Overcoming The Blind Spots in Your Virtualized Data Center

Overcoming The Blind Spots in Your

Virtualized Data Center

Matt Percival Sales Manager Northern Europe

Outline

2

•

Virtualization Overview

•

Network Monitoring Basics

•

Implementing a Monitoring Solution in a Virtual

Environment

What Is Virtualization ?

Virtualization

, in computing, refers to the act of creating a virtual (rather

than actual) version of something, including but not limited to a virtual

computer hardware platform, operating system (OS), storage device,

or computer network resources.

COMPUTE, STORAGE and NETWORK

How Has It Transformed The Way We Do Business?

Server Virtualization (Compute

and Storage)

• Pioneered by VMWare

• Saved organizations Billions in

capital expenses through Server

Consolidation

• Adopted by Amazon AWS

• Hosts its own retail website

(www.amazon.com) on AWS

• Netflix uses AWS for streaming

and delivery of content

• Has revolutionized how we access

our data

• Enables virtualization across

different manufacturers products

• Emergence of Cloud Storage

•

Type 1 – Server Virtualization

Software application (Hypervisor) divides the server

into multiple virtual environments. Host OS

not

needed.

•

Type 2 – Desktop Virtualization

Use of software to abstract the operating system,

applications and associated data from the user PC.

Host OS needed.

•

I/O virtualization

The physical network adaptor is virtualized into

vNICs to carry traffic in different virtual channels

from the Server traffic.

•

Storage Virtualization

Physical storage is abstracted by virtualization to

present it to many Servers.

•

Network Function Virtualization (NFV)

Types of Virtualization

Virtualization Introduces Blind Spots

Most east-west data traffic in the virtualized Data Center NEVER

reaches the top of the rack where it can be monitored

According to Gartner*, 80% of traffic fits into this category

Net result, most Data Centers are blind in this area

which creates security and performance issues

Virtualization Blind Spot Validation

8

What’s The Problem With Blind Spots?



Bad things can happen in virtual data center blind spots

1. Security issues

2. Complexity of managing virtual solutions

3. Proper compliance tracking

4. Performance problems can be hidden for a long time

+

₌

App OS App

The Virtual Network Visibility Gap

Expect more than 80% of traffic in the data center to be between servers 1

•

Host to User Visibility

− Solved today

− Tap into network at Top of Rack

− Or use expensive Top of Rack switch SPAN port

•

Host to Host Visibility

− Limited/no visibility below Top of Rack

− No visibility within server chassis

•

VM to VM Visibility

− Traffic does not enter the physical network

− 100% of traffic goes unseen and uninspected

•

VM Mobility Visibility

− vMotion launches VMs in separate sites for DR or other purposes

− Physical visibility options may be cost prohibitive for these uses

Physical Host Core Switch Physical Host VM OS App VM OS App Physical Host VM OS App VM OS App

Top of Rack Switch

2

1

3

4

1

3

VMs moved to separate site

4

2

1. Gartner Research: Your Data Center Network is Heading for Traffic Chaos, 27 April, 2011)

• SPAN Ports

• Taps

• Inline Bypass

• SPAN Ports

• Taps

• Inline Bypass

Tools Need End-to-End Network Access

Production Network

WAN Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus _Network Management Application Performance Security Intelligence Customer Experience

• SPAN Ports

• Taps

• Inline Bypass

• SPAN Ports

• Taps

• Inline Bypass

This isn’t

happening!

Why?

Tools

Organization

New Needs to Solve the Tools Problem

Production Network

WAN Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus

Tools

End-to-End Visibility

Tool access to any point in the network

Scalability

Scales to fit the needs of any network

Manageability

Flexible macro-level management

Control

View exactly the information you need

Reduce Costs

Reduce tool costs & administrative burdens

Visibility Needs

Organization

Visibility Architectures Are The Foundation of Monitoring Strategies

Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus Network Operations Performance Management Security Admin Server Admin Audit & Privacy Forensics

Visibility Architecture

App

Aware

Out of

Band

NPB

Network

Taps

Element

Mgmt

Virtual

& Cloud

Access

Policy

Mgmt

Inline

NPB

Inline

Bypass

Session

Aware

Brokers Intelligence Management

Virtual Visibility Framework

Inter-VM, east-west traffic monitoring eliminates the blind spots in virtualized environments



Network Scaling

− Single solution for – VMware,

Microsoft Hyper -V, Citrix Zen, and others

− Existing physical monitoring tools

Virtualized Host Core Switch

Top of Rack Switch Hypervisor Kernel Module vSwitch VM OS App VM OS App VM OS App VM OS App VM OS App



Proven, Patented Control

− Existing physical network packet brokers

− Quick and easy to deploy

− Single solution for physical and virtual visibility and troubleshooting



Performance

− Kernel implementation preserves hypervisor performance, capacity, throughput and utilization



Global Manageability

− Simple virtual tap management

− Single pane of glass management for physical and virtual

Virtual Tap

Implementing a Monitoring Solution

in a Virtual Environment



You can’t measure what you can’t see



Best Practice is to replicate your physical monitoring environment processes



Typically Tap exporting info to NPB to monitoring tools



If you don’t have a monitoring process, then implement Visibility Architecture



Take a holistic approach - where going, needs, wants, flexibility



“Quick and simple” will normally lead to wasted time, effort and money

down the road

Virtual Tap Solution Summary

• Kernel implementation – no need for SPAN Ports / Promiscuous Mode

• Preserves hypervisors’ performance, capacity, throughput and utilization

• Lowers investment in virtual tools by bridging existing physical tools to the virtual network

• Enables routing of data from remote data centers to central monitoring facilities

• 100% visibility of inter-Virtual Machine traffic

• Single pane of glass management console for virtual hosts and VMs

• VLAN and GRE tunnel forwarding support

Strengths

Highest Performance Cross Platform Support Kernel Level Software

LAN VM1 Phantom vTap VM2 VM3 vSwitch Hypervisor VM4 Phantom vTap VM5 VM6 vSwitch Hypervisor B la d e B ac kb o n e 18

1.

Don’t let capacity limit access to monitoring information

2.

Reduce unnecessary data and costs

3.

Get the ROI you want from your existing monitoring tools

4.

Optimize incident response to reduce mean time to repair

5.

Optimize your network with trend analysis



Blind Spots (and their associated problems) are

there whether you know it or not



Security, complexity, compliance, performance



How you chose to deal with the blind spots will

dictate your future level of effort and cost for your

network



Take the time to take that holistic (360 degree)

view before implementation



Best Practice - Keep your current policies so

everything is consistent and integrated with data

center automation



Consider a virtual tap to give you the access you

need to your virtualized data center and network

Summary

Download the FREE whitepapers from www.ixiacom.com

Ask for a free copy of the eBook -

Overcoming Blind Spots in Your Virtualized Data Center

Ask for a free Phantom virtual Tap consultation and demo

Visit the Ixia Network Visibility Solutions Blog: http://blogs.ixiacom.com/ixia-blog/category/network-visibility/

Questions?