Elastic Visibility In The Cloud Should Not Be A Stretch
Cloud is fast becoming the new normal: the latest Cisco Global Cloud Index predicts that by 2020, 92% of workloads will be processed in public and private cloud data centers, and just 8% in physical data centers. As this shift happens, it’s also raising a complex issue for organizations’ IT teams: how do they get visibility into what isn’t physically there?
Cloud environments deliver elastic scalability and flexibility, and they cost less to operate and manage than physical environments. But this comes at a cost, and the price is visibility and insight into cloud environments. In early 2015 when we surveyed a range of businesses on their virtualization practices, just 37% monitored their virtualized environments with the same rigor as their physical networks. A recent Info World article by Dave Linthicum indicates the wave is finally coming.
It raises the question of how organizations go about bridging that visibility gap, i.e. to deliver the same level of insight and transparency into their cloud environments as you have in their physical networks? Light Reading recently published our article looking at the key requirements and best-practice approaches for visibility and monitoring in virtual environments, and here’s a recap of the four key principles we outlined:
1. Horizontal scale
Since elastic scalability is one of the key drivers for migrating to a cloud environment, when you place virtual taps in a virtual network, you need to be certain that they can handle rapid growth in traffic volumes, user numbers and data interactions. Manual intervention is not the way to go – it undoes all of the flexibility and scalability you were hoping to gain. Instead, your taps should be able to scale and flex automatically, without impacting application performance.
2. Segmented security
Your cloud environment should, of course, be segmented to prevent lateral movement by malicious parties within your network and to protect key applications. As such, your virtual taps need to be able to see the application and network traffic flowing between segments.
3. More containers
As virtual machine use grows, container use multiplies even faster – by as much as 10-fold or more, as each application may employ multiple containers. If you are using container-based virtualization to boost application performance, the virtual tap must be able to access traffic in the container environment.
4. DevOps elasticity
Every time your DevOps team puts out a new application or service – or updates an existing one – then that update propagates across the entire virtual environment. These changes absolutely must not block traffic paths, nor take down your virtual taps.
These four principles of managing your virtual taps apply whether you are operating a public cloud, private cloud or software defined wide-area network (SD-WAN). Then, once you have deployed those taps, you are ready to start processing packets using a network packet broker to filter and control the volumes of traffic.
In conclusion, you don’t have to trade visibility to gain cloud speed and cost advantages: with the right visibility architecture, you can have both, without strain.