Lawful Interception in VirtualEnvironmentRan NahmiasDirector, Virtualization and Cloud solutionsNet Optics, Inc.  Intellig...
PresenterRan NahmiasDirector, Virtualization and Cloud SolutionsNet Optics, Inc.Over 15 years of experience in networking,...
GoalReview how the growing adoption of Virtualizationand Cloud Services challenges Lawful Interceptioncompliance in conver...
Agenda1. Intro2. Virtualization adoption trends3. The visibility challenge4. The elasticity challenge5. LI Compliance6. Ne...
Virtualization In The DC: More Than a TrendVirtualization deployment increasing yearover year in data centers.Gartner: ove...
Did You Know?• Last year was the first year in which more virtual  servers were shipped than physical servers.• IDC estima...
Did You Know?• Cloud computing accounts for less than 2%  of IT spending today, IDC estimates that by 2015  nearly 20% of ...
Why Should I Care About CLI/VLI           With advanced LI tools, everyone knows you are a           dog, unless you “anon...
Reminder: What is ―The Cloud‖ Monitor the hypervisor and you can monitor the cloud: Source: VMware                   Net O...
Virtualization = Invisibility                    Net Optics Confidential and Proprietary
Hypervisor Virtual Network Monitoring Challenge                                                              ESX Virtual S...
Visualizing the blind spots                            VM1                   VM2              VM3               VM4       ...
Cloud = elasticity                     Net Optics Confidential and Proprietary
Virtualization, Clouds Are ElasticVirtualMachines                                                                         ...
Virtualization, Clouds Are GlobalVirtualMachines                                                                          ...
CLI/VLI Solutions Requirments           Monitor all blind spots           Monitor VM migration           Monitor Inter-VM ...
Existing Technology Solutions                                                               PROBE                        S...
Limitations of Current Solutions       All existing alternate solutions require promiscuous                 mode and utili...
A Different Approach for Hypervisor Monitoring                                              Server       Server          S...
Tunneling traffic of interest to the physical            ESX          ESX     vm1         vm2           vm3        ESX    ...
What do you                                          do with all that                                          virtual tra...
There is lightat the end ofthe tunnel…                 Net Optics Confidential and Proprietary
Phantom HD• A high-throughput                                                                   ESX Virtual Hosts  purpose...
Phantom HD–Single Location Deployment                                          ESX                                        ...
Phantom HD–Global Deployment       Remote Site / Branch Office                                                            ...
Virtualization Technologies,    Cloud Infrastructure     and the resultingLawful Interception challenge
Final Q&A, Wrap-upQ&AFor additional information about Phantom Virtual Tap, includingaccess to the 30-day trial download:ht...
Thank You   Visit us at:www.netoptics.com
Lawful Interception in Virtual Environments
Lawful Interception in Virtual Environments
Upcoming SlideShare
Loading in...5
×

Lawful Interception in Virtual Environments

1,255

Published on

Our presenter, Ran Nahmias, Net Optics Director of Cloud and Virtualization Solutions, provides an overview of practical challenges to conducting Lawful Intercepts within converged (physical & virtual) or homogenous virtual network environments.

Virtualization in the Data Center, More Than a Trend!

Virtualization has provided network architects with a new level of flexibility and cost-savings in their server deployments. At the same time, that new level of flexibility has created new opportunities for potentially unlawful activity to be concealed or easily moved across legal jurisdictions to avoid prosecution. View this informative webinar to learn about:

Unique enforcement challenges inherent to Virtualization
Compliance challenges created by Virtualized environments
Methods for thwarting virtual machine jurisdiction ‘hopping’

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,255
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • This diagram – Converged solution – where physical and virtual monitoring traffic is merged and monitored by your existing Physical Tools Phantom Monitor (Virtual Tap) installed in your ESX hypervisor sends GRE encapsulated traffic to the Phantom HD where it is decapsulated and sent to the Net Optics Director. At the same time, your physical monitoring traffic is sent directly to the Net Optics Director Data Monitoring Switch The Director then switches your converged monitoring traffic out to your existing tools. The benefit to you?: Your existing Monitoring Infrastructure extends to both Virtual and Physical traffic.
  • The big BIG picture. Central offices and remote officesDevices and personnel not located at remote locationsUse Phantom HD to encapsulate traffic of choice from your remote location
  • Transcript of "Lawful Interception in Virtual Environments"

    1. 1. Lawful Interception in VirtualEnvironmentRan NahmiasDirector, Virtualization and Cloud solutionsNet Optics, Inc. Intelligent Access and Monitoring Architecture
    2. 2. PresenterRan NahmiasDirector, Virtualization and Cloud SolutionsNet Optics, Inc.Over 15 years of experience in networking, security,desktop and server virtualization in engineering, productmanagement and deployment roles for market leaderssuch as Check Point Software Technologies, Nice Systems,Microsoft and Net Optics. Net Optics Confidential and Proprietary 2
    3. 3. GoalReview how the growing adoption of Virtualizationand Cloud Services challenges Lawful Interceptioncompliance in converged (physical & virtual) orhomogeneous virtual environments. Net Optics Confidential and Proprietary 3
    4. 4. Agenda1. Intro2. Virtualization adoption trends3. The visibility challenge4. The elasticity challenge5. LI Compliance6. Net Optics solutions7. Q & A Net Optics Confidential and Proprietary 4
    5. 5. Virtualization In The DC: More Than a TrendVirtualization deployment increasing yearover year in data centers.Gartner: over 30% of x86 architectureservers workloads running on VMsDouble digit annual growthVirtualization – Great CAPEX improvements, no visibility. – Passive monitoring of Inter-Virtual Machine Traffic is nonexistent. Net Optics Confidential and Proprietary 5
    6. 6. Did You Know?• Last year was the first year in which more virtual servers were shipped than physical servers.• IDC estimates that today nearly 10% of the information running through servers is doing so on virtualized systems• IDC estimates that number to grow to more than 20% in 2015.• This percentage increases along with the size of the organization. Some larger environments today operate with 100% virtualized systems. Source: EMC and IDC 10/2011 Net Optics Confidential and Proprietary 6
    7. 7. Did You Know?• Cloud computing accounts for less than 2% of IT spending today, IDC estimates that by 2015 nearly 20% of the information will be "touched" by cloud computing service• Perhaps as much as 10% will be maintained in a cloud.• Much of the current movement to cloud architectures is being enabled by pervasive adoption of virtualization. Source: EMC and IDC 10/2011 Net Optics Confidential and Proprietary 7
    8. 8. Why Should I Care About CLI/VLI With advanced LI tools, everyone knows you are a dog, unless you “anonymize” your identity through the cloud The secured perimeter no longer exist New technologies present challenges to observe and obtain the data Net Optics Confidential and Proprietary 8
    9. 9. Reminder: What is ―The Cloud‖ Monitor the hypervisor and you can monitor the cloud: Source: VMware Net Optics Confidential and Proprietary
    10. 10. Virtualization = Invisibility Net Optics Confidential and Proprietary
    11. 11. Hypervisor Virtual Network Monitoring Challenge ESX Virtual Stack vm1 vm2 vm3 Physical Network Security & Virtualization Creates Monitoring Security, Monitoring and Compliance Risks Virtual Switch LI• No visibility into inter-VM traffic, Infosec vulnerabilities or threats• Lacks auditing of data passing between virtual servers Physical Host Server• Inability to pinpoint resource utilization issues Net Optics Confidential and Proprietary
    12. 12. Visualizing the blind spots VM1 VM2 VM3 VM4 App App App App Service OS OS OS OS ConsoleVirtual Ethernet Adapters ESX vSphere vSwitches Physical Ethernet Adapters ? Production Production Management LAN LAN LAN Tool of choice Net Optics Confidential and Proprietary
    13. 13. Cloud = elasticity Net Optics Confidential and Proprietary
    14. 14. Virtualization, Clouds Are ElasticVirtualMachines Virtual Machines Virtual MachinesData Center Data Center Data Center Virtual Machines Virtual Machines• LI Warrant issued by local WA Data Center authorities Data Center• What happens if the VM of target of interest transitions to NJ? Net Optics Confidential and Proprietary
    15. 15. Virtualization, Clouds Are GlobalVirtualMachines Virtual Machines Virtual MachinesData Center Data Center Data Center Virtual Machines Virtual Machines• LI Warrant issued by USA Data Center authorities Data Center• What happens if the VM of target of interest transitions to a different country? Net Optics Confidential and Proprietary
    16. 16. CLI/VLI Solutions Requirments Monitor all blind spots Monitor VM migration Monitor Inter-VM traffic Multi Hypervisor support LI system agnostic Easily integrate with existing infrastructure Net Optics Confidential and Proprietary 16 16
    17. 17. Existing Technology Solutions PROBE Server Server Server VM VM VM Virtual Machine Layer Prod Specific Virtual Ethernet Adapters Virtual Switch Layer(VMware, Cisco) Virtual SwitchPhysical Ethernet Adapters Network Physical Analysis Device Net Optics Confidential and Proprietary
    18. 18. Limitations of Current Solutions All existing alternate solutions require promiscuous mode and utilization of SPAN port Switch Level Monitoring • Degrades vSwitch throughput by up to 50%, may require multiple vSwitches to recreate needed throughput capacity • All or nothing solution (traffic mirrored) • Local operation does not provide ―big picture‖ visibility • Traffic sent out via tunnel or feeding local probe Local VM Probe • Most probes require dedicated core to operate • Probes are developed for specific product • Local operation does not provide ―big picture‖ visibility Net Optics Confidential and Proprietary 18
    19. 19. A Different Approach for Hypervisor Monitoring Server Server Server Phantom VM VM VM Controller Enables Security,Performance Monitoring and Compliance • 100% visibility of inter-VM Hypervisor Virtual Tap traffic • Kernel implementation—no need for SPAN Ports / Virtual Switch Promiscuous Mode on Cisco 1000V • Bridges virtual traffic to physical monitoring tools pNIC pNIC Network Physical Analysis Device Net Optics Confidential and Proprietary
    20. 20. Tunneling traffic of interest to the physical ESX ESX vm1 vm2 vm3 ESX vm1 vm2 vm3 vm1 vm2 vm3 Activity Monitor V Switch Hypervisor Encapsulation Tunnel LEA Existing LEA infrastructure Net Optics Confidential and Proprietary 20
    21. 21. What do you do with all that virtual traffic?Net Optics Confidential and Proprietary
    22. 22. There is lightat the end ofthe tunnel… Net Optics Confidential and Proprietary
    23. 23. Phantom HD• A high-throughput ESX Virtual Hosts purpose built tunneling appliance Phantom vm1 Controller ESX 3 (VM) vm2 vm3 Phantom vm1 vm2 vm3• Developed to Controller ESX 4 (VM) Phantom vm1 vm2 vm3 Controller handle (VM) Phantom Controller vm1 vm2 vm3 encapsulated (VM) network traffic from Phantom Monitor™ Phantom monitors LAN/WAN Phantom Monitor™• Optimized for point Virtual Switch Phantom Monitor™ to point transition of Virtual Phantom Monitor™ Hypervisor Switch raw network traffic Hypervisor Virtual Switch Virtual Hypervisor Switch Hypervisor Net Optics Confidential and Proprietary
    24. 24. Phantom HD–Single Location Deployment ESX ESX v v v ESX v m vm vm• Decapsulates tunneled vm1 m1 1 vm2 m2 2 vm3 m3 3 Physical Server Physical Server traffic from Phantom Virtual Tap and other Phantom Monitor Phantom Physical Server Physical Server ™ Monitor Phantom tunneling appliances Hypervisor ™ Monitor V V ™ Switch Hypervisor V Switch• Full Duplex 10GB wire Hypervisor Switch speed performance Encapsulation Tunnel• Augments physical Tap extensibility across LAN / WAN / Cloud Phantom HD™ infrastructure LAN/WA N Net Optics Director™ LEA 1 LEA 2 LEA 3 LEA 4 Net Optics Confidential and Proprietary
    25. 25. Phantom HD–Global Deployment Remote Site / Branch Office Local Data Center ESX ESX v v v ESX v m vm vm Physical Server vm1 vm2 vm3 m1 m2 m3 1 2 3 Physical Server Physical Server Physical Server Phantom Monitor Phantom Physical Server Physical Server ™ Monitor Phantom ™ Monitor V Hypervisor ™ Switch V Hypervisor V Switch Phantom HD™ Hypervisor Switch Encapsulation Tunnel Encapsulation LAN/WAN Tunnel• Remote locations capturing traffic of interest where low volume does not justify local Phantom HD™ instrumentation layer or IT staff LAN/WA N• Traffic of interest encapsulated Net Optics Director™ and sent to central location• Excellent for managed services LEA 1 LEA 2 providers LEA 3 LEA 4 Net Optics Confidential and Proprietary
    26. 26. Virtualization Technologies, Cloud Infrastructure and the resultingLawful Interception challenge
    27. 27. Final Q&A, Wrap-upQ&AFor additional information about Phantom Virtual Tap, includingaccess to the 30-day trial download:http://gurl.im/1ca8290For additional information about Phantom HD:http://gurl.im/dc69291Sign up for email notifications of future webinars:http://gurl.im/dd29292 Net Optics Confidential and Proprietary 29
    28. 28. Thank You Visit us at:www.netoptics.com

    ×