In a recent blog post from Plixer CEO Michael Patterson on Dell’s (News - Alert) blog site DellSolves, Patterson explores the idea of gaining situational awareness in a rapidly expanding virtualized world. Forrester Research data indicates that this year, 74 percent of x86 server OS instances will be operating as virtual servers.
In order to reduce overall network security risk in a virtualized environment, users must identify and understand network traffic within, to and from the virtual environment. VMware has done a good job in improving awareness by supporting NetFlow and IPFIX data, wrote Patterson.
As per the blog post, every VMware ESX server supports a key technology that is instrumental in gaining situational awareness in a virtualized world. Thus, the VMware ESX server includes native support to export NetFlow or IPFIX data. By enabling the flow exporter on each ESX server and directing it to a suitable flow collector, a network administrator can conduct constant surveillance of all connections to and from each server, explains Patterson.
A good flow collector includes traffic flow analytics tools that allows an administrator to determine average connection volumes and ascertain consistent protocol and application behaviors, as well as set up monitors tailored for unique security needs. In short, states Patterson, a good traffic analytics tool will help you identify such suspicious network traffic activity to and from your virtual servers.
Furthermore, the blog post suggests that traffic flow analytics tools can also support company initiatives to comply with industry or government mandates. Luckily, Flow (NetFlow and IPFIX) collection and reporting allows companies to provide demonstrable evidence of IT compliance with internal governance policies, external regulations, and industry best practices like HIPAA, FIPS, NERC (News - Alert), SCADA, SOX, COBIT, PCI and NPPI. That is because each flow is a transaction which can be archived off indefinitely, wrote Patterson.
Specifically, according to Patterson, when it comes to traffic monitoring and reducing network risk in virtual environments, flow collection and reporting allows administrators to quickly confirm the source of the problem by narrowing down the issue to a specific client, server or network. If rules are violated, an alarm is raised and full audits can be run to report on all end systems involved. When it comes to audits, if ample disk space is provided, a good NetFlow and IPFIX solution can save all raw flows from virtual servers for decades.
In fact, the latest version of vSphere (v5.1) supports IPFIX which is the proposed standard for NetFlow prior to v5.1.
Plixer’s website shows that Scrutinizer is at the foundation of the company’s flow and security log analysis and reporting architecture. It is available as a physical or virtual appliance or as a Windows download. In reality, Scrutinizer performs the collection and reporting of NetFlow, IPFIX, sFlow and related flow technologies.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Jamie Epstein