The blind spot in virtual servers - seeing with network analysis


Published on

Virtual servers are now commonplace. Virtual storage is taking the IT market by storm. And the virtual data center and virtual networks are visible on the horizon. Virtualization provides tremendous efficiencies, reducing the cost of equipment, management, and even utilities. But as with most technological shifts there are consequences, especially in network analysis, that must be addressed. Virtualization, regardless of the “flavor”, creates a blind spot - a loss of visibility into traffic between virtual applications or virtual systems - when using traditional network analysis products and techniques. In this webinar, we will dissect this problem and demonstrate ways to overcome these network blind spots.

In this web seminar, we will cover:

How network blind spots occur
Where network blind spots occur
How to identify which flavors of virtualization are most vulnerable
You will learn how to:

Establish goals for virtual network analysis
Identify the best network analysis solutions for each virtualization flavor
Configure your virtual network for the realities of network analysis

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The blind spot in virtual servers - seeing with network analysis

  1. 1.© WildPackets, Inc.Show us your tweets!Use today’s webinar hashtag:#wp_virtualblindspotwith any questions, comments, or feedback.Follow us @wildpacketsJay BotelhoDirector of Product ManagementWildPacketsjbotelho@wildpackets.comFollow me @jaybotelhoThe Blind Spot in Virtual Servers:Seeing with Network Analysis
  2. 2. © WildPackets, Inc.#wp_virtualblindspotAdministration• All callers are on mute‒ If you have problems, please let us know via the Chat window• There will be Q&A at the end‒ Feel free to type a question at any time• Slides and recording will be available‒ Notification within 48 hours via a follow-up email2
  3. 3. © WildPackets, Inc.#wp_virtualblindspotAgenda• Current Trends in Virtualization• What Causes Virtual Network Blind Spots?• Configuring Virtual Networks for Analysis• Establishing Goals for Network Analysis in VirtualEnvironments• Defining the Requirements• WildPackets Corporate Overview• WildPackets Product Line Overview3
  4. 4.© WildPackets, Inc.Current Trends in Virtualization
  5. 5. © WildPackets, Inc.#wp_virtualblindspotCurrent State of Virtualization• 75% of large companies have implemented some form ofvirtualization1• Percentage of servers actually virtualized remains small atapproximately 10 – 15% in these companies1• Virtual systems are a tempting target for security breaches‒ Compromising only one layer provides access to many2• Storage virtualization – 45% adoption; 5th most effective ITstrategy3,7‒ Deduplication‒ Thin provisioning‒ Tiering
  6. 6. © WildPackets, Inc.#wp_virtualblindspotAdoption Drivers in Virtualization• Bundling virtualization with servers1• SMBs get into the action4, 5• Automation on the rise5, 6• Better backup, recovery and live migration tools5, 6• I/O and network virtualization 6• SDN (Software Defined Networks)• Desktop Virtualization5, 6, 8‒ Benefits depend on vertical industry‒ Mobile access devices (eg. iPads) driving adoption6
  7. 7.© WildPackets, Inc.What Causes Virtual Network BlindSpots?
  8. 8. © WildPackets, Inc.#wp_virtualblindspotVirtualization11000110101 1100011010111000110101?
  9. 9.© WildPackets, Inc.Configuring the Virtual Network forAnalysis
  10. 10. © WildPackets, Inc.#wp_virtualblindspotCategories of Virtualization• Standalone• Coordinated/Distributed• Cloud10
  11. 11. © WildPackets, Inc.#wp_virtualblindspotTerminology• VM Host‒ Physical hardware running the hypervisor‒ “Server” or “VM Server”• VM Guest‒ Virtual machine running as an image inside the server‒ “VM”• Networking‒ vNIC: Virtual NIC‒ vSwitch: Virtual Switch‒ pNIC: Physical NIC11
  12. 12. © WildPackets, Inc.#wp_virtualblindspotStandalone VM Networking• Multiple guests, single host‒ One or more vNICs per guest‒ One or more physical NICs onhost• Switch interfaces‒ Guest vNICs‒ Host physical NICs (pNICs)‒ Possible network separationvia multiple L2 vSwitches• Logically behaves like a TORor workgroup switch‒ No transit traffic, leaf network‒ Usually no L3 (Routing)between VLANs/vSwitches12
  13. 13. © WildPackets, Inc.#wp_virtualblindspotThe Blind Spots13
  14. 14. © WildPackets, Inc.#wp_virtualblindspotEliminating the Blind Spots11000110101?
  15. 15. © WildPackets, Inc.#wp_virtualblindspotEliminating the Blind Spots• The Good:‒ Visibility of intra-hosttraffic‒ Built into infrastructure• The Bad:‒ Capturing on local VMincreases demand onVM resources‒ Still have to knowwhich host for specificVM guest‒ May violate separationof customer traffic15
  16. 16. © WildPackets, Inc.#wp_virtualblindspotConfiguration Details• Create a VM forOmniVirtual• Allocate resourcesbased on goals• Install OmniVirtual• Connect toOmniVirtual usingOmniPeek
  17. 17. © WildPackets, Inc.#wp_virtualblindspotConfiguration Details (cont.)• Log into the VMwareInfrastructure Client• Choose the Configurationtab in Networking• Put the virtual switch intopromiscuous mode – SwitchProperties -> Edit ->Security tab – setpromiscuous mode to“accept”• Similar to spanning a switchin a “real” environment• Start a capture
  18. 18. © WildPackets, Inc.#wp_virtualblindspotCoordinated VM Networking• Single switch among multipleVM hosts‒ Each vSwitch per host like ablade switch‒ Physical network like abackplane, but usually no L3• Maintains single forwardingtable‒ Inter-VM traffic between hostssent encapsulated to target host‒ No need to “learn” VM MACaddresses• Port profiles per guest‒ If VM moves, profile moves too‒ vSwitch forwarding tablesautomatically updated‒ Physical switches must learn newhost for VM18Distributed vSwitch (shared across VM hosts)
  19. 19. © WildPackets, Inc.#wp_virtualblindspotThe Blind Spots19Distributed vSwitch (shared across VM hosts)
  20. 20. © WildPackets, Inc.#wp_virtualblindspotEliminating the Blind Spots - Virtual Taps• The Good:‒ Reduced effort, increasedvisibility‒ Should auto-filter forcustomer traffic separation• The Bad:‒ May be VM vendorspecific, e.g. only VMware• Examples: NetOptics,Gigamon, BigSwitch20Distributed vSwitch (shared across VM hosts)Virtual Tap
  21. 21. © WildPackets, Inc.#wp_virtualblindspotCloud• Private Cloud (In-house)• Public Cloud (3rd Party)‒ Software-as-a-Service (SaaS)‒ Infrastructure-as-a-Service (IaaS)‒ Hosted services21
  22. 22. © WildPackets, Inc.#wp_virtualblindspotNetwork Analysis in the Cloud• Private Cloud (In-house)‒ Under your control -functionally similar todistributed VM‒ If you control the network,you can sniff “anywhere”• Public Cloud (3rd Party)‒ IaaS VMs can likely sniff theirown traffic‒ SaaS and Hosted Services -unlikely that you cannegotiate network sniffingrights22
  23. 23.© WildPackets, Inc.Establishing Goals for NetworkAnalysis in Virtual Environments
  24. 24. © WildPackets, Inc.#wp_virtualblindspotWhat’s The Difference?• All the same goals apply‒ Monitoring/alarms‒ Real-time analysis‒ Post-capture analysis‒ Network performance/application performance/VoIP• Only the implementation is differentTraditional NA – Virtual NA = 0
  25. 25. © WildPackets, Inc.#wp_virtualblindspotAnalyze The Essentials• Monitor‒ Statistics only‒ Alerts/alarms‒ Perfect for conserving resources• Real-time analysis‒ Disable what you don’t need toincrease performance• Post-capture analysis‒ Turn off ALL analysis options‒ Significantly increase overallperformance
  26. 26. © WildPackets, Inc.#wp_virtualblindspotBest Practices• Be specific (regarding your analysis requirements)• Understand your virtual environment and network• Analyze the essentials• Know your resource limits• Anticipate hardware resource needs• Be reasonable (monitor the number of analystsaccessing data)
  27. 27.© WildPackets, Inc.Defining the Requirements
  28. 28. © WildPackets, Inc.#wp_virtualblindspotAnticipate Hardware Resource Needs• Real-time analysis‒ Keep buffer size, file size and saved files within reasonable limits‒ Use the minimum number of captures possible to accomplishyour objective• Post-capture analysis - hard disk and RAM‒ Assuming steady-state traffic of 1Gbps:7.68 GB/min460 GB/hr11 TB/day‒ Forensics searches are CPU and RAM intensive‒ Pre-compute the maximum RAM your search could use‒ Disable unneeded analysis options‒ Experiment: search for just packets and then add severalanalysis options and note the difference
  29. 29.© WildPackets, Inc.Q&AShow us your tweets!Use today’s webinar hashtag:#wp_virtualblindspotwith any questions, comments, or feedback.Follow us @wildpacketsFollow us on SlideShare!Check out today’s slides on
  30. 30.© WildPackets, Inc.WildPackets Corporate OverviewOptimizing Network and Application Performance
  31. 31. © WildPackets, Inc.#wp_virtualblindspotCorporate Background• Experts in network monitoring, analysis, and troubleshooting‒ Founded: 1990 / Headquarters: Walnut Creek, CA‒ Offices throughout the US, EMEA, and APAC• Customers spanning leading edge organizations‒ Mid-market and enterprise lines of business‒ Financial, manufacturing, ISPs, major federal agencies,state and local governments, universities‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000• Award-winning solutions that improve network performance‒ Internet Telephony, Network Magazine, Network Computing awards‒ United States Patent 5,787,253 issued July 28, 1998• “Apparatus and Method of Analyzing Internet Activity”
  32. 32. © WildPackets, Inc.#wp_virtualblindspotWhy Our Customers Need Us• VoIP, video, cloud, virtualization, and key businessapplications are saturating critical network services• Evolving network technologies create discontinuities‒ 1 Gig  10 Gig  40 Gig  100 Gig networks‒ Wireless, BYOD initiatives• Users and business can not tolerate networkproblems for mission critical servicesIncreasing demand for better real-time network visibility,network analytics, network forensics, and DPI
  33. 33. © WildPackets, Inc.#wp_virtualblindspotHow We Create ValueWe provide innovative, industry-leading, real-timenetwork performance management solutions‒ Easy-to-use, easy-to-learn user interface‒ Uniquely extensible solutions‒ Wireless network leadership‒ Detailed analytics related to network applications‒ Fastest network traffic capture appliance in its class‒ Technical superiority at competitive price pointWildPackets has continually advanced its solution to meet the needs of itscustomers
  34. 34. © WildPackets, Inc.#wp_virtualblindspotUnprecedented Network VisibilityROOT-CAUSE ANALYSISOmniPeek network analyzer performs deep packet inspectionand can reconstruct all network activity, including e-mail andIM, as well as analyze VoIP and video traffic quality.PINPOINT NETWORK ISSUES ANYWHEREOmnipliance Portable can rapidly identify and troubleshootissues before they become major problems—wired orwireless—down the hall or across the globe.UNDERSTAND END-USER PERFORMANCETimeLine and Omnipliance network recorders monitorand analyze performance across critical networksegments, virtual environments, and remote sites.NETWORK HEALTHWatchPoint can manage and report on keydevice performance and availability acrossthe entire network, from anywhere on the network.GLOBALDISTRIBUTEDPORTABLEDPI
  35. 35. © WildPackets, Inc.#wp_virtualblindspotA History of Innovation2003Distributed real-timetroubleshooting2001• First 802.11wireless analyzer• First networkanalyzer withautomated expertanalysis2005Combined distributednetwork and VoIPnetwork analysis2008Enterprise-wideMonitoring and Reporting2009Innovative dashboardwith drill-down for VoIPand video2012• Capture, record, andanalyze from 40Gnetwork segments• First wireless networkanalyzer to support801.11ac, k, r, u, v, w2011• Total visibility withzero packet loss• First wirelessnetwork analyzer tosupport capture andanalysis of 802.11n3-stream wireless2010First to achieve 11 Gbpssustained capture-to-disk
  36. 36.© WildPackets, Inc.Product Line Overview
  37. 37. © WildPackets, Inc.#wp_virtualblindspotOmni Distributed Analysis PlatformOmniPeekEnterprise Packet Capture, Decode and Analysis• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP• Portable capture and OmniEngine console• Aggregate analysis data across multiple capture pointsOmnipliance / TimeLineDistributed Enterprise Network Forensics• High-performance packet capture and real-time analysis• Stream-to-disk for forensics analysis• Integrated OmniAdapter network analysis cards up to 40GWatchPointCentralized Enterprise Network Monitoring Appliance• Aggregation and graphical display of network data• WildPackets OmniEngines• NetFlow and sFlow
  38. 38. © WildPackets, Inc.#wp_virtualblindspotOmni Distributed Analysis PlatformSoftware and Turnkey Solutions• Enterprise monitoring and reporting‒ WatchPoint Server‒ OmniFlow, NetFlow, and sFlow Collectors• Software probes and network recorders‒ Omnipliance network recorders – Edge, Core‒ TimeLine network recorders‒ OmniAdapter analysis cards• Distributed analysis software‒ OmniPeek – Enterprise, Professional, Basic, Connect‒ OmniEngine – Enterprise, Desktop, OmniVirtual• Portable solutions‒ OmniPeek network analyzer‒ Omnipliance Portable
  39. 39. © WildPackets, Inc.#wp_virtualblindspotKey New Features in v7• 40G network support• Analyze issues from end to end:Multi-Segment Analysis (MSA)• Collect data from non-technical end users:OmniPeek Remote Assistant (ORA)• Single, interactive dashboard forutilization, top talkers, top protocols,latency, Experts, flows, and wirelesssignal strength• New wireless specifications‒ 802.11ac 802.11k‒ 802.11r 802.11u‒ 802.11v 802.11w
  40. 40. © WildPackets, Inc.#wp_virtualblindspotOmniPeek Network Analyzer• Distributed analysis manager– Connect to and configure distributed OmniEngines, Omnipliances,and TimeLines• Comprehensive dashboards present network traffic in real-time– Vital statistics and graphs display trends on network and applicationperformance– Visual peer-map shows conversations and protocols– Intuitive drill-down for root-cause analysis of performance bottlenecks• Visual Expert diagnosis speeds problem resolution– Packet and payload visualizers provide business-centric views• Automated analytics and problem detection 24/7– Easily create filters, triggers, scripting, advanced alarms, and alerts
  41. 41. © WildPackets, Inc.#wp_virtualblindspotOmnipliance Network Recorders• Captures and analyzes all network traffic 24x7– Runs WildPackets OmniEngine software probe– Generates vital statistics on network and application performance– Intuitive root-cause analysis of performance bottlenecks• Expert analysis speeds problem resolution– Fault analysis, statistical analysis, and independent notification• Multiple issue digital forensics– Real-time and post capture data mining for compliance and troubleshooting• Intelligent data transport– Network data analyzed locally– Detailed analysis passed to OmniPeek on demand– Summary statistics sent to WatchPoint for long term trending and reporting– Efficient use of network bandwidth• User-extensible platform– Plug-in architecture and SDK
  42. 42. © WildPackets, Inc.#wp_virtualblindspotTimeLine Network Recorder• Continuous network recording and comprehensivereal-time statistical display — simultaneously‒ 12Gbps sustained capture with zero packet loss‒ Network statistics display in TimeLine visualization format• Rapid, intuitive forensics search and retrieval‒ Historical network traffic analysis and quick data rewinding‒ Several pre-defined forensics search templates makingsearches easy and fast• A natural extension to the WildPackets product line• Turnkey bundled solution‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
  43. 43. © WildPackets, Inc.#wp_virtualblindspotWildPackets Network RecordersPrice/Performance Solutions for Every ApplicationPortable Edge Core TimeLineRuggedizedTroubleshootingSmall NetworksRemote OfficesDatacenter WorkhorseEasily ExpandableEnterprise, Highly-Utilized NetworksAluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassisDual 2.13 GHz Quad-Core IntelXeon L5630 "Westmere"Quad-Core Intel Xeon X34602.80GhzDual Intel Xeon Quad CoreE5530 2.4GHzDual Intel Xeon Quad CoreX5560 2.8GHz24GB RAM 4GB RAM 6GB RAM 18GB RAM2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports6TB SATA storage capacity 1TB SATA storage capacity 8/16TB SATAstorage capacity8/16/32/48TB SATAstorage capacity4.5Gbps CTD 1.1Gbps CTD 3Gbps CTD 12Gbps CTD
  44. 44. © WildPackets, Inc.#wp_virtualblindspotWatchPointCentralized Monitoring for Distributed Enterprise Networks• High-level, aggregatedview of all networksegments– Monitor per campus, perregion, per country• Wide range of networkdata– NetFlow, sFlow, OmniFlow• Web-based, customizablenetwork dashboards• Flexible detailed reports• Direct link to detailed,packet-based analysis
  45. 45. © WildPackets, Inc.#wp_virtualblindspotComprehensive Support and ServicesStandard Support Maintenance and upgrades Telephone and email contacts Knowledgebase MyPeek PortalPremier Support 24 x 7 x 365 Dedicated escalation manager 2 customer contacts per site Plug-in reconfiguration assistanceWildPackets Training Academy Public, web-based, and on-site classes Complete curriculum: technology and product focused Practical applications and labs covering network analysis,wireless, VoIP monitoring and advanced troubleshootingConsulting and Custom Development Services Deployment, configuration, and assessment engagement Systems integration and testing Application integration, driver, decode, interface development
  46. 46. © WildPackets, Inc.#wp_virtualblindspotWildPackets Key Differentiators• Visual Expert intelligence with intuitive drill-down– Let computer do the hard work, and return results, real-time– Packet /payload visualization is faster than packet-per-packet diagnostics– Experts and analytics can be memorized and automated• Automated capture analytics– Filters, triggers, scripting, and advanced alarming system combine to provideautomated network problem detection 24x7• Multiple issue network forensics– Can be tracked by one or more people simultaneously– Real-time or post capture• User-extensible platform– Plug-in architecture and SDK• Aggregated network views and reporting– NetFlow, sFlow, and OmniFlow
  47. 47. © WildPackets, Inc.#wp_virtualblindspot24x7 Network Monitoring,Analysis, and Troubleshooting
  48. 48.© WildPackets, Inc.Thank You!WildPackets, Inc.1340 Treat Boulevard, Suite 500Walnut Creek, CA 94597(925) 937-3200