Virtual Taps - The ABCs of Network Visibility
Originally posted by Keith Bromley.
I get this question a lot, what is a virtual tap? A virtual tap is a software-based solution that captures a copy of the data flowing between virtual machines (VMs). Virtual taps provide clear visibility into inter- and intra-VM traffic (also known as east-west traffic). They’re able to copy (also called mirror) VM data, filter the mirrored data, and then send the mirrored traffic of interest to physical or virtual monitoring tools.
Purpose of Virtual Taps
So, what’s the overarching benefit that they provide? Virtual taps eliminate virtual network blind spots and enable IT to analyze critical data for security threats and performance issues. For example, virtual traffic may be sent to inline security tools such as Intrusion Prevention Systems (IPS), or out-of-band security tools, or even sent to performance monitoring tools.
Research we conducted last year revealed that 80% of modern enterprises consider server virtualization a strategic priority. In addition, two in three companies run critical applications on virtual servers. Not only is virtual computing on the rise – it’s also being used to perform crucial business tasks. But to see all of the data flowing across virtual environments, you need a virtual tap.
Typical Use Cases
With organizations increasingly dependent on virtual computing, it’s essential that virtual environments remain smooth-running and secure. But virtual networks are particularly vulnerable to performance challenges. And they’re a natural target for security threats too.
Here are some real life use cases where virtual taps are beneficial.
1. Strengthening security defenses
Virtual taps are the best defense against costly cyber threats in virtual environments. They enable the oversight ability to detect security risks. Malware variants like Crisis have been optimized to function in virtual environments. Without visibility into your east-west traffic, how do you know you haven’t already been compromised? What would alert you to this fact?
- Reducing performance issues
Virtual taps give you access to performance data in your virtual data center. Network and data center failures can be costly, especially when unplanned. Virtual taps give you the visibility you need to perform trending analysis to avoid potential component problems and tackle operational issues.
- Consolidation of regulatory compliance initiatives
Many organizations need visibility within virtual environments in order to comply with service level agreements (SLAs) and other industry regulations (e.g. HIPAA in healthcare, PCI-DSS for financial card transactions, SOX in the enterprise). By capturing data from your virtual data center and exporting it to your existing compliance tools so that it can be combined with data from your physical data center, you now have complete network visibility and can demonstrate that visibility as part of any compliance audit.
Considerations When Researching Virtual Taps
When considering virtual taps, there are several items to investigate. Here is a short list of common items:
Multiple hypervisor support – You will want a virtual tap that supports the most common hypervisor types, like VMware, Hyper-V and KVM. Even if you only have one VM type in your network, multi-hypervisor support gives you flexibility down the road for additions and change of direction in your virtual data center.
Single pane of glass to see your virtual taps – Once you have all of your virtual taps installed, you want to be able to see them in one consolidated view. This includes virtual taps installed in different VM environments. You will want to see them all from a single pane of glass so that you can more efficiently and cost-effectively monitor your network. Siloed views of virtual taps not only create irritation and loss of productivity, they can obscure oversights in your monitoring plans and cause confusion.
Performance impacts – A third consideration is around performance. You want a virtual tap solution that does not create any significant performance issues for your network. This includes not adding significant load to the CPU or the VM and also not overloading the LAN (due to the creation of the mirrored data). The virtual tap must be able to filter the mirrored data before it is sent across the LAN. Otherwise, you’ll heavily load your network with the extra 50% to 100% of mirrored data.
More Information on Virtual Taps
Learn more about virtual tap solutions by visiting the Phantom vTap Product Page or downloading the Phantom vTap datasheet. Alternatively, read this case study on how an Ixia Virtual Tap solution was able to save one company $300K.
Ixia’s entire series of blogs on visibility are available now in the e-book Visibility Architectures: The ABCs of Network Visibility.