VMware’s NSX network virtualization product is designed to incorporate a range of 3rd party extension products that deliver additional capabilities and otherwise add value to the platform as a whole. Gigamon, a network monitoring solution provider, has incorporated its Visibility Platform called GigaVUE into the eco-system of NSX aware products. This solution provides active visibility for virtual workloads using NSX for networking and security and is an extension of existing support for VMware’s ESXi hypervisor.
Gigamon is known for its ability to aggregate network flows from multiple sources and forward or direct them to a centralized monitoring plane, where they can be analyzed. What this solution provides is an extension to Gigamon’s Visibility Fabric by adding a virtual node (VM appliance) that lets you intelligently filter and forward virtual machine (VM) network traffic flows to your existing monitoring infrastructure. It does this using NSX’s Dynamic Service Insertion feature to associate Gigamon visibility policies with NSX Security Groups.
There are a couple of specific use-cases where this solution makes a lot of sense. Both provide automated traffic visibility. The first one is designed to secure a Software-Defined Data Center (SDDC) with GigaSECURE using Dynamic Service Insertion. GigaSECURE is Gigamon’s Security Delivery Platform, which can be used to direct network traffic flows to specific security services. In this use-case, GigaSECURE implements its Metadata Engine, Application Session Filtering, SSL Decryption and Inline Bypass features to strategically deliver relevant network flows to IDS/IPS, Anti-Malware, Data Loss Prevention, Forensics and Email Threat Detection solutions.
The second use-case is designed to provide tenant-level traffic visibility for monitoring. In this use-case, you create a Visibility Policy that enables tenant admins to view and monitor network flows for only their own VMs. These admins can still use shared tools for monitoring, but get access to only their own data.
These are just two of the common use-cases for an NSX + Gigamon solution. Additional use-cases include: Data centers where virtual workload traffic needs to be analyzed alongside physical network traffic using a centralized tool, Enterprises providing hosting services for multiple customers or business units, IT organizations with concerns about threats or malware embedded in SSL traffic within their virtual infrastructure and more.
The result of using Gigamon with NSX is better network visibility using existing monitoring tools that network and security professionals already know and understand. Lately hackers have been exploiting weaknesses in traffic flowing between VM workloads on the same network tier. These so called east-west traffic flows are partly responsible for many of the recent security breaches we hear about on a routine basis these days. This additional capability from Gigamon enables much better network visibility into these east-west traffic flows and offers a way to learn what’s happening on the network and create ways to prevent it using the distributed firewall in NSX. These two capabilities complement each other and that’s why this solution is so compelling.