Net Optics Phantom User Manual
Monitoring for virtualized computing, The virtual monitoring challenge, At a glance
The Virtual Monitoring Challenge
Enterprises have been utilizing Tap solutions for network traffic access for
many years. Traffic capture, analysis, replay, and logging are now part of
every well-managed network environment. In recent years, the significant
shift to virtualization—with penetration exceeding 50%—is yielding great
benefits in efficiency. However, today’s virtualization-based deployments
create challenges for network security, compliance, and performance
monitoring. This is because Inter-VM traffic is optimized to speed up
connections and minimize network utilization. This imposes invisibility on
physical tools unable to extend easily into the new environments. Costly
new virtualization-specific tools plus training can affect the economic
benefits and cost-savings of virtualizing. Currently, many tools suffer from
limited throughput, hypervisor incompatibility, and excessive resource
utilization.
Next generation data centers use virtualization technology to deploy
private/public cloud environments on a single physical server, or across a
clustered group of servers. Traditional Taps cannot see the traffic between
the VMs that reside on the same hypervisor (east to west traffic), nor can
they “follow” VMs as they get migrated from one host to another.
At a Glance
• 100 percent visibility of traffic between Virtual
Machines (VMs) and inter-blade visibility
• Installs in hypervisor kernel for full traffic
visibility
• Enables visibility and control of network
traffic in all best-of-breed hypervisors in
the virtual environment: VMware vSphere
ESX/ESXi Server 4.X/5.X; Citrix XenServer 5.6.x;
Redhat KVM 2.6.32; Oracle VM 3.0; Microsoft
Hyper-V 2012
• Generates Layer 2 and 3 statistics (packet
count, utilization, etc.)
Visibility is further reduced by the complexity of blade servers: with each
blade running multiple VMs on a hypervisor. Traffic running on blades
servers share a common backplane, presenting a network blind spot, as
the physical network and its attached tools unable to see traffic from the
internal network packets.
The Phantom Virtualization Tap Solution
The Phantom suite of software products provides 100% visibility of virtual
network traffic, including the unseen inter-VM traffic on hypervisor stacks.
This milestone solution has now expanded to support the industry’s leading
hypervisors. The Phantom Monitor is vSwitch agnostic supporting the
virtual standard switch, virtual distributed switch and next generation SDN
since it installs at the kernel level ( mirroring the network packets before
it arrives at the vSwitch). It is a software implementation of a switching
mechanism that manages communications between virtual network
devices and works identically to the physical switch. The Phantom Monitor
can mirror all traffic within the virtual switch, apply smart TapFlow™ filtering,
and send traffic of interest to any monitoring tools of choice. It can even
pass the mirrored traffic to a physical port so physical tools can monitor
the data. Virtual traffic is bridged to the physical world in an encapsulated
tunnel that can be terminated by a Net Optics xFilter™, Phantom HD™
and send traffic to Director™ Data Monitoring Switch, or at any capable
termination point of your choosing.
Monitoring for Virtualized Computing
• TapFlow™ multi-layer L2-4 filtering engine
• Extends monitoring and access into the
Inter-VM networking layer
• Applies existing physical monitoring
tools, processes, and procedures to the
virtual network
• No interference with the data stream or VMs
• No modifications needed in VMs
• Mirrors Inter-VM traffic to virtual and physical
monitoring tools of choice
• Sends mirrored traffic out physical NICs
in encapsulated tunnels
• xFilter™, Phantom HD™ terminates encapsulated
tunnels and sends traffic to Net Optics Director
or to any of your existing monitoring tools
• One Phantom Virtualization Tap monitors traffic
between VMs (one monitor instance is required
to be installed on each physical server)
• Scalable to support and administer high-density
environments
• Centralized Management for Phantom
Virtualization Taps VM (included software
component) manages multiple Phantom
Virtualization Taps and network traffic
The Net Optics Phantom Virtualization Tap™ is a network traffic monitoring and access solution for virtualized computing environments
developed for converged data centers. It captures data passing between virtual machines (VMs) and sends traffic of interest to virtual and
physical monitoring tools of choice. This innovative software Tap supports all major hypervisors, including VMware vSphere ESXi 4.x/5.x,
Microsoft Hyper-V 2012, Redhat KVM, and Parallels. Unprecedented visibility of packet-level data lets you manage virtual network security,
compliance, and performance using your choice of instrumentation layer tools—physical or virtual; local or remote. Because the Phantom
Virtualization Tap can bridge virtual-to-physical in converged environments, you can maintain current policies while continuing to use
your existing physical monitoring tools.
Data Sheet
I
Phantom Virtualization Tap