All Events Future:NET 2019 Tech Talks

Making Your Virtual Infrastructure More Secure with 360 Workload Visibility

Who remembers the days when every application had a tool? Every tool had a single-use, and every problem had you navigating each tool, each team, and each part of the stack while just trying to understand the problem. This was long before you could even begin to start to theorize at what Root-Cause might even look like. I certainly know I remember those days. Add Cloud, Multi-Cloud, or multiple datacenters to the equation and we’re looking at the typical nightmare of trying to collect information and wrap heads around data, albeit data contrived without intelligence. Oh wait, did I forget to mention Security? Yes, please wrap that up into this bubble as well and we may all see our way out as well all the same.

At least, that was the case, as we’ve only been as good as our information, our data, our intelligence, and respectively the tools able to and capable of working with that information. That is why it pleases me so to share some visions of end-to-end visibility with tools like vRealize Network Insight (vRNI). Have you heard of it? It’s excited me so much how this product has grown and matured over the years, just as the visibility and insight into the stack have grown and matured with it.

But fundamentally, what does this mean, and how exactly is this providing us this depth into the application and workload visibility, on-premises or in the Cloud?

Is that even possible?

Why yes, yes it is!

Frankly, as the NSX portfolio has expanded, with the growth of and addition of VeloCloud, VMware Cloud on AWS, Microsoft Azure, and further SD-WAN offerings, this tool has really stepped up its game to continue to incorporate the whole of the portfolio and your datacenters inside and outside of the Cloud! The three major use cases that should be investigated include:

Network Visibility and Analytics, Planning for Application Security and Cloud Migrations, and Optimizing and Troubleshooting Virtual and Physical Networks.

Learn more here: https://www.vmware.com/products/vrealize-network-insight.html

As impressive as these features are, these effectively are table stakes to the success of both your virtual platform as well as your network. It’s worth digging into the use cases documents and informational data sheets that can provide you with a lot of depth and value on this topic. However, this is hardly even the start, let alone some of the most exciting pieces that every data center operator and network operator should be aware of, so I’ll dig into some of these game changing pieces.

The first taps into something which is more of a black box to most administrators, especially those without any direct containers experience, and that is visibility and insight into Kubernetes!

Understanding the complexities within a single container and its connections can be a lot to grasp. Now, having the visibility of network paths between Kubernetes Pods and Services? Between the NSX components that are leveraged by the Kubernetes infrastructure AND be able to get alerted to any issues within the paths and the infrastructure? That’s pretty exciting! That alone should save a lot of time when deploying new applications or scaling existing ones and trying to understand why things may not perform as intended, especially when you’re new to working with the k8s platform.

The next even more exciting pieces may seem odd considering this is VMware, and the vRealize Network line of visibility, but this is the expansion of and extending of support for Public Cloud visibility into Microsoft Azure.

Normally it can be reassuring and comfortable working with familiar tools when troubleshooting an environment, but common toolsets have been uncommon when working cross-cloud, usually having to rely upon the best option available in a particular platform. But this helps put some of that awkwardness to bed by providing a similar and common platform for Application dependency mapping and security planning, not to mention a means of looking at and interpreting Flow data!

This is just scratching the surface of the capabilities that can help increase security, visibility and dig deep into telemetry. For good measure I’ll share a few other pieces which are truly exciting to me, and we’ll even talk SD-WAN and VeloCloud so you don’t feel like you’re missing out on anything.

Anyone who has ever had to figure out why something is happening, what went wrong with an issue, and WHEN it went wrong can agree; collecting, collating, interpreting, and understanding this kind of information can be a real challenge.

But with the ease of getting to the root of round-trip time metrics, and latency telemetry and metrics, this is pretty amazing stuff. You’ll thank me when you find yourself solving a problem that taps on some of this information and not having to be running perfstats by hand, pulling in ‘point in time’ information via esxci, while you pull tcpdumpcaptures and load it into Wireshark while figuring out just what went wrong, hoping you picked the right block of time. Don’t get me wrong, you can do all of those things (I know I certainly have), but that may all be in the past.

But that’s not all! I promised to share some of the cool new integrations with VeloCloud.

Now with vRealize Network Insight, we can gain Application Visibility which digs into Application Health and Dashboards for L7 Application Detection, as well as Sites, Edges, Hubs and Gateways. Finally, some Flow Analysis and Security Planning focused around Quality of Experience, Segmentation Visibility, Application Usage, Top Edges, and Bad Links. Capacity Management can give you a global overview of usage, link thresholds, and you can set up alerts based upon usage.

Last but not least, Full Path Visibility.

Wait, I’ll say it again, sort of like how this all started with 360 Visibility, Full Path Visibility to plot out topologies between edge and the data center, or to the cloud, while also allowing you to visualize all network components and identify potential issues!

This is all but scratching the surface of some of the capabilities within this suite that can be tackled whether on-premises, in the cloud, using a SaaS deployment, even going agent-less or taking a multi-vendor approach.

The level of integration you can get when leveraging underlay or overlay partners, the visibility and depth of that visibility, and the combination of all these pieces when Managing, supporting, operating or troubleshooting the backbone of business operations in the network, gives us a path forward as we’ve never seen before.

Never before have I seen a toolbox so complete and deeply tying into all arteries of the infrastructure, versus the common alternative of having to cobble together a collection of complex and difficult to use tools (most of which are ‘on-demand’ and have no history, no intelligence, and rarely is there any semblance of correlation). We have really reached an apex in Virtual Infrastructure that if not giving us visibility the likes of which we may have never had before, but we might be on the verge of securing our platforms regardless where we choose to land our VMs, containers, or whatever else we may be running.

The future is bright, and for once it’s clear and not blurred by the obfuscation and confusion of the network fog!

About the author

Christopher Kusek

Christopher Kusek is Xiologix’s CTO and manages the engineering organization. Christopher is connected to current and future trends; a strategist who comprehends complex business and technology problems uses his organization and leadership skills to solve them. An industry recognized expert Christopher is an EMC Elect and VMware vExpert, while also an accomplished speaker and author with five books published.

Leave a Comment