Data Sheet Gigamon Visibility Platform for Overview The rapid evolution of Infrastructure-as-a-Service (IaaS), or public clouds, brings instant advantages of economies of scale, elasticity, and agility to organizations seeking to modernize their IT infrastructures. Migrating workloads into the public cloud, however, introduces a new set of responsibilities and challenges for the teams that manage this move. How does an enterprise manage, secure and understand all of its data now traversing the public cloud? The obvious challenges include the inability to access all traffic and data in support of forensics, customer experience management, advanced threat detection, and monitoring tools, but also includes the lack of visibility into East-West (i.e. web-tier-to-app tier or app tier-to-database) traffic needed for compliancy, lateral threat mitigation, and more. Current security tools that operate in public clouds are lacking complete access to this data of interest. In an on-premise deployment, there are options to get access to traffic from the infrastructure for real-time analysis via TAPs (physical or virtual), SPAN sessions although TAPs are usually the favored method to gain reliable, non-intrusive access to mission-critical data in motion or a network visibility solution. When deploying applications and workloads in the public cloud, none of these options are available. Agent-based monitoring is an option for monitoring in public clouds, but it could lead to a very complex architecture, especially if multiple tools need access to the same traffic for inspection and analysis, as depicted below. Region Region Tool Public Cloud Visibility Visibility RDS RDS Tool AZ AZ IaaS Visibility Challenges Inability to access all traffic Discreet vendor monitoring agents per instance Impacts workload and performance Increases complexity Static visibility with heavy disruption Visibility Solution with Gigamon Consistent way to access network traffic Distribute traffic to multiple tools Customize traffic to specific tools Elastic visibility as workloads scale out Elastic Load Balancing () Subnet Instances Tool Amazon Relational Database Service (RDS) Availability Zone (AZ) Traffic distribution Management and control 1
The Solution Gigamon Visibility Platform for Amazon Services () An efficient and optimal solution to overcome these challenges is to use the Gigamon Visibility Platform for, the industry s first pervasive visibility platform that provides consistent visibility into data in motion across the entire enterprise: on-premise, remote sites, public, private and hybrid clouds. Use Cases Gigamon s Visibility Platform extends its capabilities to the following real-world, flexible cloud deployment models: 1. Hybrid clouds for large enterprises providing on-premise visibility, while preserving tool investment. 2. Scale-out public cloud model with multiple Virtual Public Clouds (s) for applications, business units, or tenants. 3. Enterprises with an all-in approach and have migrated and deployed all their applications to the cloud. Region A lications SecOps Business Units Visibility Tool Visibility Visibility Amazon EC2 APIs Amazon CloudWatch On-premise Data Center Visibility Platform Security, Performance Management, and Analytics Tools Subnet Instances peering Tool Data center Traffic distribution Management and control 2
Features and Benefits Features Traffic Access (G-vTAP Agent) Traffic Aggregation and Intelligence (GigaVUE V Series) Orchestration () Elastic and Automated Visibility (Automatic Target Selection) Benefits A user space agent deployed in the elastic compute cloud (EC2) instance to mirror selected traffic and deliver to GigaVUE V Series visibility nodes Single agent that can replace multiple vendor agents to consistently access and forward traffic Visibility node [available as an Amazon Machine Image (AMI)] that aggregates traffic from multiple agents lies intelligence and optimization to the aggregated traffic Flow Mapping Select and filter traffic Slicing Reduce packet size at a specified offset to conserve network backhaul Sampling Conserve network backhaul by selecting packet rates, for ex. 1 in 10 or 1 in 100 Masking Can provide compliancy and privacy of the traffic by masking specific offsets Distributes optimized traffic to cloud-based tools or backhaul to on-premise Gigamon Visibility Platform using standard IP GRE Tunnels Centralized management application can be deployed either on-premise or in the cloud Defines traffic policies using simple drag-n-drop UI Integrates with APIs for EC2 inventory and network topology Monitors CloudWatch events to identify EC2 instances spin-up Elastically scales-out GigaVUE V Series nodes based on traffic access points Automatically selects new EC2 instances as part of traffic policies Allows for continuous and automated visibility, while identifying any lateral propagation of threats In support of flexible deployment models, the Gigamon Visibility Platform for provides pervasive visibility into data in motion across the entire enterprise: on-premise, remote sites, public, private, and hybrid clouds. Visibility Deployment Architecture Most deployments in use private IP addresses for EC2 instances within a, thereby shielding public or elastic IP access to the instances. To support multiple and flexible deployment models (hybrid, single, multi-) at scale and to control the agents (G-vTAP) and visibility nodes (V Series) within a, the Gigamon Visibility Platform supports a controller-based architecture to proxy the command-and-control APIs while preserving existing NAT or IP Addressing schemes. EC2 APIs Amazon CloudWatch Integration G-vTAP Controller G-vTAPs GigaVUE V Series Controller The command-and-control proxy components are: 1. G-vTAP Controller Controller AMI to proxy commands from to the G-vTAP agents. 2. GigaVUE V Series Controller Controller AMI to proxy commands from to the GigaVUE V Series nodes. Tunneling Target VM app to be monitored Tools Monitored data traffic Control traffic 3
Requirements for the Gigamon Visibility Platform Components Table 1: EC2 Computing Requirements for the Solution Solution Component Minimum EC2 Instance Type Description G-vTAP Agent t2.medium with additional ENI Available as rpm or debian package. Additional ENI (Elastic Network Interface) is required for the mirrored/monitored traffic. G-vTAP Controller t2.medium Based on the number of agents being monitored, multiple controllers will be required to scale out horizontally. V Series Node c4.large (2 ENIs) c4.large supports throughput up to 500 Mbps. ENI 1: Monitored Network IP (mirrored traffic from G-vTAP) ENI 2: Tunnel IP (traffic to tools or on prem GigaVUE H/W) ENI 2: Management IP (commands from the controller) V Series Controller t2.medium Based on the number of GigaVUE V Series nodes being monitored, multiple controllers will be required to scale out horizontally. m4.large 40GB root disk 40GB data disk needs to be able to access both the controller instances for relaying the commands. automatically spins up additional EC2 instances for GigaVUE V Series nodes based on a pre-defined configuration in the user interface. For on-premise requirements and ordering information, please refer to the Data Sheet. Table 2: Recommended EC2 Computing Requirements for the Visibility Platform Platform Component 100 Virtual TAP Points 1000 Virtual TAP Points 1 m4.large 1 m4.xlarge G-vTAP Controller 1 t2.medium 10 t2.medium GigaVUE V Series Nodes 2 c4.large 20 c4.large GigaVUE V Series Controller 1 t2.medium 2 t2.medium Based on the number of virtual TAP points, GigaVUE V Series nodes will be auto-launched by fabric manager. Refer to the Gigamon Visibility Platform for Getting Started Guide for deployment instructions for the visibility components of. Customers can access this guide in our Customer Portal. Support and Services Gigamon offers a range of support and maintenance services. For details regarding Gigamon s Limited Warranty and its Product Support and Software Maintenance Programs, visit www.gigamon.com/support-and-services/overview-and-benefits 4
Ordering Information, Renewals The Visibility Platform is activated using a Term Bring Your Own License (BYOL). Table 3: Part Numbers for the Solution Part Number GFM--100 GFM--1000 Description Monthly Term license for traffic visibility up to 100 virtual TAP points in. Min Term is 3 months with a max of 12 months Monthly Term license for traffic visibility up to 1000 virtual TAP Points in. Min Term is 3 months with a max of 12 months Note: 1. Virtual TAP Point: Any end point from which traffic can be mirrored using the G-vTAP agent, for example, an Elastic Network Interface (ENI) in a EC2 instance. A single Amazon Machine Image (AMI) could have multiple ENIs that can be tapped. For example, if a application uses 10 EC2 instances with 2 ENIs each, then the total Virtual Tap Points are 20. 2. Try-and-Buy: To try Visibility for 10 vtaps for 30-days, launch as a community AMI or download it from the Gigamon customer portal. Refer to the ordering section to purchase additional term-based visibility. 3. Licensing: Licenses are activated from. 4. Renewal: notifies the customer of term license expiration with advance notice of 30 days. Contact Gigamon for renewals. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 4095-02 03/17 3300 Olcott Street, Santa Clara, CA 95054 USA +1 (408) 831-4000 www.gigamon.com