Más contenido relacionado La actualidad más candente (20) Similar a End to End Application Visibility and Troubleshooting Across the Virtual Cloud Network and NSX Portfolio (20) End to End Application Visibility and Troubleshooting Across the Virtual Cloud Network and NSX Portfolio1. NETSCOUT ASI
for Visibility & Troubleshooting
into Applications in NSX-T
VMworld 2019
Marcos Hernandez, Chief Technologist - Networking and Security, VMware
Ray Krug, Solutions Architect, NETSCOUT
2. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 2
Agenda
• Business Agility with NSX-T
• Smart ‘Visibility Without Borders’ from NETSCOUT
• NETSCOUT Partner Service Deployment in NSX-T
• nGeniusONE Troubleshooting Workflow in the VMware NSX Data Center
• Smart Visibility in the Multi Cloud
3. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 3
Who is NETSCOUT?
Financials
Global EnterprisesOnline Healthcare Systems
Service Providers
Solving the toughest problems for the Largest IP Networks in the World
4. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 4
Business Agility
Question:
“Where’s your Data Center?”
CIO - Answer:
“My data center? It’s everywhere
and anywhere I need to place
compute, network and storage
capacity to enable my business”
5. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 5
What Keeps the IT Team up at Night?
Coping with Business Agility
“How can I quickly
troubleshoot issues of
applications in production?”
“How do I engineer traffic
in my data center(s) / to
the cloud?”
“How are my Apps
Communicating?”
“How can I feed my security
tools?”
“What’s going on in my
multicloud environment
with constant change?”
“Why is my application
performance suffering?”
Making sure the customer experience and business agility does not suffer
DevSecOps
6. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 6
Smart Application Troubleshooting and Monitoring
Question:
“Where’s your Performance and
Security Visibility to keep your
business applications running?”
CIO - Answer:
“It needs to be everywhere and
anywhere I need to place compute,
network and storage capacity to
enable my business”
SOLUTION: NETSCOUT’s Visibility Without Borders
7. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 7
A New Approach to Continuous Monitoring in Multi-Cloud
based on NETSCOUT Smart Data.
VMware
Cloud
AWS
Smart Visibility
VMware NSX
Data Center
8. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 8
Software Centric
Designed for Both Physical and Virtual Environments
1
2
Common Situational Awareness
Consistent Views for DevSecOps
Open API & Data Formats
Kafka, REST, JSON, AVRO, CSV
Cloud Visibility (N/S/E/W)
VMware NSX Data Center, VMware Cloud, AWS, Azure,
GCP, Oracle etc..
4
What is Smart Data?
Smart Visibility into Network, Applications, Dependencies, and Security
Deep Packet Inspection
Performance and
Security KPIs
Packet
Data
3
Smart Data
9. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 9
Smart Data – ASI Metrics
• Rich Multi-Dimensional Meta-Data
– KPI, Session, Packet
• Advanced Metrics
– Application Response Time
– Application Success, Failure
– Application Errors
– Network Response Time
– Per protocol, per Message Type (i.e. URL)
– Voice and Video QoE Metrics
• Security Metrics
– Weak Security Practices (Ciphers, Protocols)
– Threat Analysis
– Behavior Analysis
Smart Data
Smart Application Troubleshooting and Monitoring
10. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 10
Using Smart Data
DashboardGridReportingService MonitorDependency MapLink MonitorTraffic DiscoveryMachine LearningCertificate MonitorAlertingPacket ForensicsSecurity
Smart Data
11. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 11
Packet Data is universally available...
Physical or Virtual (N/S/E/W)
Packet
Data
Smart Data
• VMware NSX Data Center
– NSX-T Service Insertion
• Public Cloud
– vTAP (Azure)
– Amazon VPC traffic mirroring
• Flexible Deployments
– Cloud Native
– VMs, Containers & Pods
Packet Data is UltraHD
12. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 12COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC.
vSTREAM / NSX-T Integration
Smart Visibility in the
VMware NSX Data Center
13. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 13
1 Register NETSCOUT Partner Service
With VMware NSX Manager
vSTREAM / NSX-T Integration
1. Partner Service Registration to NSX-T
VMware NSX Manager nGeniusONE
ESXi
T1
DFW
T0
ESXi
T1
DFW
T0
14. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 14
1 Register NETSCOUT Partner Service
With VMware NSX Manager
vSTREAM / NSX-T Integration
1. Partner Service Registration to NSX-T
VMware NSX Manager nGeniusONE
ESXi
T1
DFW
T0
ESXi
T1
DFW
T0
15. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 15
vSTREAM / NSX-T Integration
2. Deploy Partner Service / Service Insertion
VMware NSX Manager nGeniusONE
2 Deploy NETSCOUT Partner Service
vSTREAM Service Virtual Machines
(Host or Cluster)
Overlay Transport Zone
vSTREAM Service Segment
Overlay Transport Zone
vSTREAM Service Segment
ESXi
T1
DFW
T0
ESXi
T1
DFW
T0
16. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 16
vSTREAM Service Deployment
vSTREAM SVM
vSTREAM SVM
- Host mode - Deployed with vCenter into each host in the NSX-T cluster
- Deployment specification maps to the vSTREAM ovf
vSTREAM SVM
- eth0 management network
- eth1 monitoring interface (service segment)
17. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 17
vSTREAM Service Deployment
Service Instances
vSTREAM service virtual machine automatically deployed in each ESXi Host
18. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 18
vSTREAM / NSX-T Integration
3. Define NSX-T Network Introspection (E-W), Service chain and Policy
VMware NSX Manager nGeniusONE
Service
Chain
Policy
Rules
Service
Profile
Network Introspection (E-W)
• Service Profile
• Service Chain
• Policy Rules
3
Service
Chain
Policy
Rules
Service
Profile
Overlay Transport Zone
vSTREAM Service Segment
Overlay Transport Zone
vSTREAM Service Segment
ESXi
T1
DFW
T0
ESXi
T1
DFW
T0
vSTREAM
TAG
vSTREAM
TAG
19. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 19
NSX-T Network Introspection (E-W)
Service Profile and Chains
vSTREAM in the
Service Chain
vSTREAM_SP
Service Profile
vSTREAM Service Segment forwarding to vSTREAM_SP
20. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 20
NSX-T Network Introspection (E-W) - Rules
VMs with tag vSTREAM
Action is to “Redirect” traffic to the vSTREAM Service Chain
21. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 21
vSTREAM / NSX-T Integration
4. Application Troubleshooting and Monitoring using nGeniusONE
VMware NSX Manager
Smart
Data
nGeniusONE
Service
Chain
Policy
Rules
Service
Profile
Network Introspection (E-W)
• Service Profile
• Service Chain
• Policy Rules
3
Service
Chain
Policy
Rules
Service
Profile
Overlay Transport Zone
vSTREAM Service Segment
Overlay Transport Zone
vSTREAM Service Segment
ESXi
T1
DFW
T0
ESXi
T1
DFW
T0
22. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 22
Agentless
Deployment
• vSTREAM SVM runs independently from the application VMs
• Analytics computed close to the data source
• No need to ship packets across the network
Seamless Application
Visibility Management
• Automated Service Insertion
• Automated Application Visibility
• Using NSX-T introspection (E-W) policies
Simple
Deployment Model
• Automated Orchestration using vCenter
• Enter NSX Manager credentials, and install in a few simple clicks
Certified
VMware Ready
• VMware NETSCOUT Partnership
• End to End Application Troubleshooting in the Cloud
• ESX, NSX-V, NSX-T, AWS
Key Benefits
Implementing NETSCOUT vSTREAM as Partner Service
23. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 23COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC.
nGeniusONE In ACTION
Troubleshooting Workflow in the
VMware NSX Data Center
24. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 24
NSX-T
Segmented
Network with
Zero Trust
Model
Web web2 web3web1 web4
DNS1 AD-2 AD-3
Shared
Services NAS
Application Stock
Manager
Offer
Manager
Stock
Manager
Database
SqlDB OraDB
Users
HTTP (8061)HTTP/REST (8060)
LDAP2(389)DNS(53)NFS(2206)
MySQL (3306) Oracle (1514)
Demo Application Architecture
VMware NSX Data Center
Deployed over
2 ESXi Hosts
in NSX-T
Cluster
25. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 25
NSX-T Distributed Firewall controls application flow
26. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 26
NSX-T Group vSTREAM
Virtual Machines
tagged with ‘vSTREAM’
for E-W monitoring...
27. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 27
NETSCOUT Smart Data Application Flow Discovery
App
Web
Database
NFS
Active
Directory
Users
DNS
Smart Data and
Smart Analytics
ESXi Host
Awareness
28. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 28
Application Assurance in a Micro-Segmented
NSX-T Deployment
Application
Micro-Service “Stock
Manager” with
Failures
29. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 29
ASI Metrics for Service Tiers
Transaction Application Response vs Network Response vs Errors
Application
Response
Time
Network
Response
Time
Application
Errors
App Tier
Oracle
Database
Tier
Slow App Response
Slow
Network Response
30. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 30
Service Monitor - Investigate Performance Issue
Performance of Each VM in Application Tier
Virtual Machine
“stockm1”
Running on
Host ESXi-240
Virtual Machine
“stockm1” Much
Slower Than
“stockm2”
31. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 31
Session Analysis
Application Detail (API/Error etc)
Application Details
Session Ladder
Diagrams
32. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 32
Detailed Packet
Analysis providing
evidence to
Dev Teams
Packet Decode – Forensic Evidence
33. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 33
Automated Machine Learning, Analysis and Alerting
nGeniusONE already has pinpointed the issue…
34. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 34COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC.
NETSCOUT Visibility in the Multi Cloud
35. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 35
Azure VPN
Gateway
vSTREAM ‘lights up’ the Multi-cloud
Azure / AWS / Oracle / Google / IBM Softlayer / VMware Cloud on AWS
IPSec
Gateway
VPN
Gateway
VPN
Gateway
VPN
Gateway
VPN
Gateway
MicroServices
App
Inventory App
Corporate
Data Center
Active
Directory
DNS
DB-CorpnGeniusONE
Global
Packet
fwd GRE
to corp
Registration App
Packet fwd
udp to corp
MicroServices
App
MicroServices
App
MicroServices
App
36. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 36
Visibility Without Borders
The Multi-Cloud Data Center
37. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 37COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC.
Smart Application Troubleshooting and Monitoring in NSX-T
Summary
38. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 38
Smart Application Troubleshooting and Monitoring in NSX-T
Consistent visibility in Hybrid Data Center
Physical and virtual continuity
Automated Agentless Deployment in NSX-T
Orchestration delivered through NSX Manager and vCenter
Visibility controlled by NSX-T Security Policies
Using NSX-T groups based VM tag
Migrate to the VMware NSX Data Center with Confidence
39. COPYRIGHT © 2019 NETSCOUT SYSTEMS, INC. 39
Thank You.
www.netscout.com
Ray Krug
Solutions Architect
ray.krug@netscout.com