WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

Similar documents
WHITE PAPER. Net Optics Phantom Virtual Tap Delivers Best-Practice Network Monitoring For Virtualized Server Environs

IxChariot Virtualization Performance Test Plan

WHITE PAPER. Static Load Balancers Implemented with Filters

WHITE PAPER. How To Compare Virtual Devices (NFV) vs Hardware Devices: Testing VNF Performance

WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency

WHITE PAPER. Extending Network Monitoring Tool Performance

WHITE PAPER. Gaining Total Visibility for Lawful Interception

EBOOK. The Network Comes of Age: Access and Monitoring at the Application Level

Ensuring Success in a Virtual World: Demystifying SDN and NFV Migrations

WHITE PAPER. Tap Technology Enables Healthcare s Digital Future

WHITE PAPER. Enabling 100 Gigabit Ethernet Implementing PCS Lanes

Ixia Phantom vtap. Overview. Virtual Taps Phantom Monitoring Solution DATA SHEET

An Executive Brief for Network Security Investments

WHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

Data Center Automation - A Must For All Service Providers

EBOOK. Software Defined Networking (SDN)

WHITE PAPER. SDN Controller Testing: Part 1

Evaluating Wireless Broadband Gateways for Deployment by Service Provider Customers

Taps vs. SPAN The Forest AND the Trees: Full Visibility into Today's Networks

Guidebook to MEF Certification

Reduce Your Network's Attack Surface

WHITE PAPER. 50 versus 62.5 micron multimode fiber

White Paper. Best Practices for 40 Gigabit Implementation in the Enterprise

Network Access Control in Virtual Environments. Technical Note

Visibility into the Cloud and Virtualized Data Center // White Paper

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

WHITE PAPER. Realizing ROI from Your Network Visibility Investment

Simplifying Data Center Network Architecture: Collapsing the Tiers

How to monitor network traffic inside an ESXi host

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Analyzing Full-Duplex Networks

Visibility in the Modern Data Center // Solution Overview

WHITE PAPER. Best Practices for Deploying IPv6 over Broadband Access

Optimize Server Virtualization with QLogic s 10GbE Secure SR-IOV

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Meeting the Challenges of Virtualization Security

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Best Practices for Network Monitoring

How To Extend Security Policies To Public Clouds

5 Best Practices to Protect Your Virtual Environment

PN: Rev A, September Overcoming Blind Spots in Your Virtualized Data Center

Application and Network Performance Monitoring in a Virtualized Environment

Securing the private cloud

What s New with VMware Virtual Infrastructure

An overwhelming majority of IaaS clouds leverage virtualization for their foundation.

Network Instruments white paper

New Security Perspective for Virtualized Platforms

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

WHITE PAPER. Best Practices in Deploying Converged Data Centers

The Alteon Application Switch Overview

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

RackSim Virtualized Data Center Simulation

Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

雲 端 發 展 與 安 全 趨 勢. 陳 建 宏 Jovi Chen 技 術 顧 問 2011 Check Point Software Technologies Ltd. [Unrestricted] For everyone

Virtual Cascade Shark

Testing Packet Switched Network Performance of Mobile Wireless Networks IxChariot

WHITE PAPER. Best Practices for Network Monitoring Switch Automation

VIRTUALIZATION SECURITY OPTIONS: CHOOSE WISELY

Networking for Caribbean Development

WHITE PAPER. Application Performance Management and Lawful Interception

VirtualclientTechnology 2011 July

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Hyper-V R2: What's New?

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Securing Virtual Applications and Servers

WHITE PAPER. Best Practices for Eliminating Duplicate Packets

Virtual Machine Protection with Symantec NetBackup 7

SDN Security for VMware Data Center Environments

Five reasons why you need Citrix Essentials for Hyper-V now

About the VM-Series Firewall

Securing the Physical, Virtual, Cloud Continuum

NETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes

VMware for SMB environments(min st year)

Cisco Virtual Wide Area Application Services: Technical Overview

Virtualization, SDN and NFV

How To Make A Virtual Machine Aware Of A Network On A Physical Server

Secure Cloud-Ready Data Centers Juniper Networks

Cyber Range Training Services

Solving I/O Bottlenecks to Enable Superior Cloud Efficiency

How To Protect Your Cloud From Attack

Pluribus Netvisor Solution Brief

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

Global Headquarters: 5 Speen Street Framingham, MA USA P F

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Support for Microsoft Applications & Server Virtualization Validation Program. Wee-Meng, Thoo Technology Alliance VMware Asia Pacific

Transcription:

WHITE PAPER Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment www.ixiacom.com 915-6892-01 Rev. A, July 2014

2

Table of Contents The Challenge of the Virtual Environment... 4 Tried This. Tried That... 4 Enter the Virtual Tap... 5 3

Driven by the promise of dramatic reductions in the number of physical servers needed (Consolidation ratios of 10:1, 15:1, and even 20:1 have been reported), more and more enterprises are deploying virtualization techniques in their data centers. Virtualization, however, is not without its drawbacks. One of the biggest challenges is monitoring. Tap solutions have been used for years to facilitate traffic capture, analysis, replay, and logging, helping IT professionals effectively manage their complex networks and meet compliance. But neither traditional Taps, nor any other solution, is able to capture all the traffic that flows between virtual machines (VMs). This lack of visibility can have an enormous impact on the business, increasing the risk of intrusion and disruption. Data passing between VMs cannot be captured for auditing, and sources of issues cannot be pinpointed in a timely manner. IT professionals need a solution that can provide comprehensive visibility of all the data, including packets passing between VMs. Among the benefits of virtualization are nearly endless elasticity and expandability with fewer resources. The Challenge of the Virtual Environment Virtualization consists of deploying multiple computing environments onto a single server managed by Hypervisor. Hypervisor software manages multiple operating systems or multiple instances of the same OS. This allows consolidation of physical servers onto a virtual stack on a single server. Among the benefits of virtualization are nearly endless elasticity and expandability with fewer resources. In addition, new services can be deployed without procuring new hardware (servers) or installing an OS with all of its associated ongoing costs and management responsibilities. Traffic between virtual servers residing on the same ESX hypervisor (VM to VM or inter- VM traffic) is managed by virtual switching internal to the hypervisor. In a traditional, non-virtual (physical) network, traffic is seen on the wire. In a virtualized environment, however, inter-vm traffic is switched locally on the virtual switch and never gets out to a network wire connected to monitoring tools. Therefore, this traffic is not seen it is a black box from a monitoring perspective. As a result, inter-vm traffic is invisible to physical security and monitoring devices. Monitoring tools on the market today are, unfortunately, not capable of providing a comprehensive, raw view of all the traffic because they cannot see that internal communications layer within the Hypervisor. Solutions such as installing agents on every VM or using spanning virtual switch ports do exist. However, they place a sizable burden on the Hypervisor and still do not provide the full visibility required. This lack of visibility creates black holes in tightly managed, regulated, and mission-critical environments that pose a potential threat to security and compliance. It also creates operational challenges in high-speed, high-frequency environments (e.g., trading systems) where latency (delay) is unacceptable. Alternative solutions, such as adding an inspection VM on the ESX, are costly, intrusive, and difficult to manage. Tried This. Tried That Organizations have attempted various solutions to this virtual visibility problem. One of the more common alternatives has been to install clients on virtual machines. These range from sniffers that capture traffic and direct it somewhere to smart clients that capture traffic using smart filters and deliver the monitored streams to some destination. The 4

problem with this solution is that these clients must be installed and images built on every VM. This often creates a loss of performance. The ideal solution is one that would deliver the following capabilities: Provide complete visibility to virtual network traffic Operate without negatively impacting the performance of the virtual environment Enable the enforcement of the same stringent compliance regulations across the converged, virtualized and physical infrastructure Integrate with virtualization technologies without requiring architectural changes or a large footprint. Support the elasticity of the infrastructure and be able to follow machines as the are moved around for optimized performance (vmotion) Enter the Virtual Tap To provide complete visibility into traffic flowing between VMs on hypervisor stacks, Net Optics has developed the Phantom Virtual Tap, which is purpose-built for virtualized environments. The Virtual Tap software is situated low on the ESX stack, at the hypervisor kernel level, as shown in Figure 1 below. As a result, all packets are visible prior to any failures, errors, or other causes of packet loss. Not one packet is dropped or altered by the system. ESX Limited Visibility Virtual Machines Inter-VM Traffic is Invisible Virtual Switch ESX 100% Visibility Virtual Machines Phantom Virtual Tap Virtual Switch The Virtual Tap requires no virtual appliances, promiscuous probes, network manipulation, or counterintuitive traffic shaping and routing. Figure 1. Phantom Virtual Tap Furthermore, the Virtual Tap can differentiate between specific VM instances in replicated environments and continue to monitor and log VMs, even as they move between hypervisors. The Virtual Tap is also non-intrusive and non-disruptive. It requires no virtual appliances, promiscuous probes, network manipulation, or counterintuitive traffic shaping and routing. There is no need to modify the existing environment before implementing. Memory and resource demand on the ESX are minimal. The Phantom Virtual Tap was developed for VMware version 4.x and is both VMware ESX and ESXi 4.x-certified. It is fully integrated at the Hypervisor kernel and supports leading virtual switch solutions, including VMware, DNS, and Cisco. The Virtual Tap also integrates with VMware vmotion and high-availability/load balancing solutions. These solutions allow running virtual machines to migrate from one physical server to another with no impact on end users. The Virtual TAP continues to monitor traffic and maintain access control, even as virtual instances transition between ESX stacks. 5

WHITE PAPER Ixia Worldwide Headquarters 26601 Agoura Rd. Calabasas, CA 91302 (Toll Free North America) 1.877.367.4942 (Outside North America) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Ixia European Headquarters Ixia Technologies Europe Ltd Clarion House, Norreys Drive Maidenhead SL6 4FL United Kingdom Sales +44 1628 408750 (Fax) +44 1628 639916 Ixia Asia Pacific Headquarters 21 Serangoon North Avenue 5 #04-01 Singapore 554864 Sales +65.6332.0125 Fax +65.6332.0127 915-6892-01 Rev. A, July 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information