Software-defined data centers (SDDCs) and decomposing application architectures are causing a fundamental shift in traffic patterns. With the majority of traffic now being east-west, most security attacks start within the data center and move laterally due to lack of visibility and control of this traffic. Consequently, security architects are looking for more effective ways to gain visibility for their existing and next-generation security appliances, such as those for web server security, integrity monitoring and malware inspection. Pervasive security involves not only firewalls, intrusion prevention systems (IPS) and other inline tools, but also feeding network traffic to out-of-band physical and virtual tools like intrusion detection systems (IDS), data loss prevention (DLP) and security information and event management (SIEM) systems for inspection; feeding NetFlow traffic to various collectors for flow-based analysis; and sending SSL decrypted traffic to those tools that don’t have visibility into encrypted sessions.
This is where Gigamon comes into play to provide a centralized platform from which to access, aggregate, optimize and deliver the right kind of traffic to the right tool. Together, Gigamon and VMware have collaborated on an integrated solution to realize the full potential of the GigaSECURE® Security Delivery Platform (SDP), enabled by the Gigamon Visibility Platform and VMware NSX network virtualization.[i] The Gigamon GigaVUE-VM visibility node, which is an integral component of the Visibility Platform, extends the security to the NSX platform, eliminating any traffic blind spots in the enterprise private clouds.
Since its launch in 2015, customers from various verticals – including financial, government and service providers using NFVi architectures – have adopted the joint solution to address outsider and insider threats and secure their physical and virtual infrastructure. They are seeing lower CapEx and OpEx, thanks to the flexibility in quickly extending their physical security posture to the SDDC. One large international bank, for example, is using the solution for automated visibility to scale out applications while a well-known retailer implemented the solution to monitor and protect a greenfield private cloud deployment. Service providers are also using this solution to provide service assurance for their NFVi deployments. Considering this widespread adoption, Gigamon recently completed re-certification with the latest NSX 6.3 and ESX 6.5 release. For more information, please refer to the Gigamon-VMware software compatibility matrix.
In addition to providing traffic visibility for existing VMs, this integration also automates traffic visibility and security for new VMs in the security group as applications scale out. Traffic visibility policies associated with the security group are automatically applied to provide real-time visibility for new VMs. In addition to acquiring the traffic, GigaVUE-VM also supports granular selection using L2-L4 filtering and packet slicing before forwarding the optimized traffic to the GigaSECURE Security Delivery Platform, which adds further optimizations, including de-duplication, NetFlow/metadata generation or SSL decryption, before delivering to the security tools.
The joint VMware NSX and Gigamon solution extends monitoring delivered by the NSX virtualization platform to provide an integrated data center solution that allows IT organizations to unlock all the benefits of an SDDC – from greater flexibility and agility to optimized capacity utilization and operational efficiencies – without compromising security. Security administrators can now provide comprehensive visibility and safe enablement of all data center traffic, including intra-server VM communications.
Learn more about the Gigamon Data Center and Virtualization Solution and the Gigamon Visibility Platform for VMware and let Gigamon help you see what matters.
[i] Gigamon is a certified partner that provides automated traffic visibility for virtual workloads in VMware NSX-powered SDDCs.