This syndicated post originally appeared at Network World Zeus Kerravala.

Matt Bergeron, senior director of technology at Ixia, talks about the
cloud-native approach the company took to create CloudLens

Earlier this month Ixia announced an update to its CloudLens product where it could now provide visibility into public clouds. Ixia wasn’t the first packet broker vendors to roll out a solution that extends the visibility infrastructure to the cloud. That honor goes to Gigamon, which announced the general availability of its visibility platform for Amazon Web Services.

Over the past few years, the packet broker space has heated up, as customers are feeling the pain of running distributed environments and have brought in more network management and security tools. Packet brokers effectively create a middleware layer that sits between the network and tools and makes it significantly easier to deploy best-of-breed tools. Now that IT departments are aggressively expanding to the cloud, it makes sense that the visibility tier would need to as well.

However, when building any kind of tool for the cloud, there are two approaches. The first is to deploy the virtual version of the product into the cloud. This is akin to the “lift and shift” strategy that many organizations use when migrating applications to the cloud. The advantage with this approach is obviously time to market, as there’s very little work to be done rewriting the tool. The downside is that it doesn’t take full advantage of running in the cloud because the agility and scale is limited.

The other approach is to build a product specifically designed for the cloud. In the application space, this would be called “cloud native.” The downside to this strategy is obviously that it takes longer than moving a virtual stack into the cloud. But the upside is you have a product that can meet the demands of an increasingly dynamic and distributed world.

One vendor that took the long road is Ixia. I had a chance to discuss the CloudLens product and design philosophy with Matt Bergeron, senior director of technology at Ixia.

Zeus: The approach you took with CloudLens is markedly different than the rest of the industry. Could you describe the design philosophy behind the product?

Matt: We talked to many customers about their needs before designing the product. Obviously, building a product for the cloud is fundamentally different than for on premises. Our biggest goal was that we should be able to comfortably accommodate a true cloud-scale customer like Netflix or Amazon Marketplace itself. These companies have environments that would require technology that can scale up quickly but would not get in the way. You cannot adapt or evolve into that. You have to build for it from the beginning. We wanted to be able to fit into an architecture like that with no disruption.

Zeus: Other than rapid scale, what were some of the other considerations?

Matt BergeronMatt: Many of our customers have tens of thousands of instances (virtual resources) running in a cloud like Amazon. These instances can be split across thousands of virtual private clouds (VPCs). Different groups can build their own VPCs, which often leads to monitoring complications. For example, it’s possible, even likely, there will be overlapping IP addresses in the different VPCs. We had a concern regarding managing this many instances and the amount of traffic this would create and how we deal with IP address overlap.

Our primary competitor has a solution that uses a virtual packet broker, but that creates a choke point for the traffic and adds another layer of software to be managed. We decided to avoid the use of a virtual packet broker and took another approach. Instead, we deploy peer-to-peer, Docker-based agents in each VPC. These agents communicate with each other and directly with a SaaS-based management component instead of having to backhaul all the traffic back to the businesses data center.

Zeus: It sounds like the agent approach is more bandwidth efficient. Is this true? Can you share some details?

Matt: That statement is absolutely true. We perform all the filtering at the agent level itself so traffic that is not needed is never sent over the wire. With a virtual packet broker, all the traffic must be sent to it and then to an analysis tool. Anyone who has deployed a cloud service knows that the bandwidth costs connecting on premise to cloud can be high, so we tried to create the most network-efficient network visibility architecture that we could.

In an environment where there are tens of thousands of agents with granular filtering, we would expect to see bandwidth reductions of up to 90 percent.

But even in medium size environments, it’s important to be efficient with network traffic. The visibility layer shouldn’t cause the customer to require a bandwidth upgrade.

Also, our peer-to-peer methodology connects via virtual private network (VPN) with its own IP addressing scheme, so we can send the traffic over the internet instead of requiring a dedicated connection—more secure and less costly. The lightweight, Docker-based agents gives us the ability to scale up and as fast as the customer needs.

Zeus: Any other benefits to this approach?

Matt: Yes, there are a couple of other advantages to building a cloud-native visibility solution. Because we run in a Docker container, the solution is portable from cloud to cloud. Right now, we are only certifying our product to run in Amazon, but there’s no reason it can’t be used in Microsoft Azure or any other cloud.

Another benefit is that this solution is very easy to extend into hybrid environments because the agents could be deployed anywhere. The SaaS-based management services lets customers have one pane of glass for the entire architecture.

Lastly, our consumption-based billing model matches Amazon’s pricing, so customers no longer have to try and forecast the utilization in advance.

The following two tabs change content below.

Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.
Share This Post:
No Interactions

Be the first to comment!

Post a Comment:

You must be signed in to post a comment.

Insight and Influence Through Social Media
ZK Research: Home
RSS Feed
ZK Research is proudly powered by WordPress | Entries (RSS) | Comments (RSS) | Custom Theme by The Website Taylor