Federal Data Centers Can Benefit From Intelligent Traffic Visibility // White Paper The Smart Route To Visibility ™ 1 The federal government has begun what looms as the largest data center consolidation in history, hoping to dramatically reduce IT operations that are currently distributed among more than 1,100 data centers. These data centers are where the applications and associated traffic negotiate the network infrastructure 24x7, providing critical services to both internal and external customers. Today’s data centers are increasingly complex with many different vendors and technologies working together. The need for security, accountability and compliance is vital to any network, and traffic visibility should be a paramount consideration from the start when planning for a transition of any size. One of the results of numerous monitoring tools being deployed in a network, is that practices such as SPAN port utilization is proving to be a challenge for sampling traffic. In order to guarantee and certify that the traffic in your network is secure and that it complies with FISMA, CALEA and other lawful intercept rules and regulations, your network administrator must have access to all the traffic. The Gigamon ® solution deployed in the network can help ensure that packets of traffic traversing the wire are not compromised. The Gigamon Intelligent Traffic Visibility Fabric ™ provides all the security required to help keep your traffic safe while allowing the traffic going through the network to be delivered to your monitoring tools. Downtime in the data center can cost federal agencies thousands of dollars in lost productivity. It is vital for IT to carefully monitor and analyze all the traffic in the data center to maintain efficient operation of the network, reduce bottlenecks, prevent outages and maintain security. A federal agency’s most important asset is traffic, and it is absolutely necessary to have secure, failsafe access, and complete visibility of that traffic. To achieve this goal, federal agencies can enhance their architecture by including intelligent traffic visibility technology. Most networking professionals are keenly aware of the need for network visibility. They understand that any network management system is only as good as the information it provides and that the traffic sources themselves are critical to any solution. To achieve unified management of service delivery requires uncompromised visibility at various points of the network. Each traffic source device type has capabilities best suited toward certain environments. To best optimize instrumentation, it is important to understand these capabilities and the differences between the traffic sources themselves. This paper focuses on how organizations can strategically leverage the different types of security and monitoring deployments available to achieve the coverage and visibility required for smooth running operations during network transition. It will explain the various solutions offered by Gigamon, describe the benefits of each, and advise which should be used in a given environment or network segment. It will also discuss deployment considerations and obstacles associated with networking infrastructures in many organizations. This white paper is designed to guide the user toward optimal usage and deployment strategies.
4
Embed
Federal Data Centers Can Benefit From Intelligent Traffic Visibility … · 2013-04-30 · Federal Data Centers Can Benefit From Intelligent Traffic Visibility // White Paper The
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Federal Data Centers Can Benefit From Intelligent Traffic Visibility// White Paper
The Smart Route To Visibility™
1
The federal government has begun what looms as the largest data center consolidation in history, hoping to dramatically reduce IT operations that are currently distributed among more than 1,100 data centers. These data centers are where the applications and associated traffic negotiate the network infrastructure 24x7, providing critical services to both internal and external customers. Today’s data centers are increasingly complex with many different vendors and technologies working together.
The need for security, accountability and compliance is vital
to any network, and traffic visibility should be a paramount
consideration from the start when planning for a transition of
any size. One of the results of numerous monitoring tools being
deployed in a network, is that practices such as SPAN port
utilization is proving to be a challenge for sampling traffic. In
order to guarantee and certify that the traffic in your network is
secure and that it complies with FISMA, CALEA and other lawful
intercept rules and regulations, your network administrator must
have access to all the traffic. The Gigamon® solution deployed in
the network can help ensure that packets of traffic traversing the
wire are not compromised.
The Gigamon Intelligent Traffic Visibility Fabric™ provides all the
security required to help keep your traffic safe while allowing
the traffic going through the network to be delivered to your
monitoring tools. Downtime in the data center can cost federal
agencies thousands of dollars in lost productivity. It is vital for
IT to carefully monitor and analyze all the traffic in the data
center to maintain efficient operation of the network, reduce
bottlenecks, prevent outages and maintain security. A federal
agency’s most important asset is traffic, and it is absolutely
necessary to have secure, failsafe access, and complete
visibility of that traffic. To achieve this goal, federal agencies
can enhance their architecture by including intelligent traffic
visibility technology.
Most networking professionals are keenly aware of the need
for network visibility. They understand that any network
management system is only as good as the information it
provides and that the traffic sources themselves are critical
to any solution. To achieve unified management of service
delivery requires uncompromised visibility at various points of
the network. Each traffic source device type has capabilities
best suited toward certain environments. To best optimize
instrumentation, it is important to understand these capabilities
and the differences between the traffic sources themselves.
This paper focuses on how organizations can strategically
leverage the different types of security and monitoring
deployments available to achieve the coverage and visibility
required for smooth running operations during network
transition. It will explain the various solutions offered
by Gigamon, describe the benefits of each, and advise
which should be used in a given environment or network
segment. It will also discuss deployment considerations and
obstacles associated with networking infrastructures in many
organizations. This white paper is designed to guide the user
toward optimal usage and deployment strategies.
Federal Data Centers Can Benefit From Intelligent Traffic Visibility// White Paper
The Smart Route To Visibility™
2
Visibility and Unified Service Delivery Management
The Gigamon Traffic Visibility Fabric provides comprehensive,
real-time network, application and service performance
intelligence that enables IT organizations to ensure optimized
network and application performance. The Gigamon solution
provides always-on network and application visibility with
a common and consistent view of service-oriented analysis
and reporting functions that enables increased productivity
and collaboration across the IT organization. This improves
IT staff productivity, cooperation and enables better cross-
functional leverage of management tool investments. This white
paper is dedicated toward the instrumentation and intelligent
traffic sources that support such a Unified Service Delivery
Management system.
Building a Secure Intelligent Traffic Visibility Network
The data center is part of a network ecosystem that drives the
work of any size agency. It is comprised of switches, routers,
application servers, firewalls, IP services (DNS, RADIUS, and
LDAP), virtualized applications, and storage area networks.
Monitoring the actual network traffic is extremely important
to the security of the agency. Federal agencies will typically
implement networks with countless numbers of monitoring and
security tools for defense, but find out that it is neither efficient
nor cost effective to have a tool connected on every critical
traffic path. The key to improved secure access and complete
visibility is to build a Traffic Visibility Solution that can filter,
aggregate, consolidate and replicate traffic to the
monitoring and security tools that are already found in
the data center.
Network Core
GigaSTREAM
VM Cluster
Fibre Channel SAN
Access Layer
Data Center
WAN Edge
Data Servers(Web, Mail, FTP, DNS)
PrivateWAN Edge
InternetWAN Edge
Distribution/Aggregation
GigaSTREAM In-Line Links
SPAN Data
GigaSTREAM
10G Tool Farm
1G Tool Farm
WebMonitor
IntrusionDetectionSystem
DataRecorder
Database Monitor
Data Recorder
VM Monitoring
Application Monitor
GigaVUE 2404
GigaVUE 2404
GigaVUE 2404
GigaVUE 2404
GigaVUE 420
GigaVUE 420GigaVUE 212
GigamonIntelligentDANTM
UPWHENINSTALLEDINREARSLOT
17 24
SLOT 3PORTS
9 16
SLOT 2PORTS
SLOT 1PORTS G1-G4PORTS 1-8
1G/10G PORTS (SFP+)
Pwr
GigaVUE-2404MB
ConsoleMgmt
G4Rdy
M/S
G3G2G1
10/100/1000 PORTS (SFP)
1
1G1 G2 G3 G4
2
2
3
3
4
4
5
5
6
6
7
7
8
8
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
GigamonIntelligentDANTM
UPWHENINSTALLEDINREARSLOT
17 24
SLOT 3PORTS
9 16
SLOT 2PORTS
SLOT 1PORTS G1-G4PORTS 1-8
1G/10G PORTS (SFP+)
Pwr
GigaVUE-2404MB
ConsoleMgmt
G4Rdy
M/S
G3G2G1
10/100/1000 PORTS (SFP)
1
1G1 G2 G3 G4
2
2
3
3
4
4
5
5
6
6
7
7
8
8
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
GigamonIntelligentDANTM
UPWHENINSTALLEDINREARSLOT
17 24
SLOT 3PORTS
9 16
SLOT 2PORTS
SLOT 1PORTS G1-G4PORTS 1-8
1G/10G PORTS (SFP+)
Pwr
GigaVUE-2404MB
ConsoleMgmt
G4Rdy
M/S
G3G2G1
10/100/1000 PORTS (SFP)
1
1G1 G2 G3 G4
2
2
3
3
4
4
5
5
6
6
7
7
8
8
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
GigamonIntelligentDANTM
UPWHENINSTALLEDINREARSLOT
17 24
SLOT 3PORTS
9 16
SLOT 2PORTS
SLOT 1PORTS G1-G4PORTS 1-8
1G/10G PORTS (SFP+)
Pwr
GigaVUE-2404MB
ConsoleMgmt
G4Rdy
M/S
G3G2G1
10/100/1000 PORTS (SFP)
1
1G1 G2 G3 G4
2
2
3
3
4
4
5
5
6
6
7
7
8
8
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
1G/10G PORTS (SFP+)
Pwr
10GigaPORT-8X
Console
Mgmt
Pwr
Rdy
M/S
GigaVUE-212
2 4
1 3
6 8
5 7
10/100/1000 PORTS2
1
1G PORTS 1G/10G PORTS4
3
6
5
8
7
X2
X1
Pwr
9
10
11
12
GigaPORT-SFP
9
10
11
12Console
Mgmnt
Pwr
Rdy
M/S
1 2 3 4
Gigamon S ystems
Giga PORT Giga PORT Giga PORT Giga PORT
Console
Mgmnt
Pwr
Rdy
M/S
1 2 3 4
Gigamon S ystems
Giga PORT Giga PORT Giga PORT Giga PORT
Figure 1: Intelligent Traffic Visibility Technology can be implemented into your network
Federal Data Centers Can Benefit From Intelligent Traffic Visibility// White Paper
The Smart Route To Visibility™
3
The key to secure access is to utilize the GigaVUE® integrated
TAPs between major network devices found in the data center.
This includes core switch-to-router, switch-to-server and switch-
to-switch links. GigaVUE integrated TAPs can be deployed
as passive network connections that copy traffic from the link
to the monitoring and analyzing devices. Gigamon designed
the GigaVUE Traffic Visibility Node as a modular product.
This modularity provides secure access to the traffic, allowing
greater flexibility that accommodates the different media types
typically present. The chassis and module architecture allows
an agency’s data center to save costly rack space by allowing
several different modules to perform filtering, aggregating and
regeneration all from the same unit. By moving beyond the
fixed-function chassis, towards a scalable approach leverages
a repeatable, predictable, and measurable framework allowing
federal agencies to provide their data centers with reduced
power consumption and a smaller physical footprint. Many of
these benefits provide “Day One ROI,” or short term earned
value and improved efficiencies.
Replicated Traffic on a Critical Link can be seen by Many Tools
Increase Effectiveness from Existing Tools: Often a federal
agency will experience a tool overburdened by the amount of
traffic sent to it or difficulty monitoring higher speed connections
with lower speed tools. The Gigamon solution can reduce these
problems using patented mapping and filtering technologies.
Filtering allows the 10G or aggregated traffic to be throttled
down to less than 1G and sent to a 1G tool that the agency
already owns. With filtering, users can reduce the amount of
traffic being sent to a tool allowing it to only see the traffic it
needs, instead of voluminous amounts of unnecessary traffic.
This improves efficiency and saves budget dollars.
Eliminate SPAN Port Contention: Most switch and router
manufacturers such as Cisco, Brocade, HP, and Juniper have
a use limitation of only two ports for SPAN/Port Mirroring
connections. Because of this limitation, users have reduced
visibility into traffic because all packet capture devices, data
recorders, and application monitoring and security tools cannot
access the traffic they need to see. By using the GigaVUE
Traffic Visbility Node, users can connect these same
SPAN/Port Mirroring connections to the routers and switches
and easily replicate the traffic to multiple tools simultaneously.
Easily Add New Tools and Monitor New Applications: Data
centers are continuously evolving, adding new applications,
services and monitoring tools. When all monitored traffic
is routed through a Traffic Visibility Fabric, users can easily
connect new tools or monitor new applications using the
modular design by quickly sending traffic to new tools without
disturbing existing monitoring connections. All of this can be
accomplished without having to wait for lengthy change orders
or management processes because no downtime is incurred
ensuring all traffic is passively accessed and distributed.
Secure Monitored Traffic: Another important consideration
when monitoring or capturing traffic is controlling access to that
traffic to ensure only authorized users capture or see it.
The GigaVUE system secures traffic by offering many
United States and certain other countries. Visibility Fabric, Traffic Visibility Fabric (TVF), Citrus, and The Smart Route To Visibility are trademarks of Gigamon. All other trademarks