Virtualization is undoubtedly the biggest computing trend in the past decade. By separating the elements of different computing platforms, more and more enterprise users have moved to virtual machines in the "one application, one server" mode to fully realize the potential of servers and staff. Ignoring the benefits of virtualization is not a choice in any competitive industry.
Unfortunately, in fact, many virtual machines have a major disadvantage in processing traffic on one server: traffic visibility. Many concepts make virtualization try to track data packets or analyze data streams to understand how networks behave at any given time.
In many virtualized data centers, security and performance visibility are lacking. For example, when a major performance problem occurs in a critical task network application. By making the right network architecture selection, administrators can achieve the commercial benefits of virtualization and meet the data packet-level visibility needs.
Virtual blind spot analysis
In traditional networks, traffic analysis uses TAP to enter network segments, or uses a port image SPAN to capture data packets in data streams between servers in the same subnet, analysis in a simple way.
However, in a virtual world, this pattern is broken. In a virtualized environment, data may never pass through a physical switch or network, but stay on the same physical host, making monitoring difficult. The traffic to the vswitch and backup through the virtual adapter does not need to be provided to monitor the traffic again.
Many enterprises often experience this loss before the IT department realizes the network crisis caused by the lack of visualization. The security team may not be aware of malicious security events until they are unable to monitor traffic from virtual machines to virtual machines on the same physical host. Without such visualization, malicious attacks cannot be detected and investigated to identify the damaged resources, take corrective measures, and prevent future malicious attacks. The failure to see what happened in the virtual data center creates a virtual blind spot.
Because virtualization is a mature technology and brings a return on investment so fast, you may not pay attention to blind spots in the process of rapid deployment of virtualization, even the virtual blind spots are not realized at all. The irony is that the virtualization model should be more closely monitored than the physical infrastructure, because the premise of its design is to run the underlying hardware as much as possible.
Optimize the Network Structure
Virtualization vendors and third parties provide visualization and quickly increase the volume of virtual machine traffic in the host. Services such as virtual networks have already been introduced on the market. It is feasible to use existing mature monitoring technologies to view both physical and virtual infrastructure. This allows administrators to continue using their current monitoring tools and related expertise, saving a lot of time and money investment.
VMware vSphere 5. the vSphere distributed switch (VDS) in x uses a port image to provide visualized and virtual encryption traffic. In essence, the traffic generated by this switch is like the traffic from a physical switch. Other virtualization vendors such as Cisco can also provide packet-level data from virtual environments.
However, obtaining data at the packet level is only half of the success. For end-to-end visibility, including physical and virtual infrastructure, traffic from VDS must be filtered and analyzed. In this way, enterprises can fully monitor their security performance, obtain accurate data packet streams, and then do what they need to do at the right time.
Many large data centers in the world have invested in Network Monitoring switches: a new technology that intelligently connects to the network of the data center. Just like in the physical network, it is vital that an analysis tool that filters and distributes Load Balancing data packets to a virtual environment, the Network Monitoring switch provides accurate data to be analyzed for each network tool.
This, in turn, improves the overall efficiency of the data center. Through the operation monitoring tool, the operation is more effective and accurate. Other benefits include solving the problem of insufficient TAP and SPAN ports. The intuitive management interface allows administrators to drag and drop traffic tools without the command line interface (CLI) script, and can adapt to future development of investment tools and infrastructure upgrade to a higher speed network.
A problem still exists in the process of transferring images from physical machines to virtual ports: the generation of redundant data packets. Like a physical SPAN, the virtual traffic of the port image may contain duplicate packets. To solve these problems, the leading network monitoring switch provides line rate data packet deduplication and fine-tuning of data packets. Packet fine-tuning improves the security of sensitive loads, such as user information, before transmitting data to the monitoring tool.
Virtualization improves the IT business capability and flexibility. However, it also brings new challenges: the visibility of critical packet-level network traffic cannot be obtained. However, by using the correct network architecture, including network monitoring switches, administrators can achieve many benefits of virtualization and achieve end-to-end visibility and protect their existing monitoring tool investment.