Monitoring the Virtual Blind Spot
In our ongoing conversations with your peers, one message has resonated across the board: virtualization is here to stay, and it introduces unforeseen complications and problems into the packet capture and monitoring world.
The term “Virtual Blind Spot” has begun to fly around, but what does it mean? Basically, when you have resources and servers that are virtually moving between hardware boxes, the tried and true methods of monitoring traffic are unlikely to provide the required visibility for maintaining a secure and well-performing data center. After all, if I activate a SPAN to attach an IDS or an Application Monitor, great. But how the heck will I know whether the same traffic streams will be available to those tools over time?
Simple answer: I can’t.
What’s a security, operations, or application performance professional to do? It’s time to look at a different way of managing your monitoring assortment.
It’s time to adopt Monitoring Optimization.
Physically-based monitoring has served us well over the years. But times, they have already changed! For virtual environments, you need a very flexible, yet easy-to-use, monitoring solution. This is exactly what monitoring optimization provides.
In the past, you had to activate a SPAN (or place a Tap inline) to monitor key traffic streams. This was important, since the mirroring practice provided a safe place to monitor without introducing any latency or other risk into the live network segments on your network. The weakness with the old approach is that you can only have one tool for each SPAN or Tap. If you need more than two tools on a switch, tough luck. Go look for some point solutions to band-aid together, regardless of the management nightmare that would ensue. At least the data gets to the tools, right?
Wrong. Even in that scenario, the risks of dropped packets, misconfigured filters, and potential for human error during the “band-aid” process would be more than you may anticipate. Then something goes awry and you have to troubleshoot, and the problem becomes twice as complex. When you throw virtualization and moving resources into the mix, the whole model breaks.
Monitoring Optimization: Virtual Connections For Virtual Environments
Monitoring Optimization, the key technique that you get from the 5200 Series Net Tool Optimizer, employs aggregation, replication, the most advanced filtering on the market, and the most intuitive interface to simplify this whole mess.
It is even more critical than ever to have visibility into all network segments where a virtualized resource may appear. Given the high cost of tools and limited number of available access points, it is impractical to think you can simply buy tools for every candidate network segment for whatever it is you need to monitor (not to mention the management overload you’d personally suffer through if you did choose to go that route).
Monitoring Optimization allows you to simply SPAN or Tap each segment a single time, route it to the Net Tool Optimizer, and leave all important tools attached to the box as well. Then you do all the connections and filtering “virtually”, i.e. right in the product’s fully-integrated GUI.
Simply drag and drop the segments to the tools that need to see the traffic, configure the filters in a matter of minutes using a simple Windows-like interface, and start monitoring. Heck, you could route all network segments to every tool if you like. Just filter down the data appropriately to keep the tools from overloading, and move on with your day.
If something goes wrong and you need to troubleshoot, no problem! Drag across a “virtual” connection from the segment(s) requiring diagnosis, set up the filter, and your diagnostic tool is off to the races. Notice that there’s no need to actually plug and unplug tools, because your connections are all virtual, just like your network! How’s that for minimizing MTTR?
All Virtualized Data Centers Should Have Monitoring Optimization
Yes, when I wrote it I meant it. Every. Single. Virtualized. Data. Center.
We are all squeezed for time. Why spend all day playing around with point solutions or plugging and unplugging tools to get this figured out? Just optimize it and move on! You also get the added benefits of monitoring more of the network without buying more tools, full integration to existing systems (SNMP, TACACS+, etc.), complete control to access based on groups, and a variety of other key features we included specifically to make your job easier.