vRNI can be a great tool in your networking and security operations arsenal, with loads of features to support your physical, virtual and cloud environments.

There is already a lot of great material available for vRNI but here are just some of the primary use-cases:

• Plan Application security and migration
  • Micro-segmentation planning with automatic firewall rules recommendations.
• Manage and Scale NSX
  • Multiple NSX Managers with proactive detection of misconfiguration errors
• Optimize and Troubleshoot Virtual and Physical networks
  • Optimize application performs by removing bottlenecks
  • Audit network and security changes over time.

Also, the vRNI feature walkthrough page of VMware is excellent for an introduction

So back to why we are here! When you have a hybrid cloud strategy and have to move applications to the cloud you definitely want to know a couple of things:

• Which VMs are sitting idle or are over-provisioned on resources?
  • vRealize Operations (vROps) should be your go-to tool to identify all these VMs
• How much will cost to place my VMs into any of Cloud Solutions available out there, including VMC on AWS?
  • vRealize Business for Cloud should be your go-to tool to provide pricing for different cloud-based solutions on a selected VM/application.
• If you have multi-tiered applications, do you know the dependencies between the VMs and on which port/s they communicate with?
  • There are a lot of tools available that can provide application dependency mappings, but for this exercise, we are just looking at vRealize Network Insight (vRNI).

Let’s look at the steps to create an application dependency mapping, which is very similar to the steps you will use to create your micro-segmentation firewall rules.

• Step 1: Select the initial VM that you have identified for the application.
  • Using VRNI powerful search capabilities, type the query “VM where name = ‘vmname.’
  • For the duration, if you have collected information for a while, then select maybe the last 7 days as your time frame
  • Click Search
    • The VM can be selected in different ways like:
      • Path and Topology -> VM
      • Entities -> VM
  • 
  • This will show information about the VM, click on the VM name.
  • 
  • Click on Flows in the toolbar
  • 
  • Review the VM Flows – Allowed and VM Flows – Denied
    • This shows all the flows to and from the selected VM
  • Click on the 3 vertical dots and select “Export as CSV.”
    • This exported document provides columns for all source and destination VMs that are connecting to your selected VM.  Use this to start your application dependency mapping by creating an application in vRBC.
      • 
      • Select Entities -> Applications
        • Click Add Application
        • Enter Application Name
        • Enter Tiers and conditions to identify the VM or IP address
          • Add the VMs that you have identified as Source and Destination VMs in the flows.
        • You can also add more conditions to fine tune the VM select and also add additional Tiers.
        • Select Analyze Flows
        • Click Save

• Step 2: Select the application, and add any additionally identified entities as the first hop.
  • 
  • Select Security -> Applications
    • 
    • Under scope drop-down select Application
    • Select Application name created in step 1
    • For Duration you can select anything but 7 days would be good to cover all different connectivity scenarios that might occur.
    • Click Analyze
  • On the Micro-segmentation view
    • 
    • Under “Group By” select VM
      • Under “Also show groups for” select All
    • Under Flow, Types select “All allowed flows.”
    • 
    • This will provide you with a presentation of how your application VMs are talking with one another
    • However, more importantly, you will see “other entities,” in grey boxes, which is what we are really interested in:
    • You can also filter based the groups to show all the entities associated with the groups below
      • Virtual
        • If you select virtual, you will be presented with a list of all the VMs that communicate to the applications, and have not yet been identified.
        • Again you export the CSV.
        • Review these VM’s and add them to the application.
      • Physical
        • If you select physical, you will be presented with a list of IP addresses for all the physical servers are you connecting too in your environment.
        • Review these VM’s and add the physical IP address to your application.
      • Shared Virtual
        • If you select Shared Virtual, you will be presented with a list of VMs that are connected to all the VMs in your application.
        • Review these VM’s and add them to the application.
      • Internet
        • If you select Internet, you will be presented with a list of public IP addresses that your application is connecting too.
        • Review these public IP addresses and take note of them

• Step 3:  Manually create your application dependency mapping
  • If you really want to see how deep the rabbit hole goes then repeat step 2.
    • This will provide additional virtual, physical, shared and internet entities, based on the updated application.
  • Unfortunately is no way in vRNI to show a network connectivity diagram of the application like you were able to see in VIN so you would have to create your own Visio, making use of the flow diagram or exported CSVs to identify individual connectivity.

This is my own method and not sure if right or wrong, but if anyone has figured out a different or better way, please let me know!