Garland Technology ensures complete network visibility by delivering a full platform of network test access point (TAPs) and packet broker products
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
By now, we all know due to the rapidly evolving digital transformation, Amazon, Microsoft and Google have all created environments where infrastructure and networking is elastic, on-demand and extremely fast. As part of this three part blog series, exploring AWS, Azure, and Google Cloud, this week we will focus on the benefits and limitations of Microsoft Azure, and how Garland Prisms can work within the platforms to provide additional value to customers by providing packet level visibility in the public cloud. If you’ve just started following along, check out our first post on AWS.
As the No. 2 cloud provider, behind AWS with 15.5% of the market share, Microsoft Azure has an ever-expanding set of cloud services built to help organizations build, deploy and manage cloud applications through a global network of data centers. With Azure’s rapid rise, at a growth rate of 60% year-over-year, the gaps in their application services start coming into focus for cloud architects, including the lack of a virtual tapping solution to get packet visibility to monitoring and security tools.
Illustrating the emergence of Azure cloud as a challenger to AWS’s market supremacy, Microsoft was recently awarded the massive JEDI (Joint Enterprise Defense Infrastructure) contract for the U.S. Defense Department’s public cloud resources. This digital migration will provide enterprise level, commercial Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) to support Department of Defense business and mission operations.
In public cloud platforms like Azure, security and compliance is a shared responsibility between the platform provider and the user. It’s designed to help relieve a user’s operational burden as the platform itself operates, manages and controls components from the host operating system and virtualization layer, and hosts many security and monitoring applications from 3rd party tool vendors.
So why would packet level visibility be necessary in the cloud? Everything starts with the packet, and IT and security professionals still need this level of visibility and access for their connected applications to detect security anomalies and analyze network performance. This visibility has been notably absent in the public cloud like Azure, leaving IT teams to examine small packet captures for individual hosts using outdated tools such as tcpdump and Microsoft Network Monitor, instead of a complete strategy.
The story is the same rule of thumb as an on-prem network, better visibility allows your organization to make better decisions about the network, from testing and troubleshooting, threat detection and response to network architecture optimization to correctly meet changing operational needs. Tapped packets provide logs, endpoint data, and network data, which is considered the three key data sources for security visibility.
With over 800 listed services in the massive platform, traffic mirroring must be one, right? To great fanfare at Microsoft Ignite 2018, Microsoft announced a “private preview” for the first natively distributed Network TAP available in any public cloud. The Microsoft Azure Virtual Network TAP (vTAP) was set to enable organizations to mirror virtual machine traffic and direct it to out-of-band network tools without having to use packet-forwarding agents.
Unfortunately, Azure’s private preview quietly went cold. With no recent updates on availability, most Azure customers are left with massive blind spots in their network. We have no doubt that Azure will at some point release an updated vTAP, which like the other cloud platforms do a great job as infrastructure based mirroring doesn’t require host memory and CPU cycles.
We have been seeing many customers are finding some major gaps in these infrastructure based traffic mirroring, including:
In these cases, Garland Prisms’ traffic mirroring fills the gaps where current solutions are unavailable or impractical. Garland Prisms packet mirrors both North-South (client server) as well as East-West (inter- and intra- container) traffic. Garland Prisms complements native cloud mirrors, allowing you to provide added visibility and replication [1:N] to multiple destinations. And in the case of Azure users who may not have a true traffic mirroring option, Garland Prisms can provide the easy to deploy, scalable visibility to get your performance and security tools the packets they need.
Looking to add visibility to your cloud deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!
Chris Bihary has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance through the integration of network test access points. Previously, Bihary was Managing Partner at Network Critical.