Page 2Find us at www.keysight.com
Moving to a fully virtualized data center, the customer had significant blind spots
for east–west traffic between application and web service tiers running on the same
host. Normal port mirroring offered by VMware ESXi did not work as the customer
encountered multiple technical issues:
• In order to get access to packet data between VMs, the customer considered
leveraging the natively available port-mirroring options on VMware’s ESXi. However,
this would create a number of security issues in a highly controlled environment.
• Not being able to filter at the source caused significant issues due to infrastructure
change, cost requirements, and the amount of traffic to transfer from one data
center to another.
• The customer needed to tap the virtual traffic in one data center and forward it to
a different data center, where its analytics tools were located. The lack of tunneling
options and difficulty in managing these (provided by VMware’s native hypervisor
environment) made it difficult to implement distributed end-to-end visibility.
• Enforcing security policies in a highly dynamic virtualized environment required
continuous access to application data of interest, irrespective of VM mobility events.
• Enabling mirroring affected the performance of key workloads running on the same
host.
The Keysight Solution
What made Keysight’s intelligent visibility platform especially powerful and best
suited for this customer was the combination of vTaps and Vision ONE’s intelligent
packet processing capabilities. Together, these functions enabled packet and
application flow filtering; NetFlow generation with advanced application identification
and geographic location; secure sockets layer (SSL) decryption, load balancing; and
many advanced packet processing capabilities, like deduplication, header stripping,
and fragmentation. Intelligence services provide an additional level of data monitoring
and processing. Examples include filtering at the application level, the generation of
NetFlow data, SSL decryption, the generation of geo-location of users and devices,
and the capture of browser information. The solution provides unprecedented insight into
network traffic in both physical and virtualized multi-tenant environments.
Additionally, the customer recognized the following features of Keysight’s vTaps as
essential to implementing pervasive end-to-end visibility in its environment:
• 100% visibility of east–west, inter-VM traffic
• Multiple tapping and tunneling options for data distribution, including Generic
Routing Encapsulation (GRE), virtual local area network (VLAN), and encapsulated
remote switch port analyzer (ERSPAN) allow maximum flexibility to provide data
access and distribution across various remote sites and virtualized data centers
• Non-proprietary and tool agnostic, able to send traffic to any existing security or
performance monitoring tool
• Bandwidth and resource savings by filtering at the vTap