VMware NSX

Hello Folks. 

If anyone has already made use of vRNI to create waves of migration (communication affinity, who talks to whom), 

If yes, what were the challenges and problems faced?

I know that vRNI received flows from vDS with source, port source, destination and port destination to create DFW rules but he can help with wave migrations to establish affinity group communication?

We're in the process of doing this right now now.

Some of our experiences below:
- Try to add other sources outside of your VMware environment (switches, loadbalancers, ...), this will help in identifying flows that aren't necessarily virtual. 
- vRNI has a LOT of information, and it can be quite a challenge to sift through it
- Flows are only ever stored for 30 days, something to keep in mind if you have flows that might only occur every so often
- Define your applications and tiers in vRNI (under Applications -> All Applications -> Add). This will help tremendously in analyzing flows

I don't believe it's a good idea to use vRNI to define the contents of your waves. Identify (some of) your applications, and sort those into waves. Secure based on an application, not a VM.

Hello. 

Thanks for your answer. 

When you use the vRNI to define the applications you are using what of these available options?

• Tags (VMware vCenter Server or AWS tags)
• VM Names
• ServiceNow
• Flows
• Advanced properties such as a combination of VM names, VM tags, NSX-V security tags, and security groups.

We've been doing it manually actually, but our environment is smell enough. As part of our migration we do also tag new VM's with a predefined set of categories to identify them. We use these as the member criteria for our NSX Security groups as well. 

Assuming you've already consistently tagged VM's, using those is probably not a bad idea