Expand the Capabilities of VPC Mirroring with GigaVUE Universal Cloud Tap

In this post we will explore the the differences between AWS VPC Mirroring and GigaVUE® Universal Cloud Tap (UCT), and then examine when to use each solution.

AWS VPC Traffic Mirroring

AWS VPC Traffic Mirroring is a powerful way to duplicate traffic from elastic network interfaces (ENIs) and send that traffic to a destination for content inspection, troubleshooting, and threat monitoring. This is accomplished through a wide array of AWS single tools like the AWS network firewall and other inspection services using gateway load balancers (GLB).

The benefit of this traffic mirroring is simplicity in operations. There is only one target to set, so no complicated forwarding rules. Traffic is captured from the ENI, so this traffic cannot be modified from user space, guaranteeing traffic integrity. AWS charges per ENI per hour regardless of how much data is mirrored, even if no data is flowing. There could be additional data costs if a gateway load balancer is used.

Gigamon GigaVUE UCT

Gigamon has a long history of mirroring and duplicating traffic in on-prem and virtual networks. The capabilities that have successfully brought visibility to these environments have now been refactored to support traffic mirroring capabilities in the public cloud through GigaVUE Universal Cloud Tap (UCT). 

There are some key differences between GigaVUE UCT and VPC mirroring that can greatly enhance the solution VPC mirroring was designed for:

• UCTs are deployed within workloads or in container pods across an entire infrastructure and access traffic before sending it simultaneously to all targets that have been identified. Think of it as a many-to-many scenario. 
•  UCTs mirror traffic from within the workload before it reaches the ENI, while VPC mirroring duplicates traffic at the ENI. This allows organizations to gain visibility into container-to-container traffic and a granular level of visibility that could greatly augment VPC mirroring.  
• UCTs offer simple auto-scaling and auto target selection (ATS) to making deployment easier and ensure visibility without blind spots as infrastructures evolve. Organizations can introduce or delete different cloud instances or containers with confidence knowing that visibility will be automatically applied when these are introduced.
• UCTs are priced based on mirrored data volume rather than by the hour. This greatly eases large-scale deployment of UCTs, as they can be turned on and off as needed while not being billed per instance.

Key differences between VPC mirroring and GigaVUE UCT:

When to Use AWS VPC Mirroring vs. GigaVUE UCT

Both solutions have profound capabilities that provide their own set of benefits. Whether you solely use AWS VPC mirroring versus GigaVUE UCT is heavily dependent on the complexity of your infrastructure. If you are early on in your cloud journey, using only AWS VPC mirroring could help you reach the level of visibility necessary for your environment. But as your infrastructure grows to meet the needs of your business, GigaVUE UCT would be better suited to provide complete visibility amidst the complexities of your infrastructure.

Conclusion

AWS VPC mirroring and GigaVUE UCT solve similar problems in different ways. Both can be used to offer traffic mirroring and visibility into different workloads. Use native tools when available, and use GigaVUE UCT when you need enterprise-wide deployments, visibility into containers, or traffic mirroring on EC2s or regions that do not support it.

Contact us here to learn more about the differences between AWS VPC Traffic Mirroring and the GigaVUE UCT.