best practices for building scalable visibility architectures
DESCRIPTION
These slides - based on the Webinar and featuring EMA Vice President of Research, Jim Frey, and Ixia Senior Director, Product Management, Scott Register – cover: •Key goals and objectives of a visibility architecture •Ways in which Network Visibility Controllers (NVCs) are being used, both today and in the future •NVC features and capabilities having the broadest impact and delivering the most value •Architectural and administrative qualities that are making the most difference •Impact of server and network virtualization technologies on technology and product choicesTRANSCRIPT
Best Practices for Building Scalable
Visibility Architectures
February 11, 2014
Jim Frey
VP of Research
Network Management
Enterprise Management Associates
Scott Register
Senior Director
Product Management
Ixia
Today’s Presenters
Slide 2 © 2014 Enterprise Management Associates, Inc.
Jim Frey
Vice President of Research, Network Management
Jim has over 25 years of experience in the computing industry
developing, deploying, managing, and marketing software and
hardware products, with the last 20 of those years spent in network
and infrastructure operations and security management, straddling
both enterprise and service provider sectors.
Scott Register
Senior Director, Product Management
Scott has more than 15 years of experience leading product
management operations for global technology companies. Scott lead
product management at BreakingPoint Systems prior to its acquisition
by Ixia. Other past experience includes leading product lines for Blue
Coat, Permeo, and Check Point Software.
Slide 3
Logistics for Today’s Webinar
• An archived version of the event
recording will be available at
www.enterprisemanagement.com
• Log questions in the Q&A panel located
on the lower right corner of your screen
• Questions will be addressed during the
Q&A session of the event
• A PDF of the PowerPoint
presentation will be available
Questions
Event recording
Event presentation
Agenda
• What is a Visibility Architecture?
• Definitions and Drivers
• Best Practices and Decision Points
• Topology
• Tap or SPAN?
• In-line vs Out-of-Band
• Dealing with Virtualization
• Key Features for NPBs
• Ixia Visibility Solutions
• Wrap-up and Key Takeaways
• Q&A
Slide 4 © 2014 Enterprise Management Associates, Inc.
Visibility Architecture Defined
Slide 5 © 2014 Enterprise Management Associates, Inc.
Systemic approach to establishing access to network traffic
streams for packet-based monitoring and management
purposes
Visibility Architecture Defined
Key Value
• Permanent, adaptive packet stream
management infrastructure for reliable,
resilient, effective network and security
operations
Essential Attributes
• Scalability
• Sustainability
• Flexibility
Slide 6 © 2014 Enterprise Management Associates, Inc.
Systemic approach to establishing access to network traffic
streams for packet-based monitoring and management
purposes
Basic Components of a Visibility Architecture
Slide 7 © 2014 Enterprise Management Associates, Inc.
…
Network Infrastructure
Basic Components of a Visibility Architecture
Slide 8 © 2014 Enterprise Management Associates, Inc.
…
Network Infrastructure
Performance MonitorSecurity Monitor
Packet Recorder
…
Performance Monitor
Packet Analysis & Monitoring Systems
Basic Components of a Visibility Architecture
Slide 9 © 2014 Enterprise Management Associates, Inc.
Performance MonitorSecurity Monitor
Packet Recorder
…
…
Performance Monitor
Network Infrastructure
Packet Analysis & Monitoring Systems
Tap Tap
SPAN SPAN
Basic Components of a Visibility Architecture
Slide 10 © 2014 Enterprise Management Associates, Inc.
Performance MonitorSecurity Monitor
Packet Recorder
…
…
Performance Monitor
Network Infrastructure
Packet Analysis & Monitoring Systems
Tap Tap
SPAN SPAN
Network Visibility Controller
(a.k.a. Network Packet Broker)
…
…
…
Visibility
Architecture
NVC/NPB Defined
Heart of the Visibility Architecture
• Network devices that provide managed access to packet streams from
SPAN and TAPs to network and security analysis tools
NVCs provide advanced features beyond simple “Agg Tap”
• 1:1, 1:M, M:1, and M:M connections between packet sources and
packet consumers (tools)
• Filtering and manipulating packet streams to improve effectiveness and
efficiency of tools
• Load balancing tools for greater resilience
Slide 11 © 2014 Enterprise Management Associates, Inc.
NVC/NPB Defined
Heart of the Visibility Architecture
• Network devices that provide managed access to packet streams from
SPAN and TAPs to network and security analysis tools
NVCs provide advanced features beyond simple “Agg Tap”
• 1:1, 1:M, M:1, and M:M connections between packet sources and
packet consumers (tools)
• Filtering and manipulating packet streams to improve effectiveness and
efficiency of tools
• Load balancing tools for greater resilience
Aliases….
• Network Monitoring Switch
• Matrix/Aggregation Switch
• Data Access Switch
• Distributed Filter Tap
Slide 12 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture?
Network Growing Faster than the Tools!
Slide 13 © 2014 Enterprise Management Associates, Inc.
0% 10% 20% 30% 40% 50%
100M
1G
10G
40G
100G
Current Planned in 12 months
Sept. 2013; Sample Size = 177
Maximum networking link speeds within data center / core networks
Why a Visibility Architecture?
Network Growing Faster than the Tools!
Slide 14 © 2014 Enterprise Management Associates, Inc.
0% 10% 20% 30% 40% 50%
100M
1G
10G
40G
100G
Current Planned in 12 months
Sept. 2013; Sample Size = 177
Maximum networking link speeds within data center / core networks
Tools Challenged to Keep Pace!
Why a Visibility Architecture?
Growing Number of Tools!
Slide 15 © 2014 Enterprise Management Associates, Inc.
0% 10% 20% 30% 40% 50% 60%
Network Performance Monitor
Data Loss Prevention
Intrusion Detection / Prevention
Troubleshooting / Packet Analyzers (e.g. packet “sniffers”)
Compliance Monitor
Data / Packet Recorder
Application Performance Monitor
VoIP / UC / Video Analyzer
Current Planned in 12 months
Sept. 2013; Sample Size = 177
Types of tools attached to NVCs/NPBs
Why a Visibility Architecture?
Growing Number of Tools!
Slide 16 © 2014 Enterprise Management Associates, Inc.
0% 10% 20% 30% 40% 50% 60%
Network Performance Monitor
Data Loss Prevention
Intrusion Detection / Prevention
Troubleshooting / Packet Analyzers (e.g. packet “sniffers”)
Compliance Monitor
Data / Packet Recorder
Application Performance Monitor
VoIP / UC / Video Analyzer
Current Planned in 12 months
Sept. 2013; Sample Size = 177
Types of tools attached to NVCs/NPBs
Can’t accommodate using old/dedicated approach!
Why a Visibility Architecture?
In-Lines Use Cases for Security Deployments
Security priorities: Never Higher
Threat landscape: Never More Daunting
One important answer: Active Enforcement
• Intrusion Prevention Systems (IPS)
• Data Loss Prevention (DLP)
Slide 17 © 2014 Enterprise Management Associates, Inc.
Sept. 2013: Sample Size = 177
Why a Visibility Architecture?
In-Lines Use Cases for Security Deployments
Security priorities: Never Higher
Threat landscape: Never More Daunting
One important answer: Active Enforcement
• Intrusion Prevention Systems (IPS)
• Data Loss Prevention (DLP)
Major concerns
• Performance of IPS, DLP
• Resilience of IPS, DLP
Potential answer
• Highly efficient, packet switching
• Advanced resilience features
Slide 18 © 2014 Enterprise Management Associates, Inc.
Sept. 2013: Sample Size = 177
The MOST TRUSTED namesin networking
Service Providers trust IXIA to: Improve and speed service delivery Speed roll out of next gen services Improve network and application visibility
and performance
Equipment Manufacturers trust IXIA to: Develop next generation devices Speed time to market Improve performance and reliability
Enterprises trust IXIA to: Assess vendor equipment and applications Improve network security posture Improve network and application visibility
and performance
Chip Fabricators trust IXIA to: Validate protocol conformance Speed time to market
trust
Test
Secu
rity Vis
ibili
ty
Who Is Ixia?
Slide 19
Best Practices for Visibility
Architectures
© 2014 Enterprise Management Associates, Inc.Slide 20
Best Practices:
Where NVCs/NPBs Are Deployed
Slide 21 © 2014 Enterprise Management Associates, Inc.
Where has your organization deployed Network Visibility Controllers (NVCs)?
0% 10% 20% 30% 40% 50% 60% 70%
Data center core network
Top of Rack
Data center Edge (ingress/egress)
Campus backbone
Remote sites
DMZ
End of Row
Backhaul links
Other (Please specify)
Current Planned in 12 months
Sept. 2013; Sample Size = 177
Best Practices:
Where NVCs/NPBs Are Deployed
Slide 22 © 2014 Enterprise Management Associates, Inc.
Where has your organization deployed Network Visibility Controllers (NVCs)?
0% 10% 20% 30% 40% 50% 60% 70%
Data center core network
Top of Rack
Data center Edge (ingress/egress)
Campus backbone
Remote sites
DMZ
End of Row
Backhaul links
Other (Please specify)
Current Planned in 12 months
Sept. 2013; Sample Size = 177
Points of Concentration & Control
Poll Question
If you have network or security monitoring tools that require
SPAN ports or TAP connections, do you (select one):
A. Plan to expand use of SPAN ports
B. Plan to expand use of TAPs
C. Plan to add both more SPAN ports and TAPs
D. Have no plans to add more SPAN ports or TAPs
Slide 23 © 2014 Enterprise Management Associates, Inc.
Best Practices:
Mixing SPAN and TAP for Access
Slide 24 © 2014 Enterprise Management Associates, Inc.
Sample Size = 165 (Sept 2009); 177 (Sept 2013)
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
2009
2013
Best Practices:
Mixing SPAN and TAP for Access
Slide 25 © 2014 Enterprise Management Associates, Inc.
Sample Size = 165 (Sept 2009); 177 (Sept 2013)
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
2009
2013
Need Both, but Leaning Towards Taps
Data Deduplication
D C
C
A
A
AA D
EF
C
C B
B
A
F E D
Necessity if using SPAN ports
Increase throughput efficiency to monitoring tools
Reduce monitoring tool overload
Improve monitoring tool processing efficiency
Eliminate duplicate packet storage
Slide 26
Best Practices:
In-Line vs. Out-of-Band deployments
Slide 27 © 2014 Enterprise Management Associates, Inc.
Sept. 2013: Sample Size = 177
40%
50%
10%
Yes – currently
deployed in-line
No, but planning
to do so
No, and no plans to do so
Are NVCs deployed in-line anywhere within your organization's network?
Best Practices:
In-Line vs. Out-of-Band deployments
Slide 28 © 2014 Enterprise Management Associates, Inc.
Sept. 2013: Sample Size = 177
40%
50%
10%
Yes – currently
deployed in-line
No, but planning
to do so
No, and no plans to do so
Are NVCs deployed in-line anywhere within your organization's network?
Essential: Load Balancing + Bypass Technology
Inline Security
Typical Inline Security DeploymentsN
etw
ork
Branch
Campus
CoreData Center
Cloud
Threat prevention, not reaction
Satisfy compliance requirements
Prevent IPR and publicity “issues”
Critical ConsiderationsWhy Inline Security?
Cannot take the network down
Cannot slow or block application traffic
Must scale with network demands
Slide 29
Best Practices:
Dealing with Virtualized Environments
Slide 30 © 2014 Enterprise Management Associates, Inc.
0% 20% 40% 60% 80%
Packet analysis tools deployedon VMs for intra-host visibility
SPAN/Port Mirroring from virtualswitches
Virtual taps
Header stripping for overlayencapsulations
Sept. 2013; Sample Size = 156
Approaches using or considering for adding packet monitoring to virtualized
environments
Best Practices:
Dealing with Virtualized Environments
Slide 31 © 2014 Enterprise Management Associates, Inc.
0% 20% 40% 60% 80%
Packet analysis tools deployedon VMs for intra-host visibility
SPAN/Port Mirroring from virtualswitches
Virtual taps
Header stripping for overlayencapsulations
Sept. 2013; Sample Size = 156
Approaches using or considering for adding packet monitoring to virtualized
environments
Select Techniques Based on Specific Needs
Virtual Visibility
Virtualized Host
Core Switch
Top of Rack
Switch
Hypervisor
Kernel Module
vSwitch
VM
OS
App
VM
OS
App
VM
OS
App
VM
OS
App
VM
OS
App
Enables inter-VM,
east-west traffic
monitoring to
eliminate the blind
spots in virtualized
environments
Virtual Tap
Network Packet Brokers
Slide 32
Best Practices:
Key NVC/NPB Features
Slide 33 © 2014 Enterprise Management Associates, Inc.
Most important packet manipulation features (Mean by role)
2.00 2.25 2.50 2.75
Load Bal across multiple tools
Inbound Filtering
Outbound Filtering
Decryption
Time stamping
Tunneling
Port labeling
Masking
De-duplication
IPv6 support
Header stripping (de-encapsulation)
Media conversion (i.e. 10G to 1G)
Packet slicing
Executive Staff
Sept. 2013; Sample Size = 177
3 = Critical
2 = Helpful
1 = Not Important
Feature Priorities Vary by Industry Vertical
Financials
1. Inbound Filtering
2. Load Balancing
3. Outbound Filtering
4. Time Stamping
Slide 34 © 2014 Enterprise Management Associates, Inc.
Healthcare/Pharma
1. Load Balancing
2. Inbound Filtering
3. Packet Slicing / IPv6 /
Port Labeling / Outbound
Filtering
Manufacturing
1. Load Balancing
2. Outbound Filtering
3. De-duplication/Tunneling
All Others
1. Load Balancing
2. Inbound Filtering
3. Decryption
4. Tunneling
Creating A Network Visibility Architecture
Carrier Networks
Wired and Mobile
Data Center
Private Cloud
Virtualization
Core
Remote Office
Branch Office
Campus
Network Operations
Performance Management
Security Admin
Server Admin
Audit & Privacy
Forensics
Visibility Architecture
AppAware
Out of BandNPB
NetworkTaps
ElementMgmt
Virtual & CloudAccess
PolicyMgmt
InlineNPBInline
Bypass
SessionAware
Data CenterAutomation
Network Access
PacketBrokers
Applications Management
Slide 35
EMA: Key Takeaways on Visibility Architectures
1. Visibility Architectures provide both tactical
and strategic advantages to security and
operations
2. Deploy in the core first; expand to edge
and remote sites over time
3. Top, most-valued NVC/NPB features are
Load Balancing and Inbound/Outbound
filtering, though other features may also be
important based on vertical sector
4. Focus on scalability, flexibility,
manageability, completeness when
seeking solutions
Slide 36 © 2014 Enterprise Management Associates, Inc.
Question & Answer:
Please log questions in the Q&A Panel
Jim Frey
@jfrey80
Scott Register
@swregister
Download this
FREE White Paper
from the follow-up email
you receive from EMA!
Or go to the Ixiacom.com home page
and click on the EMA webinar banner.Slide 37