Demystifying the Virtual Black Hole: Effective Access, Management and Monitoring of the New Network
A Contributed Article by Ran Nahmias, Senior Director, Virtualization and Cloud Solutions, Net Optics, Inc.
How IT Professionals Can Control the Network In a Changing Landscape: New Ideas and Resources
Living amidst a technology revolution, it's easy to get the impression that change is outpacing our ability to control and guide it. The growing momentum of virtualization only magnifies its accompanying challenges-and the consequences of failed monitoring or management are not academic but real-world, directly affecting a company's productivity, competitiveness, and viability.
The virtual environment is vast, and will soon become much greater than the physical. Its exponentially growing scope means that IT organizations need a variety of resources to manage and administer their growing network infrastructures.
Fortifying the Instrumentation Layer
Virtualization and consolidation demand ever-higher levels of network integrity. That's because any compromise of shared hardware and software resources can widen out relatively easily to countless applications and users.
Naturally, organizations want their architecture to take advantage of server virtualization and the mobility of VMs. But to do that in a tumultuous environment, they need to develop new capabilities and awareness. Lively server virtualization doesn't mean stability; in fact, the challenges of continued change and vendor competition raise management and security issues. To realize the promise of virtualization, a network must be able to manage complex device implementations, enforce security policies, onboard new users accountably, and monitor distributed sites.
Where It Goes Awry: Lack of Visibility, Planning and Awareness
The virtual world has its own rules and reality; virtual machines, switches, backplanes and tools traverse new paths. But the speed of virtualization adoption itself brings along its own set of complexities. Lack of synchronization and difficulty in planning, along with insufficient transparency and awareness have inadvertently created the virtualization "black hole." This blind spot invites security breaches and complicates compliance. As more companies transfer business-critical data and applications to virtual environments, loss of visibility becomes a major issue. Streams of data passing between and through virtual machines and networks outpace traditional ways of capturing and analyzing it-creating a blind spot that is an invitation to mischief and mishap. Virtual switches can "hijack" data, leaving network engineers little to no visibility into traffic among virtual servers. Without this visibility, they are unable to effectively troubleshoot, optimize or secure virtual server operations.
Worse, this blind spot can only grow as enterprises virtualize more and more of their data center operations. The emergence of virtualization in all areas of the enterprise data center has resulted in a concurrent, exponential growth of server density. In addition, concerns over cost and "lock-in" have motivated some companies to "second source"-or deploy diverse virtualization technologies in separate areas of the organization. This adds to complexity and difficulty in managing.
As new technology deployments proliferate, IT professionals benefit from acting assertively. They need to forge ahead with cutting-edge strategies designed for the challenge of illuminating the blind spot and neutralizing its vulnerabilities.
The Impact of Virtualization on Network Management and Monitoring
Growing Server Density
Transition to Remote Desktops and VDI technologies have driven user computing consolidation. Both trends have deep implications for traditional computing, networking and the surrounding ecosystem.
Many Net Optics customers are avid users and consumers of monitoring and access solutions in the physical network. Since we launched the Phantom Virtualization TapTM about 18 months ago, we have learned that virtual network monitoring is a topic that often falls between the cracks of current corporate IT departments. Why should this be? One reason is that perhaps nobody on the team is accountable for the real-life effects of implementing a virtual network. This can be due to many factors-including the relative newness of virtualization on the scene.
Another factor in creating a black hole can be the lack of a holistic monitoring perspective. As the virtualization ecosystem grows, many instrumentation layer tools are being developed for hypervisors and virtual machines. However, there remains a deficit of higher-level completeness, in that users cannot monitor the two parts-virtual and physical-of an environment separately. This condition reflects the de-facto reality of converged environments.
Diversity of Products, Lack of Standards
Today, no organization is either fully physical or fully virtual. The practice of using multiple vendors now affects virtualization, as the days of the single vendor platform come to an end. Multiple hypervisors, numerous network device vendors, and a variety of tools are now on the market. The consequence of this proliferation is that many organizations deploy more than one solution to address the same need. Currently, there is no single standard that everyone adheres to, and even networking protocols are varied and incompatible with one another or with surrounding tools.
That's why Net Optics has focused on providing total access capabilities and supporting unrestricted monitoring by any tool of choice, whether virtual or physical. When we designed our monitoring and access architecture for virtual environments, we looked beyond the technical challenges of developing specific solutions. Instead, we took a broader view of the entire eco-system as it reflects the trends and directions of virtualization. What we have concluded from the momentum we see is that currently, virtual networks are still at their beginning horizon, with many questions and conundrums remaining to be addressed.
Efforts to Bridge the Physical and the Virtual
Within the last 24 months, leading companies have released advanced networking solutions to allow the bridging of virtual machines to and from the physical network. MPLS, VN-tag, VX-Lan and FabricPath are just a few new approaches that optimize speed, routing and switching of packets traversing the virtual and physical segments. Although technologically advanced, those tools can actually impede existing tools and require additional tools or stripping. A quick overview:
The VN-Tag standard was proposed as a potential solution to both network awareness and control of VMs. VN-Tag enables access layer extension without extending management and STP domains. It can identify and provide frame forwarding for any type of virtual interface. High versatility makes it usable for both bridge extension and virtual networking awareness. It also allows for individual configuration of each virtual interface as if it were a physical port. Using a VN-Tag-capable NIC or software driver these interfaces could potentially be individual virtual servers.
Cloud computing requires significantly more logical networks than traditional models. Traditional network isolation techniques such as the VLAN cannot scale adequately for the cloud. VXLAN resolves these challenges. Virtual machines in a VXLAN segment can have their own LANs, but the traffic can cross Layer 3 boundaries.
This innovative software technology helps bring the stability and performance of Layer 3 routing to Layer 2 switched networks. It helps create a highly resilient and scalable Layer 2 fabric, serving as a foundation for building massively scalable and flexible data centers.FabricPath helps the network seem like a single virtual switch to the users. It delivers optimal bandwidth between any two ports, whatever their physical locations. Using Cisco FabricPath, a particular VLAN can be extended across the whole fabric. It's also highly scalable, efficient and high-performing-allowing the network to use all links available between any two devices.
Total Visibility Illuminates the Network
Today, teams designated as responsible for "the network" tend to focus only on the physical network. The VMware team, for example, might address only the hypervisor infrastructure. But the piece of the picture that consists of the inner network of the virtual environment may be at risk of neglect and falling between the cracks.
Whatever the cause of black holes and other complexities of virtualization, total visibility is vital to both the physical and virtual arenas. Visibility enables enterprises to realize the benefits of virtualizing while avoiding these pitfalls. That's why, when dealing even with well-managed enterprises, we at Net Optics have discovered-and try to help organizations realize-that perhaps no one has been sufficiently accountable for managing the virtual network and its operations aspect.
About the Author
Ran Nahmias, Senior Director, Virtualization and Cloud Solutions, Net Optics, Inc. Over 15 years of experience in networking, security, desktop and server virtualization in engineering, product management and deployment roles for market leaders such as Check Point Software Technologies, Nice Systems, Microsoft and Net Optics.