Since Broadcom acquired VMware, it has been experiencing challenges. Many sales processes are not well defined. They can show a little bit more information because vRealize Network Insight is virtual and is looking or searching for a virtual environment. They can show a little bit more details about the relationship.
The IT infrastructure industry is expected to evolve towards a hybrid cloud model in the next five to ten years. In this model, most of the customer's resources reside on-premise within a private cloud setup, such as VMware. Another segment operates within public cloud environments like Azure and AWS, and a portion remains in traditional data centers. There should be seamless interoperability between public and private clouds. AWS and VMware need to work together to make it possible. Whether users interact with on-premise infrastructure or configure resources in the public cloud, the user experience must be seamless.
There is room for improvement when it comes to pricing because we pay here in Brazil, and all the costs are based on the dollar. Our currency is a bit weak at the moment. It becomes a little expensive to buy this kind of product.
Systems Administration and Applications Delivery Head Africa at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2023-05-25T08:05:00Z
May 25, 2023
It just needs to be more reliable and more accurate. At some point, there are some things where it does not match properly. I guess they have released the newer version of the solution, but I have not tried it yet. I guess it's an old solution I am using. However, It seems fine for the time being. But if you allow me some time to test an issue from the newest version, I guess it could be good for me.
There's always room for improvement with anything, but as it exists today with its offerings, it's pretty rock solid in my opinion. It's such a great tool by itself for what I utilize it for. There could be some deeper analytics into packet inspection and trace flows. It could use some kind of machine learning to look at Layer 7 traffic for potential malware or corrupt packets. There could be the ability to have more plug-ins and do more at the VMware offering so that it has got even tighter integration.
VMware Administrator L3 Support at Diyar United Company
Real User
Top 5
2023-03-07T14:59:51Z
Mar 7, 2023
I thought that when we deployed vRealize Network Insight in our environment, we had to wait for four weeks or so for the solution to capture all the traffic in and out from each connected component. Then, we had to extract the data into an Excel format and analyze it. After that, we had to manually enter the data into NSX-T Manager. If there was an integration between vRNI and NSX-T Manager, we could extract all the firewall rules directly from NSX-T Manager. This would reduce the workload in half since we would not have to manually enter the same data into both systems. In my experience, the main purpose of vRNI was to obtain firewall rules for NSX-T Manager. If this was integrated, it would have been much easier, since the documentation work was too much. vRNI captures every traffic in and out, so the file can become huge if we have many components and machines in our environment. Integration would help identify the legitimate ports on vRNI and extract the final rules to push them directly to NSX-T Manager, which would make the task much easier. The only issue we have is that the solution does not always capture the host names. We asked VMware for an explanation and they provided us with some reasons. Ideally, the DNS name should be captured, however, when we extracted the data onto an Excel sheet, we found that around 20 to 30 entries only had IP addresses. Therefore, we had to manually track those IP addresses and then input their hostname and username to identify what the IP address represented. It seems that something may not have captured this part, but there was a reason for it, and that has room for improvement.
Network Security Consultant at a tech services company with 11-50 employees
Real User
2022-09-19T10:15:02Z
Sep 19, 2022
In some integrations with other products like F5, Cisco, and others, we sometimes encounter some bugs, and we sometimes have some integration issues that require us to contact VMware support to try to solve the problems. We'd like the simplification of integrations in the future. Support could be much better. They do not do a good job of finding issues. The security could be enhanced slightly.
Executive - Solutions, Engineering and Services at a tech services company with 201-500 employees
Real User
2020-06-15T07:34:14Z
Jun 15, 2020
The solution is very much viewer centric and it would be nice if it would transcend just the virtual infrastructure. Beyond that, I can't speak to any features that may be lacking. I don't work on the product on a personal level. I only get feedback from my engineering team and through them I have a bit of an understanding of the product.
I would give 7 to 8. There is always room for improvement. For example: Deployment process ,Appliance and Proxy VM, is getting configuration done in VM Console. This configuration can definitely be done on web interface (e.g. vROPS) for sake of simplicity and admin sanity. LDAP / Active Directory integration configuration is not straight forwards as with other products on vRealize portfolio Roles and User permissions configuration differs from other products, and in scenarios where certain group of individual need to have specific permissions across vRealize products configuration is not out of the box. Clustering across Geo locations (Dual Site scenarios or different L2 Domains) or any other mechanism that can provide HA or maintain data availability across sites. Offering few sizes of deployment would benefit customers that don't have big foot print in on-prem or cloud, but still would like to get the product into their infrastructure, for whatever reason. Current size of the virtual appliance is not suitable for small and medium size environments.
I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this. Right now, I am not getting the result I want. So, I want to see the timeline two weeks back from now, including all the flows. I haven't figured out how to do this. If this is not possible now, maybe in the next release, as this would be a very nice function for me.
Supervisor of Systems Engineering at Webroot Software
Vendor
2018-10-04T17:13:00Z
Oct 4, 2018
It's kind of hard (to come up with room for improvement) on an almost-perfect product. Room for improvement: Maybe a little more help in regards to when you're searching for something, give me little "help bubbles" about what those terms will help search for.
Log Insight from VMware is similar to what Network Insight does. If it had some kind of plugins with vSphere, more effective plugins with Horizon View or other VMWare products, if it had interconnectivity, I think it would be more effective than it is today.
In terms of room for improvement, customer education is number one. It has nothing to do with the product itself but it would help if there were an understanding of its limitations, or the fact that it is a framework, that it is extensible and that you're not getting everything out-of-the-box. What you are getting is the framework out-of-the-box. Knowing that, you're going to look to either build your own custom solutions or you're going to go to companies like ours and get a solution that is already supported and maintained, so you can focus on your company's main mission.
I'm not quite sure what features I would like to see in a future release. We haven't explored everything in the product yet. We're able to pull out of it what we need right now.
Virtualization at a university with 10,001+ employees
Real User
2018-09-05T08:39:00Z
Sep 5, 2018
They can always build upon it and add more stuff, but as it stands right now, it's perfectly fine. I would like to see application identification. That would be cool.
The compatibility with each and every component of the infrastructure is the main thing that I am looking for. I would like them to make sure that it's compatible with different kinds of storage systems, etc. I have seen the compatibility list. I feel it can be more compatible than it is right now.
While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices.
I want to see more in terms of microsegmentation. As of now, I can see the rules, but they are not in a readable format that I can convert to microsegmentation and can fit into NSX Manager. I'm looking for that kind of feature. Also, while it is user-friendly for the virtual part, it is not as friendly for the physical part.
Principal Architect at a healthcare company with 5,001-10,000 employees
Real User
2018-09-05T08:39:00Z
Sep 5, 2018
There's enough information there, especially in the visualizations, but I would love to see this in a kiosk mode, where I could have a dashboard for interested stakeholders to see and appreciate what's going on. Then, moving on to a more practical level for our Help Desk, our operations team could benefit by seeing, in real-time, a visual view of the network.
Reporting could be a little bit smoother. I would like it to be more intuitive to create a report that would automatically send stuff out on a periodic basis; for a management-oversight reports and the like. You can probably do that right now, I just haven't figured it out in the interface yet.
When we talk about those micro-segmentation rules, there's an Export function. It is very macro-segmentation oriented instead. So if you choose an application, it will find the tiers within that application and say that it's communicating on, say, port 80 to a separate VLAN. There might be 200 machines in that other VLAN. You don't want to open port 80 at all of them. So we need a lot more granularity in those suggested firewall rules. It's a good start, but it's still going to require a lot more work on our side to actually make it a real rule, instead of what it's trying to do with the macro rule. I would like to see better micro-segmentation rules. That's key for me. That's our primary use case for it at this point. We might add others in the future but, at this point, that's what we need, and we're not quite getting it.
Engineer at a logistics company with 10,001+ employees
Real User
2018-09-03T13:24:00Z
Sep 3, 2018
It's somewhat user-friendly but some of the data that's presented is not always clear. But that's like any tool. You just have to get used to using it.
VMware NSX Engineer at a tech services company with 201-500 employees
Real User
2018-09-03T13:24:00Z
Sep 3, 2018
The only real improvement they can make is to add more third-party vendors into the environment, mostly switch manufacturers, because it's really limited to Cisco equipment and there are a lot of companies out there other than Cisco.
Corporate FED (forensics and eDiscovery) at a insurance company with 10,001+ employees
Real User
2018-09-02T12:37:00Z
Sep 2, 2018
It's intuitive and very user-friendly, but we probably have to train our technical team, or the IT staff who are plugging into it regularly, on how to optimize its use. VMware probably needs to come in and train and we need good documentation. I had a meeting with the technical account manager, and I brought to his attention that the lack of access to documentation on best practices is something that we need to address. That's something that he said he is working on. We have a meeting tomorrow and he is going to bring all of us onto the same page and, hopefully, that issue can be resolved. I came in to make sure that we can harden our security infrastructure, especially when it comes to VMware. And one of the things that I learned recently was that there are so many documents that we don't have access to regarding the use of VMware. My technical account manager promised me that the documentation will be provided to whomever needs access to it.
Enterprise Solutions Architect at a healthcare company with 5,001-10,000 employees
Real User
2018-09-02T12:37:00Z
Sep 2, 2018
One of the things I've asked about is regarding Log Insight, with their syslog collector. There seems to be a lot of overlap between that and vRNI. I've asked if one of those is going away or if they're moving together and I really haven't been able to get a clear answer. I would like to know that.
Network Administrator at Modern Woodmen of America
Real User
2018-09-02T09:37:00Z
Sep 2, 2018
I'd like to see better support for being able to search the hardware NetFlow data. It ingests fairly well, but you can't tell, in a lot of cases, what source the data came from. I'd like to see more support for picking specific sources. That way you could really make a compelling use case. There are also some difficulties where it can't exactly trace the path between source and destination but if you hit the reverse flow on the same search it shows the entire path. It continues to improve, but I'd like to see better support for hardware stuff.
Staff SYS Admin at a manufacturing company with 1,001-5,000 employees
Real User
2018-08-29T08:44:00Z
Aug 29, 2018
After you use it for a little while you become accustomed to it but the layout doesn't feel very intuitive. You have to dig around and find the exact place where you can find the information, where you can actually see your east-west traffic, etc. I would like them to bring that information more to the forefront, instead of having to find it. Once you have learned how to use everything, it becomes easy to use.
Systems Engineer at a insurance company with 501-1,000 employees
Real User
2018-08-29T08:44:00Z
Aug 29, 2018
It needs to be a little easier to use and to understand the information it's putting out. That would make it more helpful. If you're not a network person you need to understand things like network policies and concepts. If you gave it to a regular admin, it would be nice if it were easier for them to pick up what is going on, understand the flows and whether or not stuff should be talking to each other, as opposed to just port groups and IP addresses. Also, if it were more application-aware, more descriptive; if it were able to determine the application that is actually doing the communication, that would be easier. More application information: which user or account it's accessing, is it accessing this application, doing these calls, if it is accessing a script, which script is it accessing. Things like that would provide deeper analytics so I can track what's going on. It would not just be, "These people shouldn't be talking," but who is actually doing these calls. And it would be good if it could correlate the server and not just a SQL call, but which database, which server, that would be helpful. I would like to see more things along those lines.
SDDC Practice Lead at a tech services company with 1,001-5,000 employees
MSP
2018-08-29T07:56:00Z
Aug 29, 2018
I would like to see more interoperability on the firewall and low balancer sides. I like that you can integrate in Palo Alto networks. There is Cisco switching in there as well. We can see the actual path tracing through these products. I would like to add in there any other integrations from a services perspective, such as Big-IP F5 and some other APIs. Palo Alto has a little bit of an advantage, which is fine, but it would be great to see a little bit more integration, especially on the GUI side when we are tracking about some of that pack and flow. It would be great to be able to see other vendors be integrated into the product as well.
VMware vRealize Network Insight delivers intelligent operations for software-defined networking and security. It helps customers build an optimized, highly-available and secure network infrastructure across multi-cloud environments. It accelerates micro-segmentation planning and deployment, enables visibility across virtual and physical networks and provides operational views to manage and scale VMware NSX deployments.
Since Broadcom acquired VMware, it has been experiencing challenges. Many sales processes are not well defined. They can show a little bit more information because vRealize Network Insight is virtual and is looking or searching for a virtual environment. They can show a little bit more details about the relationship.
The IT infrastructure industry is expected to evolve towards a hybrid cloud model in the next five to ten years. In this model, most of the customer's resources reside on-premise within a private cloud setup, such as VMware. Another segment operates within public cloud environments like Azure and AWS, and a portion remains in traditional data centers. There should be seamless interoperability between public and private clouds. AWS and VMware need to work together to make it possible. Whether users interact with on-premise infrastructure or configure resources in the public cloud, the user experience must be seamless.
There is room for improvement when it comes to pricing because we pay here in Brazil, and all the costs are based on the dollar. Our currency is a bit weak at the moment. It becomes a little expensive to buy this kind of product.
It just needs to be more reliable and more accurate. At some point, there are some things where it does not match properly. I guess they have released the newer version of the solution, but I have not tried it yet. I guess it's an old solution I am using. However, It seems fine for the time being. But if you allow me some time to test an issue from the newest version, I guess it could be good for me.
There's always room for improvement with anything, but as it exists today with its offerings, it's pretty rock solid in my opinion. It's such a great tool by itself for what I utilize it for. There could be some deeper analytics into packet inspection and trace flows. It could use some kind of machine learning to look at Layer 7 traffic for potential malware or corrupt packets. There could be the ability to have more plug-ins and do more at the VMware offering so that it has got even tighter integration.
I thought that when we deployed vRealize Network Insight in our environment, we had to wait for four weeks or so for the solution to capture all the traffic in and out from each connected component. Then, we had to extract the data into an Excel format and analyze it. After that, we had to manually enter the data into NSX-T Manager. If there was an integration between vRNI and NSX-T Manager, we could extract all the firewall rules directly from NSX-T Manager. This would reduce the workload in half since we would not have to manually enter the same data into both systems. In my experience, the main purpose of vRNI was to obtain firewall rules for NSX-T Manager. If this was integrated, it would have been much easier, since the documentation work was too much. vRNI captures every traffic in and out, so the file can become huge if we have many components and machines in our environment. Integration would help identify the legitimate ports on vRNI and extract the final rules to push them directly to NSX-T Manager, which would make the task much easier. The only issue we have is that the solution does not always capture the host names. We asked VMware for an explanation and they provided us with some reasons. Ideally, the DNS name should be captured, however, when we extracted the data onto an Excel sheet, we found that around 20 to 30 entries only had IP addresses. Therefore, we had to manually track those IP addresses and then input their hostname and username to identify what the IP address represented. It seems that something may not have captured this part, but there was a reason for it, and that has room for improvement.
The solution can be improved by making it more compatible with other brands, allowing for better integration.
In some integrations with other products like F5, Cisco, and others, we sometimes encounter some bugs, and we sometimes have some integration issues that require us to contact VMware support to try to solve the problems. We'd like the simplification of integrations in the future. Support could be much better. They do not do a good job of finding issues. The security could be enhanced slightly.
The solution is very much viewer centric and it would be nice if it would transcend just the virtual infrastructure. Beyond that, I can't speak to any features that may be lacking. I don't work on the product on a personal level. I only get feedback from my engineering team and through them I have a bit of an understanding of the product.
I would give 7 to 8. There is always room for improvement. For example: Deployment process ,Appliance and Proxy VM, is getting configuration done in VM Console. This configuration can definitely be done on web interface (e.g. vROPS) for sake of simplicity and admin sanity. LDAP / Active Directory integration configuration is not straight forwards as with other products on vRealize portfolio Roles and User permissions configuration differs from other products, and in scenarios where certain group of individual need to have specific permissions across vRealize products configuration is not out of the box. Clustering across Geo locations (Dual Site scenarios or different L2 Domains) or any other mechanism that can provide HA or maintain data availability across sites. Offering few sizes of deployment would benefit customers that don't have big foot print in on-prem or cloud, but still would like to get the product into their infrastructure, for whatever reason. Current size of the virtual appliance is not suitable for small and medium size environments.
I want to be able to monitor a network flow that is approximately two weeks back, but I haven't found an easy way to do this. Right now, I am not getting the result I want. So, I want to see the timeline two weeks back from now, including all the flows. I haven't figured out how to do this. If this is not possible now, maybe in the next release, as this would be a very nice function for me.
vRNI needs more remediation where it hooks into NSX. This was just brought up at the keynote speech.
It's kind of hard (to come up with room for improvement) on an almost-perfect product. Room for improvement: Maybe a little more help in regards to when you're searching for something, give me little "help bubbles" about what those terms will help search for.
Log Insight from VMware is similar to what Network Insight does. If it had some kind of plugins with vSphere, more effective plugins with Horizon View or other VMWare products, if it had interconnectivity, I think it would be more effective than it is today.
In terms of room for improvement, customer education is number one. It has nothing to do with the product itself but it would help if there were an understanding of its limitations, or the fact that it is a framework, that it is extensible and that you're not getting everything out-of-the-box. What you are getting is the framework out-of-the-box. Knowing that, you're going to look to either build your own custom solutions or you're going to go to companies like ours and get a solution that is already supported and maintained, so you can focus on your company's main mission.
I would like to see them expand the capabilities to infrastructure types other than just VMware.
In a very general way, I would like to see an improvement in interoperability with third-party product, from other vendors.
I'm not quite sure what features I would like to see in a future release. We haven't explored everything in the product yet. We're able to pull out of it what we need right now.
It's pretty much user-friendly, but it could always be friendlier. Anything that would make it easier would be helpful.
They can always build upon it and add more stuff, but as it stands right now, it's perfectly fine. I would like to see application identification. That would be cool.
The compatibility with each and every component of the infrastructure is the main thing that I am looking for. I would like them to make sure that it's compatible with different kinds of storage systems, etc. I have seen the compatibility list. I feel it can be more compatible than it is right now.
I would like to see more reporting features, more dashboards.
While it's not exactly a feature, what normally happens when we are trying to look at the VM flow portion is - although Network Insight does have options to integrate a few physical switches into it - we can't really get an end-to-end flow of the network. We might be using a few switches that are not supported by Network Insight. That is where they can improve, in the support for more physical switches and network devices.
It needs improvement in terms of its efficiency.
I want to see more in terms of microsegmentation. As of now, I can see the rules, but they are not in a readable format that I can convert to microsegmentation and can fit into NSX Manager. I'm looking for that kind of feature. Also, while it is user-friendly for the virtual part, it is not as friendly for the physical part.
There's enough information there, especially in the visualizations, but I would love to see this in a kiosk mode, where I could have a dashboard for interested stakeholders to see and appreciate what's going on. Then, moving on to a more practical level for our Help Desk, our operations team could benefit by seeing, in real-time, a visual view of the network.
Reporting could be a little bit smoother. I would like it to be more intuitive to create a report that would automatically send stuff out on a periodic basis; for a management-oversight reports and the like. You can probably do that right now, I just haven't figured it out in the interface yet.
When we talk about those micro-segmentation rules, there's an Export function. It is very macro-segmentation oriented instead. So if you choose an application, it will find the tiers within that application and say that it's communicating on, say, port 80 to a separate VLAN. There might be 200 machines in that other VLAN. You don't want to open port 80 at all of them. So we need a lot more granularity in those suggested firewall rules. It's a good start, but it's still going to require a lot more work on our side to actually make it a real rule, instead of what it's trying to do with the macro rule. I would like to see better micro-segmentation rules. That's key for me. That's our primary use case for it at this point. We might add others in the future but, at this point, that's what we need, and we're not quite getting it.
It's somewhat user-friendly but some of the data that's presented is not always clear. But that's like any tool. You just have to get used to using it.
The only real improvement they can make is to add more third-party vendors into the environment, mostly switch manufacturers, because it's really limited to Cisco equipment and there are a lot of companies out there other than Cisco.
It's intuitive and very user-friendly, but we probably have to train our technical team, or the IT staff who are plugging into it regularly, on how to optimize its use. VMware probably needs to come in and train and we need good documentation. I had a meeting with the technical account manager, and I brought to his attention that the lack of access to documentation on best practices is something that we need to address. That's something that he said he is working on. We have a meeting tomorrow and he is going to bring all of us onto the same page and, hopefully, that issue can be resolved. I came in to make sure that we can harden our security infrastructure, especially when it comes to VMware. And one of the things that I learned recently was that there are so many documents that we don't have access to regarding the use of VMware. My technical account manager promised me that the documentation will be provided to whomever needs access to it.
The product is slightly complex use, while still being user-friendly. It could use more training modules, as it is not a straightforward product.
One of the things I've asked about is regarding Log Insight, with their syslog collector. There seems to be a lot of overlap between that and vRNI. I've asked if one of those is going away or if they're moving together and I really haven't been able to get a clear answer. I would like to know that.
We just started using it so I don't really know a lot of the features yet.
I'd like to see better support for being able to search the hardware NetFlow data. It ingests fairly well, but you can't tell, in a lot of cases, what source the data came from. I'd like to see more support for picking specific sources. That way you could really make a compelling use case. There are also some difficulties where it can't exactly trace the path between source and destination but if you hit the reverse flow on the same search it shows the entire path. It continues to improve, but I'd like to see better support for hardware stuff.
After you use it for a little while you become accustomed to it but the layout doesn't feel very intuitive. You have to dig around and find the exact place where you can find the information, where you can actually see your east-west traffic, etc. I would like them to bring that information more to the forefront, instead of having to find it. Once you have learned how to use everything, it becomes easy to use.
It needs to be a little easier to use and to understand the information it's putting out. That would make it more helpful. If you're not a network person you need to understand things like network policies and concepts. If you gave it to a regular admin, it would be nice if it were easier for them to pick up what is going on, understand the flows and whether or not stuff should be talking to each other, as opposed to just port groups and IP addresses. Also, if it were more application-aware, more descriptive; if it were able to determine the application that is actually doing the communication, that would be easier. More application information: which user or account it's accessing, is it accessing this application, doing these calls, if it is accessing a script, which script is it accessing. Things like that would provide deeper analytics so I can track what's going on. It would not just be, "These people shouldn't be talking," but who is actually doing these calls. And it would be good if it could correlate the server and not just a SQL call, but which database, which server, that would be helpful. I would like to see more things along those lines.
I would like to see more interoperability on the firewall and low balancer sides. I like that you can integrate in Palo Alto networks. There is Cisco switching in there as well. We can see the actual path tracing through these products. I would like to add in there any other integrations from a services perspective, such as Big-IP F5 and some other APIs. Palo Alto has a little bit of an advantage, which is fine, but it would be great to see a little bit more integration, especially on the GUI side when we are tracking about some of that pack and flow. It would be great to be able to see other vendors be integrated into the product as well.