Alexandre Aeschbach, Chief Solution Architect – emitec ag
Agenda
Data Acquisition inside the Cloud
Monitoring inside the Cloud
Data Acquisition in the Cloud
5© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
IDS
IDS
Forensics Tool
DLP
Security and
Performance
Monitoring Tools
VIRTUAL DATA CENTER – THE CHALLENGEMost Virtual traffic is not seen by security and analytics tools
?
Most East-West
Traffic is NOT Seen
by Security/Analytics
Forensics
Tool
• Harder to enforce security
policies with dynamic
environment
• End-to-end monitoring
involves multiple locations
• East-west traffic between
VMs is Hidden from tools
• Virtual Workloads move – can’t
track by IP address, protocol and
port
Web
Production Network
Host
AP
P
D
B
App DB
East-WestTraffic NOT
Seen by Network Monitoring Tools
• Harder to assure quality for
time sensitive applications on
software based infrastructure
6© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CLOUDLENS
Visibility platform across every cloud environment - public, private, and hybrid clouds
7© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CLOUDLENS
PRIVATE
8© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CloudLens
Manager
V
M
Production NetworkMonitoring
Network
vTap
ESXi
Hyper-V
OpenStack - KVM
V
M
V
M
Policy Updates
GRE, VLAN, ERSPAN
VIRTUAL MOBILE OPERATOR VISIBILITY
EPC traffic
9© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CLOUDLENS PRIVATE - VISIBILITY PLATFORM
CloudLens vTap (ex-Phantom vTap)
Tap Virtual Traffic in the Private Cloud / Data Center
Intelligent Filtering
OpenStack Integration (TaaS & OVS Support)
CloudLens with PacketStack (Virtual Packet Broker)
Aggregation and Duplication
Get the Packets to the Performance and Monitoring Tools
Packet Processing
CloudLens with AppStack (Application & Threat Intelligence Processing)
NetFlow Generation
Application Intelligence – Geo-location
Application Filtering, Data Masking
CloudLens with MobileStack (Filtering and Load Balancing for Mobile Operators)
GTP Control and User Plane correlation and Load Balancing
Subscriber-aware filtering and sampling
CloudLens Private Today
10© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
UNIFIED VISIBILITY MANAGEMENT
• Complete visibility of inter-VM traffic
• Unified Visibility Management Across Different
Market Leading Hypervisor Platforms
VMware ESXi, Microsoft Hyper-V, KVM,
OpenStack KVM, NSX
• Multi-Tenancy Support in OpenStack
Environments (with TaaS)
• Automated Deployment and Monitoring
• Packet Filtering at the Source for Maximum
Scalability and Low Overhead
CloudLens vTap
11© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CENTRALIZED MANAGEMENT
Central Management of vTaps and Policies
• Key functions
Virtual Taps Deployment & Management
Configuration
License Management
Software Upgrades
• Installation
Can be deployed anywhere as a Virtual Appliance
Can Manage vTaps on Different Hypervisors
Requires a direct path to all monitored hosts
CloudLens Service Manager
12© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
SUPPORTED ENVIRONMENTS
ESXi 5.0 & 5.1 ESXi 5.5 ESXi 6.0 & 6.5
ESXi – vSwitch (Kernel Module) Yes (Default) Yes (1) No
ESXi – vDS(SVM Based)
YesYes (2)
(Default)
Yes (2)
(Default)
ESXi – vSS(SVM Based)
No Yes (2) Yes (2)
CloudLens vTap 4.5
1 For upgrading existing customer or special case2 vCenter support only (No standalone ESXi host)
NSX – vTap 5.0 BETA - Integrated NSX support
KVM – With Open vSwitch (OVS)
• KVM 2.01 and above with OVS 2.0 and above
• Ubuntu 14.04, RHEL7, CENTOS 7
Hyper-V – Windows Server 2012, 2012 R2 and Windows Server 2016
OpenStack – KVM/OVS – Tap-as-a-Service (TaaS)
VMware
13© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CLOUDLENS – KEY ADVANTAGES
• Central management of virtual monitoring and probe deployment
• Automatic VM tracking and policy migration (vMotion/DRS aware)
• Cross-hypervisor compatibility
• Universal policies for automatically monitoring new VMs
• VM based monitoring (vs. port based)
14© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CLOUDLENS PUBLIC
15© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
META-DATA & LOGS vs PACKET DATA
Meta-data & Logs
✓ When the conversation
started
✓ Duration of the
conversation
✓ Type of conversation
Cloud
Services
Packet-data
✓ When the conversation
started
✓ Duration of the
conversation
✓ Type of conversation
✓ Copy of the actual
conversation
Cannot identify the malicious
content
Malicious content
identified
16© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
17© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
CLOUDLENS FOR THE HYBRID CLOUD
App
Group
Web
Group
Security
Group
DB
Group
CloudCloud Cloud
Virtual
Tools
Guest VM
ESXi Hypervisor
Monitoring Network
Physical Tools
GRE,
VLAN,
ERSPA
N
USERS
18© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Ixia Confidential| See disclaimer on slide 2 of this presentation|
Monitoring in the Cloud
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY19
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY20
Making the Invisible Visible
Monitoring within a virtual environment
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY21
The Complexity Challenge
Underlay Networks
Broadband2G/3G/4G/5G Internet MPLS EthernetPhysical
Elements
Virtual Service Infrastructure
Virtual
HW & SW
uCPE vCPE Data
Center
POP Edge
OpenStack VMware
Overlay Networks
Virtualized
Services VNF Service Chains
VNF VNF… vEPC SD-WAN
vIMS vSBC
VNF…Orchestration & Management
SDN Control Policy
EMS/NMSAutomation ETSI MANOONAP
Enterprise
Mobile
Fixed
How do you Assure End-to-End, Multi-layer, Multi-domain Services?
SaaS
Public
Cloud
Private
Cloud
The Software Defined Data Center - SDDC
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY22
vSCOUT Deployment Options
Agent Virtual Machine ContainerPlug-in
• Traffic acquisition from local interface
• Hypervisor independent, supports popular Linux/Windows distro’s
• Traffic acquisition from virtual switch
• Supports vSphere, KVM/OpenStack, Cisco NEXUS virtual switch
• OpenStack - Acquires traffic via Neutron plugin
• VMware/NSX – Acquires traffic as using NetX API
• Traffic acquisition via Docker bridge in the O/S
• Self contained
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY23
vSCOUT Examples• Virtual Smart Tap with Smart Visibility
vNIC
…VNF
vSCOUT
VNF VNF VNF
vSCOUT
Plugin
Virtual Infrastructure Manager
Hardware
vSCOUT
vNIC vNIC
…VNF VNF
vNIC
vSwitch
VNF Embedded Plugin – OpenStack, VMware
• Smart Visibility
ASI metrics per VNF
Minimal Overhead
• Smart TAP
ASI Metrics at source
Traffic forwarding & filtering
• Small footprint
Non dedicated cores
< 1vCPU
• Public/Private Cloud
AWS, Azure
OpenStack, VMware
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY24
vSTREAM
• Virtual Machine
VNF with multiple flavors
• 24x7
Packet capture, Session trace
• Personality
Next Generation or TEK Classic
• Fast I/O
DPDK, SR-IOV & PCI Pass through
• Orchestration
ETSI/MANO, OSM Certified
vNIC
…VNF VNF …VNF VNF
Virtual Infrastructure Manager
Hardware
vNIC vNIC
…VNF VNF
vNIC
vSwitch
VNFVNF
vSTREAM
vNIC
vSCOUT
Plugin
Packet Forwarding
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY25
vSTREAM• Monitoring at the source
• Virtual Machine
Reduce resources to what is needed, CPU, Diskspace
• 24x7
Packet capture without duplication of the traffic, Session trace
• Personality
Next Generation or TEK Classic
• Reduce Traffic load
Only smart data are transferred over the network, ASRs /
Packets on demand
• Orchestration
ETSI/MANO, OSM Certified
…VNF VNF
vNIC
…VNF VNF
vNIC
vSwitch
VNFVNF
vSTREAM
vNIC
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY26
vSCOUT and ISNG
• Forwarding into existing
Infrastructure
GRE tunnel
• Multi- Consumer Environment
e.g. Security
• 24x7
Packet capture, Session trace
Enhanced packet retention
• Personality
Next Generation or TEK Classic
vNIC
…VNF VNF
Virtual Infrastructure Manager
Hardware
vNIC
VNF
vSCOUT
Plugin
GRE Tunnel
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY27
vSTREAM Orchestration
…VNF VNF
vNIC
VNF VNF
vSwitch
VNFVNF
vSTREAM
vNIC
vNIC
…VNF VNF
vNIC
VNF VNF
vSwitch
VNFVNF
vNIC
NG1
1
Deploy VaaS
2
Instantiate vSTREAM
3
Se
tup
Tra
ffic
Mirro
ring
NFVO
• Orchestration Friendly
REST APIs
• Service Chaining/Deployment
NSDs and VNFDs
• Based on ETSI MANO
OSM Certified @ Telefonica
TACKER
NVFO
COPYRIGHT © 2018 NETSCOUT SYSTEMS, INC. | CONFIDENTIAL & PROPRIETARY28
Fragen?