vRNI 5.1 – Deployment

vRealize Network Insight is a tool you can install and use to monitor flows in your network. Primarily this used to be for NSX but depending on edition you can also add your physical network devices to the configuration. The product itself integrates with Log Insight via web hooks and also to vRealize Operations Manager. The deployment needs a platform controller and at least one remote collector (Called Proxy). These two devices must be in different subnets.

In my case I want to deploy one Platform and two Proxies, one per site for my lab. You download the bits from my.vmware.com.


In many cases you need to download one ova to deploy your VMware solution. In this case though you need both the Platform OVA and the Proxy OVA.

As always, it makes sense to register DNS names and IPs up front so that this is completed.

A few words on the OVA

I will not cover the OVA in great detail as this is something you should be familiar with. Just something about sizing:

It does not come in small, extra small or similar. It does come in:

  • Medium: 8 vCPUs and 32 GB RAM
  • Large:  12 vCPUs and 48 GB RAM
  • XL: 16 vCPUs and 64 GB RAM

Storage is 10.5 GB thin or 1 TB thick provisioned.

And that is only the platform 🙂

The Proxy is sized as follows.

  • Medium: 4 vCPUs and 12 GB RAM
  • Large:  8 vCPUs and 16 GB RAM
  • XL: 8 vCPUs and 24 GB RAM

Storage is 5.8 GB thin or 214 GB thick provisioned.

One other thing that makes this experience a bit special from other OVA deployments is, you do not need to fill in any details while deploying the appliance. You will have to configure the appliance after the deployment.


Once the Platform is configured and powered on, you must configure it. This happens from the vSphere console.

The Platform appliance must be configured before you can configure the proxies. This is because you need a shared secret for the proxy:


Once that is added, the rest of the configuration takes place from the console like before.

Post deployment customisation of Platform vm

Once the appliance is deployed you can start the configuration from inside the vSphere console.


Once logged in with the credentials from the screen run the setup command.

For this to run successfully you should have the following things ready:

  1. Passwords for the users “support” and “consoleuser”
  2. Network settings: IP, Subnet, Gateway, DNS and Domain Search path
  3. NTP Server
  4. Web proxy settings, if applicable.

After you enter these things you are asked if the settings are ok and the network and dns services are restarted. At this point you should be able to ping the server.

After they restart you are requested for the IP of the NTP server and then configuration details for a web proxy, if this is available.

Following that information the setup continues and this may take a little while. At the end you should get the information that the Appliance has been successfully configured. You can now close the VMware console.


Now you need to log into the web site of the appliance, but as an absolute first you must enter your license key. You cannot continue without this. Once this is entered you are prompted to enter the admin password.


Once the admin password is set and you have activated it you must generate a secret by pressing the “Generat” button. This is the key I mentioned above in the OVA session that you need to proceed with that part of the deployment.


For now we continue with the Proxy deployment.


Deploying the Proxy appliance

Once you get to step 9 of the proxy deployment you must add the secret that you generated from the web interface of the platform server, you can see the entries have valid content so onwards we go. Notice that you again have to configure the appliance from the console (Action Required).


Following this step, power on the appliance and let it boot. Then the steps looks similar as above when configuring the platform.

This time you need 5 steps to complete the setup.

  1. Password for usernames support and consoleuser and password
  2. Network settings: IP, Subnet, Gateway, DNS and Domain Search path
  3. NTP Server
  4. Web proxy settings, if applicable.

Again after step 2 the server applies network and dns settings and you should be able to ping the server.

After you supply the info for points 3 and 4, the 5th step is the shared secret part. This may take some time (the console says 15 minutes but it went a lot quicker for me.


So you can close the console again. Keep the passwords handy.

In the Platform webserver, press finish to complete the configuration.


You are presented with the logon screen to vRealize Network Insight. Notice the username is admin@local.


Once logged in you are asked to join the CEIP and then you are taken to a welcome screen. You can click through this and then register for self service if you want or you can skip this (you can find it later inside the web page from the lower right corner).



vCenter Connection

As a final step for this post, let’s connect to the 1st vCenter. Click on the button for VMware vCenter.

Supply the requested information. If like me you only created one proxy to start with select this proxy. Then enter the vCenter FQDN and the service account you will use to connect to the vCenter. This user needs a little bit more than just read-only as a minimum. It must have a role that has the rights to Global > Settings also.

You can enable the Netflow also at the same time, I chose not to for now as I will do it later. It is recommended to enable it because it allows you to collect flow data.

Finally provide a nickname for the connection also and press submit.



Adding a second proxy

In case you have more than one site, you might want to deploy at least one proxy on the remote site. To do this, you do much like with the first Proxy above but you need a new Shared Secret. To get this you need to go to the web interface of the Platform and then to settings in the top right.


Then under Infrastructure and Support select Overview and Updates. On this screen (as the one above here) you see the deployment you have so far. If you click on Add Collector VM you will be provided with the key you need for the proxy deployment. After doing this the appliance will be deployed. Keep in mind still that you need the following information that you need for the console configuration after the deployment of the appliance.

  1. Password for usernames support and consoleuser and password
  2. Network settings: IP, Subnet, Gateway, DNS and Domain Search path
  3. NTP Server
  4. Web proxy settings, if applicable.

Once all added you can refresh the screen above and you will see that you now have two collector VMs


That should be about it for now.