Product Brief

GigaVUE-VM Active Visibility for Virtual Workloads With exponential growth in virtualized traffic within the data center, a primary challenge for the centralized monitoring infrastructure is to access this virtual traffic for application, network and security analysis. The Gigamon® GigaVUE-VM Visibility Fabric™ node provides an intelligent filtering technology that allows virtual machine (VM) traffic flows of interest to be selected, forwarded, and delivered to the monitoring infrastructure centrally attached to the GigaVUE® platforms, thereby eliminating any traffic blind spots in the enterprise private clouds or service provider NFV deployments. Gigamon is the only vendor to provide traffic visibility solutions for virtual workloads in VMware-powered SDDC (ESX and NSX-V) and OpenStack/KVM-powered multi-tenant clouds.

Features & Benefits

Quick Specs üüAutomated traffic visibility for VMware-powered SDDC

üüMulti-tenant traffic visibility for OpenStack/KVM-powered clouds

üüOptimized traffic delivery from the virtual infrastructure through the production network

üüAutomated migration of monitoring policies

üüHotspot detection of virtual monitoring policies

• Visibility into Virtual Traffic—Intelligently select, filter, and forward tenant virtual traffic to the monitoring and tool infrastructure, extending the reach and leveraging existing tools to monitor virtual network infrastructure • Multi-Hypervisor Support—Supports the most popular private cloud hypervisors, VMware ESXi, VMware NSX-V and KVM/OpenStack • Virtual Switch Agnostic Solution—Support for VMware vSS/vDS and Cisco Nexus 1000V and any virtual switch on KVM • Automated Visibility for VMware NSX—Use VMware NSX Dynamic Service Insertion to associate visibility policies with security groups, thereby providing continuous and automated traffic visibility for applications as they scale up • Centralized Management—Manage and monitor the physical and virtual fabric nodes using GigaVUE-FM while also configuring the traffic policies to access, select, transform, and deliver the traffic to the tools • Integration with the Unified Visibility Fabric—Seamless end-to-end visibility across physical and virtual network infrastructure. Optimize monitoring infrastructure by enabling aggregation, replication, and sharing of traffic streams across multiple monitoring tools and IT teams. Additional intelligence gained from Flow Mapping® and GigaSMART® technologies can be applied on the virtual traffic before forwarding the tools • Support for Packet Slicing—Further reduce IO resources by removing irrelevant information with packet slicing before sending to the tool, and optimize long-term storage of data by capturing only the data of interest • Tunneling Support—Leverage the production network to tunnel (support standards based L2GRE encapsulation) and forward the filtered virtual traffic from the hypervisor to the GigaVUE platforms • Optimized Traffic Delivery—Tunneled traffic can be marked with DSCP values for per hop behavior to get preferential treatment on the production network. If changing MTU size in the network is an issue, fragmentation can be enabled to transport the packets using standard MTU sizes. These packets will then be re-assembled at the Visibility Fabric nodes before further analysis • Support for vMotion and Live Migration—Ensure the integrity of visibility and monitoring policies in a dynamic infrastructure, have realtime adjustment of monitoring and security posture to virtual network changes, and the ability to respond to disasters/failures without losing NOC insight and control • Hotspot monitoring—Pro-actively monitor and troubleshoot GigaVUE-VM nodes by elevating Top-N and Bottom-N virtual traffic policies to the centralized dashboards

© 2012-2016 Gigamon. All rights reserved.

1

Product Brief: GigaVUE-VM

VMware ESX Integration • A vSphere guest VM, the light footprint GigaVUE-VM fabric node is installed without the need for special software, kernel modules, or changes to the hypervisor • GigaVUE-FM (Fabric Manager), Gigamon’s centralized management application, tightly integrates with VMware vCenter and to facilitate simplified bulk onboarding of the GigaVUE-VM fabric nodes and configuration of the VM level traffic monitoring policies • Leveraging vCenter APIs, GigaVUE-FM can track vMotion events across Distributed Resource Scheduler (DRS) and high-availability (HA) cluster environments, enabling visibility policies to be tied to the monitored VMs and migrate with the VMs as they move across physical hosts; this automation provides Active Visibility into an agile and dynamic SDDC • GigaVUE-VM is auto-pinned to a host, so DRS doesn’t impact continuous traffic visibility • In addition to ESXi hypervisor, GigaVUE-VM also extends traffic visibility to the VMs deployed on the VMware NSX-V network hypervisor, a network virtualization platform that delivers the operational model of a hypervisor for the network

VM

VM

VM

VM

HYPERVISOR

HYPERVISOR

SERVER I

SERVER II

Internet

• • • •

Virtual Traffic Policies

GigaVUE-FM

vCenter

Tunneling Private Cloud

Application Performance Network Management

Visibility Fabric Production Network

vCenter integration Bulk GigaVUE-VM onboarding Virtual traffic policy creation Automatic migration of monitoring policies

Security

Tools and Analytics

GigaVUE-VM integrated with Unified Visibility Fabric

© 2012-2016 Gigamon. All rights reserved.

2

Product Brief: GigaVUE-VM

VMware NSX Integration • Automate traffic visibility for securing the micro-segmented SDDC • Enable SecOps and NetOps teams to automate the selection, filtering and forwarding of the ever growing east-west virtual traffic for security and monitoring analytics • Leverage the power of the NSX network virtualization platform and distributed service insertion framework for automated deployment of virtual components in the GigaSECURE® Security Delivery Platform, while also enabling dynamic provisioning of visibility traffic policies within customers’ software defined data centers • Insert a Visibility Service using the GigaSECURE platform’s virtual visibility component, GigaVUE-VM • Define security or traffic policies that select, filter and forward the tenant’s virtual traffic to security and monitoring tools for analysis • Can auto-update this service and the traffic policies as new tenants come onboard or existing tenant’s security groups scale dynamically

VMware vCenter NSX Manager

GigaVUE-FM 1

2

NetOps / SecOps Admin

Register ‘Gigamon Traffic Visibility Service’ and ‘Traffic Policies’

4

Associate Traffic Policies to Security Groups

licy

Deploy ‘Traffic Visibility’ Service VM on NSX Cluster

an tus Sta 7 SG1

SG2

SG3 GigaVUE-VM

VM

VM

VM 6

vSwitch

5

Filtered Virtual Traffic

Copy Packet

VMware NSX-V

GigaSECURE Security Delivery Platform

dT

raf

fic

Po

3

Ch

ec

ks

Cloud Admin

vCenter and NSX APIs for Inventory, Security Groups, Events

APM

SIEM

IDS

GigaVUE-VM on VMware NSX integrated with GigaSECURE Security Delivery Platform

© 2012-2016 Gigamon. All rights reserved.

3

Product Brief: GigaVUE-VM

Use Cases with VMware NSX VMware Private Cloud — Automated Traffic Visibility Secure the SDDC with GigaSECURE — Dynamic Service Insertion of GigaVUE-VM vRealize Automation (vRA)

1. Deploy new Tenants and Applications 2. Apply “Visibility” Policy

NSX Manager

vCenter

IPS ?,. (Inline) E?3;"3/F

Anti-Malware +36"()$;7$0/ (Inline) E?3;"3/F

Data Loss @$6$2C8--2 Prevention ,0/1/36"83

Intrusion ?360:-"83 Detection @/6/A6"83 System .>-6/B

Forensics G80/3-"A-

Email Threat Detection

A P I

NSX APIs, Service Insertion vCenter APIs, Events

Internet

GigaVUE-VM and GigaVUE® Nodes

TAPs GigaVUE VM

GigaSECURE Security Delivery Platform

Metadata Engine

Application Session Filtering

SSL Decryption

Inline Bypass

Filtered and Sliced Virtual Traffic

Tenant level Traffic Visibility for Monitoring — Dynamic Service Insertion of GigaVUE-VM vRealize Automation (vRA)

1. Deploy new Tenants and Applications 2. Apply “Visibility” Policy

REST APIs Software-Defined Visibility

vCenter APIs, Events NSX Manager

NSX APIs, Service Insertion Virtual Traffic

Centralized Tools

GigaVUE-FM

Security vCenter

Anti-Malware VXLAN=6000

POWERED BY

GigaSMART® SSL Decryption

DLP

SSL Decryption

NetFlow / IPFIX Generation

Adaptive Packet Filtering

TAPs GigaVUE VM

© 2012-2016 Gigamon. All rights reserved.

Filtered and Sliced Virtual Traffic

Header Stripping

Visibility Fabric

Application Session Filtering

Internet

IDS

Network Forensics

APT

Monitoring De-cap VXLAN

Application Performance

Network Performance

NetFlow / IPFIX

Customer Experience

4

Product Brief: GigaVUE-VM

OpenStack/KVM Cloud In a multi-tenant OpenStack/KVM-powered Private Cloud, where tenant isolation is critical, the Gigamon solution extends visibility for one tenant’s workload without impacting others. • Supports tenant-wide monitoring domains—tenant may monitor any and all interfaces on their VMs • Honors tenant isolation boundaries—no traffic leakage from one tenant to any other tenant during monitoring • Monitors traffic without needing cloud admin privileges • Monitors traffic activity of one tenant without adversely affecting other tenants • Multi-tenant traffic visibility management with a single instance of GigaVUE-FM • Can deploy this solution, which integrates with OpenStack, by the tenant owner as follows:

–– GigaVUE-FM for integration with OpenStack/Nova controller to identify tenant VMs –– A tiny footprint user-space agent (G-vTAP) is loaded in the tenant VM that is selected for monitoring »» Traffic policy filters are configured to mirror the target VM’s interface traffic to GigaVUE-VM »» The filtered traffic can be sampled at configured rates to reduce backhaul to the monitoring tools –– GigaVUE-VM optimizes (complex filters and slicing) and delivers traffic to the physical Visibility Fabric nodes where additional GigaSMART traffic intelligence can be applied before delivering the traffic to the monitoring tools

–– Based on the number of TAP points (vNICs) being monitored, GigaVUE-FM auto-deploys the requisite number of GigaVUE-VM nodes 1 OpenStack: Horizon/Nova deploys tenant

Glance Tenant

Horizon Nova

1

GigaVUE-VM

VM

VM

KVM

from OpenStack/Nova controller

3 GigaVUE-FM: Deploys GigaVUE-VM (Virtual Visibility Node)

4

APM

7

Traffic

8

Policies Any vSwitch

GigaVUE-FM

KVM

6

Visibility Fabric

5 Any vSwitch

VM

2 GigaVUE-FM: Discovers the tenant VMs

2

3

VMs that are packaged with Gigamon Virtual Taps (G-vTAP)

NPM

4 GigaVUE-FM: Configures traffic policies on the G-vTAPs and GigaVUE-VMs

5 G-vTAP: Filters and replicates traffic to GigaVUE-VM

6 GigaVUE-VM: Provides additional filtering/slicing Security

of traffic to Visibility Fabric

7 GigaVUE-FM: Configures traffic policies CEM

Tunneling

(GigaSMART) to forward to the right tools

8 Visibility Fabric: Optimizes and forwards traffic to the right tools

GigaVUE-VM and G-vTAP on OpenStack/KVM integrated with the Visibility Fabric

Use Cases • Private clouds that want to provide SLA monitoring of the virtual workload traffic • Data centers where virtual workload traffic needs to be analyzed along with the physical network traffic by a centralized monitoring tool infrastructure • IT organizations that are concerned about threats or malware embedded in the SSL traffic within the virtual infrastructure • Software defined data centers that are evaluating emerging network virtualization and SDN technologies • Enterprises providing hosting services for multiple customers or internal groups • Service providers adopting the Network Functions Virtualization (NFV) architecture to virtualize their physical network functions like SBC, EPC, IMS, etc.

© 2012-2016 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

3300 Olcott Street, Santa Clara, CA 95054 USA | +1 (408) 831-4000 | www.gigamon.com

2009-11 07/16