 Yeah, good. Hello. Welcome to Ixia cloud lens and presentation. I am Christophe Olivier. I'm the product manager for the cloud lens virtual visibility solution. It's an Ixia virtual visibility product Let's roll everyone to the end. You can you hear me well? Yeah, okay So real quick. We only have 20 minutes the agenda for bullets. What is What are the challenges of monitoring virtual networks? I'm going to explain to you. What is our cloud lens virtual visibility solution a little deeper dive in what we can do in open-stack environments and Because this is called marketplace and demo. I have also a demo for you at the end So real quick, what is Ixia? Ixia has been around for about 20 years Initially specialized in test business. It grew by acquisitions. It's now also doing visibility It's been doing visibility for a while and after acquiring several companies We got acquired about and that became official two weeks ago We are now part of key site. So that number over there 500 millions just grew about 10 folds in for the last two weeks So now what are the challenges of monitoring virtual environments if you are old enough and When I look around here, it seems that I can say that you are familiar with what's on the left over there Monitoring your network was kind of not easy, but easier you had the data center and A firewall or firewalls and then you would go to the internet. That was a well-defined perimeter now with You still have the same perimeter, but it grew and now we have Internet of things we have public clouds. We have private clouds. We have Virtualization so that made things much more complicated. It is now much more challenges challenging to monitor your environment And when you look at the numbers That may not make you feel much better if you look at that first bullet by 2018 according to some analysts 25% of the the traffic would go directly from the mobile device to the to the cloud without Going through your security devices won't security defenses. It is kind of a scary number and When you have monsters like AWS who recognize that security is really the highest priority in That environment it really says something So the last bullet here by 2018 about 60% of the enterprises If the implement appropriate cloud visibility and control tools will experience one third fewer Security failures, so it's very important to do something So what do we do and before what do we do? What is the real challenge in the virtual environment? I'm I don't know if all of you are familiar with the term east-west traffic This is what we have here East-west traffic is the traffic that goes between workloads. So here in that diagram I have a web application that talks to a database or an application server that talks to a database and If you have in place Physical appliances that monitor security and this is where Ixia and other Competitors are good at it's to do what we have here with that red question mark We know how to do that one when the data hits a wire. It's a fiber We know how to capture it. We put a tap we send those packets to a packet broker You see it is one non and from there we send it to the tools on the right here, okay, and We know that to do that, but in a virtual environment, how do you do that? You don't see that traffic that traffic never hits that wire most of the traffic about 80% of the traffic goes directly From one workload to the other from one virtual machine to another Without eating the wire and how do you get to it? That's the big challenge and when you get that traffic the volume of traffic may be another big challenge So the answer to that is what we call our virtual visibility fabric and what does it do first? It leverages whatever you have as your environments monitor So it can be a private cloud It can be a public cloud your software defined data center a branch office that solution will apply to it second It will capture and send packets and flows of interest to the tools We are not a tool we are feeding the tools who are getting the packets to the tools so that those tools can do the packet inspection or do whatever you need to do with those packets and That third bullet is very important that solution applies to both virtual and physical environment and by that I mean Your customer you already have physical appliances packet brokers Physical tools or probes you want to leverage them? We don't care you can get that traffic at the virtual level and send it to your existing Physical appliances that's fine if you want to go full virtual because some customers Don't want to hear about physical anymore or don't have those physical equipment you can do that too So we are kind of too agnostic we get the packets and forward and send those packets the internals to those tools and We can also limit the amount of data because that's another challenge It's the amount of data that represents that virtual VM to VM traffic that east-west traffic So we can filter as close to the source as possible so that you don't have to send huge traffic to those tools and The solution is called cloud lens and cloud lens is an umbrella solution that covers from the private cloud to the public cloud and with a hybrid cloud in between and Because those environments are so different You don't have the same level of permissions in a public cloud that you have in the private cloud so when To him when you implement that solution in the public cloud you need to implement it in a different way or with different options That's why I know we are the open stack summit But we have different options if you want to monitor your AWS or your Azure environment Or if you want to monitor your private data center and that public cloud solution When you deploy such a solution you really have to keep in mind that you are dealing with a very Flexible environment with scalable environment and that solution has really been developed for that So capture all relevant data full packets if you want or just pick what you need by filtering from level 2 to level 2 for filtering and To go a little deeper in that solution We have it has kind of three families of features the net stack the packet stack and the app stack on the next step Stack side we that's where we do the virtual tapping We can do some filtering level 2 to level 4 filtering at the at the source very close in the compute node in the host In the hypervisor we can do And then we do aggregation and we can send those packets via a gerry terminal via VLAN to a packet processing feature So that packet processing can be physical or can be virtual here. We don't really care It's just that the feature had the high level, but we offer both options So the packet stack is where we do the packet processing. We do deduplication header stripping packet trimming Protocol trimming as well as jerry tunneling and load balancing the app stack Component is where I think it's very exciting. It's the last one that we are announcing just as we speak is Where we apply application? intelligence and I think it's very important because I have said that a few times already in a virtual environment the volume of data It is so important so huge that sometimes it may make your solution kind of a not Relevant but not realistic because it is it is so huge that your tools cannot absorb it your network cannot absorb it So you may want if you can because depending on your on your vertical You may not be able to do that But if you have the choice you may not want to send full packets all the time You may want to focus on net flow for example or and then send that metadata to your tools and When the tool needs more it can request more to the cloud and solution and then we can send a packet capture to help with the troubleshooting So I think that that that bright app stack here is very important. I will show you in the in the demo in a minute So here just another view of the solution where we have the three I would say pillars of that solution the data access from Everywhere the intelligence packet processing as well as the adaptive and Intelligent monitoring so data access from everywhere you can get your data from physical taps from virtual taps in multiple hypervisor environments from KVM OpenStack VMware Hyper-V Then you get those packets and you need to send your packets somewhere And you send your packets to a packet processing feature physical or virtual and you do whatever you do with your package deduplication packet trimming headers tripping and after that you pass it to the third layer with that adaptive adaptive and intelligence monitoring where The application can request more if needed and all of that manage from that Cloud Lens management interface have to hurry So now a little deeper into what we do in OpenStack Here I'm focusing on the virtual tapping a piece of it And we have two way to capture that virtual traffic in OpenStack either at the open v-switch level So with KVM OBS or by leveraging tap as a service or TAS the both have some Advantages or features and the first one is that you capture trap packets or you monitor at the infrastructure level And you don't have any tenant footprint. It integrates with Nova services It is but it is dependent on the on the OBS on the open v-switch and requires some access from from the administrator but it is well suited as I said for infrastructure monitoring and It has less virtual infrastructure overhead on the other side the tap as a service solution is Usually well liked by service providers or by customers because you introduce multi tenancy support which means that the virtual tap can be installed per tenant and Tenant a can monitor without tenant be watching what's happening and then you have that security separation That's done by installing service machines at their tenant level In each tenant level they are deployed using heat template and monitored from that cloud lines manager interface And that's what I'm going to show you in in that demo. So service VM implementation and kind of Really well will well like by by service providers for that multi tenancy feature this way Okay So the benefits of the solution Multi tenant support as I mentioned though. It's it's aware of open stack object It integrates with the open stack solution Nova Keystone salometer the solution is Integrated with both physical or virtual environment as I said you can sign your packets to a physical Packet broker or physical tool or you can stay in your virtual environment and and do everything in virtual It uses the best network capabilities available It is flexible. It is rest API's are available So if you want to go the others the other mile and do integration you can leverage those API's and It integrates well with open stack even data metadata So now I'm going to switch to a demo so I haven't I was not brave enough to do a demo live So I have a recorded demo of this environment. So first thing real quick is here. It's my So what we're doing here We have an open second environment which has a controller node and a compute node And what we are doing is that we are monitoring that traffic between those two VMs and we generate traffic I will show you with one of XR tools that simulates some enterprise mixed traffic and we tap it using tap as a service which is a service VM installed in In that compute node and which leverages the tap as a service framework and from there We send that traffic via gerry tunnel to our cloud lance app stack component So here I wanted to show you that yes We are using open stack and how it looks in the open stack environment So here, that's the footprint of that service VM The virtual tap and at the bottom. It's the cloud lance manager, which is also running in open stack Now we log into the management interface from where you're going to Configure your virtual taps your filters if you want to and here So in a typical deployment if you do it in VMware, you will do that from the GUI Here because we used the heat template. This has already been Populated before we're from from the heat template. I just and here I'm showing you that you can select between tenant or host to Configure and monitor what you want to do. So in this case The host option the OBS option was not installed, but I'm using the tenant option Now the next step what you do is to configure the forwarding policy So what do you do when you capture your traffic? Where do you send it? Here? I'm defining the the the jerry tunnel the destination of where I want to send those packets just very simple Enter the IP address select jerry and then save that now we have that jerry policy That forwarding policy defined the next step is to define the capture Capture policy. So what you want to capture full packets filter So I have several options here, but in the end I will just capture all packets Select my forwarding port that I defined earlier and then apply And the next step is to select. What do you want to monitor? Which virtual machines workloads you want to monitor? Just click here and you select what you need to monitor here Don't see and click yes, and as soon as you click yes The system is monitoring your your live environment and traffic Packets will be captured. So to show you that even if it's recorded. We had tasks running I switched to the task mode in terminal. I don't know if you can read But run a few comments to show you that tasks is working and the flows are also listed here So the good thing of the cloud lens manager is that it hides all of that Of course you could do it yourself But if you want to do a filtering and all of that you have to do it from the command line So here I'm showing you how I'm generating traffic. It's it's part of the demo It's not part of the cloud and solution I'm just using I exterior one of our test tools to generate an enterprise mix that I can tweak and here What I'm doing is that just getting the packets is not really fun by itself And instead of using wire shark or something that goes deep inside I wanted to show you that third component that up stack that I talked about Where we can visualize what's happening in those packets. What's in those packets? It's a it's a deep packet inspection feature which is offering Netflow generation application filtering Geolocation and here at the glance the administrator as a as an overview of what's happening on the network Where the traffic is coming from? What kind of applications are talking on this on this on this network? Which are the most talkers application most talkers which operating system are? Running there Which browsers and you can create filters and I would create a filter real quick and you can of course Configure and say I want to see the last five minutes the last hour the last day and you can expand And see what's happening. So here I'm just showing the geolocation because of course it's cool It moves and and here can see that at a glance you think oh, I have traffic coming from China and that It's not supposed to happen that maybe it's worth digging. So here. I'm just moving my cursor. It's kind of a Showing you where the traffic is coming from Of course I had to put some thing from France because as you heard my accent is not from Texas So friends has to be there. So then next the I would say the goal the target of that abstract is not just to show That dashboard the dashboard is nice. It's cool. But as I said, we are not a tool. We are Providing data. We are feeding data to the tools. So it's good You can show you can use that dashboard But what I'm showing you here, but just briefly not I'm not demonstrating all demonstrating all features Is that you can create filters can create filters and see oh I want to see what's coming from China and I want to see which who? From China the Facebook traffic. That's what I'm doing here Facebook and YouTube traffic from China And then you can apply actions to that you can do regex filtering you can do application forwarding So send that traffic to a specific tool So you can do all of that. I would say it's it's the most important part of that app stack It's the dashboard is the nice looking thing But the engine behind it the network processing is really Processing those requests and here the next thing is I'm enabling net flow. So if you have a net flow collector just go there Enter the destination point of your net flow collector and then boom You would get your traffic in plexus scrutinizer in an end top. So Lots of things can be done by that abstract That's not that was not the whole point of the demo But I thought it was nice to show it here and you see it did not crash That's a pretty good Okay, that's all for now if you have we have a few more questions Seconds for questions if you if you have some Come here. I cannot take on you Yes So the question is the VM which is more monitored here is it in the same compute node So, yeah, so we have one service machine to monitor per Availability zone here in this case. I had just one availability zone. It's my compute node, but it depends on your setup Yeah But but you may need to run more than one service machine depending on how many Availability zones you have it depends if you want to send full packets If you send full packets, you are going to double your traffic If you want that's why it's important if you can to send that flow or to filter But L2 to L4 say I only want traffic from IP this and IP that so that you lower that amount of traffic If you send everything you send everything so you increase that traffic SROV Future plans SROV becoming kind of a not really virtual anymore. So it's right now We don't support SROV, but we are thinking about Okay. Thank you