A visibility architecture is essential for security, network and integrated, service-oriented operations teams to establish and maintain a continuous awareness of activity, health, and performance of applications and infrastructure. Such awareness is only possible with continuous, reliable network visibility. But this is not an easy task when network and security professionals must ensure security and proactively meet performance expectations in dynamic, virtualized environments with increasingly diverse mobile end points and application deployments. “Visibility is critical for all enterprise organizations, but especially for companies worried about security blind spots and corresponding compliance issues, and for companies struggling to deliver on their IT service level agreements and key performance indicators,” says Michael Scheppke, senior director of Sales at Ixia. With inter-virtual machine (VM) and cross-blade data center traffic becoming the dominant portion of data center traffic, organizations must overcome the challenge of end-to-end visibility. Network blind spots must be removed with a comprehensive architecture that integrates three key frameworks – network visibility, virtual visibility, and inline security.
The network visibility framework supports out-of-band monitoring in the physical network. Benefits include speedier network event diagnosis and automated service provisioning. Here, network packet brokers (NPBs) perform aggregation and filtering, packet deduplication and static/dynamic load balancing to optimize tool performance while supporting 10/100MB, 1GE, 10GE, 40GE and 100GE solutions. Additionally, carrier-class high-availability features provide mission-critical reliability and resilience as well as security. A visibility architecture that collects, manages and distributes packet streams for monitoring and analysis purposes is becoming the best approach to achieving cost-effective, reliable and resilient packet-based monitoring and analysis, according to Enterprise Management Associates (EMA), an industry analyst firm. Ixia’s Visibility Architecture, for example, offers an easy-to-use control panel to manage these network visibility features while its RESTful API allows for data center service provisioning and orchestration systems integration. A recently introduced Packet Capture Module also helps to capture and quickly analyze packets associated with service outages and to establish root cause.
Virtual visibility, when integrated with network visibility, provides a solution to support out-of-band monitoring of traffic across both the physical and virtual networks under a single management platform. Ixia’s single solution for virtual visibility and troubleshooting uses existing network, application, and security visibility tools to monitor inter-VM or east-west traffic, eliminating blind spots in virtualized environments.
Multiple inline security enforcement tools – intrusion prevention systems, next-generation firewalls, data loss prevention systems, SSL decryptors, and web application firewalls – should not slow or block application traffic. Key considerations include fail-safe deployment of inline security devices at any point in the network and bi-directional heartbeat monitoring to prevent congestion, latency or failures of these devices from impacting network uptime and critical security postures. The downside is that data centers must reduce the risks of deploying packet-based monitoring and analysis tools fully, and ensure the tools’ effectiveness in security and in aiding network and application performance, EMA analysts point out. To minimize these risks, Ixia’s Application and Threat Intelligence (ATI) Processor delivers smart contextual metadata to monitoring tools enabling IT organizations to gain better network, application and security insights for better decisions. Real-time information about users and applications – raw packets, filtered packets or metadata – helps IT organizations within large enterprises and service providers to identify, locate and track network applications, including proprietary, mobile and malicious traffic. The ATI Processor enhances NPBs with Distinct Application Fingerprints and a patent-pending dynamic identification capability for unknown applications to track application success and failure. “Ixia’s ATI Processor [provides our] Network Analysis and Recorder appliances with not just packets, but rich data on applications, geography and users.” said Tim McCreery, president of WildPackets. “By offloading these vital CPU intensive tasks, [we] can provide even more real-time visibility into the entire network while recording high-speed traffic for advanced forensics. The joint solution allows customers faster troubleshooting, reduced time to resolution, and shorter network downtime.”
“The importance of understanding application performance, service quality and security integrity from the network perspective has been steadily rising in both enterprise and service provider settings,” said Jim Frey, EMA’s vice president of Research, Network Management. “Such visibility is essential for timely assurance and protection of complex applications despite growing traffic volumes and increasing diversity in how end users and subscribers access applications and services.” But not all technology vendors can deliver a complete visibility architecture solution that fully addresses the needs of today’s data centers. “While fully functional NPBs are the capstones of a visibility architecture”, EMA recommends that “network and infrastructure managers pay particular attention to vendors’ solution completeness, scalability, and flexibility, with further emphasis on manageability and integration per specific organizational context and needs”. “Ixia can help companies achieve end-to-end network and application visibility and security,” says Scheppke. “Ixia’s Visibility Architecture easily integrates into data center environments and delivers the control and simplicity necessary to improve the usefulness of existing tools. Companies no longer have to make compromises regarding network, application and security visibility.” Thanks to Network Asia for the article.