Network Instruments
Closing the Visibility Gap
Company Overview

   Founded in 1994
   Privately held
   Internally funded
   Same management
    team since „94
   ...
About Network Instruments


 Privately held
 Founded 1994; same
  management team today

 18 offices worldwide
 130 pa...
3 of the Global Top 5
Strong Customer Base   70 of the Global Top 100
Virtualization Trends & Challenges

 Adoption
 55% of firms will have implemented by 12/09*
 Additional 29% planning bu...
Google “virtualization” and “network instruments”

   quot;While server virtualization is happening at a rapid rate, tool...
Virtualization Advantages


 Reduce Operational Overhead
     Lower number of physical servers - you can reduce hardware...
Virtualization Disadvantages

   Magnified physical failures - Multiple important servers running on one
    physical hos...
Virtual Terminology

 Virtual Machine Host (VM Host) – Physical computer, running a „host‟
  OS / Software (VMWare ESX, E...
Types of monitoring in the Physical realm


         Network                   Application
     troubleshooting           ...
Virtual Environments – Multi-Tier example
Virtual Environments
Virtual Environments
Virtual Environments
Virtual Environments – Visibility step 1
Virtual Environments – Internal Visibility
Virtual Environments – Virtual & Physical Visibility
What does a TAP in the physical realm do?

   Provide a non-intrusive connection point
       For analysis and security ...
Network Instruments Combines Physical, Virtual Domain
Visibility




                                      • A Virtual Tap...
Monitoring Multiple VM’s

              VM Host 1            VM Host 2   VM Host 3   VM Host 4   VM Host 5




• Aggregate...
Monitoring Multiple VM‟s with Multiple Devices & Taps

      VM Host 1   VM Host 2       VM Host 3   VM Host 4




       ...
Data Center Tool Deployment Challenges

  A growing list of tools need network
   access
     Application monitors, secu...
Aggregate Many to One, Many to Many or Any to Many


                                             Network Ports           ...
Hardware based Data Access Switch

• Purpose built, non-blocking cross-connect hardware
switching
• Based on circuit switc...
Gigamon Tool Aggregator Benefits

   Extends the range and depth of your network tools‟
    coverage

   Eliminates cont...
VM Monitoring Access and Scalability
with Gigamon




  n x VM‟s
Enterprise Solution Deployment



                                                             Observer
                  ...
VM Access Achieved – Now what?


                root-cause analysis requires…
  • Effective
    • Integrated view of inte...
The NI Monitoring Model
Enterprise Wide Application Performance Reporting




   Integrated or separate view of physical and virtual
   domains by...
Drill-down to Application Server Performance
Drill-down to Individual Session Statistics
32% Spend >50 Days Annually Recreating Issues




     Source: Network Instruments 2008 Annual State of the Network Survey...
Go Back in Time and View Recorded Activity
                                    Isolate the
                               ...
Application Forensics Analysis
Expert Analysis of Application Session Conditions
Drill into Conversation to Find Delay




   5-second delay
Bringing it all together
Our Architecture
NI-DNA™

  Three Unique Advantages

       Unified Code Set
        Core application connects all products
        Enhan...
Capture Technology

 Gen2™ Capture Card
  Card internally designed card for
   high-performance analysis
     1 Gb
    ...
End-to-End Network Analysis
     Observer Console Interface
                                                              ...
GigaStor™ - TiVo for your network

   Retrospective Network Analysis
   Intelligent Forensics
   Up to 48 TB storage
 ...
GigaStor Expandable


 Available in 16TB, 32TB
  or 48TB SATA config‟s
 Expansion capacities up to
  288TB‟s using SAS D...
GigaStor is Portable

 First self-contained,
                                 GigaStor Portable
  portable forensics appl...
Questions?
Virtualization Monitoring Webinar
Virtualization Monitoring Webinar
Virtualization Monitoring Webinar
Virtualization Monitoring Webinar
Upcoming SlideShare
Loading in …5
×

Virtualization Monitoring Webinar

721 views

Published on

Presentation that I developed and am delivering to the VM community who needs visibility for application performance and security monitoring.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
721
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Virtualization Monitoring Webinar

  1. 1. Network Instruments Closing the Visibility Gap
  2. 2. Company Overview  Founded in 1994  Privately held  Internally funded  Same management team since „94  20 offices worldwide  North America (16)  Europe (4)  130 Partners  Across 50 countries Celebrating 14 years of continued company growth
  3. 3. About Network Instruments  Privately held  Founded 1994; same management team today  18 offices worldwide  130 partners across 50 countries  Driving Factors  GigaStor™ sales  Repeat business  10 Gb analysis solutions  Competitive displacements 14 years of double-digit growth
  4. 4. 3 of the Global Top 5 Strong Customer Base 70 of the Global Top 100
  5. 5. Virtualization Trends & Challenges  Adoption  55% of firms will have implemented by 12/09*  Additional 29% planning budget for virtualization*  Challenges  Inability to access data streams via purpose-built devices (analyzers, IDS)  Blind spots exist in analyzing internal VM host traffic  Existing VM monitoring lacks in-depth performance metrics  Views limited to either physical or virtual world * Forrester Research, Inc. The State Of Emerging Enterprise Hardware Trends: 2008 To 2009, Feb. 27, 2009
  6. 6. Google “virtualization” and “network instruments”  quot;While server virtualization is happening at a rapid rate, tools for managing application performance in these environments have not kept pace,quot; said Will Cappelli, research vice president at Gartner. “In order to understand application behavior, one needs to combine data from the dynamically reconfiguring application layer, network layers, and virtualization layer. Traditional tools which assume that the environments remain static while an application executes are not answering the needs of the Global 2000.” – Gartner “The introduction of the new VM features by Network Instruments addresses  the visibility need and includes a great, innovative answer to some of the key challenges delaying many from embracing virtualization fully.” – EMA “Though not the first application of packet analysis to vSwitch traffic, Network  Instruments is including an innovative “Virtual TAP” feature which can aggregate all vSwitch traffic and ship it out a physical NIC, eliminating the blind spot and allowing security & compliance monitoring as well as full packet- stream storage for forensic performance analysis.” – Network World
  7. 7. Virtualization Advantages  Reduce Operational Overhead  Lower number of physical servers - you can reduce hardware maintenance costs because of a lower number of physical servers leading to a smaller datacenter, with decreases in cooling and electrical costs.  Improve the efficiency of your Windows Data Center, as well as lower your cost of ownership.  Increase Computing Efficiencies - Server consolidation  If applications running on separate computers do not utilize the computing resources of their computers, they can be consolidated onto a smaller number of servers using virtualization technology.  Flexibility and agility:  ]You can deploy multiple operating system technologies on a single hardware platform (i.e. Windows Server 2003, Linux, Windows 2000, etc).  Run legacy applications alongside new versions, migrate applications to new environments, and restore systems in post-disaster scenarios.
  8. 8. Virtualization Disadvantages  Magnified physical failures - Multiple important servers running on one physical host  Degraded performance - every piece of software behaves differently in a virtualized environment. Applications that are quite modest as long as they run on a physical server, but when they were virtualzed their resource requirements are multiplied. Lack management tools –you can only take advantage of virtualizations  advantages if you have the proper tools. Often, the tools that come with a virtualization solution are not enough, only supporting basic system performance management tasks.  Complex root cause analysis - A new layer of complexity is added and can cause new problems. However, the main difficulty is that if something doesn‟t work as it is supposed to, it can require considerable extra efforts to find the cause of the problem.  Lack visibility and in-depth analysis of application performance and traffic  Lack integrated visibility across physical and virtualized domains
  9. 9. Virtual Terminology  Virtual Machine Host (VM Host) – Physical computer, running a „host‟ OS / Software (VMWare ESX, ESXi, etc.)  Virtual Machine (VM) – Software installation of an OS, running within the VM Host  Virtual Switch (vSwitch) – Logical connection path between VMs within the same VM Host. Facilitates communication between local VMs  Virtual Network Interface Card (vNIC) – Logical communication interface for VMs, used to connected logically to a vSwitch, or to allow for communication to the physical network via an association to a physical NIC (pNIC)  Physical NIC (pNIC) – network-facing physical NIC over which VM Host data enters or exits the Host
  10. 10. Types of monitoring in the Physical realm Network Application troubleshooting monitoring Compliance Firewall reporting monitoring Database Intrusion Forensic security detection analysis
  11. 11. Virtual Environments – Multi-Tier example
  12. 12. Virtual Environments
  13. 13. Virtual Environments
  14. 14. Virtual Environments
  15. 15. Virtual Environments – Visibility step 1
  16. 16. Virtual Environments – Internal Visibility
  17. 17. Virtual Environments – Virtual & Physical Visibility
  18. 18. What does a TAP in the physical realm do?  Provide a non-intrusive connection point  For analysis and security devices  To analyze you must see all of the data  A TAP delivers a copy of data to an analyzer  Insulate network  From failure of the appliance/analyzer/probe Network under analysis B A Server Switch Router Firewall …
  19. 19. Network Instruments Combines Physical, Virtual Domain Visibility • A Virtual Tap … •Exact copies of all intra- and extra-host traffic • Enables vTraffic to be seen in the physical world • Other devices now have visibility and access to this critical data
  20. 20. Monitoring Multiple VM’s VM Host 1 VM Host 2 VM Host 3 VM Host 4 VM Host 5 • Aggregate traffic from up to 8 VM Hosts per Packet Recorder • Data mine by VM Host, VM, application,
  21. 21. Monitoring Multiple VM‟s with Multiple Devices & Taps VM Host 1 VM Host 2 VM Host 3 VM Host 4 n x IDS NI Packet
  22. 22. Data Center Tool Deployment Challenges  A growing list of tools need network access  Application monitors, security/IDS, packet analyzers, VOIP analyzers, data recorders, compliance auditors, content filters, etc…  Not enough SPAN port and TAPs  Many tools require “big pipe” aggregated view  Monitoring 10G links
  23. 23. Aggregate Many to One, Many to Many or Any to Many Network Ports Tool Ports Post Pre 1Gig Link A Filter Filter Multiple 1/10Gig Taps 10Gig Network Instruments GigaStor Post Pre Filter Filter 1Gig Link B Post Pre IDS / Security Filter Filter 1Gig Link C Post Pre Compliance GigaVUE Filter Filter Auditor 10Gig Link D  Aggregate network data to a convenient centralized “tool farm”  Allow multiple tools to share access to network data  Load balance tools by providing them just the data they need  No more overloading tools with non-critical data 23
  24. 24. Hardware based Data Access Switch • Purpose built, non-blocking cross-connect hardware switching • Based on circuit switching, not destination address switching • Packet aware, aggregating and filtering • NOT a physical layer matrix switch • NOT software based, no OS, no CPU, no Store & Forward • Full 100% line rate performance at all ports – even if filtering is on • Ultra-low 6 micro seconds latency from port to port • Speed and media converting from ingress to egress Bit-Mask Filtering Any to Many Many to Any Any to Any
  25. 25. Gigamon Tool Aggregator Benefits  Extends the range and depth of your network tools‟ coverage  Eliminates contention over limited SPAN ports and TAPs  Monitor 10G links with 1G tools  Reduces operating costs and troubleshooting time by centralizing tools Get the Most From Your Network Tools
  26. 26. VM Monitoring Access and Scalability with Gigamon n x VM‟s
  27. 27. Enterprise Solution Deployment Observer Reporting Server Nexus 7000 Core/Aggregation Nexus 5000 10GbE & FCoE Server Access Trending Feed from 10G Tap Input GigaVUE-2404 Feed GigaStor 10G Aggregation Output Feed Nexus 2000 1GbE Server Connectivity 10G GigaStor Packet Recorder
  28. 28. VM Access Achieved – Now what? root-cause analysis requires… • Effective • Integrated view of inter and intra VM activity • Application performance visibility • Multi-Tier application analysis • Retrospective Network Analysis • Proactive Virtualized Application Performance Reporting • Security Forensics
  29. 29. The NI Monitoring Model
  30. 30. Enterprise Wide Application Performance Reporting Integrated or separate view of physical and virtual domains by application
  31. 31. Drill-down to Application Server Performance
  32. 32. Drill-down to Individual Session Statistics
  33. 33. 32% Spend >50 Days Annually Recreating Issues Source: Network Instruments 2008 Annual State of the Network Survey, survey of 592 network engineers
  34. 34. Go Back in Time and View Recorded Activity Isolate the time period Identify the activity of interest
  35. 35. Application Forensics Analysis
  36. 36. Expert Analysis of Application Session Conditions
  37. 37. Drill into Conversation to Find Delay 5-second delay
  38. 38. Bringing it all together
  39. 39. Our Architecture
  40. 40. NI-DNA™ Three Unique Advantages Unified Code Set  Core application connects all products  Enhancements added to all platforms Ex. IPv6, NetFlow, VoIP, MPLS Local and Remote Visibility  Identical functionality across segments  Lower cost of ownership Multi-Instance  Supports multiple topologies  Including Gig, 10Gbe, Wireless a/b/g/n  OC-3/12, Fiber Channel, WAN  Supports multiple users  All done simultaneously or concurrently Wired to wireless. Local and remote. Data and applications.
  41. 41. Capture Technology Gen2™ Capture Card  Card internally designed card for high-performance analysis  1 Gb  10 Gb Performance  Fastest real-time processing available  Full-duplex, line-rate capture  Streams directly to physical system memory  Fully integrates with NI-DNA™ technology Flexibility Gen2 Delivers  Higher port densities – up to 8 ports on gigabit links and 4 ports on 10 gigabit  Performance  SFP/XFP-based – switch copper and optical  Flexibility Adaptability  Adaptability  Filtering, processing, and analysis on the card  Flash upgradeable
  42. 42. End-to-End Network Analysis Observer Console Interface Software Probe 10/100/1000 Probe Appliance WAN, Gigabit, FC, and 10 Gb Probe Appliances GigaStor for gigabit, 10 Gb, FC, and WAN Gigabit, WAN, FC, and 10 Gb Portable System
  43. 43. GigaStor™ - TiVo for your network  Retrospective Network Analysis  Intelligent Forensics  Up to 48 TB storage  Line-rate capture  Local processing and analysis  Supports Gigabit, 10Gbe, WAN and Fiberchannel  Four Models  2TB 4 Drive Unit  4TB 8 Drive Unit  8TB 16 Drive Unit  12TB 16 Drive Unit
  44. 44. GigaStor Expandable  Available in 16TB, 32TB or 48TB SATA config‟s  Expansion capacities up to 288TB‟s using SAS Drives  Benefits  Higher performance  Investment protection  Longer recording times
  45. 45. GigaStor is Portable  First self-contained, GigaStor Portable portable forensics appliance for performing retrospective analysis  Provide back-in-time visibility of network, application, security events  Deploy unattended and Mobile appliance for performing in-the-field control like an Appliance forensics
  46. 46. Questions?

×