Historically, a flow collector provided the ability to collect IP network traffic as it enters or exits an interface of a switch or a router. It could determine the source of congestion in the network, the path of flow, but not much else. With NVM on the endpoint, the flow is augmented by rich endpoint context such as type of device, the user, the application, etc. This makes the flow records more actionable depending on the capabilities of the collection platform. The exported data provided with NVM which is sent via IPFIX is compatible with Cisco NetFlow collectors as well as other 3rd party flow collection platforms such as Splunk, IBM Qradar, LiveAction. Please see platform-specific integration documentation for additional information, For example, Splunk integration is available via https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200600-Install-and-Configure-Cisco-Network-Visi.html.
If you choose to
install the Network Visibility Module, the About screen of the AnyConnect
Secure Mobility Client UI lists it as installed. No other indication exists on
the AnyConnect UI when NVM is running.
An AnyConnect profile for NVM gets pushed from the ISE or ASA headend if this feature is enabled. On the ISE headend, you can use the standalone profile editor, generate the NVM service profile XML, upload it to ISE, and map it against the new NVM module, just as you do with Web Security, Network Access Manager, and such. On the ASA headend, you can use either the standalone or ASDM profile editor.
NVM gets notified when
the VPN state changes to connected and when the endpoint is in a trusted
If you are using NVM with Linux, make sure that you have completed the preliminary steps in Using NVM on Linux.