VMware Cloud Community
Adaves
Contributor
Contributor
Jump to solution

Ways to get regular info about Virtual Infrastructure state

Hello!

What are possible ways to get data about all changes taking place in VI state continuously?

(By "state" I mean a structure/organization of VI (on Host#1 VM#1 and VM#2 are running, on Host#2 only VM#3 is running etc.) and all attributes (or part of them) that has each of VI object.)

For example, Virtual Machine migrated from one host to another (due to workload re-balancing or somehow), stayed there for N seconds and then went to the initial one. The task is to detect this change as soon as we can.

For now, I know 2 possible ways:

  1. Get data by HTTP requests using vSphere API, it's "snapshot" of VI state, we can do it as frequent as we want (down to once time per second if Internet connection lets it);
  2. Use NSX Flow Monitoring, detect all flows that took place during specified monitoring period (1 hour <= T <= 2 weeks - according to View Flow Monitoring Data) and after that make a conclusion - for example, there was a flow between Host#1 and VM#3 but it shouldn't be; and we can check each 1 hour (or less often) observed flows and detect all new changes.

Thank in advance!

P.S. Actually, I'm a student and now researching VI theme and particularly an issue of integrity control in VI. I'm a newbie here, this is my 1st (hope not the last Smiley Happy) post here, so I'll be glad to hear any suggestions, useful advices or remark (especially if I've understood VMware documentation wrong).

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

I think this really "depends" on

  1. What precisely you want to get
  2. What you want to do with that information
  3. What reliance upon other infrastructure you're willing to tolerate

because there are multiple ways to skin this cat. Some other options which come to mind include:

  • Polling vROps for this data
  • Using vRLI to watch for logs which contain this data
  • Third-party auditing application like something from HyTrust to provide this data

If it's strictly networking information you want rather than just states of infra, I think there are more possibilities there. Without knowing some more about your project, its goals and requirements, it's difficult to narrow this field of vision down.

View solution in original post

Reply
0 Kudos
2 Replies
daphnissov
Immortal
Immortal
Jump to solution

I think this really "depends" on

  1. What precisely you want to get
  2. What you want to do with that information
  3. What reliance upon other infrastructure you're willing to tolerate

because there are multiple ways to skin this cat. Some other options which come to mind include:

  • Polling vROps for this data
  • Using vRLI to watch for logs which contain this data
  • Third-party auditing application like something from HyTrust to provide this data

If it's strictly networking information you want rather than just states of infra, I think there are more possibilities there. Without knowing some more about your project, its goals and requirements, it's difficult to narrow this field of vision down.

Reply
0 Kudos
Adaves
Contributor
Contributor
Jump to solution

Well, lets limit VI with only 2 objects - VM and hosts.

Here are details for your questions:

1. All attributes (or part of them) that have VMs (id, type, name, host, toolstatus, faulttolerance, isolation.tools.###, isolation.device.### etc.) and hosts' attributes (id, type, address, version, build, lockdownmode, chapauth, security.###, UserVars.### etc.).

2. Based on attributes create a "normal" set (template) of them and then periodically observe VI states and check whether VI configuration is still OK or some unacceptable changes take place (this approach may refer to XACML standard and ABAC (Attribute-Based Access Control)).

3. Other infrastructure doesn't make sense, just focused on VM and hosts, at least.

I'll read about vRealize Operations and vRealize Log Insight, thanks for the tip)

Reply
0 Kudos