There is a mass migration to cloud with 90% of organizations using cloud in some fashion. Coupled with increased internet and mobile traffic, total virtual traffic has proliferated in recent years. This creates a challenge for application performance and security monitoring — how does an organization get granular access to virtual traffic? How do organizations eliminate virtual blind spots that create risk?

CloudLens™, Ixia's platform for public, private and hybrid cloud visibility addresses the challenges of granular data access in the cloud. CloudLens Private, the arm that supports private cloud technologies, is able to tap, filter, process and manipulate traffic all in a cloud environment. CloudLens offers organizations the visibility they need, while keeping aligned to "all cloud," hybrid cloud, multi-cloud or any cloud strategy.  

CloudLens Private

  • Scales programmatically with virtual machines to provide horizontal scale
  • Allows tapping of multi-tenant virtual environments, even where the administrator has limited or no hypervisor access 
  • Supports multiple hypervisors including VMware ESXi and NSX, OpenStack KVM, Hyper-V
  • Unique to the industry, can capture, filter and process packet data - all virtually
  • Reduces bandwidth to tools by filtering packets, eliminating unwanted traffic so tools operate optimally


Elastic Scale Icon

Elastic Scale


Data Access Anywhere

access DATA anywhere



Multi-platform capable


East West Traffic

Accessing Inter-VM, East-West Traffic

A limited view of network traffic makes it challenging to troubleshoot application performance in virtualized environments. Traditional monitoring solutions do not provide visibility into the traffic flowing between Virtual Machines (VMs) residing on the same server. Virtual systems are also tempting targets for breaches due to their limited security historically.

CloudLens Private bridges the gap between virtual and physical networks, extending complete monitoring and access to virtualized environments, including inter-VM traffic.

CloudLens Capabilities

  • Multi-Platform
  • Tap Virtually
  • Virtual Processing
  • Ultimate Flexibility
  • Hypervisor Logos

    CloudLens supports leading hypervisors via a single management interface to support organizations that use a variety of private cloud technology in their buildouts. CloudLens supports intelligent monitoring for OpenStack KVM, VMWare ESXi and NSX, and Microsoft Hyper-V. Moreover, CloudLens is also vSwitch/Router Agnostic (VSS, vDS).

  • CloudLens Private - vTap to Physical NPB

    CloudLens Private enables data capture of inter-VM (virtual machine) traffic, commonly referred to as east-west traffic, with its virtual tapping (vTap) capability. The vTap capability can be used both inline and out-of-band (OOB) and can operate in two modes:

    1. Tap only - in which data is just copied, similar to a physical tap, and then forwarded
    2. Tap and filter - in which data is still copied, but also filtered with basic L2-L4 based criteria, so only relevant data is forwarded

    vTap can forward traffic with a direct route, VLAN, or encapsulated traffic with GRE/ERSPAN tunneling, so data is secure through the process. Data can be delivered either directly to security and monitoring tools or a physical packet broker, comparable to what others in the industry offer. However, CloudLens Private is also able to take that data and process it further with more advanced, intelligent capabilities before forwarding, all while staying in the cloud. This unique ability is what makes CloudLens a true virtual platform!

    Cloud Sensor vTaps can provide access to network traffic in environments where the administrator has limited or no hypervisor access, like with Microsoft Azure Stack. With this implementation, CloudLens vTap sensors run in the virtual workload and provide a hypervisor-agnostic solution. The solution offers L2 to L4 filtering and forwards the tapped traffic with GRE tunneling to any interface available in the virtual workload. 

    The CloudLens Sensor Management Platform (CSMP) integrates with the CloudLens Manager and allows sensors to be deployed on premises, even in security tight environments without internet access.

    See how easy it is to use.

  • CloudLens Private Virtual Processing

    CloudLens is uniquely able to aggregate, filter and process packets virtually. The only visibility solution that is capable of an ALL CLOUD option.

    CloudLens is able to consolidate traffic from its many virtual tapping points to a single data stream. This data stream can then be filtered with Ixia's NetStack, PacketStack and AppStack capabilities. With NetStack, traffic can be aggregated, filtered with L2-L4 criteria and load-balanced, all virtually. Similar to what a physical packet broker can offer, but in the private cloud. Then, PacketStack capabilities can be layered on to deduplicate, strip headers and more. These advanced capabilities have long been available for physical visibility, but Ixia has brought them to the cloud.

    CloudLens does not stop there - it can also go the next step and offer layer 7 based application filtering and NetFlow generation. Ixia's AppStack offers unparalleled capabilities including signature based application detection, geolocation and more. Ixia is the only visibility provider to offer such capabilities for physical visibility and now CloudLens Private makes it available for cloud.

  • CloudLens Private -

    CloudLens provides the most flexibility in design because it can virtually filter and broker packets - allowing many ways to deliver the right data to the right security and monitoring tools

    Route A

    • Send tapped traffic directly to virtual tools
    • Send L2-L4 filtered traffic to virtual tools
    • Send virtually processed, brokered packets to virtual tools

    Route B

    • Send tapped traffic directly to physical tools
    • Send L2-L4 filtered traffic to physical tools
    • Send virtually processed, brokered packets to physical tools

    Route C

    • Send tapped traffic directly to a physical NPB which aggregates, processes and sends to tool
    • Send L2-L4 filtered traffic to a physical NPB which aggregates, processes and sends to tools

A Complete Cloud Solution

Altogether, CloudLens provides a virtual visibility platform that can serve as a bridge between on-premises solutions, but is also capable of providing an ALL CLOUD, complete visibility solution.  


Start at flexible virtual tapping that has the option of basic filtering, and then route traffic any way you need to tools, a physical packet broker, or keep it in CloudLens for further processing. CloudLens enables aggregation, filtering, advanced packet processing, and application-layer intelligence using Ixia's Netstack, PacketStack and AppStack capabilities before delivering the groomed traffic to tools. 


Customize your cloud visibility with CloudLens Private.

CloudLens Private
Easy to install and use

See how easily Christophe Olivier, Senior Product Manager - CloudLens Private, configures vTap.

Provides Control while providing Flexibility and Scale

Private clouds give your users faster, easier access to applications and resources, but how do you monitor and secure applications in the private cloud when you cannot access traffic flowing between virtual machines? Ixia CloudLens can help you see all your east-west traffic and isolate the cloud data your monitoring solutions need.

Visibility Intelligence

Unique to the industry, Ixia not only lets you tap data in the cloud, but also offers virtual packet processing and advanced, layer 7 based, application filtering. Ixia does not require you backhaul traffic to a physical device, but, we provide you the option.

Ixia also offers specialized visibility tailored for the mobile carrier evolved packet core - Learn more here.

Stack up Ixia’s leading visibility intelligence features to optimize your traffic analysis and security tool performance in physical and cloud environment!

To learn more, click on each stack.

NetStack Icon


Robust filtering, aggregation, replication, and more

  • L2- L4 filtering
  • Source port labeling (VLAN tagging & untagging)
  • Aggregation & replication
  • Load balancing
PacketStack Icon


Intelligent packet filtering, manipulation, and transport

  • Deduplication
  • Header (protocol) stripping
  • Packet trimming
  • Data masking
  • GRE tunneling

SecureStack capabilities are not available for this network packet broker or this platform at this time — visit the page to learn more.


Optimized handling for secure traffic

  • Active SSL
  • Passive SSL decryption
  • Threat insights
  • Data masking +
AppStack Icon


Context-aware, signature-based application layer filtering

  • Application identification
  • Geolocation & tagging
  • Optional RegEx filtering
  • IxFlow (NetFlow + metadata)
  • Packet capture
  • Real-time dashboard
MobileStack Icon


Visibility intelligence tailored for the mobile carrier evolved packet core

  • GTP correlation
  • GTP load balancing
  • Subscriber filtering
TradeStack Icon

TradeStack capabilities are not available for this network packet broker or this platform at this time — visit the page to learn more.


Marked data feed monitoring

  • Gap detection
  • Feed and channel health
  • High-resolution traffic statistics
  • Microburst detection
  • Subscription for feed updates
  • Simplified feed management