What Types of Virtualization Are Most Vulnerable to Network Blind Spots

Virtualization helps companies to streamline application deployment, simplify IT operations, and allow IT organizations to respond faster to changing business demands. However, there is a downside when it comes to network analysis. Virtualization introduces network blind spots – areas of application traffic that never cross a physical network interface – which is the typical connection point for network analysis systems.

There are ways to make these network blind spots visible, but to get the right prescription you need to first determine the type of virtualization that needs to be addressed.

Standalone VM Systems
Standalone VM systems have multiple VM guests, but a single VM host. The host is the physical hardware, while the guests refer to the virtual machines running inside of the physical server that can be used to run various applications which share the overall hardware platform. Standalone VM systems are how virtualization got started, and this is probably still the most common type of virtualization in the market. In standalone VM systems you may have one or more virtual network interfaces (vNICs) per guest and one or more physical network interfaces (pNICs) per VM host, creating a complex flow of both virtualized traffic and physical traffic.

A blind spot will occur in standalone VM systems when processes are communicating between different guests inside the same overall physical system. To remedy this, you’ll want to run additional software, like OmniVirtual, as a part of the virtual system to gain access to the traffic crossing the virtual NICs. This will capture inter-VM traffic and provide you with the visibility necessary to properly analyze both your network and application performance.

Coordinated/Distributed Virtualization
In the case of coordinated or distributed virtualization, the system consists of multiple VM hosts connected via a virtual distribution layer, making both inter-VM guest and inter-VM host traffic invisible to traditional network analysis techniques.

To address this more complex situation, a virtual tap is necessary. This is software that acts like a traditional hardware network tap, running at the level of the hypervisor. It allows users to tap into the vNICs and virtual switches that are connecting the various hosts, and gain access to the packet streams of interest for detailed network analysis. Since the virtual tap runs in the VM layer itself, it is typically vendor-specific so keep that in mind when researching virtual taps. Once a virtual tap is in place, network recorders like WildPackets TimeLine or Omnipliance Core can be connected to the virtual tap and capture network and application traffic as if physically connected to the virtual layer.

There are three different cloud scenarios, two of which have similar blind spot remedies to our previously mentioned ones in the sections above: in-house and third party. For an in-house cloud server, this is similar to distributed virtualization in that you’ll have physical access to your systems and can add technologies like virtual taps. For a third-party cloud solution, or Infrastructure as a Service (IaaS), you can install your own software – like OmniVirtual – to perform network analysis on remote VM hosts.

The only time when it is truly difficult to perform network analysis in the Cloud is in the case of Software-as-a-Service (SaaS), or hosted services. Here, you are essentially at the mercy of the service provider, as you will not have access to virtual servers to install software of your own.

Regardless of your network virtualization type, there is almost always a solution to gain full visibility into your network. Just follow the steps above or watch our ondemand webcast for further details.

Leave a Reply