75 201110 iss iad t6 netoptics john tufano
Post on 14-May-2017
217 Views
Preview:
TRANSCRIPT
Net Optics Confidential and Proprietary
Lawful Interception in Virtual Environment
Intelligent Access and Monitoring Architecture
Ran Nahmias Director, Virtualization and Cloud Solutions Net Optics, Inc.
Net Optics Confidential and Proprietary 2
Goal
Review how the growing adoption of Virtualization
and Cloud Services challenges Lawful Interception
compliance in converged (physical & virtual) or
homogeneous virtual environments.
Net Optics Confidential and Proprietary 3
Virtualization In The DC: More Than a Trend
Virtualization deployment increasing year over year in data centers.
Gartner: over 30% of x86 architecture servers workloads running on VMs Double digit annual growth Virtualization
– Great CAPEX improvements, no visibility. – Passive monitoring of Inter-Virtual Machine Traffic
is nonexistent.
Net Optics Confidential and Proprietary
Hypervisor Virtual Network Monitoring Challenge
vm1 vm2 vm3
Physical Host Server
ESX Virtual Stack
Virtual Switch LI
Infosec
Physical Network Security & Monitoring Virtualization Creates
Security, Monitoring and Compliance Risks
• No visibility into inter-VM traffic, vulnerabilities or threats
• Lacks auditing of data passing between virtual servers
• Inability to pinpoint resource utilization issues
Net Optics Confidential and Proprietary
What Customers Want
Data Center
Virtual Machines
Data Center
Virtual Machines
Data Center
Virtual Machines
Data Center
Virtual Machines
Net Optics Confidential and Proprietary
What Customers Want
Data Center
Virtual Machines
Data Center
Virtual Machines
Data Center
Virtual Machines
Data Center
Virtual Machines
Meet Lawful interception challenges in virtual networks
Net Optics Confidential and Proprietary
Phantom Virtual Tap Solution
vm1 vm2 vm3
Analyzer
IDS
Physical Network Security & Monitoring
Physical Host Server
ESX Virtual Stack with Phantom Installed
Phantom Controller
(VM)
Enables Security, Performance Monitoring and
Compliance
• 100% visibility of inter-VM traffic
• Kernel implementation— no need for SPAN Ports on Virtual Switch / Promiscuous Mode
• Bridges virtual traffic to physical monitoring tools
ü Phantom Virtual Tap
Virtual Switch
Net Optics Confidential and Proprietary
Phantom Manager™
LAN/WAN
Support for vMotion Migration
ESX 1
vm1 vm2 vm3
Hypervisor
Phantom Monitor™
ESX 2
vm5 vm6
Hypervisor
Phantom Monitor™
Net Optics Confidential and Proprietary
Net Optics Converged Network Solution
Physical and Virtual Monitoring Access
• Hypervisor-specific Tap
• Purpose-built for virtualization
• Monitor through Live-Migration (vMotion)
• TAP for each VM instance (by VM ID)
• Tight Integration with VMware vCenter
• Fault-Tolerant and Non disruptive Architecture
ü
Director™
ESX
vm1 vm2 vm3
Hypervisor
Phantom Monitor™
Encapsulated Tunnel
Phantom Manager™
LAN/WAN
Indigo Pro™
Analyzer
IDS
Physical Server
Physical Server
Physical Server
Phantom Controller
(VM)
Net Optics Confidential and Proprietary 11
vm1 vm2 vm3
Virtual Switch Analyzer
IDS
Physical Network
Security & Monitoring
Physical Host Server
þ 100% visibility of Inter-VM traffic
Enable Security, Performance Monitoring and Compliance Auditing
ESX Virtual Stack
Example: Extending Wire Capabilities for VM
• Lack of visibility blocker for certain deployments • The virtual network traffic must be “exposed”
top related