Visibility in the Public Cloud: A Game Changer

Updated September 30, 2021.

“Game changer” – the term is not one that should be used lightly. The Merriam-Webster dictionary defines a game changer as “a newly introduced element or factor that changes an existing situation or activity in a significant way”.

And that is exactly what our announcement today on the industry’s first visibility platform for public, private and hybrid cloud does to security operations, customer experience management and performance management in a public cloud Infrastructure-as-a-Service (IaaS). Six months ago, we announced trials of the industry’s first visibility solution for public clouds starting with Amazon Web Services (AWS). The response we received from various industry stakeholders—ecosystem partners, customers, channel partners and analysts alike has been staggering. Two reactions summarize their sentiments:

• A customer who recently trialed this solution commented “It is awesome to see this working—this is going to make it so much better for us to monitor in AWS.”
• Another channel partner declared “There is nothing like this in the market!”

In order to understand their excitement, it is useful to start with the demarcation of responsibilities between the IaaS provider and the enterprise. While the IaaS provider is responsible for services such as compute, storage, databases etc., the responsibility of securing the application data and understanding the data exchanged between applications is still the customer’s responsibility.

Figure 1: Responsibilities of an IaaS provider (e.g. AWS) and Customer

Visibility to such interactions today is limited because unlike an on-premise infrastructure where there are a variety of mechanisms to gain access to traffic (network TAPs, SPAN sessions from a network switch/router, virtual tapping in a virtual infrastructure etc.) including the ability to install any special-purpose monitoring appliance, there are very limited options available in a public cloud IaaS. For example, Amazon CloudWatch provides VPC Flow Logs that provide 5-tuple information useful for reactive troubleshooting but not for proactive content inspection. Consequently, there is either no access to such ‘data-in-motion’ between application workloads at all or security tool vendors have had to resort to developing custom agents. Neither solution is efficient.

This is why the Gigamon Visibility Platform holds so much appeal for organizations. By providing one consistent method to get access to such data-in-motion, an administrator can:

• Distribute traffic to multiple tools that need to inspect/analyze real-time data-in-motion
• Customize the delivery of traffic to specific tools. This includes applying advanced traffic intelligence capabilities to conserve the amount of traffic backhauled
• Obtain elastic visibility as workloads scale out

As an example, one use case that has particularly attracted many security operations teams is the ability to obtain centralized visibility into multiple virtual private cloud (VPC) instances that are owned across an enterprise (see Figure 2 below). This deployment model allows delegation of responsibility of running individual VPCs, while still providing the ability to obtain centralized visibility across these VPCs.

Figure 2: Centralized visibility for Security Operations into multiple enterprise VPCs

It has been fascinating working with the talented Gigamon team that has developed this ground-breaking solution, which includes many patent-pending innovations. Given the elastic nature of the cloud, we specifically put emphasis on several attributes:

• Focus on the “Visibility Platform”. Regardless of whether the infrastructure is part of a data center, a private cloud, a public cloud, a hybrid deployment or a remote site, we wanted to provide a consistent pane for visibility. This is why we built the orchestration plane as part of GigaVUE-FM to provide pervasive and consistent visibility across the entire organization. Our customers were clear that they wanted one consistent visibility solution across their entire infrastructure, not silo-ed views across their on-premise and the public cloud.
• Drag-and-drop user interface for rapid turn-up. In the trials we did, initial turn-up was typically completed within less than 15-20 minutes, even with all the commentary
• Integrations with other components of the ecosystem (Amazon CloudWatch, Amazon EC2 APIs), which minimizes manual interventions and places a high emphasis on automated discovery
• Automatic target selection to automatically extract traffic of interest matching a specific policy as new elastic compute cloud instances come up
• A patent-pending controller-based architecture to facilitate massive scale-out
• Flexible deployment models to facilitate both all-in-cloud and hybrid deployment models. Workloads and analytic tools can be located anywhere—in the same/different VPC, same/different region or even be deployed in a hybrid environment where the analytic tools could be split between AWS and on-premise. The implications are profound because such best-in-class visibility with flexible deployment models enables organizations to accelerate their “lift and shift” plans to the public cloud.
• Close collaboration with our partner ecosystem as part of solution validation. As of today, we have already validated with 15+ commercial and open-source tools and more are underway.

The power of visibility makes the potential of the public cloud real. And only a Visibility Platform can unleash its potential. For more details, check out www.gigamon.com/aws or try a Test Drive to get started. We will also be at the AWS re:Invent 2016 conference in Las Vegas Nov 28 – Dec 2 next week where you could stop by booth #2423 to talk to our experts or listen to the presentation “Who Stole My SPAN Port?!” on Wednesday Dec 1 or Thursday Dec 2.

Onward!