CloudLens Self-Hosted

Overview

Enterprises are adopting cloud technologies in order to leverage the flexibility and power advantages of virtualized environments; they are adopting private cloud technology in order to increase control and reduce costs. However, the limited view of virtualized network traffic creates network blind spots for virtual or physical datacenter security, monitoring and analytics tools.

Keysight CloudLens™ Self-Hosted, part of the broader CloudLens platform, provides a complete cloudbased visibility solution for virtual network traffic. With CloudLens Self-Hosted you can mirror data, filter and forward traffic between virtual machines, or Kubernetes container Pods, and data center tools. It includes two core capabilities. First, an ability to virtually tap (vTap) or capture, filter and forward a copy network traffic directly to either tools or a network packet broker. Second, it can operate as a virtualized network packet broker, allowing aggregation, filtering, deduplication of virtual network traffic all within a private cloud.

The private cloud monitoring challenge

All networks are inevitably exposed to increasingly complex and advanced security risks and threats. The key is to identify the risks and threats as quickly as possible and take effective action. The goal of a total visibility architecture is to give you access to all the data that crosses your networks, so you can make informed decisions about how to best protect your business and its data, and ultimately deliver an excellent customer experience.

There are two main aspects to every network visibility solution:

1.     Capturing all network traffic, and

2.     Aggregating, filtering, de-duplicating and modifying the collected network traffic prior to it being forwarded to performance, monitoring and security tools

For collecting the network traffic, traditionally the best method to capture all traffic on a network link is by using a network tap. Taps provide continuous, non-disruptive network access and have

these characteristics:

• Receive all traffic on a network link

• Require little to no configuration and can be installed at any time

• Are not IP addressable so they aren’t vulnerable to remote attacker access

• Do not introduce delay or alter the content of the data

For aggregating, filtering, de-duplicating and modifying network traffic the traditional approach is a physical network packet broker (NPB). NPBs are used to process packets and send select packets to specific tools, based on what they are designed to monitor and inspect. NPBs aggregate raw or filtered traffic from multiple monitoring points across your network and filter and de-duplicate packets so your tools receive only relevant traffic. This reduces data congestion, minimizes false positives, and allows you to handle traffic with fewer monitoring devices.

However, in today’s virtualized deployments, both of these aspects are a challenge:

1.     Collecting virtualized network traffic, between virtual workloads or east-west (inter-VM or intercontainer Pod), where a traditional physical tap has no visibility

2.     Ensuring that the visibility solution scales with the dynamic nature of the private cloud. If virtualized network traffic must be processed by a physical network packet broker, then manual intervention is required to add new resources, and complexities increase.

CloudLens Self-Hosted addresses both of these problems with two main components, a virtual tapping (vTap) capability which gathers, filters and forwards virtual workload traffic, and a virtual packet processing capability which aggregates, filters, deduplicates and forwards traffic to both virtual and physical datacenter tools. Additionally, CloudLens offers the ability to dynamically detect specific applications, and threats, not just application types or categories, filtering and forwarding real-time network traffic to appropriate tools for further security, performance or forensic analysis.