Lora O'Haver
Senior Solutions Marketing Manager
Blog

Three ways to improve hybrid cloud management

February 15, 2019 by Lora O'Haver

Hybrid cloud is a common IT strategy, but still maturing in terms of management and monitoring. A 2018 Microsoft survey of 1700 global IT professionals found 67% already using or planning to use hybrid cloud, but 49% doing so for the first time.[1] The flexibility of hybrid cloud is a huge benefit, but also increases complexity and poses new management challenges. This post discusses three key questions facing IT managers deploying hybrid cloud.

Diagram of hybrid IT infrastructure

Is your network ready to support a hybrid environment?

Hybrid cloud is dependent on having a network that can connect distributed resources with speed, security, and fidelity—meaning no packet loss. This puts new demands on your network. Ixia’s Nicolas Ribault, Senior Product Development Manager, recently shared his experience working with enterprises on this network transition. He noted that, in order to establish greater control of their network performance, many enterprises adopt software-defined networking (SDN or SD-WAN) as part of their overall migration to a hybrid architecture.

To reduce the risk of suffering an application outage or introducing unacceptable latency, Nicolas suggests network managers set thresholds for key performance metrics such as response times, bandwidth, and packet loss BEFORE adopting a hybrid architecture. Once you have determined acceptable performance levels, you can then generate test traffic to simulate post-deployment behavior and observe whether performance meets expectations.

This type of network monitoring helps you establish control over your hybrid environment. Many times the move to SDN is done to enable network engineers to move workloads to more efficient locations in the network. Running workload tests gives you the information to make better decisions about workload location and helps you focus any fine-tuning before the hybrid network goes live.

A side benefit of running test traffic through your network before cloud deployment is having a map of how traffic moves through your enterprise. In a complex hybrid network, traffic paths are not always straight-forward and not knowing how traffic travels can slow down troubleshooting and extend the mean-time-to-repair performance issues.

Choosing a monitoring platform designed to track both test and live traffic helps you make a seamless transition to production. Ixia’s Hawkeye platform is one such solution. Once your hybrid network is in production, you can gather the same metrics and observe any changes over time that indicate degradation or emerging issues.

How will you secure data and applications in the cloud?

RightScale’s 2018 State of the Cloud surveyfound that 77% of cloud users worry about how to secure their clouds and only half are satisfied with the tools offered by cloud providers.[2] I think this concern reflects the understanding that cloud is a different environment, as well as the fact that cyberattacks are becoming more sophisticated, as hackers learn how to avoid detection and invent new ways of infiltrating networks.

Dave Gold, VP of Infrastructure Solutions at ProtectWise, recently presented on the topic of Securing Data and Applications in the Cloud. The first point he made was how important it is to have continuous visibility into cloud platforms to obtain the detailed data needed for modern threat analysis. He noted that log data, SIEM alerts, or a list of policy violations that cloud providers supply is not sufficient for keeping data and applications secure. He noted that a solution like Ixia’s CloudLens is needed to specifically to see into clouds running on shared infrastructure and provide the kind of data that companies have previously had access to on their data center infrastructure. This allows IT managers to leverage the tools and processes that have served them well in the past, while they begin incorporating new capabilities provided by the faster, more agile IT solutions now available.

One example of blending the traditional and new is the ability to create a time-stamped data lake that holds packet details on past network traffic for a longer period of time. Every attack leaves a trail of evidence and security solutions, such as ProtectWise’s Network Detection and Response platform, are designed to search through network traffic and zero in on anomalies. Because hackers are known to lurk in networks over a long period of time, a data lake can be used to do a more thorough analysis and  identify attacks more accurately and limit losses. No matter which security solution you use, the key is providing the solution with a total view of what flows through the network, so nothing is missed and no blind spots remain for hackers to hide in.

The most efficient way to perform security analysis is to capture data one time and then be prepared to deliver the appropriate subset of data for different types of analyses, often performed by different security solutions. Security monitoring tools today use heuristics, machine learning, and advanced anomaly detection to improve their results and keep up with attackers. The speed of the solution used to deliver the data can make the difference between timely detection and an attack that lingers in your network. This leads us to the final topic.

How will you provide your monitoring solutions with data from your clouds?

Clouds, by nature, are highly dynamic and require continuous monitoring. To help your security and performance monitoring solutions work effectively, you must provide them with complete visibility to traffic across your enterprise. First, make sure you are monitoring all of your network segments. Today’s attackers often move laterally through your network in ways you might not anticipate. If you don’t monitor enough segments, you may not collect all of the clues they leave, which will lengthen the time it takes to identify and stop an attack.

You must also use appropriate technology to capture packets moving between virtual and cloud resources. Traditional taps can copy or intercept traffic as it enters or leaves a physical network switch, but this doesn’t work with software-based network devices. To observe traffic known as east-west, you need to use a virtual tap in the hypervisor layer.

Public cloud providers do not give their customers access to the underlying infrastructure or the hypervisor layer. In these environments you will need to use technology that lets you see packets moving between your cloud instances. The best way to ensure you do not miss any traffic in your clouds is to use a cloud-native technology like the container-based sensors in Ixia’s CloudLens. A cloud-native visibility solution is deployed automatically every time you spin up a new clouds, with no need for manual intervention and no possibility that a cloud is missed.

The most efficient way to supply your monitoring tools is to capture data one time, aggregate and condense it, and deliver the appropriate subset of data to each monitoring tool. A network packet broker (NPB) serves this function. An NPB enables monitoring tools to see and process traffic from across the enterprise. In hybrid environments, you can deploy a physical NPB on-premises, a software-based version of an NPB on a white-box server, or get the same functionality as a cloud-based service. There are multiple ways to deploy a packet broker, but its key functions are what help your monitoring tools work more quickly and accurately. Those functions include packet decryption, packet filtering, packet trimming and stripping, NetFlow generation, and load balancing. You can find out more about Ixia’s Vision Portfolio of NPBs on our website.

SUMMARY

For more information on hybrid cloud management, listen to the recording of the webinar “Easier Hybrid Cloud Management,” presented by Ixia and ProtectWiseand broadcast on February 5, 2019.