By Brian Handrigan on Thursday, 13 July 2017
Category: Network Access Solutions

Private Cloud: The ABCs of Network Visibility

Cloud computing has become the de facto foundation for digital business. As more and more enterprises move critical workloads to private and public clouds, they will face new challenges ensuring security, reliability, and performance of these workloads. If you are responsible for IT security, data center operations, or application performance, make sure you can see what's happening in the cloud. This is the first of two blogs on the topic of cloud visibility and focuses on private cloud.

VISIBILITY CHALLENGES

 If you wondering why cloud visibility is important, consider the following visibility-related concerns that can occur in private cloud environments. 

1. Security blind spots. Traditional security monitoring relies on intercepting traffic as it flows through physical network devices. In virtualized data centers and private clouds, this model breaks down because many packets move between virtual machines (VMs) or application instances and never cross a physical "wire" where they can be tapped for inspection. Because of these blind spots, virtual systems can be tempting targets for malicious breaches.

2. Tools not seeing all relevant data. The point of visibility is not merely to see cloud data, but to export that data to powerful analytics and reporting tools. Tools that receive only a limited view of traffic will have a harder time analyzing performance issues or resolving latency issues, especially as cloud traffic increases. Without access to data from cloud traffic, valuable clues to performance issues may not be identified, which can delay problem resolution or impact the user experience.

3. Security during data generation. Some organizations may use port mirroring in their virtualization platform to access traffic moving between virtual machines. However, this practice can create security issues in highly-regulated environments. Security policies need to be consistently applied, even as application instances move within the cloud environment.

4. Complexity of data collection. With multiple data center and cloud environments, gathering all the relevant data needed by security and monitoring tools becomes complex and time-consuming. Solutions that make it easy to collect traffic from cloud and non-cloud sources can lead to immediate operational savings. 

5. Cost of monitoring in the data center. The total cost of a private cloud will rise with the volume of traffic that needs to be transported back to the data center for monitoring. The ability to filter cloud traffic at its source can minimize backhaul and the workload on your monitoring tools.

CLOUD VISIBILITY USE CASES

Given these issues, better visibility can provide valuable benefits to an organization, particularly in: 

Security and compliance: Keeping your defenses strong in the cloud, as you do in the data center, requires end-to-end visibility for adequate monitoring and control. Packets that are not inspected represent unnecessary risk to the organization and can harbor malware or other attacks. Regulatory compliance may also require proof that you have secured data as it moves between virtual instances. 

Performance analytics: As with security, analysis is dependent on having the necessary data—before, during, and after cloud migration. Your monitoring tools must receive the right inputs to produce accurate insights and to quickly detect and isolate performance problems. 

Troubleshooting: If an application that runs in your virtual data center experiences an unusual slow-down, how will you pinpoint the source of the problem? Packet data combined with application-layer intelligence can help you isolate traffic associated with specific combinations of application, user, device, and geolocation, to reduce your mean-time-to-resolution.

In each of these areas, you need the ability to see all of the traffic moving between virtual resources. Without full visibility to what's happening in your clouds, you increase your risk for data breaches, delays in problem resolution, and loss of productivity or customer satisfaction.

VISIBILITY SOLUTIONS

 So, if cloud visibility is essential to security and application performance, what can you do to address the blind spots that naturally occur? Here are a few things to look for: 

Virtual Taps 

Tapping is the process of accessing virtual or cloud packets in order to send them to security and performance monitoring tools. In traditional environments, a physical tap accesses traffic flowing through a physical network switch. In cloud environments, a virtual tap is deployed as a virtual instance in the hypervisor and:

For maximum flexibility, you should choose virtual taps like those in Ixia CloudLens Private that support all the leading hypervisors, including OpenStack KVM, VMware ESXi/NSX, and Microsoft Hyper-V and are virtual switch agnostic. 

Virtual Packet Processors 

Packet processing is used for more advanced manipulation of packets, to trim the data down to only what is necessary, for maximum tool efficiency. Look for solutions that provide data aggregation, deduplication, NetFlow generation, and SSL decryption. Ixia CloudLens Private packet processing can also do more granular filtering using application intelligence to identify traffic by application, user, device, or geolocation. You can do advanced packet processing using a physical packet broker by transmitting your cloud data back to the data center. Teams that already have physical packet brokers in place, or are new to monitoring cloud traffic, may choose this approach. Another approach is to perform advanced packet processing right in the cloud. Only Ixia offers this all-cloud solution. With this option, you can send trimmed data directly to cloud-based security or analysis tools, eliminating the need for backhaul to the data center. This can be an attractive option for organizations with extremely high traffic volume. 

Common Management Interface

Deploying cloud is complicated enough without having to worry about how to get an integrated view across physical and virtual traffic. Ixia's CloudLens solution provides a comprehensive graphical view of all your network traffic, from all sources. With the power of application intelligence, the Ixia dashboard can tell you where all your traffic is coming from, which applications and locations are the most active, and which operating systems and devices are on the network—valuable information for performance management. 

SUMMARY

 As you move more workloads to private cloud environments, be sure to consider a visibility solution that will let you access and visualize your cloud traffic. Don't let blind spots in your network result in security breaches, application bottlenecks, or dissatisfied users.

Thanks to Ixia and author Lora O'Haver for this article.

Related Posts

Leave Comments