Application and Network Performance Monitoring in a Virtualized Environment



Similar documents
Analyzing Full-Duplex Networks

Network Instruments white paper

WHITE PAPER. Net Optics Phantom Virtual Tap Delivers Best-Practice Network Monitoring For Virtualized Server Environs

5 IPTV MONITORING BEST PRACTICES

Deploying Probes and Analyzers in an Enterprise Environment

Observer Analyzer Provides In-Depth Management

Observer Analysis Advantages

Network Instruments white paper

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

How to monitor network traffic inside an ESXi host

Observer Reporting Server Sample Executive Reports

Observer Probe Family

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Best Practices in Gigabit Capture

Network Security Forensics

WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Monitoring Service Delivery in an MPLS Environment

Network Performance Management Solutions Architecture

IBM Security Intelligence Strategy

Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)

Network Access Control in Virtual Environments. Technical Note

Scalability in Log Management

Unified network traffic monitoring for physical and VMware environments

SNMP Monitoring: One Critical Component to Network Management

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Network Troubleshooting with the LinkView Classic Network Analyzer

Gaining Operational Efficiencies with the Enterasys S-Series

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Visibility in the Modern Data Center // Solution Overview

IBM QRadar Security Intelligence April 2013

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Network Agent Quick Start

ARE AGENTS NECESSARY FOR ACCURATE MONITORING?

LiveAction Application Note

Riverbed SteelCentral. Product Family Brochure

Observer Probe Family

Enhance visibility into and control over software projects IBM Rational change and release management software

Application Performance Management in a Virtualized Environment

Preemptive security solutions for healthcare

Riverbed SteelCentral. Product Family Brochure

INTRUSION DETECTION SYSTEMS and Network Security

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

Visibility into the Cloud and Virtualized Data Center // White Paper

Net Optics and Cisco NAM

Intrusion Detection Systems (IDS)

How To Use A Network Instrument Ntap

Network Troubleshooting & Configuration in vsphere VMware Inc. All rights reserved

Monitoring VMware ESX Virtual Switches

QRadar Security Intelligence Platform Appliances

RSA Security Analytics Virtual Appliance Setup Guide

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

IBM QRadar Security Intelligence Platform appliances

#ITtrends #ITTRENDS SYMANTEC VISION

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Virtual Cascade Shark

Deploying Network Taps for improved security

IBM SECURITY QRADAR INCIDENT FORENSICS

How To Protect A Network From Attack From A Hacker (Hbss)

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope

July, Figure 1. Intuitive, user-friendly web-based (HTML) interface.

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

Cover. White Paper. (nchronos 4.1)

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

mbits Network Operations Centrec

Network Performance + Security Monitoring

Solving Monitoring Challenges in the Data Center

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

The Virtualization Practice

WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency

WHITE PAPER. Automated IT Asset Management Maximize Organizational Value Using Numara Track-It! p: f:

QRadar SIEM and FireEye MPS Integration

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Network Management and Monitoring Software

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

Aternity Virtual Desktop Monitoring. Complete Visibility Ensures Successful VDI Outcomes

Transcription:

Application and Performance Monitoring in a Virtualized Environment As organizations implement virtualized environments, knowing how to monitor and maintain them becomes yet another challenge for today s network professional. Monitoring network and application traffic in an environment containing one-tomany relationships between physical hardware devices (virtual hosts) and virtual application servers (virtual machines) presents a number of concerns. This white paper presents various visibility options and their ramifications, and outlines new technology that allows visibility into both external and internal traffic within a virtual environment. www.networkinstruments.com

Introduction Before discussing monitoring options within a virtual environment, let s take a moment to discuss how the traffic flows within it. Virtual environments are designed to include a virtual adapter (vnic) for each virtual machine within the system. The vnic is logically connected to a virtual switch, which is managed by the virtual host system (see the diagram below). This addresses communication which would remain in the host. In order to enable communication into and out of the host, a logical connection between the vnic and the must be established. Within the ware ESX and ESXi environments, a virtual adapter can be set in promiscuous mode. When promiscuous mode is enabled on a virtual adapter, all traffic flowing through the virtual switch including local traffic between virtual machines and remote traffic originating from outside the virtual host is sent to the promiscuous virtual adapter. Challenges A number of challenges are presented when attempting to monitor applications with a virtualized environment. 1. Lack of visibility. Traffic between virtual machines within a virtual host will not be visible outside of the host. This causes a number of problems: a. engineers cannot monitor multi-tier applications partially or wholly located on multiple virtual machines within a single host. b. Should a virtual machine be compromised by malicious code or security breach, other virtual machines within the same host may also be compromised. 2. Lack of analysis functionality. A separate solution is required to push data streams flowing within virtual machines out to an external tool or a purpose-built device. This functionality is necessary for network and application monitoring and analysis, compliance, and security audits. Virtual TAPs (software applications placed inside a virtual machine to export all data through a designated to an external device) can alleviate this problem. The Visibility Gap: Virtual Environments present new visibility challenges to monitoring and analysis devices. 2

Options There are three primary ways to monitor both traffic flow from within applications on virtual machines and from the virtual host: 1. Monitor the host using an external analysis device as you would any other system, via SPAN technology or a physical TAP. Analysis Device TAP This option works well for environments not needing to track internal virtual machine-to-machine traffic within a host. However, it may not catch a security breach compromising multiple virtual machines within a host. 2. Monitor all virtual machines in a host by establishing a new virtual machine within the host. This option assumes the ability to SPAN or set in promiscuous mode the virtual switch within the host. ANALYSIS PROBE vnic This option provides visibility at the statistics and packet levels of all traffic within a virtual host. It does not, however, allow packet-level traffic to be analyzed by an external physical device (IDS, retrospective analysis device, etc.). The goal is to not only see all traffic flowing within a host but also export that data for powerful analytics and reporting. 3

3. Use a Virtual TAP to collect and redirect all internal virtual machine traffic to a dedicated virtual NIC within the monitoring virtual machine that is connected to an external purpose-built device for analysis or compliance enforcement. ANALYSIS PROBE Virtual TAP vnic vnic Analysis Device Depending on the functionality of the external device the traffic is being copied to, this option may provide all the functionality of option two while taking advantage of the physical capabilities of the purpose-built external device. Option two combined with option three offers the most extensive and comprehensive monitoring solution. In a ware environment, one can utilize promiscuous mode on the internal virtual switch, and direct a copy of all traffic from all virtual machines to a virtual machine monitoring instance. This offers several benefits: a. Collect metrics and perform real-time analysis. b. Using a Virtual TAP, re-direct packet streams out a separate NIC to be recorded by a Retrospective Analysis (RNA) device or other purpose-built security or analysis tool. Benefits of the Virtual TAP Mirroring all traffic within a virtual host to an external device provides a number of advantages, including total visibility into application traffic and the ability to run greater analytics for comprehensive reporting and faster problem resolution. For example: 1. Application Performance Monitoring. Feed traffic to an enterprise reporting engine for comprehensive monitoring of virtualized environments. Set and track performance baselines and respond quickly when performance deviates from the norm. Tracking traffic over time helps determine if your server load has increased to the point of requiring action. 2. Application Performance Troubleshooting. The Virtual TAP can also output data to a Retrospective Analysis device, which stores it for later access. RNA devices have an intuitive time-navigation interface to help easily isolate problems within your virtual environment and troubleshoot these issues using Application Analytics. The Virtual TAP option bridges the Visibility Gap, allowing complete real-time analysis, Retrospective Analysis, and fullscale reporting on all virtualized traffic. 4

The Virtual TAP removes the limitation of having to access or respond to traffic in real time. By eliminating the visibility gap the TAP provides greater control of your virtual environment and helps you better maintain overall application performance. Conclusion Depending on the virtual server technology you have decided to implement, you will have a number of options for network and application traffic visibility, and for the use of external devices for analysis. If all virtual machine communications take place between the virtual machines and the outside (i.e. outside the physical host), then monitoring the data flow from outside the host server may be the least complicated method by which to gain flow visibility. If there is any internal communication between virtual machines, the only way to monitor this data is by using a monitoring virtual machine (separate or existing) with an analysis service (i.e. probe) gathering data from the internal virtual switch. Should you need to analyze or store data on an external purpose-built device, installing a Virtual TAP within the monitoring virtual machine will provide complete visibility into all data flowing on the internal virtual switch. Corporate Headquarters Instruments, LLC 10701 Red Circle Drive Minnetonka, MN 55343 USA toll free (800) 526-7919 telephone (952) 358-3800 fax (952) 358-3801 www.networkinstruments.com 2009 Instruments, LLC. All rights reserved. Instruments and all associated logos are trademarks or registered trademarks of Instruments, LLC. All other trademarks, registered or unregistered, are sole property of their respective owners. March 2009 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information