The Netvisor vCenter Connection Service provides UNUM Insight Analytics Flow with the virtual machine and virtual network configurations and is used to identify and index any recorded communication.

The value of the collected analytics is greatly enhanced since each connection record provides insight into the virtualization layer.

UNUM Insight Analytics Flow records all sessions without traffic sampling, and it may include the East-West VM to VM traffic within the same server, or across servers, switched or routed.

Here is some example use cases:

  • Visualize malicious traffic from a compromised VM scanning the VMs on the same port group. The traffic may be in very low volume, and under the radar of sampling technologies like sFlow.
  • Forensic analysis to prove that a communication event between two VMs on the same host happened or prove that there was no communication in each time window.

UNUM Insight Analytics Flow provides also the fundamental information to implement a micro-segmentation policy, including the communication patterns between VMs within the same hosts, between VMs in different hosts, between VMs and bare-metal servers and to the campus/branch/Internet.

For example, UNUM Insight Analytics Flow allows you to view a list of all clients accessing Oracle in a database server and distinguish the database client connections from system administration and file transfer connections.

UNUM Insight Analytics Flow enables you to custom tag and index in real time all connections to enable fast search and visualization of VM information.

For example, you can associate the enterprise division name to each connection, and the project identifier for usage tracking and chargeback.

By default, the UNUM Insight Analytics Flow server queries the Netvisor fabric using a REST API every 60 seconds as the default value, but you can configure a time between one minute and one day to acquire updated information about the connected virtual machines and the VMware infrastructure.

Then the information is cached and used to tag the connection records.

UNUM Insight Analytics Flow acquires the VMware and vCenter specific information from the vCenter Connection Service vPort table.

There is a latency of up to five minutes between the time the vPort data is read from Netvisor and the time that the actual tagging starts.

A VM end-point is uniquely identified by the IP address.