WHITE PAPER. Net Optics Phantom Virtual Tap Delivers Best-Practice Network Monitoring For Virtualized Server Environs



Similar documents
WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

IxChariot Virtualization Performance Test Plan

WHITE PAPER. Static Load Balancers Implemented with Filters

WHITE PAPER. How To Compare Virtual Devices (NFV) vs Hardware Devices: Testing VNF Performance

WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency

WHITE PAPER. Extending Network Monitoring Tool Performance

Ensuring Success in a Virtual World: Demystifying SDN and NFV Migrations

WHITE PAPER. Gaining Total Visibility for Lawful Interception

Application and Network Performance Monitoring in a Virtualized Environment

Reduce Your Network's Attack Surface

EBOOK. Software Defined Networking (SDN)

WHITE PAPER. Enabling 100 Gigabit Ethernet Implementing PCS Lanes

An Executive Brief for Network Security Investments

WHITE PAPER. Tap Technology Enables Healthcare s Digital Future

Guidebook to MEF Certification

Data Center Automation - A Must For All Service Providers

WHITE PAPER. SDN Controller Testing: Part 1

EBOOK. The Network Comes of Age: Access and Monitoring at the Application Level

Ixia Phantom vtap. Overview. Virtual Taps Phantom Monitoring Solution DATA SHEET

Evaluating Wireless Broadband Gateways for Deployment by Service Provider Customers

How to monitor network traffic inside an ESXi host

Taps vs. SPAN The Forest AND the Trees: Full Visibility into Today's Networks

The Virtualization Practice

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(1)

WHITE PAPER. Realizing ROI from Your Network Visibility Investment

WHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

WHITE PAPER. Best Practices for Deploying IPv6 over Broadband Access

Network Access Control in Virtual Environments. Technical Note

PN: Rev A, September Overcoming Blind Spots in Your Virtualized Data Center

WHITE PAPER. 50 versus 62.5 micron multimode fiber

Optimize Server Virtualization with QLogic s 10GbE Secure SR-IOV

Aerohive Networks Inc. Free Bonjour Gateway FAQ

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

How to Configure an Initial Installation of the VMware ESXi Hypervisor

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

Virtual Cascade Shark

Best Practices for Monitoring Databases on VMware. Dean Richards Senior DBA, Confio Software

WHITE PAPER. Best Practices in Deploying Converged Data Centers

WHITE PAPER. Application Performance Management and Lawful Interception

White Paper. Best Practices for 40 Gigabit Implementation in the Enterprise

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Network Virtualization

Unified network traffic monitoring for physical and VMware environments

THE HYPER-CONVERGENCE EFFECT: DO VIRTUALIZATION MANAGEMENT REQUIREMENTS CHANGE? by Eric Siebert, Author and vexpert

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

vsphere Private Cloud RAZR s Edge Virtualization and Private Cloud Administration

Running a VSM and VEM on the Same Host

Network Troubleshooting & Configuration in vsphere VMware Inc. All rights reserved

Securing the private cloud

Application Performance Management in a Virtualized Environment

Vmware VSphere 6.0 Private Cloud Administration

COMMAND YOUR DATA CENTER

Benefits of virtualizing your network

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

Visibility in the Modern Data Center // Solution Overview

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN

Visibility into the Cloud and Virtualized Data Center // White Paper

Altor Virtual Network Security Analyzer v1.0 Installation Guide

The Alteon Application Switch Overview

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

Security Auditing in a Virtual Environment

Analyzing Full-Duplex Networks

Programmable Networking with Open vswitch

Channel Xcelerate. Full Speed Ahead. The Ixia Channel Xcelerate Program - The Americas. Application Performance and Security Resilience

How To Make A Virtual Machine Aware Of A Network On A Physical Server

Monitoring Databases on VMware

VMware vsphere Design. 2nd Edition

Monitoring VMware ESX Virtual Switches

Solving the Hypervisor Network I/O Bottleneck Solarflare Virtualization Acceleration

Windows Server 2012 Hyper-V Virtual Switch Extension Software UNIVERGE PF1000 Overview. IT Network Global Solutions Division UNIVERGE Support Center

Extending Microsoft Hyper-V with Advanced Automation and Management from Citrix

Silver Peak Virtual Appliances

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

New Security Perspective for Virtualized Platforms

Cyber Range Training Services

5 Best Practices to Protect Your Virtual Environment

A Project Summary: VMware ESX Server to Facilitate: Infrastructure Management Services Server Consolidation Storage & Testing with Production Servers

Simplifying Data Center Network Architecture: Collapsing the Tiers

Linux KVM Virtual Traffic Monitoring

IOS110. Virtualization 5/27/2014 1

VMware vsphere 5.0 Boot Camp

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Bringing Enterprise-class Network Performance and Security Management Together using NetFlow

Five reasons why you need Citrix Essentials for Hyper-V now

Install Guide for JunosV Wireless LAN Controller

7 Ways OpenStack Enables Automation & Agility for KVM Environments

Assuring Converged Infrastructure: Converged Management Strategies for Cisco UCS

Mitigating Information Security Risks of Virtualization Technologies

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Transcription:

WHITE PAPER Net Optics Phantom Virtual Tap Delivers Best-Practice Network Monitoring For Virtualized Server Environs www.ixiacom.com 915-6909-01 Rev. A, July 2014

2

Table of Contents Event... 4 Context... 4 Net Optics Phantom Virtual Tap Applying Best Practices to Instrumenting Virtual Networks... 5 EMA Perspective... 5 3

Event On February 14, 2011, Net Optics introduced a new product that provides network-layer visibility into virtualized server environments for security, compliance and performance monitoring. The Phantom Virtual Tap integrates with the hypervisor kernel to provide monitoring and management products with a full/copy of all traffic occurring within the virtualized host, between guest virtual machines. This represents a new approach for providing the type of visibility required for optimizing resource utilization, troubleshooting performance issues and ensuring auditability. Context Server virtualization has been one of the fastest growing and most disruptive IT innovations in the last decade. Server virtualization has been one of the fastest growing and most disruptive IT innovations in the last decade, and only a small percentage of IT shops have yet to embrace this exciting new technology. The value is clear more efficient use of x86 compute/server systems and more dflexinility to grow and meet the changing needs of the supported organization. However, as with any new technology, with great promise often comes new challenges, and server virtualization is no exception to that rule. In this case, one of the biggest problems that server virtualization creates is a loss of visibility into the interactions and traffic flow between guest Virtual Machines (VMs) on a common virtualized host. And a loss of visibility means a loss of control, because managers and operators are potentially blinded to performance, security and compliance issues. At the root of this challenge is the fact that within virtual server hosts exist virtual network elements that allow the VMs to communicate both with the hypervisor and the outside world as well as amongst themselves. There are two key elements here a virtual switch (a.k.a. vswitch) and virtual Network Interface Cards (vnics). And since these are all implemented in software and exist only in active memory, new approaches are required for monitoring and troubleshooting the traffic that flows across them. Many potential answers for restoring management visibility have been announced over the past few years mostly in form of new packaging of traditional monitoring solutions. One option is collecting NetFlow from the vswitches; however, this is a problem because current technology supports this only in experimental mode. Virtual switch providers outside of the hypervisor, such as the Cisco Nexus 1000V, will fill this gap more effectively, but adoption is still early and deployments are limited, and smaller server virtualization deployments may never require the horsepower this offers. Another group of options available today is re-packaged packet inspection technologies. These either act as a virtual tap by connecting to the vswitch in promiscuous mode and exporting a copy of packet streams of interest out the server s physical NIC, or as a software probe sitting in a VM and (again) connecting to the vswitch in promiscuous mode. These solutions are more effective, but create their own issues by forcing the vswitch to operate in promiscuous mode, incurring a performance hit, losing essential troubleshooting data, and not efficiently multi-purposing packet streams for multiple management analyses. One of the vendor groups largely left out of the mix thus far is the network-layer access solution providers, who deliver everything from basic network taps to sophisticated access matrix switches. These are typically layer 1 devices that provide the hardware connectivity so that other (often multiple) management tools can draw data from the managed environment. In the world of hypervisors and server virtualization, there is no hardware layer into which a traditional tap can be applied, and so access devices must become virtual software entities just as the network infrastructure itself has become virtualized. 4

Net Optics Phantom Virtual Tap Applying Best Practices to Instrumenting Virtual Networks Net Optics has long been one of the dominant providers of access-layer solutions to organizations of all sizes and geographies. Net Optics solutions are resold by many of the management product vendors who need such access options to deliver their own management value. Net Optics has been watching the growing need for a better visibility answer in virtualized server environments and has now introduced an innovative answer that applies the very best-practices approaches which are commonplace in the traditional, non-virtualized world. The new Net Optics Phantom Virtual Tap, comprised of Phantom Monitors (installed on each virtualized system) and a central Phantom Manager console (for administration and viewing activity) acts as a fully functional, software equivalent to a physical tap, specially adapted for the virtual network realm. The Phantom Virtual Tap is unique at the present time, because unlike other approaches, it is integrated directly into the hypervisor kernel. This allows full access to the entire network stack, without the performance penalty of running the vswitch in promiscuous mode. As such, it avoids the loss of important network-layer errors which are often cleaned before sharing in promiscuous mode and thus not visible to other monitoring approaches errors that may hold the key when troubleshooting a difficult performance or interoperability issue. Finally, the Phantom Virtual Tap can share packet streams either with one or more co-resident guest VMs or with any number of external monitoring and management tools by means of direct connection and interaction with a NetOptics Director switch. This latter approach offers the opportunity to apply smart filters to packet streams so that only data of interest is sent to downstream management systems. The Phantom Virtual Tap represents an innovative new option for restoring lost visibility. The Phantom Virtual Tap was developed interactively with VMware. The initial release has been optimized to support ESX and ESXi v4.x environments, and is VMsafe Certified. It works not only with internal VMware vswitches, but also with the Cisco Systems Nexus 1000V soft switch. The solution supports high-availability configurations via deployment of multiple Phantom Monitors in each hypervisor, and can also tie into Net Optics Indigo Pro platform for enterprise-wide management of access devices. EMA Perspective ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) analysts have been closely monitoring the rapid evolution and adoption of virtual server technologies, and have long believed that, over time, the rest of the operations team would catch up with it and apply (necessarily) best practices for management control. Only in this way will this new technology enjoy the same levels of quality assurance, security and compliance that have been carefully and laboriously constructed for the rest of the IT infrastructure. The NetOptics Phantom Virtual Tap represents an innovative new option for restoring lost visibility into virtualized server infrastructure in a way that closely mirrors best practices for traditional monitoring. In EMA s opinion, this solution holds the best promise yet available for flexible and complete approaches to establishing rigorous and appropriate network management visibility and control over sprawling virtual server infrastructures. In short, the Phantom Virtual Tap provides big steps forward towards mainstreaming server virtualization. 5

WHITE PAPER Ixia Worldwide Headquarters 26601 Agoura Rd. Calabasas, CA 91302 (Toll Free North America) 1.877.367.4942 (Outside North America) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Ixia European Headquarters Ixia Technologies Europe Ltd Clarion House, Norreys Drive Maidenhead SL6 4FL United Kingdom Sales +44 1628 408750 (Fax) +44 1628 639916 Ixia Asia Pacific Headquarters 21 Serangoon North Avenue 5 #04-01 Singapore 554864 Sales +65.6332.0125 Fax +65.6332.0127 915-6909-01 Rev. A, July 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information