After more than a decade of development, cloud services by virtue of the “flexibility, flexibility, security, low cost” characteristics, “on the cloud is the norm, not on the cloud is the exception” has become a consensus. Statistical information shows that with the continuous implementation of cloud on enterprises, the east-west traffic in cloud data centers accounts for more than 70%. However, the flexible and frequent changes of cloud services make the east-west traffic in data centers become a black box that is difficult for enterprises to reach.
As the scale of cloud business on the enterprise increases, virtualized networks become more complex. But for business security demands of enterprises, the competent department of industry regulatory requirements to grow, how to in a variety of cloud platform, virtual machine, don’t change production network configuration, does not affect the business continuity and stability at the same time to complete the unification of the virtual network traffic collection and distribution, to meet the needs of different traffic consumer sector?
The necessity of virtual network traffic collection
Different industries and segmented areas have related supporting safety regulations. In addition to the Cyber Security Law and the Regulations on the Security and Protection of Critical Information Infrastructure, the national standard for cybersecurity level protection system 2.0 will be formally implemented on December 1, 2019. The security management center should realize centralized supervision and control in three aspects of system management, security management and audit management, and realize cloud computing environment security, regional boundary security and communication network security through technical means. In this context, the enterprise cloud must first meet the compliance requirements of Equal Insurance 2.0, and be able to achieve real-time monitoring and analysis of evidence collection for virtual network. Therefore, the precise collection of virtual network traffic has become the technical commanding point to meet the requirements of enterprise cloud.
As customers continue to deploy their business in the cloud, east-west traffic to their data centers grows exponentially. Due to the limitation of performance, traditional safety analysis tools can not cope with and deal with petabyte flow. In addition to the challenge of virtual network traffic collection, traditional security analysis tools have become “isolated islands” that are difficult to cooperate in the cloud environment. For the customer barrier, it is difficult to find the accurate associated path to capture the packet analysis according to the IP address, especially in a few cases where the barrier IP cannot be determined. As a result, in the large-scale virtual network environment, the administrator can not find abnormal network traffic from the global perspective, which seriously restricts the security of the cloud business.
In general, the cloud platform does not have the ability to collect virtual traffic. For example, due to various reasons, cloud vendors are not allowed to deploy the collector/probe on the host. Some third party analysis tools can not directly unpack VXLAN and other messages; In the cloud environment, network traffic between virtual machines is not all forwarded through access switches. Therefore, most third-party analysis tools are usually unable to directly obtain this part of business traffic data. In case of business failure or slow access, the existing analysis system cannot quickly locate the problem due to the lack of necessary business traffic data, and the continuity of cloud business will be affected by the degree of obstruction.
Deepflow ® acquisition and distribution solution
The principle of cloud on the enterprise is to ensure the consistency of business experience without modifying the application as much as possible, that is, after the application of cloud, the business experience, security and continuity need to be maintained or improved. Cloud services should be able to provide enterprise-level management, monitoring, auditing, security and other functions to meet industry and national security regulations and auditing standards. The DeepFlow® acquisition and distribution solution is cloud-oriented and enables customers to customize fine-grained filtering strategies based on their business and applications. It can be easily deployed in heterogeneous cloud resource pools. Its main components are collector software and controller software, which are deployed on the computing nodes of the virtualization platform. The latter is deployed on standard x86 servers (with support for virtualized deployments). Ensuring business continuity and security in the cloud by helping customers build a large-scale, high-performance, integrated monitoring and analysis platform.
The Deepflow ® acquisition and distribution solution supports a variety of private cloud virtualization environments, including OpenStack resource pools, VMware resource pools, WindowsServer resource pools, container resource pools, traditional bare metal resource pools, etc. Support the deployment of public cloud environment, including Tencent public cloud and AWS public cloud.
Deepflow ® supports deployment
The Deepflow ® acquisition and distribution solution consists of a collector and a controller. The latter is typically deployed in cluster mode on standard x86 servers (virtual deployment is also supported), and the controller supports escape mode. The collector runs in the computing node with low resource occupancy and complete capacity of flow preprocessing. By acquiring ACL rules from software controller, the output of network acquisition and telemetry data of virtual network traffic can be carefully controlled. The collector component can be deployed in different virtualized environments in the following ways:
Acquisition of physical networks
Traditional physical network traffic collection usually has mature schemes. Deepflow ® collection mainly relies on means such as spectroscopic, mirroring, and server drainage. The difference is that Deepflow ® can achieve full volume collection with flow preprocessing function. And the collection of virtual network traffic, according to the different virtualization environment, and slightly different.
Acquisition based on KVM
When the user environment is KVM environment or container environment such as open source OpenStack cloud platform, the collector can be installed to the host machine in batch and automatically in the form of user-mode process. Using the kernel function module of the host operating system, the traffic of the virtual network card is collected. This implementation has nothing to do with the specific vSwitch implementation of the customer environment. Users can freely choose the open source Openvswitch, Linux Bridge or the manufacturer’s private SDN vSwitch.
Acquisition based on ESXI and Hyper-V
When the user environment is VMware cloud platform or Microsoft Windows Server virtualization environment, the collector runs on the computing node in the form of virtual machine, and the traffic collection is realized through the virtual switch of the host operating system. This implementation relies on the virtual switch of the guest host operating system, and the collector completes the traffic preprocessing in the virtual machine.
Acquisition based on bare-metal
When the user environment is a minicomputer or other x86 bare metal environment, the collector usually runs in process mode on the server Hypervisor, and is installed and run without any dependence on the software version or network policy of the environment.
The DeepFlow® collection and distribution solution is cloud-oriented and provides an integrated network traffic collection and distribution solution for a multi-cloud environment. By helping users to build a large-scale, high-performance and integrated monitoring and analysis platform, it solves the problem of integrated collection and multi-channel distribution of virtual network traffic in the enterprise cloud data center, and guarantees the compliance, security and continuity of the cloud in the business. In the past eight years, it has brought the innovation of cloud data center network solutions and the power of new technologies to nearly 100 enterprise customers in multiple industries such as finance, telecommunications, energy and transportation. For more information, please contact us at the official website of Spruce Network.