The advantages of public cloud computing can’t be beat. Companies around the world are taking advantage of the cost-saving measures associated with public cloud to help scale their infrastructure, provide disaster recovery services, elastic storage, and hosted services. As public cloud became more popular over the last few years, leaders quickly developed in the space. According to a recent Gartner report, Amazon Web Services (AWS) is by far the leading public cloud infrastructure platform, owning 47.8% of the market share. After AWS there is a big drop down to the next leaders: Microsoft Azure holds 15.5% of the market, Alibaba owns 7.7%, and Google Cloud has just 4%.
In this new, three part blog series, I’ll explore AWS, Azure, and Google Cloud, describe some of the benefits and limitations of each platform, and how Garland Prisms can work within the platforms to provide additional value to customers by providing packet level visibility in the public cloud.
One of the reasons that AWS is the leading public cloud service provider is that it is the most mature option on the market. Being the first to market, gave them an advantage to taking a large portion of the market share upfront. AWS provides global, enterprise-friendly products, with the configuration, monitoring, and security features they require to meet the complex network architecture needs of those organizations. It’s an open and flexible product that can be adjusted to meet the changing IT needs of any organization.
There’s no denying that AWS is a powerful tool for companies looking to add public cloud resources. There is however, one major challenge related to public cloud; how can you deliver packet level data to a monitoring tool, whether in the cloud or in an on-prem data center?
Making the Case for Packet Visibility in the Cloud
So why would you want to have packet level visibility into your cloud workloads? Getting access to the packets in your network provides IT teams with the ability to detect network and security anomalies within a VPC and then route those packets to a security tool for analysis. This provides security teams the ability for quicker threat detection and response over tools that are using log or flow based data. With better visibility comes the ability to make better decisions about the network for your organization. You can perform internal testing and troubleshooting to make sure that your network is architected correctly to meet changing operational needs.
AWS recognized the need for network monitoring in the cloud to keep an eye on unusual traffic patterns that could be indicators of a hack or data breach, and in 2019, they launched VPC Traffic Mirroring to address some of those issues. VPC Traffic Mirroring is a new feature unique to AWS that allows users to capture and inspect network traffic within an existing Virtual Private Cloud. VPC traffic mirroring can be easily compared to what a Fiber TAP does in a physical environment, providing the user with direct access to packets flowing through the VPC.
AWS VPC Traffic Mirroring
Similar to physical network TAPs, VPC Traffic Mirroring allows users to capture all packets in the VPC, or use filters based on protocols and CIDR blocks, to only capture specific information of interest to the tool that the traffic is going to be mirrored to. AWS built their VPC Traffic Mirroring to work across multiple VPCs in an AWS environment, capturing traffic where the VPC is located and then mirroring that traffic back to one VPC for inspection by an analysis tool.
Garland Prisms and AWS
AWS is a solid product. There’s a lot of great features and benefits it can provide, and for some customers the VPC Traffic Mirroring will be robust enough to provide packet level visibility into these workloads in the public cloud. However, there are still limitations to what VPC Traffic Mirroring can do, and that’s where Garland Prisms comes in. Garland Prisms is a host-based cloud TAP that can mirror any traffic, whether north-south or east-west, from containers and virtual machines in any cloud environment. Prisms is a compliment and is primarily used to augment the features of AWS. VPC Traffic Mirroring is limited in what it can do for a customer in the fact that there is no agent, it only works in nitro instance types, there is no container support, and most importantly, supports only 1:1 replication. As a cloud-native tool, Prisms addresses all of these limitations.
One of the greatest benefits to Prisms is that it provides support for 1:many tool replication. In today’s complex IT infrastructures it is very common for traffic to be inspected by multiple tools for security and monitoring analysis. Each tool may be used by different teams, and for different purposes, but it is important for all of them to get access to the packets they need. Having a way for the packets to get to multiple tools, whether it’s in a traditional, physical environment, or in the cloud, is critical to overall network performance and security strategies.