NSX Firewall Migrations: Analysis
Last month, I wrote about the progressive microsegmentation model that we've been using lately for our distributed NSX firewall. Now, I want write about how we can figure out its implementation in a brown field environment! To do this, we heavily relied on vRealize Network Insight . In short, vRNI creates a big index of all of the objects in your vCenter and on your network, including how they communicate together (all the way down to the specific route between any two devices!). You can then execute queries against this giant index to pull out the data that you need. In our case, we request all network flows for a given application, then analyze those flows to create an appropriate set of policies to apply to that application. Our first step was to identify the application. This customer was fairly disciplined during the VM creation process in that they generally created a VM folder for each application that was being deployed and put the appropriate VMs into that folder