Technical Insights > Network Visibility + Security

CloudLens – East-West visibility in Nutanix Ecosystems & Integration with Nutanix AHV

2020-07-01  |  5 min read 

Nutanix Hyperconverged Infrastructure (HCI) Nutanix AHV logo

When it comes to virtualization and private cloud, Nutanix is a name which is gaining momentum. The Nutanix story started with hardware, as the precursor of hyperconverged infrastructure or HCI, the combination of compute, storage and networking in the same appliance to ease deployment and scaling of data centers. Nutanix was initially tightly coupled with VMware ESXi that provided the virtualization layer.

The focus evolved to transition from hardware to an intelligent software HCI solution, with the purpose to simplify the life of the IT administrator, by hiding the complexity of managing compute, storage and networking resources;    allowing them to focus on their core business applications. This transition started with the introduction of the Acropolis Hypervisor (AHV), a custom implementation of the KVM hypervisor, as an alternative to VMware ESXi commonly used until then by Nutanix customers.

Since then, the AHV ecosystem has matured, making it an appealing solution for customers building their own cloud infrastructure. New features, coupled with a monetary advantage, resulted in about half of Nutanix customers now using Acropolis (AHV) virtualization platform. However, a cloud infrastructure cannot live without a strong visibility solution to monitor and prevent security threats. Also, virtualized environments, whatever they are, need appropriate visibility solutions, to monitor the east-west activity between virtual workloads (servers, applications) which can run in VMs and/or containers.

Visibility in Nutanix AHV environments

It made sense for Keysight to extend CloudLens, a key component of its Virtual Visibility Fabric solution for virtual environments, to offer some integration with the Nutanix Ecosystem.

Today, a Nutanix customer in need of east-west network traffic visibility has several options, the solution will mostly depend on the running hypervisor.

  • Customers running VMware ESXi, can leverage the CloudLens solution for VMware environments, which leverages traffic mirroring at the virtual switch level, available for virtual standard switch (vSS) or virtual distributed switch (vDS).
  • Customers running AHV have two choices:
    1. Run sensor virtual taps in the virtual workloads to monitor
    2. Leverage the network packet redirection feature available in the Acropolis hypervisor

Sensor vTaps are usually used with older versions of AHV which did not offer the redirection option. In this post I am focusing on the 2nd option that leverages the Acropolis packet redirection feature.

The Solution Nutanix and Ixia/Keysight Virtual Visibility Fabric

By deploying the Ixia Virtual Visibility Fabric in Nutanix environments, customers can remove blind spots in their virtual ecosystem by getting the critical network data from the virtual infrastructure, processing it for optimization, and “feeding” their monitoring and analyzing tools with raw network packets or flow information. In short, they can provide the right data to the right tools.

Into the details

The Nutanix certified CloudLens solution is deployed as a Service Virtual Machine (SVM) in the host that needs to be monitored (1 SVM per host). The SVM is integrated in the AHV service chain and receives the redirected traffic from the hypervisor.

The SVM can filter the traffic before forwarding it to an aggregation point (physical or virtual) via a GRE tunnel. Today, aggregation is typically done on Keysight Vision network packet brokers (NPB) which is part of the Ixia Visibility Fabric architecture.

The NPB provides additional packet processing, filtering, deduplication, as well as deep packet inspection (DPI) for layer 7 – Application level visibility and can generate NetFlow/IxFlow (IPFIX enhanced NetFlow which provides multiple additional fields) metadata information to be used by SIEMs and NetFlow collectors.

See below a high-level representation of the solution.

CloudLens vTap in Nutanix AHV

Integration and Workflow

For a better understanding of the implementation, the diagram below represents the workflow of the CloudLens integration in the Nutanix service chain architecture.

CloudLens workflow in Nutanix AHV

CloudLens workflow legend Nutanix AHV

 

Beside integrating with Nutanix AHV, Ixia CloudLens can help you deploy network visibility solutions for other virtualized environments, from datacenters running VMware, KVM, Microsoft, to public cloud environments, AWS, Azure, Google Cloud.

For more information about Ixia CloudLens visibility solution, please visit: https://ixia.keysight.com/products/cloudlens-private