- 23 May 2014 09:48
Clear visibility essential for the enterprise, as complexity escalates
As Australia’s enterprise environments continue to expand in size and complexity and service providers come under increasing pressure to perform, a potentially dangerous gap has emerged across vendors of converged infrastructure solutions.
Automation and orchestration have become key components in creating converged infrastructure solutions, which combine computing, networking, storage, software and orchestration products in a single package, allowing organisations to move towards highly efficient and optimised service delivery. Yet little or no real-time visibility exists into the traffic and transaction flows where these infrastructure stacks have become physically separated and logically isolated from the tools used to monitor, analyse and secure the computing environment.
As enterprise IT environments become transformed and virtualised, IT professionals are finding that most infrastructure tools offer only limited visibility into the information required to report accurately on activity and secure the data centre. The following technologies characterise a next generation architecture:
High density and highly power-efficient computing.
Server and network virtualisation.
Increase of speed and port density of networking devices.
These technologies have driven advances in reliability and helped to create a modular and scalable standard reference data centre architecture. But while this architecture has been widely adopted, it lacks a critical visibility layer. Without a visibility solution layer, network monitoring, security and analysis tools may be unable to see inside the virtualised network, encapsulated protocols or virtual switches. Nor may they be able to see into isolated silos.
As networks upgrade from 1Gb to 10Gb and higher, the tools used are often an afterthought, yet 10Gb networks transport 50 times more traffic than 1Gb networks, and it can cost ten times more to upgrade a 1Gb tool to 10Gb. These challenges indicate the urgent need for a visibility layer solution that acts as a centralised fabric, capable of delivering relevant data from various networks under an administrative domain to a centralised set of tools connected to the unified visibility fabric. Offering both scalable architecture and fabric intelligence, unified visibility fabric architecture has become an enterprise platform of choice for its ability to control traffic flows intelligently.
Such an architecture delivers a more efficient, reliable and scalable use of the monitoring, analytics and security tools in a data centre. The paradigm is being leveraged in Australia and worldwide to provide reliable transport of network and server traffic to industry leading tools used by the enterprise for critical systems monitoring and business decision-making. Unified visibility fabric architecture runs on carrier class, purpose-built fabric nodes.
These offer port density, high volume packet processing and scalability to fit any size of data centre infrastructure. From complete ‘visibility in a box’ solutions to top-of-rack and end-of-row product choices, such solutions deliver traffic to connected tools at one, 10, 40, and 100 Gbs with minimal packet loss.
As applications are added to a virtualised infrastructure, visibility becomes essential across the entire virtual fabric and converged platforms. Leading visibility fabric architectures extend visibility into these areas without requiring physical changes to the solutions, including the internal cabling. Virtual fabric nodes extend visibility into the virtual network and virtual server fabric for converged infrastructure solutions.
Extending visibility throughout the data centre is a simple matter of deploying right-sized components, such as high-density fabric nodes as central aggregation points for SPAN and/or TAP ports. Aggregation can be optimised further, according to the scale required, with top-of-rack or mid/end-of-row concentrators. Using network TAPs is the most reliable method of accessing 100 percent of the data flowing across the wire, and passive TAP technology provides data access at line rate for 1Gb, 10Gb, 40Gb, and 100Gb network links.
When traffic is delivered via SPAN or TAP to a node, it is processed through at wire speed and can be optimised to meet the specific needs of various tools being used to monitor, analyse and secure the data centre. Flow mapping and packet filtering technologies extend into the virtual infrastructure with native virtual machines that provides a virtual switch TAP for appliance vendors’ virtual switches.
Other capabilities of visibility devices include features for decapsulating MPLS and VXLAN traffic, filtering based on VN-Tag ID, and tunnelling of captured traffic from within the virtual infrastructure or from remote data centres to the centralised tool environment.
The legacy approach to tool deployment defies enterprise efforts to centralise and consolidate management and administration of in-band or out-of-band tools. The new generation of fabric management tools centralises the management of all fabric nodes, both physical and virtual, in a data centre.
As visibility rules are defined and mapped to specific virtual machine network ports, those rules and maps follow the virtual machine and remain in effect even after a VMware vMotion event occurs. The solution also enables network administrators to configure visibility into the virtual switch without disrupting workflows of the server administration team, resulting in faster turnaround times for change requests.
Need for pervasive visibility
As mobility, video and the proliferation of smart devices and applications drive the growth of east/west traffic in data centres, many have scaled to 10Gb core networks and are scaling their links to 40Gb and 100Gb. Since improvements in bus designs and multi-channel adapters have resulted in x50 link speeds, the features and benefits of visibility solutions are enabling tools that cannot meet these higher speeds to maintain visibility into the infrastructure.
Network architects usually specify three network layers—core, aggregation and access. With mass market adoption of virtualisation and converged infrastructure solutions, this model leaves data centre, applications and data analytics practically in the dark. Visibility fabric solutions provide a critical fourth layer, the visibility fabric layer, that allows monitoring tools to see inside the virtual spaces and scale and transform monitoring solutions as the network is upgraded and applications move to the hypervisor. This layer is designed for enterprise computing, providing pervasive visibility, awareness and control from the converged edge to the private cloud.
As infrastructure complexity increases, IT departments face new challenges from business stakeholders to deliver more services on-demand through end-user portals. The visibility fabric meets these demands by delivering ‘Visibility as a Service’.