managing security tco for publication in nsx environmentshypervisor/vswitch. visibility plug-in....

#vmworld

Managing Security TCO in NSX Environments

with NETSCOUT VisibilityDr. Vikram Saksena, NetScout Systems, Inc.

SAI3837BUS

#SAI3837BUSVMworld 2018 Content: Not for publication or distribution

Established Presence in Service Providers

©2018 NETSCOUT SYSTEMS, INC.

180+ Service Providers in 46 Countries

Wireless, Wireline and MSO

Physical and Virtual Environments

Market Leader in Service Assurance

VMworld 2018 Content: Not for publication or distribution

Our Market Focus


Real-time, Agile, Scalable,Easy to Deploy, Use and Manage

Actionable Intelligence

Most InsightfulHigh Integrity & ValueDifferentiated

Security Assurance Business AssuranceService Assurance

ASI SensorNetwork

Atlas SensorNetwork

• Network Assurance• Application Assurance• Infrastructure Assurance

• DDoS• Advanced Threats

• Customer Experience• Self Service Analytics• Data Export


Long History of Industry Leadership


Digital Transformation

IP Convergence

Networking

Protocols 1985 - Protocol Assurance

1995 - Network Assurance

2005 - Service Assurance

2015 - Business Assurance


Digital Transformation Initiatives in Service Providers

• Programmable Networks– From closed hardware centric networks to open software driven networks

• Edge Computing– Control and delivery of low latency services from the network edge

• Life Cycle Automation– Customer fulfillment, predictive disruption free network operation

• Service Agility– Personalized services that can be created and changed on demand

Operators are adopting a “Data Driven” operating model to drive this transformation



The “Smart Data” Paradigm Network Data Refined for Actionable Intelligence

Sources of Network Data Smart Data

• Device Statistics (Traffic Counters, CPU/Memory Usage)

• Machine Logs• Flow Data (e.g., Netflow)• Sessions Records (e.g., XDRs)• Network Traffic

• Contextual• Timely• Relevant• Structured• Compact

Benefits

• 10-100x data reduction avoids data lake “flooding”

• Savings in upstream bandwidth, storage, and server resources

• Actionable for real-time decisions



nGenius Adaptive Service Intelligence (ASI)Transforms Network Traffic into Smart Data


Real-time Metadata, Key Performance Indicators, Session Records, Packet Capture

Flexible Software Centric Design, Multiple Deployment Modes, Scalable Architecture

Optimized Data Collection, Analysis & Storage, Compact Footprint

Smart

GreenVMworld 2018 Content: Not for publication or distribution

Delivering Value to Multiple Stakeholders


SMARTDATA

SOLUTIONSCustomer

Care

NetworkOperations

EndCustomers

SecurityOperations

NetworkPlanning

ProductTeams

• Reduce Churn, Improve NPS• Zero touch Automation• Just-in-time Resource

Management• Advanced Threat

Management• Personalized Services• End Customer VisibilityVMworld 2018 Content: Not for publication or distribution

COPYRIGHT © 2018 NETSCOUT, SYSTEMS, INC. ° CONFIDENTIAL & PROPRIETARY 9

Technology and Products



Visibility and Assurance Challenges

Service Layer Visibility

What’s needed?

Flexible deployment options across both

hypervisor and container environments

Active and passive monitoring without

overly burdening the underlying infrastructure

Integrating Service& Infrastructure

Performance

What’s needed?

A solution that integrates and

correlates service layer metrics and

infrastructure metrics

Complete view of service performance and

isolation of infrastructure bottlenecks

Visibility in Public Clouds

What’s needed?

A visibility agent that can be deployed and moved with the application as it migrates across multiple

cloud environments

Continuous monitoring of application performance across public and private

clouds

Service Assurance Automation

What’s needed?

Real-time metadata exported via streaming

APIs to enable integration with NFV orchestrators for

closed-loop automation

Critical for delivering a high quality user

experience in a dynamic and agile NFV deployment


Smart Data Product Family


• Appliance or Software• Real-time Network and Application Monitoring• Voice, Internet, Video, Business Apps• User and Control Plane Monitoring• KPIs, XDRs, Packets

• Lightweight Instrumentation• VMware, OpenStack, Docker • Standards based Orchestration• NFV and Cloud Deployment

Virtual Infinistream

Infinistream

nGeniusAssurance &AnalyticsApplicationsSuite

Flexible deployment options for pervasive instrumentation from the edge to the core


Virtual Infinistream Deployment Options


Hardware + OS

Appl…Appl

Guest OS Guest OS

Appl

Visib

ility

Agen

t …Guest OS

ApplVisibility

Container

Hardware + OS

Bins/Libs

Container Engine

Bins/Libs Bins/Libs

…

Hypervisor

Public Cloud Infrastructure

Public Cloud

Guest OS

Hypervisor/vSwitch

Visibility Plug-in

Visib

ility

Agen

t

Appl Appl

Container

• Plug-ins allow for a highly efficient in-memory packet capture

• Vmware and OpenStack• Minimal impact on

Hypervisor/vSwitch performance

• Lightweight instrumentation in a resource constrained environment

• Docker and Kubernetes• Optimized for Edge Compute

deployments

• Lightweight application monitoring• Visibility agent moves with the

application• Independent of public cloud

infrastructures (AWS, Azure, etc)


nGenius Applications Suite


Active ProbingInfrastructure Performance

nGeniusPULSE

Network and ServiceAssurance

nGeniusONE

Session TraceSubscriber Troubleshooting

nGenius Session Analyzer

Customer ExperienceSelf Service Analytics

Data Export

nGenius Business Analytics

Rich network, subscriber and application layer analytics that support a broad set of digital transformation initiativesVMworld 2018 Content: Not for publication or distribution

nGeniusONEService Monitoring and Assurance


Service DashboardGain visibility into critical service issues

Performance AnalysisVerify and correlate service performance

Session AnalysisGranular user session tracing and analysis

Packet AnalysisDeep-dive investigation of service issues

Services

KPIs

Sessions

PacketsVMworld 2018 Content: Not for publication or distribution

Service and Infrastructure Assurance


Network Analytics

Application Analytics

IP IntelligencenGeniusONE

Server Health

NetworkElementHealth

Syslog

Infrastructure Intelligence

Active -Service

Test

nGeniusPULSE


COPYRIGHT © 2018 NETSCOUT, SYSTEMS, INC. ° CONFIDENTIAL & PROPRIETARY 16

Use Cases: 5G and SD WAN


5G: Unleashing a New Generation of Services

• Fixed broadband– Regain subscriber growth in the residential broadband market– Use of mmWave spectrum to deliver bandwidth comparable to cable

• Mobile broadband– Significantly higher data rates for a new generation of consumer devices

• Ultra-low latency services– Deployment of edge compute nodes to support low latency services such as AR/VR,

autonomous vehicles, and patient monitoring

• Massively scalable IoT– Low cost, long battery life support for a wide range of consumer and industrial IoT devices



Our Value Proposition for 5G

• RAN Optimization– Performance calibration in mmWave bands for maximizing spectrum utilization

• Support for Network Slicing and CUPS architecture• Extending Visibility to the Edge Compute Nodes

– Container-based, lightweight instrumentation at the edge combined with richer instrumentation in the core

• Assuring user experience for a new generation of services– AR/VR, 4K video, Industrial IoT, autonomous vehicles

– Enable service providers to grow and retain subscribers

• Support for industry standard automation platforms (OSM, ONAP) to enable service agility and lower opex



Control and User Plane Separation (CUPS)

• CUPS architecture allows user plane to be moved closer to the edge for content caching and low latency services

• Allows user and control plane to scale independently

• Creates new assurance challenges


SxS/PGW

(Control & User Plane)

S/PGW-C(Control Plane)

S/PGW-US/PGW-U

S/PGW-US/PGW-U(User Plane)

Core

EdgeVMworld 2018 Content: Not for publication or distribution

Mobile Edge Computing



Smart Visibility in a Distributed CUPS Network

• User plane traffic is monitored at the MEC server

• Control plane traffic is monitored in the Core network

• Smart visibility allows the metadata to be properly correlated


Container-basedEdge Stack(User Plane)

Physical orVirtual Core

(Control Plane)

nGenius


Enabling Automation in 5G Networks


Portal

ONAPVMworld 2018 Content: Not for publication or distribution

SD-WAN: Reigniting Growth in Business Services

• Leveraging broadband access– Remote offices, bandwidth expansion, access diversity, out-of-region coverage

• Distributed, secure access to the Cloud– Direct access from all enterprise locations rather than just from the HQ

• Dynamic, software controlled connectivity– Access agnostic, performance-optimized, secure, policy-driven

• Simplifying the Branch Office– Moving from a clutter of appliances (Router, FW, SBC, WANX) to a virtualized uCPE with

services hosted as VNFs

• Going beyond connectivity with hosted, value-added services



Our Value Proposition for SD-WAN

• Application layer visibility– Visibility into popular business applications (Unified

Communications, Oracle/SAP, Sharepoint, Office365, Salesforce, etc)

• User experience monitoring– Individual session analysis and packet decodes

• Visibility into applications hosted in Public Cloud (AWS, Azure)

• Rapid problem isolation to reduce truck rolls• Advanced threat analytics• Visibility and custom reporting for the end customer



Monitoring Multi-Cloud Applications


Availability Zone

ServiceInstances

Availability Zone

ServiceInstances

Availability Zone

ServiceInstances

Availability Zone

ServiceInstances

PUBLIC CLOUD

Lightweight agent runs within service instances that require monitoring

Forward packets when deep-dive analysis is required

Monitor uCPE traffic

nGeniusONE manages local, uCPE, private cloud and public cloud instrumentation

ServiceInstances

ServiceInstances

PRIVATE CLOUD

Monitor physical network

DATA CENTER

Monitor services in the private cloud

Business Locations

uCPE

SDWAN/MPLS

vSBCvSBC

uCPE

uCPERemoteBranch

INTERNET


Assurance of SD WAN Services

MPLSBroadband

Operator Cloud(Hosted Services, SDWAN Controller)

uCPEHypervisor

SDWAN VNF

Branch 1

uCPEHypervisor

SDWAN VNF

SDWAN Gateway

Branch 2

uCPEHypervisor

SDWAN VNF

Branch n


nGenius


Trusted partner to help you succeed!


• Service Providers are evolving to embrace NFV, SDN, and Cloud technologies to drive their digital transformation

• Our Smart Data solutions are uniquely positioned to deliver value in these new initiatives

• Our Infinistream family of instrumentation products support• Flexible deployment options from uCPE to the core network and the Cloud• Popular infrastructure platforms such as OpenStack, VMware, and Containers• Standards based orchestration

• Our nGenius family of applications provide• Application layer visibility• SLA and user experience monitoring• Visibility and custom reporting for the end customer

• We are here to partner with you to deliver value to your end customers


PLEASE FILL OUTYOUR SURVEY.Take a survey and enter a drawingfor a VMware company store gift card.

#vmworld #SAI3837BUSVMworld 2018 Content: Not for publication or distribution

THANK YOU!

#vmworld #SAI3837BUSVMworld 2018 Content: Not for publication or distribution

managing security tco for publication in nsx environmentshypervisor/vswitch. visibility plug-in....

Documents