Monitoring NSX with vRealize Operations Manager

The existence of VMware vRealize® Operations Management Pack™ for NSX is a known fact. Until a couple of weeks ago, I hadn’t seen a demo of the integration between these two products, and my assumption was that there are “some stats” that can be analyzed in the vRealize Operations Management Pack GUI.

The demo that was given to me was more than impressive. vRealize Operations Management Pack definitely saves a lot of time when your VMware NSX® environment needs to be understood and analyzed to find misconfiguration or malfunctioning components.

After discussing powerful vRealize Operations Manager functionality with my NSX customers, I realized that I’m not alone and that a blog post would be an eye opener for many NSX administrators.

The vRealize Operations Management Pack can be found on VMware Solution Exchange; go to and hit the Try button. The install is done from the vRealize Operations Manager interface and is pretty straightforward.

PMcAllister Solutions Exchange

You can find two vRealize Operations Management Packs on Solution Exchange. VMware publishes NSX MP v2.x and v3.x simultaneously. This write is based on version 3.x. The recommendation is to use NSX MP 2.x only if NSX-V is at the level below 6.1.X version.

We’ll cover just a few screens to give you a taste of what can be done.

Let’s look at packet flow first. In the physical world, we can clearly understand when firewall and routing rules are applied as we follow wires that connect these devices. But how can we see this in an abstract virtual world? It can be easily done by going to vRealize Operations Manager, selecting NSX-vSphere Troubleshooting dashboard, specifying the source and destination of your packet, and clicking Run Traceflow.

PMcAllister NSX vSphere Environments

Here is output that is provided to us within the same dashboard.

PMcAllister NSX vSphereOutput

On the output screen above, it’s clear when the packet hits the firewall, firewall rules are applied to it, and then the packet is released (or dropped). It’s very easy to see when the packet enters and exits the logical firewall and when (for a short time) the packet is actually on physical wire before returning to the virtual network and being check against firewall rules associated with the target VM.

In the NSX environment, rules can be applied to the object. This flexibility allows micro-segmentation and is the reason why firewall rules applied on the packet leaving the source VM’s vNIC and other set is applied on the packet arriving at the destination VM.

Let’s look at two more screens. Everyone who has had to troubleshoot an NSX configuration knows that VMware NSX Manager™ has all necessary information for troubleshooting routing and switching decisions. Basically, it’s the MAC and VTEP tables that need to be inspected. The most forward way to display these tables is to run crafted commands through NSX Manager Universal Console, which is not difficult but does require some basic experience of running these commands. VMware vRealize Orchestrator™ is a wonderful tool that comes with VMware vCenter Server® at no additional cost and can help to automate these commands. But look at what can be done in vRealize Operations Manager with NSX MP 3.x by a simple selection of virtual wire.

PMcAllister vSphere Tables

It’s pretty much all you need in a very easy-to-read format. But wait. Some experienced network engineers might want to see just routing tables and check how dynamic routing works. And, again, it’s just a couple of simple clicks for all this info.

Dynamic Routing configuration displayed by vRealize Operations Manager with NSX MP 3.x

PMcAllister Dynamic Routing

And now we can examine the routing tables as shown below through the same NSX-vSphere Troubleshooting dashboard.

PMcAllister Routing Tables List

Such easy and simple access to NSX routing and state information can save me hours working with a customer with an average size NSX deployment. Hopefully, showing these examples will help other NSX customers and administrators save time on fixing configuration mistakes, so they can get to the exciting IT work: showing technology use cases that can help your business to grow.
Like This Article ? :

We encourage healthy criticism, so do not hesitate to leave your thoughts in comment box.