Alastair Hartrup is CEO of Network Critical.
The prominence of traditional data centers is rapidly fading in favor of cloud and hybrid cloud environments. In fact, one Gartner study claims that 90 percent of organizations will be investing in hybrid cloud environments by 2020. Today, hybrid cloud environments offer a “best of both worlds” alternative to centralized, stand-alone data centers. For example, computing applications and storage for non-critical information can be performed and managed offsite in a less expensive public or private cloud environment. And companies’ critical operations and confidential information can be managed closer to home in a locally controlled, secure data center.
But make no mistake, these hybrid environments do not eliminate data centers from the IT equation. On the contrary, data centers still play a vital role in prioritizing and distributing operations between directly controlled and outsourced environments. However, as organizations develop data center transition plans that incorporate more cloud environments, it’s important that they carefully consider how to handle traffic monitoring, performance and security management operations. Why? Just as with traditional data center approaches, there are unique traffic visibility and security issues with a multi-site, multi-vendor computing environment. If not designed properly, an organization could waste time, resource and money on excess links, tools and more. Proactively understanding and addressing these issues early in the planning process can eliminate those potential liabilities. Let’s explore how.
The Role of TAPs and Packet Brokers
It’s important to understand that network TAPs and packet brokers play a critical role for visibility enablement. The data center is often the central networking hub for an organization, even if it’s incorporating a variety of cloud services. Without TAPs, it would be nearly impossible to efficiently access the network traffic required for performance or security monitoring. As a refresher, TAPs are traditionally connected to links or switches, and produce a mirror copy of all traffic across the network. That information is then sent to monitoring and/or security tools. Why connect these tools to links through TAPs instead of using Switched Port Analyzer (SPAN) ports (a common method)?
Flexibility and reliability! TAPs offer fail-safe technology that allows live data to continue to flow even if power is lost to the tool. In addition, with multiple ports, TAPs allow the connection of several specialized tools to a single link simultaneously. What’s more, TAPs do not alter packets and do not add delay to the network. They can convert optical traffic for output to copper tools, they don’t increase switch traffic or drop packets (as is common in SPAN environments), and they pass 100% of traffic to the monitoring tools, ensuring accurate traffic measurements.
What’s the difference between a TAP and network packet brokers? Packet brokers generally provide more ports and advanced management features than a TAP. However, they do not offer critical network fail-safe operation features. Therefore, most organizations are better off deploying a TAP on the link, and passing the traffic to a packet broker with advanced tool management capabilities (for example to load balance). Some vendors offer hybrid TAP/packet broker solutions that may simplify deployment and save rack space. Understanding your network architecture and monitoring/security strategy is important when deciding whether to deploy TAPs or packet brokers in the data center or other cloud egress points.
Planning for Visibility Saves
In a cloud or hybrid data center environment, more computing and storage is accessed via the Internet compared to an office with a local data center in the same building. This creates visibility challenges for IT. How do you capture and measure performance from these cloud solutions? And can we use TAPs and packet brokers to monitor and capture data from third-party, public or private clouds? You bet. Today, organizations are connecting monitoring and security devices on links to capture traffic, gain visibility and protect information stored on off-prem resources.
In addition, these broader access requirements (employees working from a remote site, partners accessing a portal from a coffee shop, etc.) expand the threat landscape significantly, so more specialized security appliances are often used to manage this expanded vulnerability. On the security front alone, this often includes a firewall or tools for intrusion protection, datalLoss prevention, unified threat management, security information and event management, end point detection and response, and many more.
Assessing the risk profile of new environments and planning for the right tools is an essential step in making the move to a hybrid environment. What’s often overlooked by many organizations, however, is the need for a plan to efficiently and economically connect monitoring and security appliances to links – both in the data center and toward these off-prem cloud environments. This is called a visibility plan. TAPs and packet brokers, when included early on in the planning process, can provide many valuable benefits, including the simplified deployment and management of key monitoring and security tools.
For example, it may not be necessary to have every security tool directly connected to every link. Many links are often underutilized. Understanding the traffic utilization and aggregating multiple links through an intelligent TAP, may allow one 10 Gbps monitoring tool to capture and report on traffic from 10 Gbps links that are each only passing 1 Gbps of traffic. For example, this might be done to avoid purchasing and underutilizing expensive monitoring tools on every link. Filtering is another efficiency capability TAPs or packet brokers can offer, eliminating traffic that is not required by a specific tool to further increase its processing speed and throughput.
Furthermore, security tools often need to be deployed in-line on a link in order to block malicious traffic in real time before any damage is done to the network. Each security tool that is connected directly to a link will affect the overall reliability of that link. If a directly-connected tool goes offline, the network link will go down. More tools on a given link increases link downtime calculations and requires that more redundant paths be developed to maintain availability and prevent bottlenecks. Certain types of network TAPs include bypass technology to increase overall availability by allowing network links to remain active even when the connected tool goes offline. For large networks, efficient utilization of bypass TAPs can increase overall link availability, and reduce the quantity of links required for a given service level.
As you can see, properly deploying TAPs and packet brokers across the network can be key to gaining visibility into hybrid data center environments. This is critical when looking to ensure performance and security. It’s critical that network engineers and designers plan to deploy these tools very early in the data center transition process. Developing a comprehensive visibility plan with your network transition plan can help reduce the number of links built, reduce the number of monitoring and security tools actually deployed and increase the overall availability of your network resources.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating.