Elevate App Layer Visibility and Control Within Nutanix Hyperconverged Infrastructures

Updated December 9, 2022.

Organizations Embrace Private Clouds

In a 2019 survey conducted by RightScale, 72 percent of respondents report adopting private cloud adoption with enterprises running 46 percent of their workloads in such clouds (including hosted and cloud-enabled virtual topologies). This approach, versus public clouds, provides fully secure environments with complete IT control and, ultimately, lower total cost of ownership (TCO) when running heavy traffic levels.

A 451 Research report highlights concerns organizations have with public cloud: security (79 percent), performance (46 percent) and managing costs (39 percent). They go on to validate the principle benefits of privately run environments: site control (71 percent), cost (53 percent) and infrastructure ownership (43 percent).

One of the rising stars in this arena is Nutanix. Its Enterprise Cloud platform leverages web-scale engineering and consumer-grade design to natively converge compute, networking and storage into a resilient, software-defined hyperconverged-infrastructure solution with rich machine intelligence. This essentially makes infrastructure invisible, elevating IT to focus on the applications and services that power their business.

Need for Transparency

Within these dynamic mega-datacenter scenarios, administrators are scaling their deployments with more applications, servers and VMs; geographically dispersing and relocating compute nodes in real time; leveraging containers and routinely adding new tools.

Privately run clouds offer the necessary virtualization, including networking and storage, self-service, automation and on-demand scalability to keep up. Yet, organizations managing these environments require complete visibility at not only network, but application layers. IT needs insights into all VMs and containers to fully understand traffic flows and avoid blind spots.

While traditional on-premise topologies benefit from network packets brokers (NPB), cloud vendors do not offer this functionality. Legacy schemes involving SPAN ports impact routers, sample only flows and often lack NetFlow capabilities. Administrators are then forced to use physical network TAPs that are manually configured and/or install agents on each compute node for every security or network monitoring tool and send copies of all raw packets to these tools.

The results are a breakdown in full autonomy, duplicated data, complex network designs, excessive bandwidth usage, overwhelmed tools that lose effectiveness, and needless scaling. IT teams are limited in their ability to analyze network traffic and customer experiences and identify and filter based on application. Teams also lack advanced metadata information and have difficulties evaluating infrastructure health.

GigaVUE Shines the Light of Truth

For network, cloud, security and DevOps architects who face these challenges and must ensure an effective security posture and strong end-user experience, the Gigamon Hawk Deep Observability Pipeline is the solution.

Gigamon provides a deep observability pipeline that automatically acquires, optimizes and distributes selected traffic to security and monitoring tools, increasing security, operational efficiency and scale across multiple datacenter locations. We enable enterprises to extend their security and networking postures to private clouds while assuring compliance and accelerating the time to detect threats to mission-critical applications.

Nutanix and Gigamon Overcome Smoggy Private Clouds

Together, Nutanix and the Gigamon GigaVUE^® Cloud Suite for Nutanix help deliver end-to-end solutions for private clouds:

• Provide packet- and application-layer visibility for distributed virtual workloads in Nutanix AHV-powered scenarios
• Deliver VM flows of interest to Gigamon Hawk for aggregation and advanced processing
• Auto-discover and visualize end-to-end network topology
• Tight integration with Nutanix Prism and Flow for orchestration and support for Nutanix AHV
• Advanced visibility for hybrid architectures with single-pane-of-glass fabric management with GigaVUE-FM

A Closer Look

GigaVUE Cloud Suite for Nutanix delivers intelligent network traffic visibility for workloads running in VMs or containers. It is deployed on-premises or in private cloud environments managed by Nutanix Prism with Flow. The certified joint solution enables increased security and operational efficiency, and it scales across an unlimited number of VMs.

The solution consists of three key components:

• Agentless G-vTAP VMs acquire traffic and provide traffic mapping, VM/port filtering, and packet slicing and tunnel forwarding
• Distributed visibility nodes (GigaVUE HC Series platforms) provide traffic aggregation and advanced processing including packet de-duplication, header stripping, tool load balancing and TLS decryption
• At the heart of the fabric is patented Flow Mapping^® technology that identifies and directs incoming traffic to single or multiple tools based on user-defined rules implemented from a centralized fabric management and orchestration console, GigaVUE-FM

Let’s examine each component in more detail.

G-vTAP VM

For traffic acquisition, agentless, light-footprint, virtualized G-vTAPs are deployed as a Nutanix guest VM on each hypervisor. GigaVUE-FM leverages Prism APIs to deploy G-vTAPs and configure traffic redirection from the Acropolis hypervisor; copied packets from each of the VMs on the same server are sent to the G-vTAPs through a virtual switch. They subsequently send this mirrored traffic via L2GRE or VxLAN tunneling to a GigaVUE HC Series node for aggregation and processing. Key benefits include:

• Single, lightweight VM per hypervisor minimizes impact on compute nodes and delivers gigabits/second per instance
• No need to run special software or make changes to kernel modules
• Reduction in application downtime — there is no need to redesign applications when adding new tools
• Auto-pinned to a host so movement of VMs across different servers does not impact continuous traffic visibility

GigaVUE Visibility Nodes

Traffic aggregation, intelligence and distribution is provided by the GigaVUE HC Series nodes, which are deployed within the visibility tier. Key benefits include:

• Automatic Target Selection (ATS): Automatically extract traffic of interest from any workload
• Flow Mapping: Selection of Layer 2 to 4 traffic
• NetFlow/IPFIX generation: Create flow records from network traffic to determine IP addresses and ports used
• Header Transformation: Modify content in the header (L2–L4) to ensure security and segregation of sensitive data
• GigaSMART^® intelligence: Slice, sample and mask packets to optimize traffic sent to tools, reducing tool overload
• Support for Gigamon Application Intelligence with identification and extraction of over 3,500+ applications, as well as over 7,000 advanced L2–7 metadata attributes that can be sent to various SIEM and other security tools
• SSL/TLS decryption for application monitoring and security tools
• Load balancing of security and network monitoring tools

GigaVUE-FM Fabric Manager

Centralized orchestration and management are handled by GigaVUE-FM. Using RESTful APIs and its tight coupling to Prism, this tool dynamically directs Prism to instantiate G-vTAP VMs on each hypervisor where visibility is needed and configures policies for these virtualized instances within multiple environments — essentially any deployment where Prism orchestration is utilized.

Key benefits include:

• Direct AHV hypervisor to copy VMs or microsegments’ traffic and send to the GigaVUE-HC visibility nodes
• Configures and monitors GigaVUE HC Series appliances and directs traffic to the security and monitoring tools
• Track change-of-location events across the high availability (HA) cluster environments, enabling visibility policies to be tied to the monitored VMs and migrate G-vTAP VMs with the VMs as they move across physical hosts
• Publish REST APIs: Integrate with third-party systems and tools to dynamically adjust traffic received or to orchestrate new traffic policies
• Auto-discover, visualize and monitor the end-to-end network topology, including VM workloads by using an intuitive drag-and-drop user interface
• Eliminate manual processes and errors by automatically identifying each new workload and its associated traffic mirroring via ATS, and then configuring the G-vTAP VMs to direct traffic to physical appliance nodes

Easy-to-Use Self-Service Portal

GigaVUE-FM has a straightforward interface to provide overall management, monitoring and control. The Monitoring Domain dashboard for Nutanix displays fabric, management IP addresses and status.

The monitoring session displays sessions, number of target tools and status.

Learn More

Are you considering a move to private cloud with a Nutanix foundation? Or have you already made the move and are looking to get more insights into what traffic is traversing your hyperconverged infrastructure (HCI) environment and how to further optimize it?

GigaVUE Cloud Suite for Nutanix is fully certified as Nutanix Ready. To receive personalized insights including a demo, contact Gigamon. Register to watch our Nutanix/Gigamon webinar “Take Control with Application Visibility in Nutanix Private Clouds.”