CLOUDLENS Visibility Platform for Private Public and Hybrid
CLOUDLENS Visibility Platform for Private, Public and Hybrid Clouds Christophe Olivier – Sr. Product Manager – Visibility & Virtualization © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 1
AGENDA • Virtualization - Trends and Challenges • Cloud. Lens Explained • Cloud. Lens v. Tap – Open. Stack • Demo – East West Traffic Monitoring in Open. Stack Environment © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 2
Ixia’s Strength and Global Reach TOTAL $517 MILLION HISTORY 6, 000+ 1 ST GLOBAL CUSTOMERS TO MARKET INNOVATION S Founded: 1997 Publically Traded: XXIA Key Acquisitions: - 2009 Catapult Comm. - 2011 Veriwave - 2012 Anue Systems - 2012 Breaking. Point - 2013 Net Optics - 2017 Ixia is now part of Keysight Technologies © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 3
ENTERPRISE NETWORK EVOLUTION More data is created and accessed everywhere now Then Now Internet of Things Distributed Network Mobile Devices Private & Public Cloud SSL APIs Virtualization © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 4
THE NETWORK PERIMETER IS VANISHING More cloud. More mobility. More data. • 25% of corporate data traffic will bypass traditional security defenses and flow directly from mobile devices to the cloud by 2018 – Gartner ’ 13 Saa. S Mobile Devices • 48% of companies have workload portability across public and private cloud resources – Verizon 2016 • Cloud security at AWS is the highest priority …Built to meet the requirements of the most security-sensitive organizations. • By 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures ~ Gartner 2017 Io. T Cloud Branch Office Virtual DC © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 5 Private Cloud SP Network Public Cloud
VIRTUAL DATA CENTER – THE CHALLENGE Most Virtual traffic is not seen by security and analytics tools Security and Performance Monitoring Tools Host Web App APP DB DB IDS Forensics Tool Production Network Forensics Tool • End-to-end monitoring involves multiple locations • East-west traffic between VMs is Hidden from tools DLP East-West Traffic NOT Seen by Network Monitoring Tools ? • Virtual Workloads move – can’t track by IP address, protocol and port Most East-West Traffic is NOT Seen by Security/Analytics © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. • Harder to enforce security policies with dynamic environment | 6
IXIA VIRTUAL SECURITY FABRIC The Security and Monitoring Fabric • Monitor virtual traffic at the branch office, data center or cloud • Capture and send packets and flows of interest to monitoring tools Virtual Data Center Branch Office Virtual Visibility Fabric • Support both physical and virtual environments • Limit amount, type of data sent to monitoring tools, adjust dynamically Data Access Anywhere Context Aware Data Processing Intelligent Adaptive Monitoring • Tenant aware Private Cloud © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. Public Cloud | 7 Cloud SP Network
CLOUDLENS Visibility across all your cloud environments - Public, Private, and Hybrid clouds © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 8
CLOUDLENS - VISIBILITY INTELLIGENCE Branch Office Virtual Data Center Private Cloud SP Network Public Cloud. Lens – Virtual Tapping – Packet & Application Intelligence Processing Packet. Stack Net. Stack App. Stack Filtering Deduplication Application Filtering Aggregation Header Stripping Optional Reg. Ex filtering Replication Protocol Trimming Geolocation & Tagging Load Balancing GRE Tunneling Net. Flow & Ix. Flow Data Masking PCAP Real-time Dashboard © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 9
CLOUDLENS (PRIVATE CLOUD) SOLUTIONS Ixia Application & Threat Intelligence 3 rd Party Analytics and Monitoring Apps Adaptive, Intelligent Monitoring Intelligent Packet Processing Clould. Lens Management API Splunk Vision ONE NPB NTO 7300 NPB Virtual Packet Broker Plixr Scrutinizer De-duplication Data Masking Application Filtering SSL Decryption Packet Trimming GRE Tunnel Termination Net. Flow Generation Adaptive Packet Filtering Packet Capture Time Stamping Load Balancing Geo Location Data Access Everywhere API Cloud. Lens Virtual Tap (v. Tap) © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. API | 10
CLOUDLENS VIRTUAL TAPPING - VTAP 2 Virtual Tapping (v. Tap) Methods for Open. Stack Environment KVM/OVS • Integrates with Nova Services • Dependent on OVS – Compute access from Administrator • Well suited for infrastructure monitoring • No tenant footprint (tapping occurs in OVS) • Less virtual infrastructure overhead Tap As A Service (Taa. S) • Integration with Open. Stack Nova and Neutron Services • No Compute Access Needed • Requires Open. Stack updates (Taa. S) • Per Tenant Service Deployment using Heat Template • Service VM implementation – Controlled Resource Allocation • Monitoring at the Tenant level (Multi-tenancy Support) • Efficient and Easier integration with virtual Probes – More End Point Monitoring © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 11
BENEFITS § Multi Tenant Support - Aware of Open. Stack Objects § Integrated Solution for Physical, and Virtual Environments § Uses Best Network Capabilities for Monitoring – Flexible Solution § IXIA Service Manager can Work Across Many Platforms and Control other IXIA Services for Better Integration § REST API Available for Automation § Scale to Monitor Large Environments § Integration with Open. Stack, Event, Metadata Systems (Tags) § React to VM Migration and Dynamic Compute and Network Changes © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 12 | 12
DEMO © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 13
CLOUDLENS – DEMO East West Visibility Monitoring in Openstack Service Manager 1 1. v. Tap Lifecycle Mgmt. 2. Policy Management 3. HA 4. Event Handling 5. Automation Mo nit VM ored Compute Node E/W Traffic Taa. S v. Tap Svc Selective mirror Traffic GRE Tunnel Production Network © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. Monitoring Node 3 | 14 4 Setup Open. Stack + Taa. S 2 Install v. Tap Environment 3 Tap Traffic 4 Send Monitored Traffic to Aggregator 5 Net. Flow sent to Netflow Collector 5 Cl o Ap ud. L p. S en tac s k Cl Pa oud ck Le et. S ns tac k Controller Node Mo nit VM ored 2 1 Monitoring Tools SPLUNK-Scrutinizer NTOP Monitored VMs: Traffic generated by Ixia Ix. Chariot
Thank You © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 15
- Slides: 15