Gigamon Deep Observability Pipeline

Supercharge your security and observability tools with network-derived intelligence to eliminate blind spots and reduce tool costs.

LEARN MORE

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

TRAFFIC INTELLIGENCE

A NEW AI ERA BEGINS

AI builds on deep observability to enhance traffic intelligence, threat detection, and governance across the hybrid cloud.

MEET GIGAMON AI

CLOUD VISIBILITY

DATA CENTER VISIBILITY

NETWORK SECURITY

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

OVERVIEW

GET SUPPORT

ASK THE COMMUNITY

voice of the customer

Gigamon serves the most security conscious government agencies and businesses around the world, enabling them to gain deep observability they require to better secure and manage hybrid cloud infrastructure.

CUSTOMERS

cegedim

U.S. Holocaust Memorial Museum

Building a foundation for data integrity and security.

 

Corpay (formerly FLEETCOR)

Corpay

Enhances hybrid cloud security through proactive threat identification.

DoD

Department of Defense

Confidently feeds different tool sets in the physical and virtual world.

 

Resource Library

Your one-stop hub to explore content resources and stay current on the latest in how to amplify the power of your cloud, security and observability tools.

RESOURCES

navthumb precryption

Recalibrate Risk Now

2025 survey now live.
AI threats are rising.
See how to gain control.

navthumb precryption

AI for Deep Observability

Insights and governance redefined.

tech hub

Tech Hub

Explore short demos highlighting real-life use cases.

WHY GIGAMON

We offer a deep observability pipeline that efficiently delivers network-derived intelligence to cloud, security, and observability tools to eliminate blind spots, optimize traffic, and reduce tool costs, enabling you to better secure and manage hybrid cloud infrastructure.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Company Overview

Gigamon Overview: A Leader in Deep Observability

See the full picture. Secure your hybrid cloud.

GPTW

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Uncategorized / June 1, 2026

Gigamon Inline V Series vs. UCT‑V on AWS: Which Is Right for Your Use Case?

Headshot of Sriram Shanmugam. Sriram Shanmugam  

Gigamon offers multiple ways to acquire traffic in AWS, and two of the most powerful are Inline V Series and GigaVUE® Universal Cloud Tap (UCT‑V). Both feed traffic into V Series nodes and your security and observability tools, but they do it in very different ways — with different implications for visibility, risk, latency, and operations.

This blog breaks down how each model works, the key trade‑offs, and practical guidance on when to choose one over the other — or when to use them together.

Conceptual Overview

Inline V Series (AWS)

Inline V Series is an agentless, inline acquisition model built around AWS Gateway Load Balancer (GWLB). Selected flows are steered through Inline V Series nodes via GWLB endpoints, so every protected packet must traverse the inline inspection chain.

Key characteristics:

  • Traffic acquisition: Inline in the data path via GWLB and GWLB endpoints; packets must pass through Inline V Series.
  • Deployment components: GWLB, GWLB endpoints, Inline V Series Auto Scaling Group (ASG), dedicated appliance VPC/subnets, AWS Monitoring Domain (traffic acquisition = inline), Monitoring Session (inline).
  • Workload footprint: Fully agentless — nothing installed on EC2 instances; redirection happens at VPC/GWLB/routing layer.
  • Typical coverage: Best for North–South flows that can be routed through GWLB (internet ingress/egress, centralized inspection between VPCs, etc.).
  • Primary strength: Enables inline enforcement (NGFW/IPS/inline inspection) with low‑latency processing and GWLB‑managed failover.
AWS architecture diagram showing an Applications VPC connected to a SecOps VPC through AWS Gateway Load Balancer components (GWLBe and GWLB) inside a single AWS Region. The Applications VPC includes isolated web and app tiers containing cloud workloads. Traffic flows through the Gateway Load Balancer into tier 1 and tier 2 V Series security nodes in the SecOps VPC. The SecOps environment also includes a Fabric Manager connected over TCP port 8889, auto scaling groups, security tools, internet gateways, and bidirectional inspection paths between application and security layers.

GigaVUE Universal Cloud Tap (UCT‑V)

UCT‑V is an agent‑based mirroring model. A lightweight UCT‑V agent on each monitored VM mirrors traffic from the VM interface into a tunnel (VXLAN/L2GRE/secure tunnel) toward V Series nodes.

Key characteristics:

  • Traffic acquisition: Agent-based mirroring from within each VM’s interface; mirrored traffic is tunnelled to V Series nodes.
  • Deployment components: UCT‑V agents on VMs, one or more UCT‑V Controllers, V Series nodes, AWS Monitoring Domain (traffic acquisition = UCT‑V).
  • Workload footprint: Agent on each monitored VM; requires package deployment, lifecycle management, and sometimes security policy exceptions.
  • Typical coverage: Strong inside‑VPC and East–West visibility, with per‑VM granularity and selective tapping of specific workloads.
  • Primary strength: Deep visibility without putting production traffic inline — failures typically impact visibility, not application reachability.
AWS architecture diagram showing an Applications VPC connected to a SecOps VPC within a single AWS Region. The Applications VPC contains separate web and app tiers with UCTV agents or cloud workloads feeding traffic through a UCTV Controller. The SecOps VPC contains tier 1 and tier 2 V Series nodes, managed by a Fabric Manager over TCP port 8889, plus connected security tools. Internet gateways (IGW), auto scaling groups, and bidirectional traffic flows between the environments are illustrated with arrows and segmented network boundaries.

Feature Comparison

Features

Inline V Series (AWS)

UCT-V on AWS

Traffic acquisition model

Inline in the data path via GWLB and GWLB endpoints; packets must traverse Inline V Series nodes.
Agent-based mirroring from each VM’s interface, traffic is tunneled to V Series nodes.

Deployment components

GWLB, GWLB endpoints, Inline V Series ASG, appliance VPC/subnets, monitoring domain (inline), monitoring session (inline).
UCT-V agents on VMs, one or more UCT-V Controllers, V Series nodes, monitoring domain (traffic acquisition = UCT-V).

Workload footprint

Agentless, all redirection happens via routing/GWLB.
Agent on each monitored VM, install/upgrade/config per OS and image.

Typical coverage

Primarily North–South.
Primarily East–West.

Use of cloud-native features

Deeply tied to AWS GWLB: GENEVE encapsulation, health checks, target failover, LB-managed distribution.
Uses tunnels (VXLAN, L2GRE, or secure tunnel) from UCT-V to V Series; less dependent on AWS LBs for acquisition.

Performance/latency

Designed for low-latency inline processing; GWLB distributes flows and handles target failover, but every protected flow sees additional hops.
Adds mirror and tunnel overhead, but production flows are not inline gated by V Series; failures usually mean loss of visibility, not traffic.

Traffic enforcement

Suitable for inline enforcement (NGFW, IPS, WAF chains) all selected flows must pass through the inspection path.
Primarily observe/monitor, production path is unaffected, so enforcement is indirect (via tools feeding policy back elsewhere).

Failure behavior

If an Inline V Series node fails, GWLB health checks can drain/rebalance or bypass based on design.
If UCT-V or its tunnel fails, that VM’s visibility is impacted; application traffic continues over its normal path.

Operational complexity

Heavier on network engineering (GWLB design, endpoints, route tables, dedicated VPC, troubleshooting inline chains).
Heavier on endpoint/agent lifecycle (deploy, upgrade, policy management, version compatibility between UCT-V, Controller, V Series, GigaVUE-FM).

Policy/platform constraints

Good fit where no agents on servers is a hard requirement.
Constrained by organization policies around agents and OS support.

Traffic that is hard to see

Purely intra-VPC East–West flows that never touch GWLB unless you redesign routing.
Agentless resources and some managed services/serverless where you can’t run a UCT-V agent.

Summary

  • Inline V Series is an agentless, GWLB‑based inline model optimized for North–South traffic and enforcement use cases, at the cost of more routing/network complexity and an inline dependency.
  • UCT‑V is an agent‑based mirroring model that provides deep East–West and per‑VM visibility with low risk to production traffic, at the cost of agent lifecycle management and controller operations.
  • The strongest designs typically combine both, using Inline V Series where inline enforcement and centralized chokepoints make sense, and UCT‑V where granular, low‑risk visibility into workloads is the priority.

By mapping these trade‑offs to your organization’s risk tolerance, operational model, and visibility gaps, you can choose the right acquisition mix and evolve over time as your AWS footprint and security posture mature.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Hybrid/Public Cloud group.

Share your thoughts today

  • © Gigamon 2026
Back to top