mgt2008bu break your logjam by leveraging the power … · break your logjam by leveraging the...

Henry GuoVMware Cloud Management Product Marketing

Ryan CartwrightVMware Staff Systems Engineer

MGT2008BU

#VMworld #MGT2008BU

Break Your Logjam by Leveraging the Power of vRealize Log Insight

VMworld 2017 Content: Not fo

r publication or distri

bution

• This presentation may contain product features that are currently under development.

• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.

• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.

• Technical feasibility and market demand will affect final delivery.

• Pricing and packaging for any new technologies or features discussed or presented have not been determined.

Disclaimer

#MGT2008BU CONFIDENTIAL 2



bution

NEW Certification Badge:VMware vRealize Operations 2017 Specialist

Prove your IT operations expertise and demonstrate your ability to plan,

manage, and scale SDDC and multi-clouds.

VMware Digital Badges allow you to:

• Link your credentials and skills to a secure site

• Easily share your accomplishments in social media, blogs, and resume

• Provide employers with easy, valid verification of VMware credentials

Learn more at VMworld 2017

• Meet the experts at the Education & Certification Lounge: VM Village

• Visit the Certification Exam Center: Jasmine EFG, Level 3

Complete your online certification exam

• VMware Digital Badges: vmware.com/go/vROPS2017badge

Prove your expertiseon SDDC and

multi-cloud environments

VMware Digital Badge

Show your exam completion receipt and getunique gifts that only vROps specialists can have!



bution

http://www.vmware.com/go/vROPS2017badge

Agenda

1 vRealize Log Insight Overview

2 Technical Overview

3 Q&A




bution

vRealize Log Insight High-Level Takeaways

Free Log Insight for NSX

Free with vCenter

Highly Extensible

Integrated

Cost Effective

Faster than Splunk

• Free 25 OSI License Included with vCenter• Opens doors – Re-engage vSphere customers• Base install for easy upgrade to Full LI

• Free vRealize Log Insight for NSX for all NSX 6.2.3 users and beyond• Use NSX sales momentum to increase Log Insight adoption • Top Use Cases: Distributed Firewall Debugging, and Viewing Top Talkers

• Content Packs available for vSphere, NSX, vRA, vSAN, etc.• 50+ additional 3rd party Content Packs – Compliments existing

investments

• Integrated with vRealize Operations Manager• Bi-directional, in context launch• Built in vSphere knowledge

• Simple. Flat pricing model• Unlimited data collection and analysis• No overage penalties as your needs grow

• Tested with terabytes of data• Superior performance – purpose-built for analytics




bution

VMware vCloud® Air™ Network

VMware Cloud on AWS

virtustream

vRealize: Cloud Freedom and Control for the Hybrid Cloud

V M WA R E C R O S S - C L O U D A R C H I T E C T U R E ™

Private Cloud Hybrid Cloud Public Cloud

VMware Cross-Cloud Services™

Software-Defined Data Center

VMware vRealize®VMware vRealize®

VMware Cloud Foundation™VMware Cloud Foundation™




bution

Capacity

Management

Network

Management

Storage

Management

Costing and

Planning

Topology

Analysis

Performance

& Availability

Workload

Balancing

NetworkCompute Storage

SDDC

Log Data

Analysis

VMware Approach for a Consistent Operational Model Across SDDC and Public Cloud




bution

Intelligent Operations: Solution Overview

1 NOT a vRealize/vCloud Suite component

vRealize/vCloud Suite

vRealize Operations

Compute StorageNetwork & Security

vRealize

Network

Insight 1

vRealize Log Insight

Application

vRealize Business for Cloud

SDDC and Multi-cloud

Extensibility

Management Packs(vRealize Operations

Content Packs(Log Insight)




bution

Log Insight Overview



bution

Introduction: Environment Landscape

200 ESXi Host + VMs = 200GB or 2B log events per day

Hybrid Cloud

(Private / Public)Physical Infrastructure

SOFTWARE-DEFINED DATA

CENTER

Compute Network Storage

End-User Computing

Extensibilit

y

Applications

Cloud Management Platform (CMP)

Virtualized Infrastructure

VMware Logs

OS and

App Logs

Physical Infrastructure Logs

Automation OperationsBusiness for Cloud Network Insight




bution

Log Insight Scale-Out Architecture




bution

Better Together: vRealize Operations and vRealize Log Insight

Leverage all your IT data for comprehensive visibility in one place

Structured Data

Metrics Alerts Events

VMware vRealize Operations

Capacity, Performance and

Configuration ManagementEvents

Launch in Context

Unstructured Data

Logs Messages

VMware vRealize

Log Insight

Log analytics, aggregation,

and search

Public

Cloud




bution

Integrated with vRealize Log Insight 4.5 | Highlights

Full 360-Degree Log Integration with vRealize Operations

• Full Integration in-context within vRealizeOperations

– Direct launch into Log insight Dashboard

– Direct launch into Log Insight Interactive Analytics mode

– Object auto-initiated log management

– vROps Alerts auto-initiated log management




bution

vRealize Log Insight Overview

The best real-time big data log

management for SDDC

Operatingsystem

vSphere

Systemstatistics

Applications

Security

Other IT

All Kinds of Logs

Log Insight 2.0

Analyze

Discover

Search

Visualize

IT Operations

Security

Compliance

40B events 10 event types

…by machine learning

Intelligent Operations

•Enterprise Scale

•Predictive Analytics/Machine Learning for faster problem resolution

Built for the Software Defined Data Center

•Base version now included with vCenter

• Insight into VMware products incl. NSX, vRealizeAutomation, Horizon View

•Attractive pricing model for customers of all sizes –not based on log volume

Unified Management

• Integration with vRealize Operations Management Suite Inventory integration, 2-way alert visualization

Extensible

• Over 50 Third Party Content Packs Available

OverviewApp

App




bution

Intelligent Operations

Predictive Analytics

• Machine Learning based Automatic

Data Consolidation• Intelligent data summarization

• Cluster similar messages together

• Automatic Schema extraction• Automatically understand message

structure

• Intelligent automatic field extraction

Technical Overview




bution

Log Insight Extensibility with Content Packs

Content Packs

• Operating System

• Application

• Network

• Storage

• SDDC

• Security

Highly Extensible

• Captures log data from physical servers, network and storage devices, OSs, applications, VMs, and hosts, and more

Log Insight Content Packs

• Encapsulate, pre-built dashboards and product-specific alerts from vRealize Log Insight

• Provide vendor specific guidance and insight into which logs really matter

Log Insight Marketplace

• Built into the UI or available at www.solutionexchange.vmware.com

Overview




bution

http://www.solutionexchange.vmware.com/

Logs as Last Mile to Root Cause Analysis

SCSI Errors

NFS Errors

vMotion Failures

Host Disconnects

Dropped Packets

Failed Tasks

Slow Host Syncs

Slow DB Queries




bution

It’s like ‘Rosetta Stone’ for Logs

Log Insight proactively learns:

from:

Then you can query it like a database!




bution

Log Insight Content Packs!

• Microsoft SCOM

• Nimble Storage

• Solarwinds – NPM

• Citrix NetScaler

• HP Compute

• vRealize Orchestrator

• MondoDB

• VCE Vblock

• NetApp Data ONTAP

• Sybase ASE

19




bution

Primary Use Cases

Troubleshooting and Root Cause Analysis

• Follow the trail from vRealize Operations to logs to get to root cause to an observed

problem

• Identify the needle in the haystack in real time when troubleshooting a problem

Monitoring and Managing Machine Data at Scale

Providing Structure to Unstructured Data

• Collect all the data in one place without the need for custom parsing, transformation

of data

• Get full visibility across all your IT environment from a single place

• Monitor metrics and events (performance & change) that are visible only in logs

• Identify problems proactively, ensure SLAs and comply to IT policies




bution

Technical Overview



bution

Log Insight Technical Overview

Analyze

• Can analyze any unstructured time-series data, configuration etc.

• Automatically identifies structures in the data and group logs using machine learning

Scale

• Central, scale-out store (no-SQL) for all collected logs

• Configurable retention and archiving

• Maintenance free

Best for SDDC

• Queries, alerts, fields, charts in the vSphere Content Pack

Cloud / Data Center

Log

Management

OS

Logs

VC

Logs

App

Logs

System

Stats

Security

Logs

API Syslog




bution

Visualize Log Data Using Dashboards

Run all queries in the list

Dashboard Filters

Launch into Interactive

Analytics

Types of Dashboards:

Personal

Shared by Admins

Content Pack

Choose Dashboards




bution

vSphere Content Pack

• Ships out of the box

• Knowledge about ESXi and vSphere logs as well as vCenter Alarms, Events & Tasks

• It consists of: Queries, alerts, dashboards, group templates, and field extractions

• Divided into functional categories

– Including ESXi, Storage, vMotion, and vCenter Alarms

• vSphere and Content Pack dashboards cannot be modified – users can clone them into their workspace




bution

Fields with breakdown

charts

Query time range

Overview Chart:

By default: count of

events over time

Time bar length

Multiple

Aggregation

functions/analytics

Search Box and Query Builder

Events List

Interactive Analytics




bution

vRealize Log Insight – Usability & Visualization

Intelligent Visualizations & Extensibility

• Multiple-Function charts

• Chart Options

• Snapshots Visualization

• Share a Query

• Event Type Colorizing, Highlighting

Technical Overview

Smarter Visualizations

Snapshots

Visualization

Multi-Function

Charts




bution

vRealize Log Insight – Administration & Scale

Highly Available, Simplified, and Scalable

• 12 Cluster Nodes, 48TB of live log data, 2.7 TB per day

• Ingestion and Query HA

• Integrated Load Balancer with Multiple VIPs

• Enhanced vSphere and vR Ops Integration

• APIs

• Authentication and Simple Query

• Agent & Agent Management

• Client-side event parsing and Tag support

• Agent Groups for Centralized configuration

• Agent SSL Support

• Webhooks

• Agent and Cluster upgrade, with LI Node rollback

Technical Overview

Simplified and Powerful Administration

Agent

Configuration

Groups




bution

vR LI 4.0 Admin Alert Management




bution

What’s New in Log Insight 4.5

• Full 360-Degree Log Integration with vRealize Options

– Full Integration of Log Insight in-context within vRealize Operations (vROps)

• Direct launch into Log insight Dashboard

• Direct launch into Log Insight Interactive Analytics mode

• Object auto-initiated log management

• vROps Alerts auto-initiated log management

• New Server Capabilities

– Updated Log Insight RESTful API’s

– Comprehensive Single Sign-On Support

• Improved Agent Capabilities

– Agent multi-destination




bution

vSphere Integration

Add tags for vCenter

and ESXi events.

RBAC use case

Automatically add

unconfigured Hosts

Choose ILB VIP




bution

Send Alerts to Chat Rooms/Ticketing, Keep Teams Updated on

Performance Issues

Expanded Collaboration

Keep your global teams updated on any size environment by sending key performance alerts,events

• Chat Rooms: HipChat, Slack(multiple team/channels)

• Ticketing: ServiceNow

• Notification Tools: PagerDuty

• Automation Tools to take action: vR Orchestrator

• Others: Bugzilla, Jenkins, OpsGenie, PushBullet,etc

’Detailed Blog here

Critical Alert triggers REST Notification /

webhook

Slack

ServiceNow

PagerDuty

vRO

Open-sourced Shims convert into target destination format

OOTB Shims available




bution

http://sflanders.net/2016/11/30/log-insight-webhook-shim-updated/

vRealize Log Insight Hands on Labs: HOL-1801-03-CMP

CONFIDENTIAL 32



bution

Questions?

33



bution

Next Steps and Key Resources

Upgrade to vRealize Operations 6.6 Share Your Feedback Get Certified

Upgrade to vROps 6.6

Visit our new upgrade center:

vmware.com/go/vrops/upgrade

Receive a $10 amazon gift

card by completing a short

survey about vRealize

Operations

surveymonkey.com/r/vrops66

OFFER valid during VMworld

2017Complete your online

certification exam

VMware Digital Badges:

vmware.com/go/vROPS201

7badge

VMware Digital Badge



bution

mailto:[email protected]

https://www.vmware.com/products/vrealize-operations/upgrade-center.html

http://www.vmware.com/go/vROPS2017badge

https://www.surveymonkey.com/r/vrops66

mailto:[email protected]

Start Cloud Management Platform Engagement with AssessmentsGet your FREE reports

35

▪ Optimize SDDC and Hybrid Cloud

▪ Time to value in days

vSphere Optimization Assessment (VOA) Hybrid Cloud Assessment (HCA)

▪ Compare private and public cloud costs

▪ Time to value in < 1 hour

vmware.com/assessment/voa vmware.com/hybrid-cloud-assessment.html



bution

https://www.vmware.com/assessment/voa

https://www.vmware.com/hybrid-cloud-assessment.html

Top Intelligent Operations Sessions at VMworld 2017Monday, Aug 28 _________________________________________________________________________

• MGT2008BU: Break Your Logjam by Leveraging the Power of vRealize Log Insight 1:00 p.m. - 2:00 p.m.

• MGT2185BU: 360-Degree Troubleshooting and Remediation 2:30 p.m. - 3:30 p.m.

• MGT1758BU: Effectively Operating an Automated Cloud 4:00 p.m. - 5:00 p.m.

• MGT2855BU: Operationalize Your World 5:30 p.m. - 6:30 p.m.

• MGT1999BU: It's the Apps: Fully Loaded Application Monitoring with vRealize Operations 5:30 p.m. - 6:30 p.m.

Tuesday, Aug 29 _________________________________________________________________________

• MGT1733BU: Scaling and Extending vROps for the Enterprise 11:30 a.m. - 12:30 p.m.

• MGT2426BU: Alliant Credit Union Cashes in on True Database Visibility 1:00 p.m. - 2:00 p.m.

Wednesday, Aug 30_______________________________________________________________________

• MGT1568BU: Case Study: Altisource and VMware—v (We) Realize Business for Cloud Together! 8:30 a.m. - 9:30 a.m.

• MGT2508BU: Achieve Troubleshooting Mastery with vRealize Suite 10:00 a.m. - 11:00 a.m.

• MGT1218PU: Real World IT Gurus Share Their Perspective on Operations Management for the Multicloud Era 11:30 a.m. - 12:30 p.m.

• MGT1217BU: Intelligent Operations Management from Infra to Applications and Across the Software-Defined Data Center 2:30 p.m.- 3:30 p.m.

Thursday, Aug 31 _________________________________________________________________________

• TAM4551U: Interactive Workshop - Operationalize Your World 10-12:30pm

• MGT2338BU: The Happy Nomadic VM: A vRealize Story 1:30 p.m. - 2:30 p.m.

Must go

Must go

Must go



bution

Learn More

Try the Hands-on Lab. Nothing to download!

37

Visit the website for resources, 60-day free trial,

evaluation guide, and purchasing information.

@VMLogInsight

Website:

Hands-on Lab (1601):

Log Insight Community:

www.vmware.com/products/vrealize-log-insight

http://www.vmware.com/partners/partners.html?apex/PRMPartnerUnivTab?st

URLmLa=https://mylearn.vmware.com/mgrReg/plan.cfm?plan=50233&ui=sso

loginsight.vmware.com/



bution

http://www.twitter.com/VMLogInsight

http://www.vmware.com/products/vrealize-log-insight

http://www.vmware.com/partners/partners.html?apex/PRMPartnerUnivTab?stURLmLa=https://mylearn.vmware.com/mgrReg/plan.cfm?plan=50233&ui=sso

http://loginsight.vmware.com/



bution

mgt2008bu break your logjam by leveraging the power … · break your logjam by leveraging the...

Documents