[vRNI] [4.x] VMware on Cloud for AWS (VMC) Integration as a data source
search cancel

[vRNI] [4.x] VMware on Cloud for AWS (VMC) Integration as a data source

book

Article ID: 314393

calendar_today

Updated On:

Products

VMware Aria Operations for Networks

Issue/Introduction

The purpose of this article is to provide guidance and general information on the VMware on Cloud for AWS (VMC) integration as a data source from vRealize Network Insight 4.0

Resolution

vRealize Network Insight 4.0 supports VMC on AWS for the enterprise license users only. You can add VMC vCenter or VMC NSX Manager as a data source

NI support for VMC is still in preview mode under VMC. It is suggested to work with NI Product management before enabling the same in your environment.
Definition of PreviewAbility for paying customers (i.e. customers running production workloads) to sign-up for the service or feature is constrained by VMware pending achievement of certain criteria (e.g. sufficient customer experience validation).




Adding VMC vCenter as a Data Source

Note: To add VMC vCenter as a data source, you need to have the Cloud Administrator privileges.

  1. To obtain the credentials to add VMC NSX Manager as a data source, perform the following steps:

    • Log in to your VMWare Cloud Services console.

    • Click VMware Cloud on AWS under My Services.

    • Click the name of the desired SDDC.

    • In the Settings tab, copy the vCenter FQDN in the vCenter FQDN tab. From the Default vCenter User Account tab, copy the user credentials.

  2. In the Accounts and Data Source page under Settings, click Add Source.

  3. Under Public Clouds, click VMWare Cloud on AWS (vCenter).

  4. In the Add a new VMware vCenter Account or Source of VMware Cloud on AWS page, provide the following information:

    • Select the Collector VM.

    • Provide the vCenter FQDN that you have retrieved from the VMware Cloud Services..

    • Provide the user credentials that you retrieved from the VMware Cloud Services.

  5. Click Validate.

  6. Enter Nickname and Notes (if any) for the data source and click Submit


 

Adding VMC NSX Manager as a Data Source

  1. To obtain the credentials to add VMC NSX Manager as a data source, perform the following steps:
    • Log in to your VMWare Cloud Services console.

    • Click VMware Cloud on AWS under My Services.

    • Click the name of the desired SDDC.

    • From the Support tab, note the IP address of the NSX Manager.

    • Click the user profile name on the top right corner of the page.

    • Click the API Tokens tab and copy the Refresh Token.

  2. In the Accounts and Data Source page under Settings, click Add Source.
  3. Under Public Clouds, click VMWare Cloud on AWS (NSX Manager).
  4. In the Add a new VMC NSX Manager Account or Source of VMware Cloud on AWS page, provide the following information:
    • Select the corresponding vCenter.

    • The collector is automatically selected based on the selection of the vCenter. VMC NSX Manager has to be added to the same collector VM as that of the corresponding vCenter.

    • Provide the IP address and the CSP Refresh Token.

    • Provide the user credentials.

  5. Click Validate.
  6. If you want to collect IPFIX flows for DFW, select Enable DFW IPFIX.
  7. Enter Nickname and Notes (if any) for the data source and click Submit
         Note:  Error messages pop up if the following conditions are not met:
  • To enable DFW IPFIX, you need to have the Cloud Administrator privileges

  • VMC NSX Manager allows only four collectors to be added to its DFW IPFIX collector profile





VMC for AWS Entities

Here are the entities related to VMC NSX Manager:

  • VMC NSX Manager Data Source
  • VMC NSX Manager
  • VMC Firewall



Some sample search queries related to the VMC entities are:

  • VMs where L2 Network = '' (L2 Network -> VMC Segment)
  • VMC Policy Based VPN where Tier0 = ''
  • VMC Policy Based VPN where Local Network = '' (Local Network of Policy Based VPN Rule)
  • VMC Policy Based VPN where Remote Network = '' (Remote Network of Policy Based VPN Rule)
  • VMC Group where Translated VM = ''
  • VM where VMC Group = ''
  • VMC Firewall Rule
  • VMC Segment
  • VMC Policy-Based VPN
  • VMC Group

Note : Currently, vRealize Network Insight does not support the following search query:
  • vmc group where members = <IP/VM/MEMBERSHIP_CRITERIA/CHILD GROUPS/IPSETS>
  • VMC does not support child groups or IPSETS. Hence all the searches like :
 vmc firewall rule where Indirect __________ = '' or vmc group where Indirect _____= '' are disabled






 

VMC Deployment

vRealize Network Insight supports the following deployment models for VMC for AWS:

  • Collector deployed in VMC:
  • In this deployment model, the collector is deployed as a workload in Compute Gateway in VMC. The platform is deployed in the SDDC on-premises version.
  • The firewall rules of Management Gateway allow communication to VMC vCenter and VMC NSX Manager over HTTPS.
  • The collector communicates to the platform using the existing communication mechanisms over VPN or Direct Connect.
 
  • Collector and Platform deployed in the SDDC on-premises version
  • In this deployment model, the collector and the platform are deployed in the SDDC on-premises version.
  • The firewall rules of Management Gateway allow communication to vCenter and policy using HTTPS over VPN.
  • The VPN connectivity between SDDC (on-premises or SaaS version) and VMC allows data to be fetched by the collector.
 

The prerequisites for the above deployment models are:

  • There should be connectivity between the platform or collector (on-premises) and VMC SDDC. It could either be over VPN or DX if the vRealize Network Insight installation is in the private SDDC.
  • There should be a Management Gateway firewall rule to allow the collector to call the NSX Manager APIs over HTTPS (443).


Additional Information

To access the FAQ on the VMware on Cloud for AWS (VMC) integration with vRealize Network Insight 4.0 / Network Insight 4.0, see the following kb :
https://kb.vmware.com/s/article/65112