Relevant for: AFA Administrators
This topic describes ASMS's support for VMware NSX-T data centers.
The following diagram shows an ASMS Central Manager or Remote Agent connecting to a VMware NSX-T Data Center environment.
ASMS requires the following to collect data from VMware NSX-T data centers.
ASMS requires minimal, read-only access permissions to access VMware NSX-T data centers and perform data collection.
The user accessing the VMware NSX-T Data Center for analysis and monitoring must have one of the following NSX-T roles:
- EA - Enterprise Administrator
- A - Auditor
- Custom role/permissions (use R flag for all features/components)
Note: If you are using the NSX Manager, we recommend using the built-in NSX Manager user to connect from ASMS.
This procedure describes how to add a VMware NSX-T Data Center to AFA.
Do the following:
From the Administration area, access the Devices Setup page. For details, see Access the DEVICES SETUP page
Click New > Devices > VMware > NSX-T. In the vendor device selection page, click VMware > NSX-T.
Note: Click on the expandable fields marked with > to reveal their content.Access Information
Enter the host name or IP address of the NSX Manager. This is the name that will be displayed in the devices tree.
Enter the user name to use for REST access to the device.
Enter the password to use for REST access to the device.Geographic Distribution
Select the remote agent that should perform data collection for the device.
To specify that the device is managed locally, select Central Manager.
This field is relevant when a Geographic Distribution architecture is configured.
For more details, see Configure a distributed architecture.Route Collection
Specify how AFA should acquire the device's routing information:
- Automatic. AFA will automatically generate the device's routing information upon analysis or monitoring.
- Static Routing Table (URT). AFA will take the device's routing information from a static file you provide. For details, see Specify routing data manually.
Real-time change monitoring
For details, see Configure real-time monitoring.
Set user permissions
Select this option to set user permissions for this device.
Note: Learning mode is not available out-of-the-box and is only partially supported for ASMS version A32.00. It can, however, be made available to customers who wish to use it similarly to an early availability feature. Please consult with Professional Services.
When made available, you can select the Learning mode option to specify that AFA traffic simulation should treat traffic that is not specified in a rule as blocked. By default, DBWs allow all traffic that is not explicitly blocked. Learning mode enables you to better understand the specific traffic that needs to be allowed on the device.
- Click Finish. The new device is added to the device tree.
If you selected Set user permissions, the Edit users dialog box appears.
In the list of users displayed, select one or more users to provide access to reports for this account.
To select multiple users, press the CTRL button while selecting.
Click OK to close the dialog.
A success message appears to confirm that the device is added.
Upgrading to NSX-T Data Center from NSX-V
IMPORTANT: Do not delete the NSX-V device. Deletion of the device is irreversible and includes all associated reports and data.
Before Upgrading from NSX-V to NSX-T, do the following on the NSX-V:
- Rename the device.
- Turn off the monitor.
- Erase the password
Note: All the existing reports and history will be kept on this device as long as the device is not deleted. After being renamed, you will not be able to run analysis on the device.
Migration from NSX-V to NSX-T in the VMware environment.
Follow these steps to migrate from NSX-V to NSX-T:
- Add the NSX-T to ASMS with a new credential.
- Copy the trusted traffic from the former NSX-V device to the new NSX-T Data Center. AlgoSec Professional Services can assist.
(optional but recommend) Back up all NSX-V reports before deleting the NSX-V device. AlgoSec Professional Services can assist.
Important: Backup the NSX-V reports before deleting device to avoid irreversible loss of the NSX-V data.
- Delete the NSX-V device.