& cplSiteName &

Elastic Visibility Into Your Clouds – Without the Strain

Jeff Harris
1/10/2017
50%
50%

The rapid move to the cloud is understandable since it is so alluring: It is elastic, costs less to operate and manage and is scalable -- enhancing business agility. The latest Cisco Global Cloud Index states that by 2020, 92% of workloads will be processed in public and private cloud data centers and just 8% in physical data centers. But in engineering, there is no such thing as getting something for nothing. With cloud migration, the benefits of agility are realized at the expense of visibility and control.

When we surveyed a range of businesses on their virtualization practices, just 37% monitored their virtualized environments with the same rigor as their physical networks, revealing a big visibility gap when it comes to the cloud. While it may seem like a worthwhile trade-off today, it won't be if and when things go wrong.

For instance, malicious activity can happen right under a company's nose considering a significant portion of network traffic in virtualized environments doesn’t even hit a physical link or traditional monitoring tool. Moreover, virtualized networks introduce additional software layers that could be riddled with bugs. Organizations need to monitor their virtual networks even more rigorously than their physical counterparts. Not a risk worth taking, the visibility gap needs to be bridged quickly to ensure better control, maintain security no matter where their data goes and confirm the reliability of core business applications.

Inserting virtual network taps into the virtualized environment and sending the traffic to their monitoring, analytics and security tools should help the problem. Unfortunately, doing this would quickly flood these tools with data because internal "East-West" traffic in virtual data centers typically represents 80% of the total traffic. It would be like connecting a lawn sprinkler to a fire hydrant. Identifying and extracting only relevant traffic is key, but how can that efficiently be done efficiently? More so, how can virtual taps handle scaling up and down as virtual machines emerge and dissolve? Let's take a closer look at the key requirements for visibility and monitoring in virtual environments.

There are four key points to consider when deploying virtual for meaningful, granular access to critical application traffic on virtualized networks.


Want to know more about the companies, people and organizations driving developments in the test, monitoring and assurance sector? Check out Testapedia, the most comprehensive online resource covering the telecom test and measurement industry.


Horizontal scale: Cloud environments are attractive because they can scale up and down rapidly as user demands and workloads change. When placing virtual taps in a virtual network, ensure they can scale up to accommodate rapid growth in traffic volumes as well as user numbers and data interactions. The taps should do this automatically, without IT intervention. Virtualization means agility, so if an application or service expands to handle 10x or 100x the number of users, make sure the virtual tap in use can scale elastically -- without impacting application performance.

Securing in the dark: Virtualized networks are typically segmented using virtual firewalls to protect key applications and services from attack and to prevent compromising lateral movement in the virtualized environment. So the virtual taps used need to see the application and network traffic flowing between segments. With this comprehensive insight, it’s easier to make sure the appropriate security rules and policies governing each segment are being enforced.

More containers: As virtual machine use grows, container use multiplies even faster by as much as 10x or more since each application may employ multiple containers. An organization using container-based virtualization to boost application performance must have virtual taps that can access traffic in the container environment.

DevOps elasticity: When the DevOps team puts out a new build -- which doesn’t just cover new applications and services, but also updates to existing ones -- then that update propagates across the virtual environment. Individual virtual machines, containers and their hosted applications have shorter and shorter lifespans requiring continual awareness of the actual state of the environment. It is vital that these changes not block the entire traffic path or take the virtual tap down. As an example, consider how to archive and retrieve monitored traffic from a container that no longer exists. The tap is your sentinel, which has to maintain pervasive access to traffic to enable you to see what is happening on the virtual network: it must be fault-tolerant, even if the application it is monitoring fails.

These four points apply when monitoring any virtualized environment, whether public cloud, private cloud or software defined wide-area networks (SD-WANs). The virtual taps and the overall visibility solution need to be completely environment-agnostic.

Once the virtual taps have been deployed to extract traffic from the virtual machines in an environment, organizations can start processing packets. This can be done via network packet brokers, which keep duplicate data from overwhelming monitoring and security tools while ensuring they scale up/down as needed. Ultimately, data traffic should be broken up into manageable pieces using packet filtering, grooming and brokering processes, so security systems and analytics tools see everything.

Elastically scalable access is achievable for all the data crossing virtual networks and clouds through intelligent distribution to analytics and compliance tools. You do not have to give up visibility to gain cloud speed and cost advantages. Fortunately, you can have both with the right architecture.


CALLING ALL TEST, ASSURANCE AND MONITORING COMPANIES:
Make sure your company and services are listed free of charge at Testapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the telecom test and measurement industry.



(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
1/10/2017 | 4:09:03 PM
Visibility
I have long thought that these new systems, powered by servers far away and shuttled around with software - remain vulnerable. 

An improvement in visibility tools is certainly something that is needed. It will come, it's juts going to take time for there to be a footing in what we're looking for in these systems. 
More Blogs from Column
Don't get tripped up by these myths about the European Union's General Data Protection Regulation (GDPR).
What comes after blazing broadband for the 5G specification?
How well-equipped are European operators to handle a surge in mobile data traffic on their 4G networks?
It's easy to get caught up in the negative side of the tech sector, but don't forget we're making some progress with equality as well.
The future of roaming in Europe is all about superior quality of service.
Featured Video
From The Founder
Light Reading founder Steve Saunders talks with VMware's Shekar Ayyar, who explains why cloud architectures are becoming more distributed, what that means for workloads, and why telcos can still be significant cloud services players.
Flash Poll
Upcoming Live Events
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Australia's Optus on Back Foot After 'Anglo Saxon' Job Ad
Ray Le Maistre, Editor-in-Chief, 4/13/2018
Is Gmail Testing Self-Destructing Messages?
Mitch Wagner, Mitch Wagner, Editor, Enterprise Cloud, Light Reading, 4/13/2018
BDAC Blowback – Ex-Chair Arrested
Mari Silbey, Senior Editor, Cable/Video, 4/17/2018
Verizon: Lack of Interoperability, Consistency Slows Automation
Carol Wilson, Editor-at-large, 4/18/2018
AT&T Exec Dishes That He's Not So Hot on Rival-Partner Comcast
Mari Silbey, Senior Editor, Cable/Video, 4/19/2018
Animals with Phones
I Heard There Was a Dresscode... Click Here
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed