Virtual Switches for Use with NNM
The Tenable NNM monitors network traffic at the packet layer to determine topology and identify services, security vulnerabilities, suspicious network relationships, and compliance violations.
NNM provides visibility into both server and client-side vulnerabilities, discovers the use of common protocols and services (e.g., HTTP, SQL, file sharing), and performs full asset discovery for both IPv4 and IPv6, and even on hybrid networks.
Virtualization of server rooms provides an added challenge to monitoring the network. Communication between VMs within the virtual switch is not monitored by the standard monitoring tools on the physical network since traffic between VMs does not route to the physical switch. NNM provides the ability to passively scan virtual network traffic between VMs that are in the same virtual switch as a deployed NNM VM.
This section provides an overview of the standard methods to configure the virtual switches in various systems to provide NNM with a SPAN or mirror port to gather data from inside the virtual network between VMs. While some platforms provide the ability to send monitored traffic to a remote host, the guidance provided in this document describes an environment where NNM is configured on a VM within the virtual switch cluster. The exact desired options may vary based on local monitoring requirements. The platform use to generate the technical steps in this document was configured with the most recent versions of the software. If you are using older or newer software revisions, some of these steps may vary.