Arista NetVisor UNUM 6.3.2

Insight Analytics VMware vSphere Integration

There are features and functions used in Arista NetVisor UNUM and Insight Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.

The NetVisor OS vCenter Connection Service provides NetVisor UNUM Insight Analytics Flow with the virtual machine and virtual network configurations and is used to identify and index any recorded communication. 

The value of the collected analytics is greatly enhanced since each connection record provides insight into the virtualization layer.

NetVisor UNUM Insight Analytics Flow records all sessions without traffic sampling, and it may include the East-West VM to VM traffic within the same server, or across servers, switched or routed. 

Here is some example use cases:

•Visualize malicious traffic from a compromised VM scanning the VMs on the same port group. The traffic may be in very low volume, and under the radar of sampling technologies like sFlow.

•Forensic analysis to prove that a communication event between two VMs on the same host happened or prove that there was no communication in each time window. 

Note: As of July 2021, sFlow is no longer supported.

NetVisor UNUM Insight Analytics Flow provides also the fundamental information to implement a micro-segmentation policy, including the communication patterns between VMs within the same hosts, between VMs in different hosts, between VMs and bare-metal servers and to the campus/branch/Internet. 

For example, NetVisor UNUM Insight Analytics Flow allows you to view a list of all clients accessing Oracle in a database server and distinguish the database client connections from system administration and file transfer connections. 

NetVisor UNUM Insight Analytics Flow enables you to custom tag and index in real time all connections to enable fast search and visualization of VM information. 

For example, you associate the enterprise division name to each connection, and the project identifier for usage tracking and charge-back.

By default, the NetVisor UNUM Insight Analytics Flow server queries the NetVisor OS fabric using a REST API every 60 seconds as the default value, but you configure a time between one minute and one day to acquire updated information about the connected virtual machines and the VMware infrastructure. 

Then the information is cached and used to tag the connection records. 

NetVisor UNUM Insight Analytics Flow acquires the VMware and vCenter specific information from the vCenter Connection Service vPort table. 

There is a latency of up to five minutes between the time the vPort data is read from NetVisor OS and the time that the actual tagging starts.

A VM end-point is uniquely identified by the IP address.