Network Monitoring Security — 27 April 2011

Joe Yeager, product manager at Lancope (www.lancope.com), says:

Network performance and security monitoring is not only helpful, it is required in today’s enterprise data centers to provide reliability and performance of today’s complex applications. Data center and IT managers should be focusing on efficient delivery of applications, and network performance and security are two big areas that affect overall application reliability and performance. While most enterprises are monitoring their data center ingress and egress, and possibly some critical areas within, they are not monitoring their entire data center. The primary reason is they believe it is not cost effective, but it leads to costly network blind spots.

Data center and IT managers are always being asked to do more with less. Several benefits stem from doing proper network performance and security monitoring, including simply process improvement. For example, the problem resolution process (whether it be a network performance issue or a security incident) typically involves a bunch of people, across a number of different organizational silos, each using a different tool of their choice. Monitoring across the entire data center using a single monitoring tool and focusing on a more proactive approach, will free up a considerable amount of valuable time.

In today’s world of malware, botnets, APT, internal leaks, Trojans, worms, and application-layer attacks (just to name a few) monitoring the internal network is a requirement. Perimeter-level defenses are no longer enough to keep the bad guys out, and the confidential information in. The era of mobility, whereby everyone takes their laptops out of the organization, and the dawn of IT consumerization, whereby everyone is bringing their own devices in, is not making the problems any easier. Pile on the concept of desktop virtualization, putting your desktop users in the middle of your data center, and you have a recipe for disaster within the data center. The last thing you want is security teams to be blind to parts of the network, especially the data center.

Not too long ago network managers focused on network availability. Then with modern network equipment, enhanced network design techniques, and better processes, network operations were able to achieve five nines reliability. But there were still problems with the performance of the network. So the network teams took a step back and focused on network performance instead. That meant they needed to look at whether the network was moving data efficiently and effectively. This is where many folks are today; but it’s not enough.

Many network teams are then taking another step back and again moving up the stack, focusing instead on application/service delivery. The thought is that the network may be moving data efficiently and effectively, but that does not prove that application performance has not been degraded and the end-user experience is affected.

In terms of priority, application/service delivery should never leave the top of the list. If the data center is not delivering applications, then it ceases to perform its primary duty. Network and security monitoring is a byproduct of making sure that the number one task is being completed.

The biggest challenges for data center and IT managers.

The internals of the data center is the most bandwidth hungry area of the network, so a lot of time and money is spent to keep the data center constantly running as fast as current network technologies allow. This unfortunately means that the monitoring technologies are tasked with keeping up with the ever increasing speed, usually pushing them to the brink. When many companies started considering rolling out 10G, many network and security monitoring tools were simply not able to keep up. Now 10G has much better support, but 40G is now being discussed.

Then there is the problem of money. If the tools are able to keep up, they are the new, fastest ones and are going to put quite a sizable dent in your budget.

It is for this reason that a perimeter-based defense and performance strategy is normally taken, where the monitoring tools are placed at the ingress/egress of the data center and near critical assets. This is definitely where they are needed most, but costly blind spots are created as a result.

Overcoming those challenges.

One of the primary ways to overcome these challenges is to use a technology like NetFlow (or derivative) to achieve visibility throughout the data center. Since NetFlow is bandwidth agnostic – independent of the speed of the network – and utilizes your existing network infrastructure, it is one of the best cost-effective options available.

The performance issues with enabling NetFlow have been solved, and since most existing network devices support it, no costly high-bandwidth probes or packet recorders are required. As a result of these benefits, more and more devices such as firewalls and application accelerators are supporting flow, and while doing so adding highly enriched information such as Layer 7 application and performance metrics.

There are a few other solutions out there to monitor within enterprise data centers. Some involve probes or packet recorders, which are not cost-effective to monitor the entire data center, while others are SNMP-based, which are primarily focused on uptime and don’t give you the level of detail you need to really troubleshoot problems or investigate security incidents. Cisco’s IP-SLA is another option for the performance teams, but critics argue that it adds traffic to the network and is not as accurate as monitoring real traffic.

Regarding flow monitoring solutions, I would encourage you to make sure to do a thorough analysis of the vendors that claim support. NetFlow is simply the gasoline, and there are a lot of different types of cars out there.

Network performance and security monitoring are not new concepts, but achieving network monitoring across the entire network, especially in the data center, should be the goal of any organization. Only then can true efficiencies be gained by having no network blind spots.
Article first published as How Network Performance and Security Monitoring are Useful in Today’s Data Center on Technorati.

Share

About Author

(0) Readers Comments

Comments are closed.

Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin