A Contributed Article by Ran Nahmias, Senior Director, Virtualization and Cloud Solutions, Net Optics, Inc.
How IT Professionals Can Control the Network In a Changing Landscape: New Ideas and Resources
Living amidst a technology revolution,
it's easy to get the impression that change is outpacing our ability to control
and guide it. The growing momentum of virtualization only magnifies its accompanying
challenges-and the consequences of failed monitoring or management are not
academic but real-world, directly affecting a company's productivity,
competitiveness, and viability.
The virtual
environment is vast, and will soon become much greater than the physical. Its exponentially
growing scope means that IT organizations need a variety of resources to manage
and administer their growing network
infrastructures.
Fortifying the
Instrumentation Layer
Virtualization and
consolidation demand ever-higher levels of network integrity. That's because
any compromise of shared hardware and software resources can widen out relatively
easily to countless applications and users.
Naturally, organizations want
their architecture to take advantage of server virtualization and the mobility
of VMs. But to do that in a tumultuous environment, they need to develop new
capabilities and awareness. Lively server virtualization doesn't mean stability;
in fact, the challenges of continued change and vendor competition raise
management and security issues. To realize the promise of virtualization, a
network must be able to manage complex device implementations, enforce security
policies, onboard new users accountably, and monitor distributed sites.
Where It Goes
Awry: Lack of Visibility, Planning and Awareness
The virtual world has its own rules and reality; virtual
machines, switches, backplanes and tools traverse new paths. But the speed of virtualization adoption itself brings along its
own set of complexities. Lack of synchronization and difficulty in planning,
along with insufficient transparency and awareness have inadvertently created the virtualization
"black hole." This blind spot invites security breaches and complicates
compliance. As more companies transfer
business-critical data and applications to virtual environments, loss of visibility
becomes a major issue. Streams of data passing between and through virtual
machines and networks outpace traditional ways of capturing and analyzing
it-creating a blind spot that is an invitation to mischief and mishap. Virtual
switches can "hijack" data, leaving network engineers little to no visibility
into traffic among virtual servers. Without this visibility, they are unable to
effectively troubleshoot, optimize or secure virtual server operations.
Worse, this blind spot can only grow as
enterprises virtualize more and more of their data center operations. The
emergence of virtualization in all areas of the enterprise data center has
resulted in a concurrent, exponential growth of server density. In addition, concerns
over cost and "lock-in" have motivated
some companies to "second source"-or deploy diverse virtualization technologies
in separate areas of the organization. This adds to complexity and difficulty
in managing.
As
new technology deployments proliferate, IT professionals benefit from acting
assertively. They need to forge ahead with cutting-edge strategies designed for
the challenge of illuminating the blind spot and neutralizing its vulnerabilities.
The Impact of Virtualization on Network Management and
Monitoring
Growing Server Density
Transition to Remote Desktops and VDI technologies have
driven user computing consolidation. Both trends have deep implications for
traditional computing, networking and the surrounding ecosystem.
Many Net Optics customers are
avid users and consumers of monitoring and access solutions in the physical
network. Since we launched the Phantom Virtualization TapTM about 18 months ago,
we have learned that virtual network monitoring is a topic that often falls
between the cracks of current corporate IT departments. Why should this be? One
reason is that perhaps nobody on the team is accountable for the real-life effects
of implementing a virtual network. This can be due to many factors-including the
relative newness of virtualization on the scene.
Another factor in creating a black hole can be the lack
of a holistic monitoring perspective. As
the virtualization ecosystem grows, many instrumentation layer tools are being
developed for hypervisors and virtual machines. However, there remains a deficit
of higher-level completeness, in that users cannot monitor the two parts-virtual
and physical-of an environment separately. This condition reflects the de-facto
reality of converged environments.
Diversity of Products, Lack of Standards
Today, no organization
is either fully physical or fully virtual. The practice of using multiple
vendors now affects virtualization, as the days of the single vendor platform
come to an end. Multiple hypervisors, numerous network device vendors, and a
variety of tools are now on the market. The consequence of this proliferation
is that many organizations deploy more than one solution to address the same
need. Currently, there is no single standard that everyone adheres to, and even
networking protocols are varied and incompatible with one another or with
surrounding tools.
That's why Net Optics has focused
on providing total access capabilities and supporting unrestricted monitoring by
any tool of choice, whether virtual or physical. When we designed our monitoring
and access architecture for virtual environments, we looked beyond the technical
challenges of developing specific solutions. Instead, we took a broader view of
the entire eco-system as it reflects the trends and directions of
virtualization. What we have concluded from the momentum we see is that currently,
virtual networks are still at their beginning horizon, with many questions and conundrums
remaining to be addressed.
Efforts to Bridge
the Physical and the Virtual
Within the last 24
months, leading companies have released advanced networking solutions to allow
the bridging of virtual machines to and from the physical network. MPLS, VN-tag,
VX-Lan and FabricPath are just a few new approaches that optimize speed,
routing and switching of packets traversing the virtual and physical segments.
Although technologically advanced, those tools can actually impede existing
tools and require additional tools or stripping. A quick overview:
VN-Tag
The VN-Tag standard was proposed as a potential solution to both network
awareness and control of VMs. VN-Tag enables access layer extension without
extending management and STP domains. It can identify and provide frame
forwarding for any type of virtual interface. High versatility makes it usable for
both bridge extension and virtual networking awareness. It also allows for
individual configuration of each virtual interface as if it were a physical
port. Using a VN-Tag-capable NIC or software driver these interfaces could
potentially be individual virtual servers.
VXLAN
Cloud computing requires
significantly more logical networks than traditional models. Traditional
network isolation techniques such as the VLAN cannot scale adequately for the
cloud. VXLAN resolves these challenges. Virtual machines in a VXLAN segment can
have their own LANs, but the traffic can cross Layer 3 boundaries.
Cisco
FabricPath
This innovative software technology
helps bring the stability and performance of Layer 3 routing to Layer 2
switched networks. It helps create a highly resilient and scalable Layer 2
fabric, serving as a foundation for building massively scalable and flexible
data centers. FabricPath helps the network seem like a single virtual
switch to the users. It delivers optimal bandwidth between any two ports, whatever
their physical locations. Using Cisco FabricPath, a particular VLAN can be
extended across the whole fabric. It's also highly scalable, efficient and
high-performing-allowing the network to use all links available between any two
devices.
Total Visibility
Illuminates the Network
Today, teams designated as
responsible for "the network" tend to focus only on the physical network. The VMware
team, for example, might address only the hypervisor infrastructure. But the
piece of the picture that consists of the inner network of the virtual
environment may be at risk of neglect and falling between the cracks.
Whatever the cause of black
holes and other complexities of virtualization, total visibility is vital to
both the physical and virtual arenas. Visibility enables enterprises to realize
the benefits of virtualizing while avoiding these pitfalls. That's why, when
dealing even with well-managed enterprises, we at Net Optics have discovered-and
try to help organizations realize-that perhaps no one has been sufficiently
accountable for managing the virtual network and its operations aspect.
###
About the Author
Ran Nahmias, Senior Director, Virtualization and Cloud Solutions, Net Optics, Inc. Over 15 years of experience in networking, security, desktop and server virtualization in engineering, product management and deployment roles for market leaders such as Check Point Software Technologies, Nice Systems, Microsoft and Net Optics.