The Virtual Network Visibility Challenge
While you support applications hosted in geographically separate multi-tenant virtualized environments (i.e., branch office, enterprise data center, private or public cloud), you cannot compromise the security, performance, and end-to-end service quality of experience. The benefits are many for virtual data centers and SD-WANs, but you may find it challenging to access and monitor virtual traffic.
In the event of a network problem, you (or your SD-WAN or cloud providers) need to know where the problem is throughout the service delivery path. You need total visibility to critical application data in these virtualized networks and off-site environments.
But the reality is that most modern virtualized data centers have limited or no access to east–west traffic. How can you ensure the availability, reliability, and performance of your mission-critical applications? How do you get relevant critical data to analytics and monitoring tools, regardless of where they are located?
CloudLens – The No Compromise Visibility Platform
Keysight CloudLens™ is our public, private, and hybrid cloud visibility platform. For the private cloud, Keysight’s CloudLens offers integrated virtualized visibility products to deliver a powerful visibility platform, ensuring complete data access, filtering, and intelligent distribution across private cloud environments.
ELEMENTS OF CLOUDLENS
Virtual taps (vTaps) enable you to access east-west traffic in virtual machines and tunnel it to either a physical or virtual network packet broker. The network packet broker provides packet and application flow filtering, or Netflow, with advanced application identification, geographic location, secure socket layer (SSL) decryption, and deduplication to provide unprecedented insight into network traffic in the virtualized environments.
In addition, Keysight’s Hawkeye™ enables continuous proactive monitoring of your virtualized network infrastructure. It quickly and effectively validates network performance, isolates problems, and proactively detects issues by running scheduled verification tests. Using a combination of hardware and software agents, called performance endpoints, Hawkeye simulates application traffic and sends key performance metrics to a central console for fast action.
High Availability Monitoring In Multi-Tenant Environments
Keysight’s CloudLens has self-healing and fault tolerance. It continuously checks the availability of individual virtual taps (vTaps), and if one is unavailable, a new vTap is instantiated with the same configuration. vTap Manager continuously monitors its virtual machine (VM) instance memory, central processing unit (CPU) load, and critical alerts to take self-healing corrective action, scale-out based on application load, and if needed, create another monitoring VM instance with the same persistent configuration.
The monitoring and flow configuration of the vTap service instance is persisted in the controller, so in the case of a critical host failure, like a shutdown or reboot, the vTap service agent starts again automatically with the same configuration.
Most Comprehensive Hypervisor Support
In addition to supporting multiple hypervisor environments, Keysight's visibility platform provides access to traffic and distributes it to the security fabric through an array of tunneling options (Generic Routing Encapsulation (GRE), virtual local area network (VLAN), encapsulated remote switched port analyzer (ERSPAN)).
Tighter integration with private and hybrid cloud environments orchestrate virtual tap and virtual network function (VNF) spin-up within OpenStack.
Keysight provides a trusted and reliable infrastructure with uncompromising quality of experience (QoE) and easier configuration and visibility through automation and powerful monitoring tools. And, that translates to being able to accelerate time to revenue and improve network reliability.
Securing Your Multi–Tenant Environment
Private and public cloud service providers who own the virtualized infrastructure host workloads from multiple customers (tenants) on top of the same shared virtual fabric. Depending on how the cloud service provider (CSP) addresses the confidentiality, integrity, and availability of tenant workloads, this could increase the attack surface, risk compromise of sensitive customer data, and result in compliance and service level agreement (SLA) issues.
Since both the infrastructure owner and the tenant implement their own security analytics and application monitoring solutions, the design of intelligent visibility for data access and distribution needs to serve both the tenant and the infrastructure separately. CloudLens provides access to data of interest, allowing you to access traffic within defined availability zones, network segments, application types, security groups, and services within a tenant or across multiple tenants.