Product Brief GigaVUE-VM

Transcription

1 Product Brief GigaVUE-VM Active Visibility for Virtual Workloads With exponential growth in virtualized traffic within the data center, a primary challenge for the centralized monitoring infrastructure is to access this virtual traffic for application, network and security analysis. The Gigamon GigaVUE-VM node provides an intelligent filtering technology that allows virtual machine (VM) traffic flows of interest to be selected, forwarded, and delivered to the monitoring infrastructure centrally attached to the GigaVUE platforms, thereby eliminating any traffic blind spots in the enterprise private clouds or service provider NFV deployments. Gigamon is the only vendor to provide traffic visibility solutions for virtual workloads in VMware-powered SDDC (ESX and NSX-V) and OpenStack/KVM-powered multi-tenant clouds. Features & Benefits Visibility into Virtual Traffic Intelligently select, filter, and forward tenant virtual traffic to the monitoring and tool infrastructure, extending the reach and leveraging existing tools to monitor virtual network infrastructure Quick Specs üüautomated traffic visibility for VMware-powered SDDC üümulti-tenant traffic visibility for OpenStack/KVM-powered clouds üüoptimized traffic delivery from the virtual infrastructure through the production network üüautomated migration of monitoring policies üühotspot detection of virtual monitoring policies Multi-Hypervisor Support Supports the most popular private cloud hypervisors, VMware ESXi, VMware NSX-V and KVM/OpenStack Virtual Switch Agnostic Solution Support for VMware vss/vds and Cisco Nexus 000V and any virtual switch on KVM Automated Visibility for VMware NSX Use VMware NSX Dynamic Service Insertion to associate visibility policies with security groups, thereby providing continuous and automated traffic visibility for applications as they scale up Centralized Management Manage and monitor the physical and virtual fabric nodes using while also configuring the traffic policies to access, select, transform, and deliver the traffic to the tools Integration with the Unified Seamless end-to-end visibility across physical and virtual network infrastructure. Optimize monitoring infrastructure by enabling aggregation, replication, and sharing of traffic streams across multiple monitoring tools and IT teams. Additional intelligence gained from Flow Mapping and GigaSMART technologies can be applied on the virtual traffic before forwarding the tools Support for Packet Slicing Further reduce IO resources by removing irrelevant information with packet slicing before sending to the tool, and optimize long-term storage of data by capturing only the data of interest Tunneling Support Leverage the production network to tunnel (support standards based LGRE encapsulation) and forward the filtered virtual traffic from the hypervisor to the GigaVUE platforms Optimized Traffic Delivery Tunneled traffic can be marked with DSCP values for per hop behavior to get preferential treatment on the production network. If changing MTU size in the network is an issue, fragmentation can be enabled to transport the packets using standard MTU sizes. These packets will then be re-assembled at the nodes before further analysis Support for vmotion and Live Migration Ensure the integrity of visibility and monitoring policies in a dynamic infrastructure, have realtime adjustment of monitoring and security posture to virtual network changes, and the ability to respond to disasters/failures without losing NOC insight and control Hotspot monitoring Pro-actively monitor and troubleshoot GigaVUE-VM nodes by elevating Top-N and Bottom-N virtual traffic policies to the centralized dashboards 0-06 Gigamon. All rights reserved.

2 VMware ESX Integration A vsphere guest VM, the light footprint GigaVUE-VM fabric node is installed without the need for special software, kernel modules, or changes to the hypervisor (Fabric Manager), Gigamon s centralized management application, tightly integrates with VMware and to facilitate simplified bulk onboarding of the GigaVUE-VM fabric nodes and configuration of the VM level traffic monitoring policies Leveraging APIs, can track vmotion events across Distributed Resource Scheduler (DRS) and high-availability (HA) cluster environments, enabling visibility policies to be tied to the monitored VMs and migrate with the VMs as they move across physical hosts; this automation provides Active Visibility into an agile and dynamic SDDC GigaVUE-VM is auto-pinned to a host, so DRS doesn t impact continuous traffic visibility In addition to ESXi hypervisor, GigaVUE-VM also extends traffic visibility to the VMs deployed on the VMware NSX-V network hypervisor, a network virtualization platform that delivers the operational model of a hypervisor for the network VM VM VM VM HYPERVISOR HYPERVISOR Virtual Traffic Policies integration Bulk GigaVUE-VM onboarding Virtual traffic policy creation Automatic migration of monitoring policies SERVER I SERVER II Tunneling Private Cloud Performance Network Management Production Network Tools and Analytics GigaVUE-VM integrated with Unified 0-06 Gigamon. All rights reserved.

3 VMware NSX Integration Automate traffic visibility for securing the micro-segmented SDDC Enable SecOps and NetOps teams to automate the selection, filtering and forwarding of the ever growing east-west virtual traffic for security and monitoring analytics Leverage the power of the NSX network virtualization platform and distributed service insertion framework for automated deployment of virtual components in the GigaSECURE Delivery Platform, while also enabling dynamic provisioning of visibility traffic policies within customers software defined data centers Insert a Visibility Service using the GigaSECURE platform s virtual visibility component, GigaVUE-VM Define security or traffic policies that select, filter and forward the tenant s virtual traffic to security and monitoring tools for analysis Can auto-update this service and the traffic policies as new tenants come onboard or existing tenant s security groups scale dynamically VMware and NSX APIs for Inventory, Groups, Events Cloud Admin Register Gigamon Traffic Visibility Service and Traffic Policies NetOps / SecOps Admin Deploy Traffic Visibility Service VM on NSX Cluster Associate Traffic Policies to Groups SG SG SG GigaVUE-VM 7 Status and Traffic Policy Checks VM VM VM 6 Filtered Virtual Traffic vswitch 5 Copy Packet VMware NSX-V GigaSECURE Delivery Platform APM SIEM IDS GigaVUE-VM on VMware NSX integrated with GigaSECURE Delivery Platform 0-06 Gigamon. All rights reserved.

4 Use Cases with VMware NSX VMware Private Cloud Automated Traffic Visibility Secure the SDDC with GigaSECURE Dynamic Service Insertion of GigaVUE-VM vrealize Automation (vra). Deploy new Tenants and s. Apply Visibility Policy?,. IPS E?;"/F (Inline) Anti-Malware +6"()$;7$0/ E?;"/F (Inline) Loss Prevention,0//6"8?60:-"8 Intrusion System G80/-"A- Forensics Threat Detection A PI NSX APIs, Service Insertion APIs, Events GigaSECURE Delivery Platform TAPs GigaVUE-VM and GigaVUE Nodes Metadata Engine Session Filtering SSL Decryption Inline Bypass GigaVUE VM Filtered and Sliced Virtual Traffic Tenant level Traffic Visibility for Monitoring Dynamic Service Insertion of GigaVUE-VM vrealize Automation (vra). Deploy new Tenants and s. Apply Visibility Policy APIs, Events REST APIs Software-Defined Visibility NSX APIs, Service Insertion Virtual Traffic Centralized Tools Anti-Malware POWERED BY GigaSMART VXLAN=6000 IDS SSL Decryption DLP NetFlow / IPFIX Generation SSL Decryption Network Forensics TAPs Session Filtering Adaptive Packet Filtering Header Stripping De-cap VXLAN APT Monitoring Performance Network Performance GigaVUE VM Filtered and Sliced Virtual Traffic NetFlow / IPFIX Customer Experience 0-06 Gigamon. All rights reserved.

5 OpenStack/KVM Cloud In a multi-tenant OpenStack/KVM-powered Private Cloud, where tenant isolation is critical, the Gigamon solution extends visibility for one tenant s workload without impacting others. Supports tenant-wide monitoring domains tenant may monitor any and all interfaces on their VMs Honors tenant isolation boundaries no traffic leakage from one tenant to any other tenant during monitoring Monitors traffic without needing cloud admin privileges Monitors traffic activity of one tenant without adversely affecting other tenants Multi-tenant traffic visibility management with a single instance of Can deploy this solution, which integrates with OpenStack, by the tenant owner as follows: for integration with OpenStack/Nova controller to identify tenant VMs A tiny footprint user-space agent (G-vTAP) is loaded in the tenant VM that is selected for monitoring»» Traffic policy filters are configured to mirror the target VM s interface traffic to GigaVUE-VM»» The filtered traffic can be sampled at configured rates to reduce backhaul to the monitoring tools GigaVUE-VM optimizes (complex filters and slicing) and delivers traffic to the physical nodes where additional GigaSMART traffic intelligence can be applied before delivering the traffic to the monitoring tools Based on the number of TAP points (vnics) being monitored, auto-deploys the requisite number of GigaVUE-VM nodes Glance Horizon Tenant OpenStack: Horizon/Nova deploys tenant VMs that are packaged with Gigamon Virtual Taps (G-vTAP) Nova : Discovers the tenant VMs from OpenStack/Nova controller : Deploys GigaVUE-VM (Virtual Visibility Node) 5 GigaVUE-VM VM VM VM Traffic Any vswitch KVM Policies Any vswitch KVM 6 Tunneling 7 8 APM NPM CEM : Configures traffic policies on the G-vTAPs and GigaVUE-VMs G-vTAP: Filters and replicates traffic to GigaVUE-VM GigaVUE-VM: Provides additional filtering/slicing of traffic to : Configures traffic policies (GigaSMART) to forward to the right tools : Optimizes and forwards traffic to the right tools GigaVUE-VM and G-vTAP on OpenStack/KVM integrated with the Use Cases Private clouds that want to provide SLA monitoring of the virtual workload traffic Data centers where virtual workload traffic needs to be analyzed along with the physical network traffic by a centralized monitoring tool infrastructure IT organizations that are concerned about threats or malware embedded in the SSL traffic within the virtual infrastructure Software defined data centers that are evaluating emerging network virtualization and SDN technologies Enterprises providing hosting services for multiple customers or internal groups Service providers adopting the Network Functions Virtualization (NFV) architecture to virtualize their physical network functions like SBC, EPC, IMS, etc Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice /6 00 Olcott Street, Santa Clara, CA 9505 USA + (08)