total virtual network visibility

www.wildpackets.com© WildPackets, Inc.

Jay Botelho

Director of Product Management

WildPackets

[email protected]

Ran Nahmias

Director, Virtualization and Cloud Services

Net Optics

[email protected]

Show us your tweets!Use today’s webinar hashtag:

#wp_virtualnetworkwith any questions, comments, or feedback.

Follow us @wildpackets

© WildPackets, Inc.

Agenda

• Current Trends in Virtualization

• What Causes Virtual Network Blind Spots?

• Eliminating the Blind Spot

• Network Analysis in Virtual Environments

• Net Optics Overview

• WildPackets Overview


Current State of Virtualization

• 75% of large companies have implemented some form of

virtualization1

• Percentage of servers actually virtualized remains small at

approximately 10 – 15% in these companies1

• Virtual systems are a tempting target for security breaches

‒ Compromising only one layer provides access to many2

• Storage virtualization – 45% adoption; 5th most effective

strategy3,7

‒ Deduplication

‒ Thin provisioning

‒ Tiering


Current Trends in Virtualization

• Bundling virtualization with servers1

• SMBs get into the action4, 5

• Automation on the rise5, 6

• Better backup, recovery and live migration tools5, 6

• I/O virtualization 6

• Desktop Virtualization5, 6, 8

‒ Benefits depend on vertical industry

‒ Mobile access devices (eg. iPads) driving adoption

WildPackets Overview PROPRIETARY AND CONFIDENTIAL 4


What Causes Network Blind Spots

11000110101 11000110101

11000110101?


Eliminating the Blind Spot


Hypervisor Virtual Stack Monitoring

Challenge

vm1 vm2 vm3

Physical Host Server

ESX Virtual Stack

Virtual Switch Analyzer

IDS

Physical Network

Security &

MonitoringVirtualization Creates

Security, Monitoring and

Compliance Risks

• No visibility into inter-VM traffic,

vulnerabilities or threats

• Lacks auditing of data passing

between virtual servers

• Inability to pinpoint resource

utilization issues


Phantom Virtual Tap Solution

vm1 vm2 vm3

Analyzer

IDS

Physical Network

Security &

Monitoring

Physical Host Server

ESX Virtual Stack with

Phantom InstalledPhantom

Controlle

r

(VM)

Enables Security,

Performance Monitoring and

Compliance

• 100% visibility of inter-VM traffic

• Kernel implementation—

no need for SPAN Ports on Virtual

Switch / Promiscuous Mode

• Bridges virtual traffic to physical

monitoring tools

Phantom Virtual Tap

Virtual Switch


Net Optics Converged Network Solution

Physical and Virtual

Monitoring Access

• Hypervisor-specific Tap

• Purpose-built for virtualization

• Monitor through Live-Migration

(VMotion)

• TAP for each VM instance

(by VM ID)

• Tight Integration with VMware vCenter

• Fault-Tolerant and Non disruptive

Architecture

Director™

ESX

vm1 vm2 vm3

Hypervisor

Phantom

Monitor™

Encapsulated

Tunnel

Phantom Manager™

LAN/W

AN

Indigo Pro™

Analyzer

IDS

Physical Server

Physical Server

Physical Server

Phantom

Controlle

r

(VM)


Phantom

Manager™

LAN/WAN

Support for vMotion Migration

ESX 1

vm1 vm2 vm3

Hypervisor

Phantom

Monitor™

ESX 2

vm5 vm6

Hypervisor

Phantom

Monitor™


Net Optics Standalone Network Solution

Phantom Virtual Tap

Standalone Implementation

• Phantom Tap can be deployed as total

virtualization monitoring solution

• Can capture and bridge traffic of

interest directly to select inspection

tools

• No hardware required, can be installed

and deployed off of data center floor

ESX

vm1 vm2 vm3

Hypervisor

Phantom

Monitor™

Encapsulated Tunnel

Phantom Manager™

LAN/W

AN

Indigo Pro™

Analyzer

IDS

Physical Server

Physical Server

Physical Server

Phantom

Controlle

r

(VM)


Phantom Virtual Tap Key Advantages


• Achieve security,

compliance and

performance

monitoring standards

• Gain end-to-end

traffic visibility in

the virtual

environment

• Realize the full

potential of your

virtual data center


Establishing Goals for Network

Analysis in Virtual Environments


Net Optics and WildPackets



What’s The Difference?

• All the same goals apply‒ Monitoring/reporting

‒ Background analysis with alarms/alerts

‒ Real-time vs. post-capture analysis

‒ Network performance/application performance/VoIP

• Only the implementation is different

Traditional NA – Virtual NA = 0


Understand Your Virtual Environment

• Traffic levels per

virtual interface

‒ Mbps?

‒ Packets per

second?

‒ Packet size

distribution?

• Traffic level per

application

‒ Average rates

‒ Peak rates

‒ Weekly patterns

• Baselines

‒ Establish and re-establish

‒ Use Expert events for further

classification


Real-time vs. Post Capture Analysis

• Real-time analysis‒ RAM is your friend

‒ Flexible, on-the-fly changes

‒ Network utilization under 3Gbps

‒ Validating theories

• Post-capture analysis‒ Disk capacity is your friend - steady-state traffic at 1Gbps requires:

7.68 GB/min

460 GB/hr

11 TB/day

‒ Wide-open analysis

‒ Network utilization at full line rate (10Gbps)

‒ Need to retain ALL data for post-capture analysis

‒ Forensics searches are CPU and RAM intensive


Real-time Statistics Always Available



Net Optics Overview


Introduction to Net Optics

• Financial, Telco, Enterprise, Government, Healthcare

• 85% of the Fortune 100

• 52% of the Fortune 500

• 7,500 Global Deployments

Customers

• Founded in 1996, Private, Self-Funded

• 60 Quarters of Growth & Profitability

• Strong Management Team

• Headquarters in Silicon Valley, USA

• Sales Offices in New York, Atlanta, Seattle, Germany, China

Highlights

• 30% Direct Sales

• 25% OEM/Partner Relationship

• 45% Global Channel

Go to Market Strategy

• Four new inventions each year

• 20+ patents and patent pending applications

Technology

N. America

60%EMEA18%

APAC16%

BRIC6%

Markets


Selected Customers

EnterpriseTelcoFinancial Healthcare Government


New Applications

Network Stability

Low Latency

Data Center Consolidation

Network must be designed for

scalability & agility

Compliance

Internal/External Intrusions

Lawful Interception

Cybercrime

Security must be architected in,

not a point solution

Link Saturation

Oversubscription

10G 40G 100G

Tools & instruments can’t keep up

Explosive Growth

CAPEX Improvements

No Compliance Monitoring

No visibility into the virtualized

network

Networking Industry Trends and Pain

Points

Security

VirtualizationNetwork

Complexity

NetworkSpeeds


Net Optics Position in the Network

• Oversubscribed Analysis & Security

Tools

• Requirement for Total Visibility

• Need for Multiple Tool Deployment

• Network Scalability

• Visibility into Virtualization

• High Availability & Tool Redundancy

Net Optics Products Solve

Director

Aggregation

Access & Control Layer

Regeneration Tap™

xBalancer™

Gig Zero Delay Tap™

Director™

Director xStream Pro™

Indigo Pro™

Phantom™ Virtual Tap

Applications Layer

Protocol

Analyzers

IPS

Forensics

Performance

Data Loss

Prevention

VoIP Analyzer

Network Layer

Core Network

Data Center

User Access

Virtual Data

Center

Cloud

ESX Stack

Hypervisor

PhantomMonitor™

V Switch

vm1

Vm 2

Vm3

Taps

Bypass Switches


Net Optics Products

Control Management

Indigo Pro™

appTap™

Access

Bypass Switches

Intelligent Taps

Network Taps

Virtual Tap


WildPackets Overview


Corporate Background

• Experts in network monitoring, analysis, and troubleshooting

‒ Founded: 1990 / Headquarters: Walnut Creek, CA

‒ Offices throughout the US, EMEA, and APAC

• Our customers are leading edge organizations

‒ Mid-market, and enterprise lines of business

‒ Financial, manufacturing, ISPs, major federal agencies,

state and local governments, and universities

‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000

• Award-winning solutions that improve network performance

‒ Internet Telephony, Network Magazine, Network Computing Awards

‒ United States Patent 5,787,253 issued July 28, 1998• Different approach to maintaining availability of network services


What We Do

• Provide network visibility and intelligence …‒ WatchPoint, OmniPeek, OmniEngines

• Expert systems – we find the problems for you

• Superior drill-down capability – trouble-shoot from anywhere

• Flexible, customizable, extensible – leverage your investment

‒ Professional services, training, best practices

• For all network segments …‒ Data center to desktop to remote office

‒ LAN, WAN, Wireless …

‒ HTTP, Email, Database, VoIP, Video …

• To …‒ Network engineers; IT Management; Developers


Real-World Deployments

Education

Health Care / Retail

Financial

Telecom

Government

Technology

http://www.fbiband.com/

http://www.dea.gov/


Product OfferingsSoftware and Turnkey Appliances

• Enterprise Monitoring and Reporting‒ WatchPoint Server

‒ OmniFlow, NetFlow, and sFlow Collectors

• Network Probes & Recorders‒ Omnipliance Network Recorders – Edge, Core

‒ TimeLine Network Recorder

‒ OmniAdapter Analysis Cards

• Distributed Analysis Software‒ OmniPeek – Enterprise, Professional, Basic, Connect

‒ OmniEngine – Enterprise, Desktop, OmniVirtual

• Portable Solutions‒ OmniPeek software

‒ Omnipliance Portable


TimeLine Network Recorder11.7Gbps Sustained Capture

• Fastest network recording and real-time statistical

display — simultaneously‒ Network statistics display in TimeLine visualization format

• Rapid, intuitive forensics search and retrieval‒ Historical network traffic analysis and quick data rewinding

‒ Several pre-defined forensics search templates making

searches easy and fast

• A natural extension to the WildPackets product line

• Turnkey bundled solution


Omnipliance Network RecordersPrice/performance solutions for every application

Portable Edge Core TimeLineRuggedized

Troubleshooting

Small Networks /

Remote Offices

Regional Offices /

Small Datacenter

Datacenter

Workhorse

Chassis 1U 3U 3U

Memory 2 GB / 8 GB 4 GB / 8 GB 6 GB / 24 GB 18 GB / 24 GB

Expansion 1 PCI-E / 2 PCI-X 1 PCI-E or 1 PCI-X 4 PCI-E 4 PCI-E

Storage 500 GB / 2.5 TB 1 TB 8 TB 8 TB / 16 TB / 32 TB


Key Differentiators

• High-level network monitoring to root-cause analysis

• Single solution for today’s converged networks‒ Wired, Wireless, 1GB, 10GB, VoIP, Video, TelePresence, IPTV

• Reduce and even eliminate network downtime‒ Automated monitoring 24x7

‒ Speedy resolution of network bottlenecks

• Improve network and application performance

• Uniquely Extensible Platform – tailored to your needs‒ Plug-ins and APIs for integration and customization


Q&A

Show us your tweets!Use today’s webinar hashtag:

#wp_virtualnetworkwith any questions, comments, or feedback.

Follow us @wildpackets

Follow us on SlideShare!Check out today’s slides on SlideShare

www.slideshare.net/wildpackets


Thank You!

WildPackets, Inc.

1340 Treat Boulevard, Suite 500

Walnut Creek, CA 94597

(925) 937-3200

Net Optics, Inc.

5303 Betsy Ross Drive

Santa Clara, CA 95054

(408) 737-7777

total virtual network visibility

Technology

confidential wildpackets

different wildpackets

blind spot wildpackets

virtual network blind

ram intensive wildpackets

baselines virtual interface

companies1 virtual systems

traditional na virtual