When you login the first time into VRNI you add a source to start collecting. I do recommend creating service accounts in vCenter and NSX-T if adding those sources.
Accounts
vrni-vc-svc – AD service account service (ensure vCenter in joined to the domain)
vrni-vc-svc-role – vcenter role
vrni-nsxt – AD service account (ensure nsx-t is joined to the domain)
vrni-nsxt – enterprise admin in nsxt
Click VMware vCenter
Select your collector.
Type in the FQDN of your vCenter
Some official VMware articles
Adding VMware vCenter Server to vrni including permissions
[vRNI] Users privileges required to add vSphere component as a data source (2150385)
https://kb.vmware.com/s/article/2150385
Active directory service account for vcenter for vrni
I created an account called vrni-vc-svc set it not expire.
Ensure your vcenter is joined to the domain
I cloned the read only role in vCenter
Called the role vrni-vc-svc-role
Edit the role
Added the following permissions so it can collect IPFIX information, and enable IPFIX on your dvs
Global – settings
Distributed switch: Modify and Port configuration operation.
dvPort group: Modify and Policy operation.
In the global permissions in vCenter, add the service account to the role and propagate to children
Back to your data sources, add your service account details and click validate
IMPORTANT – enabling IPFIX on all vSphere hosts. Enabling IPFIX may have a performance overhead.
Some consideration below
Click Enable Netflow (IPFIX) on this vCenter (otherwise you wont get a complete picture of your flows)
Type a nickname and click submit.
Add another source.
Select NSX-T Manager
Add VMware NSX Manager source in vrni official VMware article
Create another service account in AD for vrni nsxt
Ensure your NSX-T Manager is joined to the domain
Open NSX-T Manager UI and go to User Role Assignment in User Management
Click Add and select role assignment for LDAP in User Role Assignment
Select active directory, select the service account and add role as a enterprise admin and click save
(I add it as enterprise admin to enable latency metric collection)
back on the platform UI, select your collector, enter the fqdn of your nsx-t vip, authentication as username/password, enter service account information, click validate
DFW must be enabled to use Enable DFW IPFIX. There should not be any other Firewall IPFIX Profile.
The enable latency metric collection collects the following latency metrics from NSX-T Manager,
• vNIC to pNIC, pNIC to vNIC, vNIC to vNIC (for each VM)
• VTEP to VTEP ,
Also please ensure that firewall rule is set to allow TCP traffic from all hosts to Operations for Networks collector port 1991
Enable flow collection from NSX intelligence is only supported with NSX-T 3.1 and above.
Also, ensure that NSX Intelligence appliance is deployed and in a healthy state.
I just enabled latency metric collection.
Type in a nickname and click submit.
Click I acknowledge and click continue
