What is Visibility-as-a-Service (VaaS)?
Visibility-as-a-Service enables IT organizations to access network traffic across their entire infrastructure on demand, whether it resides in a public or private cloud, branch office, campus, or data center.
Network visibility is key to the performance and security of your network and the applications that run on it. However, access to the network to tap into data flows may not always be easy. When workloads transit the public cloud, visibility can be lost. To address this, VaaS is emerging to enable access across any deployment and in particular the public cloud.
IT Organizations choose VaaS to:
- Better manage their budget depending on whether they have OpEx or CapEx. VaaS enables them to have the same granular visibility as their own internal networks but with an OpEx model.
- Pay as they go and pay only for what they use based on consumption.
- Enable easy scale up and scale down of their visibility solution to meet current needs.
Public Cloud Visibility Challenges
Visibility is the foundation for providing application and network performance monitoring as well as security and trouble shooting. Within a traditional data center, IT uses taps and bypass switches (Ethernet/optical), to get packet visibility. In addition packet brokers can be used for advanced packet analysis.
Enterprise applications are currently making a dramatic shift from traditional data centers to the public cloud. Proving visibility and in turn security in such diverse environments has become a huge challenge. The average company uses between 10 and 16 cloud applications according to one business survey. With more and more cloud-based apps, more data is moving outside the traditional data center.
IT needs to focus on security and compliance for their instances and usage, which can best be addressed with a cloud visibility solution. VaaS enables organizations to view their public cloud network traffic in an elastic and scalable manner.
Blind Spots in the Public Cloud
Security needs to see all traffic to be able to be effective. Public clouds could create blindspots for traditional approaches in visibility. Beyond that, the way VaaS is implemented can result in significant advantages to the IT department.
When choosing a VaaS solution, the implementation architecture has implications on the effort and resources needed by the IT organization. Some VaaS solutions are implemented as Infrastructure-as-a-Service (IaaS). IT needs to install, configure, and ensure uptime of the visibility solution in the cloud within a virtual machine (VM). Cloud traffic requiring monitoring is transported to the VM. This can quickly drive up the bandwidth used and costs that IT pays to the cloud service provider.
A more elegant architectural approach is to use a SaaS model that requires minimal IT installation, maintenance, and uptime assurance. Choosing a VaaS implementation that is SaaS-based provides a platform agnostic, scalable and independently accessible anywhere deployment. Whether you are using Amazon Web Services, Microsoft Azure, or Google Cloud, your experience is the same. Lastly, architectures that filter the data in the source instance and only send the needed packets or metadata to the security, performance, or analytics tools, consume much less cloud bandwidth saving IT money.
CloudLens: A SaaS Visibility Solution
CloudLens provides VaaS and is implemented as a SaaS. CloudLens uses a serverless architecture with two components: a SaaS with a web-interface where cloud visibility is managed, and a Docker-based container that sits within source instances (sensors) and tool instances (connectors) in a customer’s environment. The SaaS platform does all the heavy lifting, so customers do not have to change their cloud architectures.
Filtering and packet brokering take place via the sensors in the source instance, and filtered packet data is sent over a secure overlay path, to the CloudLens connector in the security and monitoring tool instances. One CloudLens sensor can route to multiple tools.
"Adoption of public cloud services will be limited by the performance and security of enterprise applications and workloads processed in cloud environments. Ixia’s CloudLens Public offers enterprises ‘visibility-as-a-service,' where all of the packet brokering takes place at the source. This could enhance scalability and network agility.”
“Given lack of access to the physical layer, network visibility is a top concern for security professionals charged with securing their organization’s use of the cloud."