Unsaved changes! You may continue editing other frames before saving.
Save Changes
0.
This demo will focus on NSX for vSphere components in the SDDC. The NSX-vSphere management pack also contains the Management Pack for Network Devices (MPND) to aid in the correlation of physical to logical network constructs. However, MPND has no requirement for NSX, and can be run independently as a standalone vROps management pack.
This demo is a subset of the full 'SDDC Management with vRealize Suite' demo which is also available in the Demo Library (use the left edge menu and click 'Get More Demos' to download it.)
[Click the 'Dashboard List' pulldown]
10.
[Click the checkbox for 'NSX-vSphere']
30.
[Click 'NSX-vSphere Main']
5730.
The NSX Main dashboard displays several operational aspects of virtualized networks including overall health, performance and availability. We can select between multiple NSX environments from this single dashboard by choosing the desired NSX implementation in the Environments widget.
[Click 'nsx nsbu']
5840.
The top portion of the dashboard displays alerts, heapmaps and topology trees, while the bottom section reveals top consumers of network resources.
[Click the right-side scrollbar down]
5850.
[Click the right-side scrollbar up]
5860. Move to the Topology dashboard to display the physical and logical network correlation tools.
[Click the tab for 'NSX-vSphere Topology']
5890.
Let's look at a NSX Logical Switch.
[Click '224-b2-app']
6070.
The dashboard has rendered the logical and physical topology underpinning the selected NSX Logical Switch. On the left we see the logical switch in the center, the VMs connected to the switch, and the upstream NSX Logical Router. On the right we see the physical hosts, network interfaces, switch interfaces, and the leaf and spine switches this Logical Switch is using for communication. At the bottom of the dashboard are alert lists and metric charts for the selected object.
[Click the right-side scrollbar down]
6080.
We can hover over each link in the physical topology chain to view information regarding the health and properties of that particular network object.
[In the top right panel: hover on the leftmost objects, then click the Host System to continue]
6180.
Note the Metrics chart is now showing stats for the selected host.
[Click the logical router on the right side of the left-side panel]
6320.
The Top Issues and Metrics charts now reflect the selected Logical Router.
[Click the tab for 'NSX-vSphere Object Path']
6350.
The Object Path dashboard displays correlating logical and physical network paths between any two entities in the NSX environment.
We will select the desired NSX environment.
[Click 'nsx east']
6380.
We can minimize any dashboard widget to make room on the screen for the other sections.
[Click the double up-arrows for 'NSX-vSphere Environments' to hide the panel]
6400.
Use the filter field to narrow the list of objects to investigate.
[Click in the 'Filter' text box]
6410.
[Hit any key to type 'live']
6470.
We filtered the list to only display objects containing the string 'live'. Now let's investigate the communication path between App1 and NoSql1 in the LiveAuction application.
[Click 'LiveAuctionW1|1App1']
6510.
[Click 'LiveAuctionW1|1NoSql1']
6670.
The logical communication path between App1 and NoSql1 reveals each VM is connected to an upstream Logical Switch, both of which connect to the east-dlr-1 Distributed Logical Router.
Scroll down to fully display the Physical Path widget.
[Click the right-side scrollbar down]
6680.
The communication path between the physical servers hosting these two VMs is revealed all the way through the upstream leaf and spine switches. We can zoom in or out in the path widgets, or drag any object to any location in the widget to unclutter a complex array of devices.
[Click the 'Navigation' icon under 'Logical Path']
6700.
To further investigate network communication between the two selected objects, navigate to the Troubleshooting dashboard directly from the path widgets.
[Click 'NSX-vSphere Troubleshooting']
6760.
The two virtual machines App1 and NoSql1 chosen in the previous Object Path dashboard are still selected although not displayed here. Select the Run Traceflow action to reveal the network hops between these two VMs.
[Click the pulldown for 'Choose Action' in the lower right]
6780.
[Click 'Run traceflow']
6800.
[Click the right-side scrollbar down]
6810.
[Click the blue arrow icon by the action]
6830.
Each step of the communication path between App1 and NoSql1 is revealed, including any firewall rules that were processed in the traceflow path.
[Click the right-side scrollbar up]
6840.
Use the Filter field to narrow the object list to just the Live Auction VMs.
[Click in the 'Filter' text box for 'Objects']
6850.
[Hit any key to type 'live']
6900.
Select the App1 VM to change the list of available actions to be contextually specific to virtual machines.
[Click LiveAuctionW1|1App1]
6940.
[Click the pulldown for 'Choose Action:']
6970.
[Click 'Get Distributed Firewall Statistics']
6980.
[Click the right-side scrollbar down]
6990.
[Click the blue arrow next to the action]
7010.
The Get Distributed Firewall Statistics action reveals the list of firewall rules that are processed when this VM communicates on the network.
[Click the right-side scrollbar up]
7020.
Filter the object list again, this time focusing on NSX components.
[Click in the text box that says 'live']
7030.
[Hit any key to type 'nsx']
7080.
Let's find out what troubleshooting actions are available specific to each NSX component, starting with a logical switch.
[Click '224-b2-app']
7120.
[Click the double up-arrow to close the 'NSX-vSphere Environments' panel]
7140.
With '224-b2-app' selected, view the available actions that can be run against NSX logical switches.
[Click the pulldown for 'Choose Action:']
7160.
Note the Logical Switch troubleshooting actions.
[Click the pulldown for 'Choose Action:' (again)]
7180.
Results from previously run actions can be selected and displayed from the Results List dropdown.
[Click the pulldown for 'Results:']
7210.
Here is the list of results from previous actions run against the switch '224-b2-app'.
[Click the first item in the list]
7220.
[Click the bottom of the right-side scrollbar to view the full results]
7230.
[Click the right-side scrollbar up]
7240.
Now let's view the available actions for a NSX Logical Router.
[Click 'east-dir-1' from the 'Objects' list]
7270.
[Click the pulldown for 'Choose Action:']
7300.
[Click the pulldown for 'Results:']
7330.
[Click the only option ('Show runtime state...')]
7340.
[Click the bottom of the right-side scrollbar to view the full results]
7350.
[Click the right-side scrollbar up]
7360.
Lastly, let's look at the available actions for a NSX Edge device.
[Click 'esg-east-prm-1' on the list of Objects]
7400.
[Click the pulldown for 'Choose Action:']
7430.
[Click the only option ('Check routing configuration')]
7440.
[Click the pulldown for 'Results:']
7470.
[Click the first item in the list]
7480.
[Click the bottom of the right-side scrollbar to view the full results]
7490.
[Click the right-side scrollbar up]
7500. The Troubleshooting dashboard offers a variety of actions for diagnosing functional operation of any item running in a NSX environment. Actions are available both for NSX devices as well as NSX service consumers such as virtual machines.
Next let's go back to the Main NSX dashboard.
[Click the tab 'NSX-vSphere Main']
7530.
Another key feature of the NSX management pack is Configuration Assurance checking, i.e. comparing the current NSX configuration against VMware Best Practice recommendations. If components of the NSX environment do not align with Best Practice guidelines, alerts will trigger to advise of the recommended settings for items that are out of compliance.
[Click the second open alert ('10.114.221.41 Backups are not using se...')]
7610.
VMware Best Practice recommends using Secure FTP to backup NSX Manager configurations. This environment is using insecure FTP, therefore triggering the warning alert and recommended remediation.
[Click the 'Home' button in the top left]
7750.
Let's look at one more Configuration Assurance check built into the management pack.
[Click the 6th open alert ('univ-dir-1 One or more OSPF areas on...')]
7900.
This rule checks whether OSPF on logical routers has been configured to use secure authentication.
[Click the arrow next to 'univ-dir-1 has symptom OSPF is enabled on the Logical Rounter']
7920.
The logical router 'univ-dlr-1' has not been configured to use the MD5 authentication protocol, hence the triggered alert. Expanding the 'OSPF is enabled...' symptom shows the date and time when OSPF was enabled on the logical router (3/17/16 at 1:53pm). The recommendation is to use MD5 authentication for all OSPF areas.
[Click the 'Home' button in the upper left corner]
8110.
[Click 'nsx nsbu' on the list of NSX-vSphere Environments']
8330.
The heatmaps on the Main dashboard provide a quick glance at the NSX transport layer health and workload.
[Click the arrow button by 'Configurations' on the 'Transport Layer' panel]
8370.
We can look at the transport layer from multiple health and workload angles, and also choose a heatmap for the vSphere Distributed Switches.
[Click 'Transport Node Network Workload']
8450.
This heatmap shows the current network workload of the transport layer is relatively light in the selected NSX environment.
Let's switch to a different NSX environment.
[Click 'nsx east' on the list of NSX-vSphere Environments']
8610.
[Click the bottom of the right-side scrollbar to view the rest of this dashboard]
8620.
The traffic charts display total throughput, egress and ingress statistics for the top consuming logical networks and VMs in the selected NSX environment.
Scroll to the right in the Traffic charts to view the Egress / Ingress stats.
[Click the right side of the bottom scrollbar under the panel 'Top Logical Networks by Traffic (KBps)']
8650.
[Click the left side of the bottom scrollbar under the panel 'Top Logical Networks by Traffic (KBps)']
8660.
[Click the right side of the bottom scrollbar under the panel 'Top VMs by Traffic (KBps)']
8670.
[Click the right-side scrollbar up]
8680. Let's move to the vROps inventory trees to investigate workload, fault and capacity information for NSX components.
[Click the 'environment' icon in the top left]
8780.
Notice the individual inventory trees for various NSX objects such as Control Plane, Edge Services, Logical Routers and Switches, and Transport Zones.
Let's start with the Control Plane (NSX Manager and Controllers).
[Click 'NSX-vSphere Control Plane']
8930.
Expand the NSX environment to view Control Plane details.
[Click the arrow next to 'nsx east']
8950.
[Click 'nsx-mgr-east.mgmt.local']
8980.
Selecting the NSX Manager East reveals related Health, Risk and Efficiency alerts as well as three associated Controllers as child resources. We could select any of the sub-tabs on the right, i.e. Alerts, Analysis, Troubleshooting, etc., for further information on nsx-mgr-east. Notice the Risk alert indicating less than 3 controllers are active. Clicking on the alert would identify which controller is offline.
Next let's look at the other NSX inventory trees.
[Click the pulldown for 'NSX-vSphere Control Plane' in the top left]
8990.
[Click 'NSX-vSphere Edge Services']
9020.
[Click the arrow icon next to 'nsx nbsu']
9050.
[Click 'ESG-1']
9110.
Selecting an object in the inventory tree displays Health, Risk and Efficiency alerts for the selected objects and its descendants.
[Click 'ESG-1 NAT']
9190.
Selecting the NAT service for this edge device reveals an open alert indicating NAT rules with no destination. We could click that alert to identify the rules in question, but for this demo let's switch to the Analysis tab and look at Capacity information.
[Click the tab for 'Analysis']
9370.
In the Capacity Remaining Breakdown note the value 2,000 as the total rules capacity, with 3 rules consumed as the current peak value.
[Click 'ESG-1 Load Balancer']
9470.
Staying with the Capacity theme, notice the max values of 64 for Pools and Virtual Servers, with current Peak Values of 1 for each on this Edge device.
[Click 'ESG-1 L2 VPN']
9680.
Moving to the Faults tab for the VPN service we quickly see that the L2 VPN tunnel is down.
The inventory trees are useful for viewing performance, alerts and capacity for all NSX components and services.
[Click the pulldown for 'NSX-vSphere Edge Services' in the top left]
9690.
As mentioned at the beginning, the Management Pack for Network Devices (MPND) is included in the NSX-vSphere management pack. MPND discovers and maps the physical network infrastructure underpinning the virtualized environment. It also installs an inventory tree which enables analysis of the physical infrastructure of switches and ports.
[Click 'Physical Network']
9740.
[Click the arrow icon next to 'mpnd snmpv2' to expand]
9780.
The inventory tree shows a list of all the discovered physical network devices connected to the vSphere environments being monitored with vROps.
Let's drill into a Cisco Nexus Leaf Switch.
[Click 'w2m26-ccmm-nexus9372px-1']
9900.
Choosing the Troubleshooting tab and All Metrics, we can create a series of graphs to our liking to show statistics and properties of the selected physical switch.
Create charts for total egress and total overall traffic seen on this switch.
[Click the '+' button for 'Interfaces']
9920.
[Click 'Egress Traffic (Mbps)']
9990.
[Click the bottom of the scrollbar for the bottom center panel]
10000.
[Click the bottom of the scrollbar for the bottom center panel (again)]
10010.
[Click 'Total Traffic (Mbps)']
10120.
In summary, the NSX-vSphere management pack provides comprehensive physical to virtual network correlation, troubleshooting, configuration assurance and capacity modeling for NSX environments. It is a Must Have tool for every NSX implementation!
(End of demo)
[Click the Home icon to return to the start of the demo]
Use Learn mode to learn the demo
You can also use the arrow keys to step forward or backward
Shortcuts jump to different parts of the demo
