More Related Content Similar to Best Practices for Building Scalable Visibility Architectures (20) More from Enterprise Management Associates (20) Best Practices for Building Scalable Visibility Architectures1. Best Practices for Building Scalable
Visibility Architectures
Jim Frey
VP of Research
Network Management
Enterprise Management Associates
Scott Register
Senior Director
Product Management
Ixia
February 11, 2014
2. Today’s Presenters
Jim Frey
Vice President of Research, Network Management
Jim has over 25 years of experience in the computing industry
developing, deploying, managing, and marketing software and
hardware products, with the last 20 of those years spent in network
and infrastructure operations and security management, straddling
both enterprise and service provider sectors.
Scott Register
Senior Director, Product Management
Scott has more than 15 years of experience leading product
management operations for global technology companies. Scott lead
product management at BreakingPoint Systems prior to its acquisition
by Ixia. Other past experience includes leading product lines for Blue
Coat, Permeo, and Check Point Software.
Slide 2
© 2014 Enterprise Management Associates, Inc.
3. Logistics for Today’s Webinar
Questions
• Log questions in the Q&A panel located
on the lower right corner of your screen
• Questions will be addressed during the
Q&A session of the event
Event recording
•
An archived version of the event
recording will be available at
www.enterprisemanagement.com
Event presentation
• A PDF of the PowerPoint
presentation will be available
Slide 3
4. Agenda
• What is a Visibility Architecture?
• Definitions and Drivers
• Best Practices and Decision Points
• Topology
• Tap or SPAN?
• In-line vs Out-of-Band
• Dealing with Virtualization
• Key Features for NPBs
• Ixia Visibility Solutions
• Wrap-up and Key Takeaways
• Q&A
Slide 4
© 2014 Enterprise Management Associates, Inc.
5. Visibility Architecture Defined
Systemic approach to establishing access to network traffic
streams for packet-based monitoring and management
purposes
Slide 5
© 2014 Enterprise Management Associates, Inc.
6. Visibility Architecture Defined
Systemic approach to establishing access to network traffic
streams for packet-based monitoring and management
purposes
Key Value
• Permanent, adaptive packet stream
management infrastructure for reliable,
resilient, effective network and security
operations
Essential Attributes
• Scalability
• Sustainability
• Flexibility
Slide 6
© 2014 Enterprise Management Associates, Inc.
7. Basic Components of a Visibility Architecture
…
Network Infrastructure
Slide 7
© 2014 Enterprise Management Associates, Inc.
8. Basic Components of a Visibility Architecture
Packet Analysis & Monitoring Systems
Performance Monitor
Performance Monitor
Security Monitor
Packet Recorder
…
…
Network Infrastructure
Slide 8
© 2014 Enterprise Management Associates, Inc.
9. Basic Components of a Visibility Architecture
Packet Analysis & Monitoring Systems
Performance Monitor
Performance Monitor
Packet Recorder
Security Monitor
…
Tap
Tap
SPAN
SPAN
…
Network Infrastructure
Slide 9
© 2014 Enterprise Management Associates, Inc.
10. Basic Components of a Visibility Architecture
Packet Analysis & Monitoring Systems
Performance Monitor
Performance Monitor
Security Monitor
Packet Recorder
…
Visibility
Architecture
…
Tap
Network Visibility Controller
(a.k.a. Network Packet Broker)
Tap
…
SPAN
SPAN
…
…
Network Infrastructure
Slide 10
© 2014 Enterprise Management Associates, Inc.
11. NVC/NPB Defined
Heart of the Visibility Architecture
• Network devices that provide managed access to packet streams from
SPAN and TAPs to network and security analysis tools
NVCs provide advanced features beyond simple “Agg Tap”
• 1:1, 1:M, M:1, and M:M connections between packet sources and
packet consumers (tools)
• Filtering and manipulating packet streams to improve effectiveness and
efficiency of tools
• Load balancing tools for greater resilience
Slide 11
© 2014 Enterprise Management Associates, Inc.
12. NVC/NPB Defined
Heart of the Visibility Architecture
• Network devices that provide managed access to packet streams from
SPAN and TAPs to network and security analysis tools
NVCs provide advanced features beyond simple “Agg Tap”
• 1:1, 1:M, M:1, and M:M connections between packet sources and
packet consumers (tools)
• Filtering and manipulating packet streams to improve effectiveness and
efficiency of tools
• Load balancing tools for greater resilience
Aliases….
• Network Monitoring Switch
• Matrix/Aggregation Switch
• Data Access Switch
• Distributed Filter Tap
Slide 12
© 2014 Enterprise Management Associates, Inc.
13. Why a Visibility Architecture?
Network Growing Faster than the Tools!
Maximum networking link speeds within data center / core networks
100M
1G
10G
40G
100G
0%
10%
Current
20%
30%
40%
50%
Planned in 12 months
Sept. 2013; Sample Size = 177
Slide 13
© 2014 Enterprise Management Associates, Inc.
14. Why a Visibility Architecture?
Network Growing Faster than the Tools!
Maximum networking link speeds within data center / core networks
100M
1G
10G
40G
100G
0%
10%
Current
20%
30%
40%
50%
Planned in 12 months
Tools Challenged to Keep Pace!
Sept. 2013; Sample Size = 177
Slide 14
© 2014 Enterprise Management Associates, Inc.
15. Why a Visibility Architecture?
Growing Number of Tools!
Types of tools attached to NVCs/NPBs
Network Performance Monitor
Data Loss Prevention
Intrusion Detection / Prevention
Troubleshooting / Packet Analyzers (e.g. packet
“sniffers”)
Compliance Monitor
Data / Packet Recorder
Application Performance Monitor
VoIP / UC / Video Analyzer
Current
0%
10%
20%
Planned in 12 months
30%
40%
50%
60%
Sept. 2013; Sample Size = 177
Slide 15
© 2014 Enterprise Management Associates, Inc.
16. Why a Visibility Architecture?
Growing Number of Tools!
Types of tools attached to NVCs/NPBs
Network Performance Monitor
Data Loss Prevention
Intrusion Detection / Prevention
Troubleshooting / Packet Analyzers (e.g. packet
“sniffers”)
Compliance Monitor
Data / Packet Recorder
Application Performance Monitor
VoIP / UC / Video Analyzer
Current
0%
10%
20%
Planned in 12 months
30%
40%
50%
60%
Can’t accommodate using old/dedicated approach!
Sept. 2013; Sample Size = 177
Slide 16
© 2014 Enterprise Management Associates, Inc.
17. Why a Visibility Architecture?
In-Lines Use Cases for Security Deployments
Security priorities: Never Higher
Threat landscape: Never More Daunting
One important answer: Active Enforcement
• Intrusion Prevention Systems (IPS)
• Data Loss Prevention (DLP)
Sept. 2013: Sample Size = 177
Slide 17
© 2014 Enterprise Management Associates, Inc.
18. Why a Visibility Architecture?
In-Lines Use Cases for Security Deployments
Security priorities: Never Higher
Threat landscape: Never More Daunting
One important answer: Active Enforcement
• Intrusion Prevention Systems (IPS)
• Data Loss Prevention (DLP)
Major concerns
• Performance of IPS, DLP
• Resilience of IPS, DLP
Potential answer
• Highly efficient, packet switching
• Advanced resilience features
Sept. 2013: Sample Size = 177
Slide 18
© 2014 Enterprise Management Associates, Inc.
19. Who Is Ixia?
The MOST TRUSTED names
in networking trust
Test
Visibility
Security
Enterprises trust IXIA to:
Assess vendor equipment and applications
Improve network security posture
Improve network and application visibility
and performance
Service Providers trust IXIA to:
Improve and speed service delivery
Speed roll out of next gen services
Improve network and application visibility
and performance
Equipment Manufacturers trust IXIA
to:
Develop next generation devices
Speed time to market
Improve performance and reliability
Chip Fabricators trust IXIA to:
Validate protocol conformance
Speed time to market
Slide 19
20. Best Practices for Visibility
Architectures
Slide 20
© 2014 Enterprise Management Associates, Inc.
21. Best Practices:
Where NVCs/NPBs Are Deployed
Where has your organization deployed Network Visibility Controllers (NVCs)?
Data center core network
Top of Rack
Data center Edge (ingress/egress)
Campus backbone
Remote sites
DMZ
End of Row
Backhaul links
Other (Please specify)
0%
Current
10%
20%
30%
40%
50%
60%
70%
Planned in 12 months
Sept. 2013; Sample Size = 177
Slide 21
© 2014 Enterprise Management Associates, Inc.
22. Best Practices:
Where NVCs/NPBs Are Deployed
Where has your organization deployed Network Visibility Controllers (NVCs)?
Data center core network
Top of Rack
Data center Edge (ingress/egress)
Campus backbone
Remote sites
DMZ
End of Row
Backhaul links
Other (Please specify)
0%
Current
10%
20%
30%
40%
50%
60%
70%
Planned in 12 months
Points of Concentration & Control
Sept. 2013; Sample Size = 177
Slide 22
© 2014 Enterprise Management Associates, Inc.
23. Poll Question
If you have network or security monitoring tools that require
SPAN ports or TAP connections, do you (select one):
A.
B.
C.
D.
Slide 23
Plan to expand use of SPAN ports
Plan to expand use of TAPs
Plan to add both more SPAN ports and TAPs
Have no plans to add more SPAN ports or TAPs
© 2014 Enterprise Management Associates, Inc.
24. Best Practices:
Mixing SPAN and TAP for Access
50.0%
40.0%
30.0%
20.0%
10.0%
2009
2013
0.0%
Sample Size = 165 (Sept 2009); 177 (Sept 2013)
Slide 24
© 2014 Enterprise Management Associates, Inc.
25. Best Practices:
Mixing SPAN and TAP for Access
50.0%
40.0%
30.0%
20.0%
2009
2013
10.0%
0.0%
Need Both, but Leaning Towards Taps
Sample Size = 165 (Sept 2009); 177 (Sept 2013)
Slide 25
© 2014 Enterprise Management Associates, Inc.
26. Data Deduplication
Necessity if using SPAN ports
A
A
D
D
C
A
F
C
C
E
D
B
F
E
A
Increase throughput efficiency to monitoring tools
Reduce monitoring tool overload
Improve monitoring tool processing efficiency
Eliminate duplicate packet storage
Slide 26
C
B
A
27. Best Practices:
In-Line vs. Out-of-Band deployments
Are NVCs deployed in-line anywhere within your organization's network?
No, and no plans to do so
10%
40%
No, but planning
to do so
Yes – currently
deployed in-line
50%
Sept. 2013: Sample Size = 177
Slide 27
© 2014 Enterprise Management Associates, Inc.
28. Best Practices:
In-Line vs. Out-of-Band deployments
Are NVCs deployed in-line anywhere within your organization's network?
No, and no plans to do so
10%
40%
No, but planning
to do so
Yes – currently
deployed in-line
50%
Essential: Load Balancing + Bypass Technology
Sept. 2013: Sample Size = 177
Slide 28
© 2014 Enterprise Management Associates, Inc.
29. Inline Security
Typical Inline Security Deployments
Campus
Network
Cloud
Branch
Core
Data Center
Why Inline Security?
Critical Considerations
Threat prevention, not reaction
Cannot take the network down
Satisfy compliance requirements
Cannot slow or block application traffic
Prevent IPR and publicity “issues”
Must scale with network demands
Slide 29
30. Best Practices:
Dealing with Virtualized Environments
Approaches using or considering for adding packet monitoring to virtualized
environments
Packet analysis tools deployed
on VMs for intra-host visibility
SPAN/Port Mirroring from virtual
switches
Virtual taps
Header stripping for overlay
encapsulations
0%
20%
40%
60%
80%
Sept. 2013; Sample Size = 156
Slide 30
© 2014 Enterprise Management Associates, Inc.
31. Best Practices:
Dealing with Virtualized Environments
Approaches using or considering for adding packet monitoring to virtualized
environments
Packet analysis tools deployed
on VMs for intra-host visibility
SPAN/Port Mirroring from virtual
switches
Virtual taps
Header stripping for overlay
encapsulations
0%
20%
40%
60%
80%
Select Techniques Based on Specific Needs
Sept. 2013; Sample Size = 156
Slide 31
© 2014 Enterprise Management Associates, Inc.
32. Virtual Visibility
Core Switch
Network Packet Brokers
Enables inter-VM,
east-west traffic
monitoring to
eliminate the blind
spots in virtualized
environments
Top of Rack
Switch
Virtualized Host
Hypervisor
vSwitch
Kernel Module
Virtual Tap
VM
VM
VM
VM
App
App
App
App
App
OS
Slide 32
VM
OS
OS
OS
OS
33. Best Practices:
Key NVC/NPB Features
Most important packet manipulation features (Mean by role)
Load Bal across multiple tools
Inbound Filtering
Outbound Filtering
Decryption
Time stamping
Tunneling
Port labeling
Masking
De-duplication
IPv6 support
Header stripping (de-encapsulation)
Media conversion (i.e. 10G to 1G)
Packet slicing
3 = Critical
2 = Helpful
1 = Not Important
2.00
Executive
2.25
2.50
2.75
Staff
Sept. 2013; Sample Size = 177
Slide 33
© 2014 Enterprise Management Associates, Inc.
34. Feature Priorities Vary by Industry Vertical
Financials
Manufacturing
1. Inbound Filtering
1. Load Balancing
2. Load Balancing
2. Outbound Filtering
3. Outbound Filtering
3. De-duplication/Tunneling
4. Time Stamping
Healthcare/Pharma
All Others
1. Load Balancing
2. Inbound Filtering
2. Inbound Filtering
3. Packet Slicing / IPv6 /
3. Decryption
Port Labeling / Outbound
Filtering
Slide 34
1. Load Balancing
4. Tunneling
© 2014 Enterprise Management Associates, Inc.
35. Creating A Network Visibility Architecture
Visibility Architecture
Remote Office
Branch Office
Campus
Network
Operations
Network
Taps
App
Aware
Virtual
& Cloud
Access
Core
Data Center
Private Cloud
Virtualization
Carrier Networks
Wired and Mobile
Slide 35
Out of
Band
NPB
Inline
Bypass
Network
Access
Element
Mgmt
Performance
Management
Security
Admin
Policy
Mgmt
Inline
NPB
Packet
Brokers
Session
Aware
Applications
Server Admin
Data Center
Automation
Management
Audit &
Privacy
Forensics
36. EMA: Key Takeaways on Visibility Architectures
1. Visibility Architectures provide both tactical
and strategic advantages to security and
operations
2. Deploy in the core first; expand to edge
and remote sites over time
3. Top, most-valued NVC/NPB features are
Load Balancing and Inbound/Outbound
filtering, though other features may also be
important based on vertical sector
4. Focus on scalability, flexibility,
manageability, completeness when
seeking solutions
Slide 36
© 2014 Enterprise Management Associates, Inc.
37. Question & Answer:
Please log questions in the Q&A Panel
Jim Frey
JFrey@enterprisemanagement.com
@jfrey80
Scott Register
sregister@ixiacom.com
@swregister
Download this
FREE White Paper
from the follow-up email
you receive from EMA!
Or go to the Ixiacom.com home page
and click on the EMA webinar banner.
Slide 37