VMware Aria Operations for Networks (formerly known as vRealize Network Insight) is a great tool to get information about traffic within your ESXi enviroment. After configuring your vCenter and NSX instance the collection starts and can give you lots of useful information. Getting the right data isn't always easy, but it's all there!

Most people know the nice donuts, useful to get information about data flows. This donut shows the flows from and to the application group AD (aka Active Directory).

Screenshot%202022-11-30%20at%2014.39.42

This gives you lots of info, but not much details (unless you click on the flows).

To get more insight you should be able to group VM's, this can be done by using the Application Discovery or using security Group's in NSX-T. Once you've done this you can query to get the right data to create rules in your DFW.

flows where source Application = "YOURAPPLICATION" group by Port Name

This query gives you all the traffic from the Application to the rest of the world. If you're planning on having a any/any deny rule, this output will give a list of outgoing ports. If you replace source by destination in the query, you will get the incoming ports.

flows where Destination Security Groups = 'YOURGROUP' AND Destination Security Groups = 'YOURGROUP'

You will get all the traffic within a security group, useful If you plan on having a very secure bubble for the VM's inside the group. This will give you the flows within the security group.

list vm where Operating System like linux group by name

Want to have all the VM's running a certain OS? With this query you will get them all. Might be usefull if you want to block or allow certain flows based on the OS.

list (destination vm) of flow where Flow Type = 'Shared Service' and port name = 'ldap'

In case you're not sure you have all the Active Directory servers, run this query and you will get a list of VM's.

list(Destination Vm) of flow where Source Security Groups = 'Group1' and Destination Security Groups != 'Group1'

Get all the flows for VM's from Group1 going to other groups.

flows where Flow Type = 'internet' group by Security Groups

All the flows coming from the internet grouped by security groups.

This might help you play around in Network Insight and get information for your microsegmentation project.

Previous Post Next Post