Net Optics and VMware
The Virtual Monitoring Challenge
Enterprises have been utilizing Tap solutions for network traffic access for many years. Traffic capture, analysis, replay, and logging are now part of every well-managed network environment. In recent years, the significant shift to virtualization—with penetration exceeding 50%—is yielding great benefits in efficiency. However, today’s virtualization-based deployments create challenges for network security, compliance, and performance monitoring. This is because Inter-VM traffic is optimized to speed up connections and minimize network utilization. This imposes invisibility on physical tools unable to extend easily into the new environments. Costly new virtualization-specific tools plus training can affect the economic benefits and cost-savings of virtualizing. Currently, many tools suffer from limited throughput, hypervisor incompatibility, and excessive resource utilization.
Virtual infrastructures use hypervisor technology to deploy multiple computing environments on a single physical (hardware) server, or across a group of physical servers. Traditional Taps cannot see the traffic between the VMs that reside on the same hypervisor, nor can they “follow” specific VMs as automation moves them from one hypervisor to another to optimize efficiency and availability.
Visibility is further reduced by the complexity of blade servers: with each blade running multiple VMs on a hypervisor. Traffic between the blades running on a dedicated backplane is also invisible to the physical network and its attached tools.
The Phantom Virtualization Tap Solution
The Phantom suite of software products provides 100% visibility of virtual network traffic, including the unseen inter-VM traffic on ESXi Stack. This milestone solution has now expanded to support the industry’s leading hypervisor. The Phantom Monitor installs in the hypervisor kernel above the virtual switch. It is a software implementation of a switching mechanism that manages communications between virtual network devices and works identically to the physical switch. The Phantom Monitor can replicate all traffic within the virtual switch, apply smart TapFlow™ filtering, and send traffic of interest to any monitoring tools of choice. It can even pass the replicated traffic to a physical port so physical tools can monitor the data. Virtual traffic is bridged to the physical world in an encapsulated tunnel that can be terminated by a Net Optics xFilter™, Phantom HD™ or at any capable termination point of your choosing.
- 100 percent visibility of traffic between Virtual Machines (VMs) and inter-blade visibility
- Installs in hypervisor kernel for full traffic visibility
- Enables visibility and control of network traffic in VMware vSphere ESX/ESXi Server 4.X/5.X
- Generates Layer 2-4 statistics (packet count, utilization, etc.)
- TapFlow™ multi-layer L2-4 filtering engine
- Extends monitoring and access into the Inter-VM networking layer (East-West Traffic)
- Applies existing physical monitoring tools, processes, and procedures to the virtual network
- No interference with the data stream or VMs (no agents or services on VMs)
- No modifications needed in VMs
- Replicates Inter-VM traffic to virtual and physical monitoring tools of choice
- Sends mirrored traffic out physical NICs in encapsulated tunnels
Net Optics and VMware Team Up to Deliver Full Visibility, Automation, Flexibility and Scalability for Comprehensive Monitoring for Virtual Environments.
The Phantom Virtualization Tap provides these unique capabilities to your VMware virtual computing environment:
- A solution that performs network monitoring at the hypervisor kernel level providing full view of the traffic flowing between VMs, regardless of their current physical locations
- Implemented at the kernel; delivers the ability to differentiate between specific VM instances in replicated environments, and keep monitoring and logging the VMs even as they are moved between hypervisors (different physical servers or locations)
- The industry’s only integrated solution for converged (virtual and physical) environments. Fully hypervisor-agnostic and virtual switch-agnostic, the Phantom Virtualization Tap works seamlessly with Net Optics’ Director series of data monitoring switches
- Net Optics Indigo Pro™—a unified network management tool —provides an easy-to-use, Web-based GUI interface
Thanks to Net Optics for the article.