Visibility In The Cloud

20th-October, IPExpo London

Paul ReeveChannel Sales and Business Development

Wait, I’ve seen this before somewhere

Time Shared Computing

Time Sharing Computing

The Underlying Economics of Cloud Computing

• Has less to do with– Computing Power– Memory

• But more to do with– Ubiquitous broadband access to the Internet– Low cost of wide area networks

Cloud Computing is about moving seams and changing the nature of the seams

Our Big Computers Our Little Computers

Before Cloud Computing, a seam defined two distinct computing platforms but both were

controlled by the organization.

Seams require security and monitoring. Security and monitoring starts with visibility.

New Seams

Old seams were based oncomputing platforms within anenterprise

New seams are based onapplications between different enterprises

But…

Seams still require visibility

The need is for application-based visibility

And so emerged the SLA

Question: How do you know if the SLA is being delivered?

Answer: Visibility at the seams

Enterprise- Must know that service is delivered securely as promised- Only way to know is to establish data capture infrastructure at the seam

Cloud Service Provider- Must know that service is delivered securely as promised- Only way to know is to establish data capture infrastructure at the seam

Service Provider Data Capture Infrastructure

EnterpriseData Capture Infrastructure

SEAM SEAM

What is Data Capture

Infrastructure?

Why is it important?

Question: What Happens If Face Recognition Software Is Served By A Substandard Camera?

Datacom Systems Inc. Confidential 12

Answer: Expensive, Sophisticated Software is Sub-Optimized

?

                                                Rich Schultz/Associated Press

Flights Out of Newark Airport Halted for Possible Security Breach Passengers waited after a security breach shut down a terminal at the Newark Liberty International Airport on Sunday. By SARAH WHEATONPublished: January 3, 2010

Analysis Starts with Proper Data Capture

Newark Airport's Security Cameras Were BrokenAirport Owns the Cameras but Says the TSA is Supposed to Report Them BrokenBy AARON KATERSKYJan. 5, 2010 9 comments

Port Authority installs camera alarms at Newark airport after security breachBy Mike Frassinelli/The Star-LedgerFebruary 25, 2010, 4:00PM

Unfortunately, the importance of data capture is realized after an event

The Same is True in Networking

We tend to be fascinated with and focus on the analysis software….

…but overlook the importance of the data capture infrastructure that feeds the analysis software

Optimal Network Analysis is ….

A division of labor between hardware and software

“The best security is always a combination of hardware and software.”

Paul Otellini, CEO Intel20-Sept. Wall Street Journal, comment on combining Intel hardware with McAfee software

How Data is Captured for AnalysisThe actual data is not captured but rather copied by either:

1. A general-purpose network element or a

2. A purpose-built network element

General-PurposeSpan Port from a RouterSPAN stands for switch port analyzer

Purpose-BuiltTAP

TAP stands for test access port

Data Capture is first about getting a 100% reliable copy of the data.

Data Capture Infrastructure will perform a combination of these three functions:

AggregationData from multiple links aggregated for one tool to analyze

RegenerationData from a single link

is regenerated for multiple tools

FilteringData is reduced to the essential packets for specialized analysis

Data Capture Infrastructure Works in Tandem with Analysis Tools

Production Network Traffic

TAP TAP TAP TAP TAP TAP

Aggregation and Filtering

Analysis Tool

Analysis Tool

Analysis Tool

Data Capture Infrastructure not only copies the traffic but prepares the copied traffic for more efficient performance by the analysis tools

Foundation for Network Security

Data Capture Infrastructure

SPAN vs. TAP

• Easily mis-configured• Consumes a port and CPU• Dropped if the router is stressed• Not scalable• VLAN tags stripped out• Corrupt packets are dropped

• True picture of the traffic including layer 1 and 2• Permanent port that doesn’t affect traffic• Visibility into full duplex links• Every packet delivered in order• Scalable through regeneration and multiple ports• VLAN tags and corrupt packets captured

A TAP can be placed closer to the seam between the enterprise and the cloud service provider

Data Capture Infrastructure

• Should be placed at the seam between the enterprise and cloud service provider

• Is the most reliable way to confirm SLA compliance

• Requires planning as with any other network deployment

• Increases the efficiency of analysis tools

Paul Reeve

GCH Test & Computer Services LtdStand 832

Thank You