A virtual architecture is one of the fastest growing aspects of the data center these days. There has been considerable adoption over the last several years. According to the Gartner Magic Quadrant for x86 server virtualization, virtualized x86 server workloads passed the 70% mark in 2014. This is a big surge from the approximately 50% mark held in 2012.
While the market is surging with increased adoption, best practices need to be implemented to prevent rework and aggravation down the road. As part of a best practice for virtualization, many of the businesses that Ixia talks to are considering adding a visibility architecture because it allows them to formulate a complete plan for their network so they can reduce, if not eliminate, the blind spots in their networks.
When deploying a virtual visibility architecture, it’s important to understand that there are three potential landmines to avoid:
- If the solution is not architected correctly, the LAN can become overloaded which can result in slow traffic and other performance problems
- A consistent monitoring strategy needs to be created an applied across the company network
- The virtual visibility architecture components need to be robust (e.g. high ease of use, hitless installations, tap connections that move with the VM’s)
When creating your virtual visibility architecture, you’ll need to include a virtual tap. This is a software plugin that installs directly into the Hypervisor so that you can get access to all of the east-west traffic that you need and forward it out to your physical packet broker and monitoring tools. However, once you get this access, your LAN will probably be flooded with all sorts of data. Undoubtedly, this will choke the transmission of the important data that you need to transport.
To overcome this, you need to choose a virtual tap that supports integrated filtering natively. This allows you to filter and discard non-critical traffic before it leaves the hypervisor so that you can save your bandwidth and resources while still optimizing efficiency. Another way to try to overcome this would be to use a WAN accelerators and/or add more bandwidth, both of which will create more costs for you than integrated filtering.
The second gotcha is to make sure that you implement consistent monitoring policies across the entire network. It won’t do you any good to have an excellent design for part of your network and not the rest. In fact, this is actually a common pitfall for those with a virtualized data center. The monitoring/tools person or group within IT may have a good monitoring strategy for the physical portion of the network but there may be nothing in place for the virtual side. This is often due to lack of ownership for the company-wide monitoring strategy, as responsibility for the virtualized servers often fall under a different group (than the monitoring tools) within IT.
Lack of a proper strategy that incorporates virtual taps is another reason that the virtual data center may have a different, potentially non-existent, monitoring strategy when compared with physical portion of the network. Virtual taps are a newer technology and may not be common knowledge to those that are not deeply involved with visibility architectures. This often leads to core problems like blind spots that arise due to hidden issues in your network (like hidden malware, performance problems, and regulatory compliance issues) that you know nothing about.
The third gotcha is that you need to purchase a robust system. Lightweight implementations don’t work. They may not work technically and they often have a larger total cost of ownership due to programming and maintenance costs. For instance, ease of use and management are critical. You want a solution where you can manage your virtual taps from a single pane of glass, versus having to log into every single virtual tap to program and manage it. A solution that integrates to other management solutions, like VMware vCenter support, is another benefit that can make a difference in the long run.
As part of the robust system, you want “hitless” installations and maintenance capabilities to minimize data center impacts. The last thing you want to do is cause an inadvertent outage or even a planned outage (during the maintenance window) unless you just have to. This is where hitless software installation and upgrades become very important because you don’t need to use the VM maintenance mode.
Another feature that you want to look into is support for the “moving” of VM’s. Specifically, does the virtual tap product you are considering support VMware vMotion or is it going to be the case that every time you move a VM you will lose the virtual tap connection and programming. If the latter is the case, you will be waste time and effort to reprogram your tap.
Ixia makes a virtual tap product called the Ixia Phantom vTap. More information about the Ixia Phantom vTap and how it can help generate the insight needed for your business is available on the Ixia website.
Additional Resources:
Details on virtual monitoring concepts and best practices are also available in the following resources:
Illuminating Data Center Blind Spots
Increased Visibility and Monitoring of Virtual Systems
Creating A Visibility Architecture
Previous blogs on virtualization:
Exposing The Ghost In The Virtual Machine
Do You Really Know What’s Lurking in Your Data Center?
Solution Focus Category
Thanks to Ixia for the article.