Imagine looking up toward the sky on an average afternoon, marveling at the piercing blue background salted by white fluffy clouds. Each cloud is uniquely shaped, gloriously afloat, describable in terms even a five-year-old can understand. They look dense enough to stand on, soft enough to sleep on, and righteous enough to spend an afterlife walking among.

Now imagine riding passenger on a Boeing 747. You’re peering out the window as the aircraft takes off. As you ascend, steadily approaching the definitively shaped clouds, they curiously begin to lose shape and opacity. Enter the clouds — your perspective has significantly changed, for you can no longer see them for what they are. Rather, the sky is whitewashed and borderless. Oddly, you may still be able to see others in the distance, but you’re essentially blind to the cloud you’re in. Often times all you’ll see is the giant white soul of the cloud with no sky whatsoever, no coherent shape or texture.

In the technology realm I call this the foggle effect, inspired by the fog goggles that pilots use in training to simulate thick atmospheric conditions. Precise cloud borders fade, and we must rely entirely on instrumentation for visibility. Pilots entrust these advanced visibility instruments, aiding them in confidently delivering 500+ passengers, end-to-end, essentially blindfolded. It’s these instruments that are similarly needed by organizations moving software beyond the traditional data center.

Cloud Inevitability

Organizations are migrating applications by the truckload to the cloud on a daily basis. It doesn’t make sense for most companies to be their own email and messaging provider, ERP or SAP provider, web provider, voice provider, and so on. The SaaS and cloud offerings for these technologies (and many more) are abundant and vibrant.

However, there are still two major concerns from a technical perspective slowing cloud adoption: security and visibility. When you think about it, these concerns are the same whether you’re flying a plane, or porting an application. How do we see what’s going on in the cloud? What level of assurance do we have that our cloud applications are behaving appropriately? Are we sustaining security protocols? Show me.

This blindness problem is one of the great challenges of our recent networking age. Good news for us is we have companies like Ixia developing instrumentation, a lens for the cloud, to help us see through these foggy banks.

Ixia CloudLens

Like most folks in the networking industry, I’m in the midst of migrating applications to clouds – both private and public. I’m dealing with challenges surrounding security compliance, data integrity, high availability, KPIs, metrics and visibility. It feels like I’m conducting probably the worlds worst orchestra — a bunch of kindergartners who were just introduced to instruments and performing in front of audiences, and I need to make this tolerable. Oh, and I’m not a conductor.

This is why I was captivated during Ixia’s presentation at Networking Field Day 13 when Kris Raney took the stage to talk about their solution to our cloud visibility woes. Ixia CloudLens is the instrumentation that clears your foggled eyes to see in the cloud network and capture packets traversing it in the same manner you would at your own data centers. Developing such a solutions wasn’t without it’s obstacles.

Technical Challenges 

One of the big questions when packet capturing in the cloud is — how do you get the packets? Within this question are another set of caveats — how do you get the packets without going inline with some other VM, without being able to promiscuously sniff, without visibility to broadcasts and multicasts?

Moreover, you’re in a cloud where scale and elasticity are real things and must be considered.  How do you scale up and down, in and out, without worrying about losing visibility? You need to scale your TAP!

The CloudLens Answer

Ixia took these challenges head-on when building CloudLens.  So how exactly does it work?

The VMs you desire to monitor are installed with an agent called CloudTap.  This agent is a docker container that requires no other interaction besides the installation itself, which Ixia says would be a part of the VM build in such an environment. The benefits here are numerous.

1. When the VMs scale, so do the agents
2. You can intercept traffic at the OS-level, independent of hypervisor. This means you can see non-network data before it’s hit an interface.
3. Sits behind load-balancers
4. Sits behind SSL offload engines
5. Has very powerful filtering capabilities

What this ends up looking like is a series of customer instances (your VMs) connecting back to tool instances, which report to central management component. All monitoring and configuration is done centrally!

Again, the intent would be that all of your VM instances would have this container agent running as a part of the general build, increasing your visibility landscape harmoniously with the evolution of your environment.

Scaling with your environment

What good is a TAP if it doesn’t scale with your demands? It’s a valid question, and Ixia has an answer here as well. I personally find this very cool. Not only are you scaling your visibility from the VM instance perspective, but you can also scale tool instances when capacity demands are reaching some threshold. You can add new instances of the tool, and because this solution is built based on software groupings, CloudTap agents will autonomously organize themselves to multiple tool instances.

Just to add a note here — there are no additional packet brokers in this setup. No need to worry about constraints hair-pinning through some other VM instance for brokerage. Everything in this design is peer-to-peer, from source agent to CloudTap tool.

Closing Comments

Clouds seems as though you can grab them right out of the sky, spin on a stick and serve like cotton candy. But things change a bit once you’re in the clouds. Same is said for the clouds hosting our applications. Ixia is focused on the AWS market (for now), enabling packet-level, granular and familiar visibility, just like we’d expect in our data centers. As your environment grows, so does your visibility landscape. As your security and monitoring tools become overwhelmed, they too scale, in software-defined fashion. As a network and security monitoring nut, I’m always asking the question about visibility. The ominous cloud freaks me out because of the inevitably looming foggle effect. However, with Ixia’s CloudLens, I’m growing confident that I won’t lose packets, monitoring metrics and security analysis in the cloud. We may be standing in the two-dimensional shadows cast by the fluffy things in the sky, but with proper instrumentation, we can truly see them for what they are, all the way down to condensed water vapor detail. Exciting times!

In case you’re not familiar with Ixia, this is a tiny fraction of what they do. Ixia has a huge portfolio, including one of their flagship products – Vision ONE, which Phil Gervasi eloquently described in one of his recent blog posts. Ethan Banks of Packet Pushers also gave Vision ONE some much-deserved praise.

Don’t forget to check out the presentation if you get the chance!