A visibility architecture is essential for security, network and integrated, service-oriented operations teams to establish and maintain a continuous awareness of activity, health, and performance of applications and infrastructure.
Such awareness is only possible with continuous, reliable network visibility. But this is not an easy task when network and security professionals must ensure security and proactively meet performance expectations in dynamic, virtualized environments with increasingly diverse mobile end points and application deployments.
Visibility is critical for all enterprise organizations, but especially for companies worried about security blind spots and corresponding compliance issues, and for companies struggling to deliver on their IT service level agreements and key performance indicators,
With inter-virtual machine (VM) and cross-blade data center traffic the dominant portion of data center traffic, organizations must overcome the challenge of end-to-end visibility. Network blind spots must be removed with a comprehensive architecture that integrates three key frameworks – network visibility, virtual visibility, and inline security.
Visibility Architecture
The network visibility framework supports out-of-band monitoring in the physical network. Benefits include speedier network event diagnosis and automated service provisioning.
Network Packet Brokers (NPBs) can perform the aggregation, filtering, packet deduplication and static/dynamic load balancing to optimize tool performance while supporting 10/100MB, 1GE, 10GE, 40GE and 100GE solutions. Additionally, carrier-class high-availability features provide mission-critical reliability and resilience as well as security.
A visibility architecture that collects, manages and distributes packet streams for monitoring and analysis purposes is the best approach to achieving cost-effective, reliable and resilient packet-based monitoring and analysis,
Virtual Visibility
Virtual visibility, when integrated with network visibility, provides a solution to support out-of-band monitoring of traffic across both the physical and virtual networks under a single management platform.
Inline Security
The deployment of multiple inline security enforcement tools such as intrusion prevention systems, next-generation firewalls, data loss prevention systems, SSL decryptors, and web application firewalls should not slow or block application traffic .
Key considerations include fail-safe deployment of inline security devices at any point in the network and bi-directional heartbeat monitoring to prevent congestion, latency or failures of these devices from impacting network uptime and critical security postures.
The downside is that data centers must reduce the risks of deploying packet-based monitoring and analysis tools fully, and ensure the tools’ effectiveness in security and in aiding network and application performance,
To minimize this risk using bypass switch will allow you to maintian network services in the event that your inline tool becomes unavailable due to a failure, reboot or maintenance
Essential Elements
The importance of understanding application performance, service quality and security integrity from the network perspective has been steadily rising in both enterprise and service provider settings, Such visibility is essential for timely assurance and protection of complex applications despite growing traffic volumes and increasing diversity in how end users and subscribers access applications and services.
While fully functional NPBs are the capstones of a visibility architecture, network and infrastructure managers must pay particular attention to vendors’ solution completeness, scalability, and flexibility, with further emphasis on manageability and integration per specific organizational context and needs. Contact us to discuss your visibility archectecture