Businesses move to the cloud for its elasticity, lower operational costs, scalability and opportunity for enhanced business agility. However, businesses must consider how they will overcome issues regarding visibility and insight into the cloud environment.
Our survey on virtualisation practices found that only 37 per cent of organisations monitored their virtualised environments with the same rigour as their physical IT networks.*
The research highlighted a big visibility gap when it comes to cloud. While that may seem like a good trade-off today, small businesses will feel different if things go wrong. Most organisations cannot take that chance, so they need to bridge the visibility gap quickly. Visibility will enable better control, to maintain security no matter where their data goes and, of course, to ensure reliability of their core business applications.
Most IT managers would look to deploy virtual network taps to address this visibility gap, sending the traffic to their monitoring, analytics and security tools. Unfortunately, this can flood such tools with data.
Internal east-west traffic in virtual data centres typically represents 80 per cent of the total traffic. Finding a way to monitor this data without overloading the system is key. Businesses need to identify and extract only the most relevant traffic, in an efficient manner.
According to Ixia, there are four key points to consider when deploying virtual taps to ensure meaningful, granular access to critical application traffic on virtualised networks:
1. Horizontal scale
When placing the virtual taps in the virtual network, you need to be sure they can scale up to accommodate rapid growth in traffic volumes as well as user numbers and data interactions. The taps should do this automatically, without needing IT intervention or impacting application performance.
2. Securing in the dark
Virtualised networks are typically segmented using virtual firewalls to protect key applications and services from attack, and to prevent lateral movement in the virtualised environment that could compromise data or resources. Virtual taps need to be able to see the application and network traffic flowing between segments. With this comprehensive insight, you can ensure that the appropriate security rules and policies governing each segment are being enforced.
3. More containers
As virtual machine use grows, container use multiplies by as much as 10-fold or more. If the organisation is using container-based virtualisation to boost application performance, the virtual tap must be able to access traffic in the container environment.
4. Elasticity
New builds mean updates that propagate across the virtual environment. Individual virtual machines, containers and their hosted applications have shorter lifespans, requiring continual awareness of the actual state of the environment. It is vital that these changes do not block the entire traffic path, or take the virtual tap down with it.
Virtual taps and the overall visibility solution must be environment-agnostic. Elastically-scalable access is achievable for all the data crossing virtual networks and clouds as well as intelligent distribution to analytics and compliance tools. Leaving data unmonitored is not smart business. Small businesses do not have to give up visibility to gain cloud speed or cost advantages – with the right architecture they can have both.
* https://www.ixiacom.com/sites/default/files/resources/whitepaper/915-3528-01-virtualization-report-2015-b.pdf
Jeff Harris, VP of Solutions Marketing, Ixia
