Managing Security TCO for publication in NSX EnvironmentsHypervisor/vSwitch. Visibility Plug-in....
Transcript of Managing Security TCO for publication in NSX EnvironmentsHypervisor/vSwitch. Visibility Plug-in....
#vmworld
Managing Security TCO in NSX Environments
with NETSCOUT VisibilityDr. Vikram Saksena, NetScout Systems, Inc.
SAI3837BUS
#SAI3837BUSVMworld 2018 Content: Not for publication or distribution
Established Presence in Service Providers
©2018 NETSCOUT SYSTEMS, INC.
180+ Service Providers in 46 Countries
Wireless, Wireline and MSO
Physical and Virtual Environments
Market Leader in Service Assurance
VMworld 2018 Content: Not for publication or distribution
Our Market Focus
©2018 NETSCOUT SYSTEMS, INC.
Real-time, Agile, Scalable,Easy to Deploy, Use and Manage
Actionable Intelligence
Most InsightfulHigh Integrity & ValueDifferentiated
Security Assurance Business AssuranceService Assurance
ASI SensorNetwork
Atlas SensorNetwork
• Network Assurance• Application Assurance• Infrastructure Assurance
• DDoS• Advanced Threats
• Customer Experience• Self Service Analytics• Data Export
VMworld 2018 Content: Not for publication or distribution
Long History of Industry Leadership
©2018 NETSCOUT SYSTEMS, INC.
Digital Transformation
IP Convergence
Networking
Protocols 1985 - Protocol Assurance
1995 - Network Assurance
2005 - Service Assurance
2015 - Business Assurance
VMworld 2018 Content: Not for publication or distribution
Digital Transformation Initiatives in Service Providers
• Programmable Networks– From closed hardware centric networks to open software driven networks
• Edge Computing– Control and delivery of low latency services from the network edge
• Life Cycle Automation– Customer fulfillment, predictive disruption free network operation
• Service Agility– Personalized services that can be created and changed on demand
Operators are adopting a “Data Driven” operating model to drive this transformation
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
The “Smart Data” Paradigm Network Data Refined for Actionable Intelligence
Sources of Network Data Smart Data
• Device Statistics (Traffic Counters, CPU/Memory Usage)
• Machine Logs• Flow Data (e.g., Netflow)• Sessions Records (e.g., XDRs)• Network Traffic
• Contextual• Timely• Relevant• Structured• Compact
Benefits
• 10-100x data reduction avoids data lake “flooding”
• Savings in upstream bandwidth, storage, and server resources
• Actionable for real-time decisions
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
nGenius Adaptive Service Intelligence (ASI)Transforms Network Traffic into Smart Data
©2018 NETSCOUT SYSTEMS, INC.
Real-time Metadata, Key Performance Indicators, Session Records, Packet Capture
Flexible Software Centric Design, Multiple Deployment Modes, Scalable Architecture
Optimized Data Collection, Analysis & Storage, Compact Footprint
Smart
GreenVMworld 2018 Content: Not for publication or distribution
Delivering Value to Multiple Stakeholders
©2018 NETSCOUT SYSTEMS, INC.
SMARTDATA
SOLUTIONSCustomer
Care
NetworkOperations
EndCustomers
SecurityOperations
NetworkPlanning
ProductTeams
• Reduce Churn, Improve NPS• Zero touch Automation• Just-in-time Resource
Management• Advanced Threat
Management• Personalized Services• End Customer VisibilityVMworld 2018 Content: Not for publication or distribution
COPYRIGHT © 2018 NETSCOUT, SYSTEMS, INC. ° CONFIDENTIAL & PROPRIETARY 9
Technology and Products
VMworld 2018 Content: Not for publication or distribution
©2018 NETSCOUT SYSTEMS, INC.
Visibility and Assurance Challenges
Service Layer Visibility
What’s needed?
Flexible deployment options across both
hypervisor and container environments
Active and passive monitoring without
overly burdening the underlying infrastructure
Integrating Service& Infrastructure
Performance
What’s needed?
A solution that integrates and
correlates service layer metrics and
infrastructure metrics
Complete view of service performance and
isolation of infrastructure bottlenecks
Visibility in Public Clouds
What’s needed?
A visibility agent that can be deployed and moved with the application as it migrates across multiple
cloud environments
Continuous monitoring of application performance across public and private
clouds
Service Assurance Automation
What’s needed?
Real-time metadata exported via streaming
APIs to enable integration with NFV orchestrators for
closed-loop automation
Critical for delivering a high quality user
experience in a dynamic and agile NFV deployment
VMworld 2018 Content: Not for publication or distribution
Smart Data Product Family
©2018 NETSCOUT SYSTEMS, INC.
• Appliance or Software• Real-time Network and Application Monitoring• Voice, Internet, Video, Business Apps• User and Control Plane Monitoring• KPIs, XDRs, Packets
• Lightweight Instrumentation• VMware, OpenStack, Docker • Standards based Orchestration• NFV and Cloud Deployment
Virtual Infinistream
Infinistream
nGeniusAssurance &AnalyticsApplicationsSuite
Flexible deployment options for pervasive instrumentation from the edge to the core
VMworld 2018 Content: Not for publication or distribution
Virtual Infinistream Deployment Options
©2018 NETSCOUT SYSTEMS, INC.
Hardware + OS
Appl…Appl
Guest OS Guest OS
Appl
Visib
ility
Agen
t …Guest OS
ApplVisibility
Container
Hardware + OS
Bins/Libs
Container Engine
Bins/Libs Bins/Libs
…
Hypervisor
Public Cloud Infrastructure
Public Cloud
Guest OS
Hypervisor/vSwitch
Visibility Plug-in
Visib
ility
Agen
t
Appl Appl
Container
• Plug-ins allow for a highly efficient in-memory packet capture
• Vmware and OpenStack• Minimal impact on
Hypervisor/vSwitch performance
• Lightweight instrumentation in a resource constrained environment
• Docker and Kubernetes• Optimized for Edge Compute
deployments
• Lightweight application monitoring• Visibility agent moves with the
application• Independent of public cloud
infrastructures (AWS, Azure, etc)
VMworld 2018 Content: Not for publication or distribution
nGenius Applications Suite
©2018 NETSCOUT SYSTEMS, INC.
Active ProbingInfrastructure Performance
nGeniusPULSE
Network and ServiceAssurance
nGeniusONE
Session TraceSubscriber Troubleshooting
nGenius Session Analyzer
Customer ExperienceSelf Service Analytics
Data Export
nGenius Business Analytics
Rich network, subscriber and application layer analytics that support a broad set of digital transformation initiativesVMworld 2018 Content: Not for publication or distribution
nGeniusONEService Monitoring and Assurance
©2018 NETSCOUT SYSTEMS, INC.
Service DashboardGain visibility into critical service issues
Performance AnalysisVerify and correlate service performance
Session AnalysisGranular user session tracing and analysis
Packet AnalysisDeep-dive investigation of service issues
Services
KPIs
Sessions
PacketsVMworld 2018 Content: Not for publication or distribution
Service and Infrastructure Assurance
©2018 NETSCOUT SYSTEMS, INC.
Network Analytics
Application Analytics
IP IntelligencenGeniusONE
Server Health
NetworkElementHealth
Syslog
Infrastructure Intelligence
Active -Service
Test
nGeniusPULSE
VMworld 2018 Content: Not for publication or distribution
COPYRIGHT © 2018 NETSCOUT, SYSTEMS, INC. ° CONFIDENTIAL & PROPRIETARY 16
Use Cases: 5G and SD WAN
VMworld 2018 Content: Not for publication or distribution
5G: Unleashing a New Generation of Services
• Fixed broadband– Regain subscriber growth in the residential broadband market– Use of mmWave spectrum to deliver bandwidth comparable to cable
• Mobile broadband– Significantly higher data rates for a new generation of consumer devices
• Ultra-low latency services– Deployment of edge compute nodes to support low latency services such as AR/VR,
autonomous vehicles, and patient monitoring
• Massively scalable IoT– Low cost, long battery life support for a wide range of consumer and industrial IoT devices
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
Our Value Proposition for 5G
• RAN Optimization– Performance calibration in mmWave bands for maximizing spectrum utilization
• Support for Network Slicing and CUPS architecture• Extending Visibility to the Edge Compute Nodes
– Container-based, lightweight instrumentation at the edge combined with richer instrumentation in the core
• Assuring user experience for a new generation of services– AR/VR, 4K video, Industrial IoT, autonomous vehicles
– Enable service providers to grow and retain subscribers
• Support for industry standard automation platforms (OSM, ONAP) to enable service agility and lower opex
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
Control and User Plane Separation (CUPS)
• CUPS architecture allows user plane to be moved closer to the edge for content caching and low latency services
• Allows user and control plane to scale independently
• Creates new assurance challenges
©2018 NETSCOUT SYSTEMS, INC.
SxS/PGW
(Control & User Plane)
S/PGW-C(Control Plane)
S/PGW-US/PGW-U
S/PGW-US/PGW-U(User Plane)
Core
EdgeVMworld 2018 Content: Not for publication or distribution
Mobile Edge Computing
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
Smart Visibility in a Distributed CUPS Network
• User plane traffic is monitored at the MEC server
• Control plane traffic is monitored in the Core network
• Smart visibility allows the metadata to be properly correlated
©2018 NETSCOUT SYSTEMS, INC.
Container-basedEdge Stack(User Plane)
Physical orVirtual Core
(Control Plane)
nGenius
VMworld 2018 Content: Not for publication or distribution
Enabling Automation in 5G Networks
©2018 NETSCOUT SYSTEMS, INC.
Portal
ONAPVMworld 2018 Content: Not for publication or distribution
SD-WAN: Reigniting Growth in Business Services
• Leveraging broadband access– Remote offices, bandwidth expansion, access diversity, out-of-region coverage
• Distributed, secure access to the Cloud– Direct access from all enterprise locations rather than just from the HQ
• Dynamic, software controlled connectivity– Access agnostic, performance-optimized, secure, policy-driven
• Simplifying the Branch Office– Moving from a clutter of appliances (Router, FW, SBC, WANX) to a virtualized uCPE with
services hosted as VNFs
• Going beyond connectivity with hosted, value-added services
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
Our Value Proposition for SD-WAN
• Application layer visibility– Visibility into popular business applications (Unified
Communications, Oracle/SAP, Sharepoint, Office365, Salesforce, etc)
• User experience monitoring– Individual session analysis and packet decodes
• Visibility into applications hosted in Public Cloud (AWS, Azure)
• Rapid problem isolation to reduce truck rolls• Advanced threat analytics• Visibility and custom reporting for the end customer
©2018 NETSCOUT SYSTEMS, INC.
VMworld 2018 Content: Not for publication or distribution
Monitoring Multi-Cloud Applications
©2018 NETSCOUT SYSTEMS, INC.
Availability Zone
ServiceInstances
Availability Zone
ServiceInstances
Availability Zone
ServiceInstances
Availability Zone
ServiceInstances
PUBLIC CLOUD
Lightweight agent runs within service instances that require monitoring
Forward packets when deep-dive analysis is required
Monitor uCPE traffic
nGeniusONE manages local, uCPE, private cloud and public cloud instrumentation
ServiceInstances
ServiceInstances
PRIVATE CLOUD
Monitor physical network
DATA CENTER
Monitor services in the private cloud
Business Locations
uCPE
SDWAN/MPLS
vSBCvSBC
uCPE
uCPERemoteBranch
INTERNET
VMworld 2018 Content: Not for publication or distribution
Assurance of SD WAN Services
MPLSBroadband
Operator Cloud(Hosted Services, SDWAN Controller)
uCPEHypervisor
SDWAN VNF
Branch 1
uCPEHypervisor
SDWAN VNF
SDWAN Gateway
Branch 2
uCPEHypervisor
SDWAN VNF
Branch n
©2018 NETSCOUT SYSTEMS, INC.
nGenius
VMworld 2018 Content: Not for publication or distribution
Trusted partner to help you succeed!
©2018 NETSCOUT SYSTEMS, INC.
• Service Providers are evolving to embrace NFV, SDN, and Cloud technologies to drive their digital transformation
• Our Smart Data solutions are uniquely positioned to deliver value in these new initiatives
• Our Infinistream family of instrumentation products support• Flexible deployment options from uCPE to the core network and the Cloud• Popular infrastructure platforms such as OpenStack, VMware, and Containers• Standards based orchestration
• Our nGenius family of applications provide• Application layer visibility• SLA and user experience monitoring• Visibility and custom reporting for the end customer
• We are here to partner with you to deliver value to your end customers
VMworld 2018 Content: Not for publication or distribution
PLEASE FILL OUTYOUR SURVEY.Take a survey and enter a drawingfor a VMware company store gift card.
#vmworld #SAI3837BUSVMworld 2018 Content: Not for publication or distribution
THANK YOU!
#vmworld #SAI3837BUSVMworld 2018 Content: Not for publication or distribution