The public cloud dilemma with virtualised network monitoring
Managing security in a virtualised environment in critical, according to Ixia, following the release of Cisco's Global Cloud Index this week forecasting a dramatic shift from private to public cloud in the next three years.
“Public cloud offers great elasticity and scalability. However, many businesses face issues when shifting workloads to the public cloud,” says Stephen Urquhart, general manager, Ixia Australia and New Zealand.
“The biggest struggle is to achieve the same level of network performance and security monitoring as that of their private data center,” he explains.
According to a recent Ixia survey on virtualisation, 67% of respondents use virtualisation for business-critical applications. However, only 37% monitor their virtualised environment like they monitor their physical network environment.
“Before companies can trust the public cloud to run business critical applications reliably and securely, they need to feel comfortable monitoring virtual application traffic, starting with their own data center,” says Urquhart.
“Without this competence, a shift to the public cloud will be risky.
Ixia has identified five key stages for businesses to develop virtual network monitoring competency and ensure a safer transition to the public cloud.
Copy traffic from the virtual machines (VMs) of interest in your data center.
This can be done by configuring a virtual switching layer that copies the traffic or adding a packet capture agent to the VM. Packets are the single units of data in a network.
Perform basic filtering.
Filtering virtual traffic before it impacts a host computer is important as it will reduce the amount of traffic and help avoid system overload. East-west traffic between computers or machines in your own data center is much larger than north-south traffic entering and exiting the host. Filtering stops the system being overwhelmed with traffic.
Perform advanced packet manipulation and grooming.
This phase of advanced and intelligent visibility includes packet manipulation, packet grooming, and brokering. It can lead to much greater tool efficiency and additional security protections.
Filter the groomed traffic through analysis tools.
This may be done on the same host network or large amounts of copied network traffic may need to exit the host using a tunnelling protocol, where it can be filtered externally.
Analyse the traffic for insights.
Out-of-band security and performance monitoring tools capture packets for analysis and alerting. Inline security tools analyse the packets for threats. This helps identify key weaknesses that need to be fortified prior to transitioning to public cloud.
“It can be challenging to find the right balance of system resource usage for virtual applications versus virtual monitoring,” Urquhart says.
“Increased visibility will, in turn, take processing, memory and network bandwidth away from the monitored applications.
“Choosing the best strategy that meets performance and security monitoring goals will depend on the application you are monitoring, where you are running the application, the virtualisation software you are using, and the outcome you want to achieve,” he says.