HammadAlam
commented
6 years ago Closing #57 and moving comments here
Based on initial conversation, @tonysangha - seems like I forgot to create an issue for it:
If we look at the factors that need to be analyzed for NSX Microseg Deployments, especially scaled, they take some time to collect and you need deeper understanding of NSX to do that too. A lot of times either this is not available or people aren’t thinking about them. If we can automate it, this can be real handy for NSX Customers. Some of the things that come to mind are
- Number of Clusters prepared with NSX
- Number of Hosts prepared for nSX
- number of VMs on NSX Prepd clusters
- number of vNics with dvfilter
- number of Universal rules
- number of Global rules
- number of Security Policies
- number of Redirect rules
- number of SGs
- number of objects in each SG
- number of STs
- number of VMs tagged with each ST
- number of Tags per vm
- number of Rules per vnic
- number of Rules per host
- heap utilization per host
- Number of Logical Switches
This would ideally go under Security Documentation for now. Later when we add more things to it, then it can be moved under Environment Documentation too.
If we look at the factors that need to be analyzed for NSX Microseg Deployments, especially scaled, they are all over the place and a real trip to find them thru traditional tools. When reviewing designs, these number aren't available and/hence people aren’t thinking about them either.
Some of the things that come to mind are
I am not sure if this should go in the DFW2Excel or a separate menu item that gets called on demand. It can probably go under the Security Documentation sub-menu as Security Deployment Overview. Some of the APIs here may take a while to return in large environment. Keeping it separate will ensure regular DFW2Excel runs are not impacted.
We should review these and identify which can be done quickly and target them in this ticket. We can open new tickets and punt the rest to them.
Thoughts?