeper on VMware updates, certifications and training

Virtual Desktop
Data Center
Cloud Computing