Endpoint Monitor provides insight and visibility into applications running within an operating system to ensure that security policies are being enforced correctly. For example, Activity Monitor can help if you have a misconfigured web server that is receiving traffic on HTTP instead of HTTPS as you intended. You can now run reports to monitor in-bound and out-bound traffic to the machines managed by the vCenter.
Endpoint Monitoring require guest introspection to be installed. On virtual machines, you will need to the install guest introspection driver, which is part of the VMware tools installation. A full installation typically installs the driver onto the operating system. The purpose of the guest introspection driver (VMCI driver) is to detect all the applications running on the operating system and to send this information to the guest introspection appliance:
- Click on Start Collecting Data.
- Click on Select Security Group and flip the Switch data collection ON or OFF option to ON.
- Click OK when done:
Data collection is now enabled and will take some time for NSX to gather all virtual machine activity:
Once the data collection is complete, the summary screen displays the details of NSX Manager, the security group, and the time slot of the collected data. The first box shows the total number of running virtual machines and the total number of processes that are generating traffic. When you click on the virtual machine, the action is redirected to the VM Flows tab. Clicking the number of processes generating traffic takes you to the Process Flows tab.
Once data is gathered, remember to select Stop Collecting Data by clicking on the right side link. This will release the resources back to NSX Manager and avoid unnecessary data collection:
