{{ $t('productDocDetail.updateTime') }}: 2026-01-08

Advanced Network insight (aNI) realizes automatic collection and sorting of virtual machine access relationships, automatic addition and display of new assets, and timely synchronization of asset status. From a business perspective, it provides an intuitive and clear access relationship topology diagram and access details between virtual machines. It is convenient for optimizing policy configuration, discovering business access risks, and reducing risk port exposure. SCP supports the deployment of network visualization by importing virtual machines. This chapter mainly introduces the installation and deployment of aNI, including installing the aNI virtual machines.

4.3.2.1Installation and Deployment

• The flow chart of aNI installation and deployment is shown in the following figure.

• The network topology planning for aNI is shown in the following figure. The aNI platform needs to communicate with the management network of HCI and SCP (recommended to be on the same network segment as the management network). It is mainly for the aNI platform to call the API interface of HCI and SCP to collect virtual machine data.
  

• The overloaded virtual machine will randomly lose packets and access data if the number of access relationship records for a single host exceeds the specified limit. Specifications are as follows.

Type	Cores	Memory	Storage	Total of applicable VM
Small	8	16GB	500GB	100
Medium	32	64GB	1T	1000
Large	64	128GB	1.5T	3000

Precautions:

1. It only supports the deployment of aNI on SCP6.8.0 currently.

2. Currently, the collection of traffic between virtual routers/virtual switches and NFV traffic is not supported.
3. Currently, IPv6 traffic information collection is not supported.
4. When HCI changes the virtual machine's IP address, the traffic visualization service update will be delayed, and the latest update time of a stream is 5 minutes.
5. The aNI authorization is integrated into aNET, and there is no need to activate the license separately.
6. The aNI password must change every three months.
7. When the aNI virtual machine is deployed, the console language does not change with the SCP platform language.
8. When the aNI has been deployed on the SCP platform, the aNI cannot be deployed on other platforms.
9. When directly modifying the aNI virtual machine configuration, the configuration needs to restart to take effect.
10. After the aNI virtual machine expands the disk capacity, the aNI virtual machine needs to restart for the expansion to take effect.
11. When the virtual machine is deleted on HCI, the data information of the virtual machine may still exist on the aNI.
12. The interface does not currently support expanding groups of more than 100 virtual machines.
13. Only the traffic passing through the DWF is collected (the DWF of the 670 is enabled by default), and the traffic that does not pass through the DWF cannot be collected and reported. (The traffic between virtual routers, virtual switches, and NFV are not collected).

Prerequisite

None.

Steps:

Step 1.Log in to the SCP platform as admin, select User and Access Management > Users > Platform Administrators, and click the New button to create a platform administrator.

Step 2.Configure the following information to complete the creation of the platform administrator.

Name: ani_admin

Role: aNI administrator

Login username: ani_admin

Email: custom

Mobile: Custom

Password: custom

Step 3.Enter the System > Services interface, select Advanced Services, and click Enable Public Module, Start Network Insight services.

 

Step 4.Go to the Compute > Virtual Machines page, click New, select Import Virtual Machine, or enter the Network Insight interface and click the Deploy Now button.

Step 5.Import the vma file, and select the resource pool, Virtual machine group, running location, storage performance, and network card.

Step 6.After the import is successful, enter the Edit virtual machine interface to configure the network card. Check Enable, connect to the physical edge, click the Specify IP button, select IPV4, and configure the IP address of the aNI virtual machine as the aNI management network (it is necessary to plan to be able to communicate with the SCP management network segment, It is recommended to be on the same network segment as the SCP management network).

Step 7.Log in to the HCI cluster where the aNI is located, enable the correlated service port, and enable the Correlated security service. Otherwise, the network insight service will not be accessible.             

Step 8.Power on the virtual machine, enter the VM console and configure the platform security linkage.

1. Enter the password of the cloud security center to log in. You need to change the password for the first login. There are only five chances to try to enter the password. If you enter the wrong password five times, the account will be locked for 5 minutes, and you can enter it again after 5 minutes. The default password is Sfcsec@123, and the password modification policy is as follows:

• The length is 8~64 characters.
• Must contain 4 items of uppercase letters, lowercase letters, numbers, and special characters, special characters support ~`@#%&<>"',;_-^$.*+?=!:|{}()[]/.

2. After successful login, click Platform Authentication and select SCP for platform type configuration.
   
   

3. Enter the platform authentication page:

• Cluster IP: IP of the SCP management port.
• Username/Password: ani_admin/password.

4. Click Authenticate to complete the aNI deployment.
   

4.3.2.2Configuration Steps

Step 1.After completing the aNI installation, enter the Network Insight page and click Go Now.

Step 2.Proceed to the Networking > Network Insight page, select the resource pool for which network visualization needs to be enabled, and click Enable to enable the resource pool network visualization function.

3. On the Network Insight page, view the access records of all VMs on the platform. You can filter the records by using the filter in the upper-left corner. You can also filter the records by VM or VM group.

• Filter by access status: You can select All, Allowed, Denied, or No Policy Matched.

• Filter by time: You can select Last 30 days, Last 7 days, Last 3 days, or Today.

• Access details: Click the card in the upper-right corner of the page to enter the Access Details page, where you can quickly export an access list.

• Time screening: last 30 days, last 7 days, last 3 days, today.

Step 3.Select a group to enter the virtual machine group display page. The card in the upper right corner displays the access relationship information of the virtual machines in the current group, including the total number of virtual machines, location communication, no access, and intercepted access. Click the zoom out button to collapse back to the initial interface.

Step 4.Click the Access Details button to enter the details page, and click the operation bar View Details to obtain the detailed information of each record, including the firewall policy quintuple information: Src Object, Src IP, Dst Object, Dst IP, and Service.

Step 5.Click the View Policies button to jump to the Distributed Firewall page, where you can add, delete, modify, and check access policies.

Step 6.The platform also supports setting operations for network insight services. Click the Settings button to enable, disable, upgrade and other settings for the service.

After the network insight service is closed, the function can no longer be used. If the function needs to be enabled, it must redeploy.