The power of public cloud has transformed many industries. Many innovative startups may not have ever seen light of day if they could not harness the power of public cloud. Public cloud providers such as AWS, Azure and GCP have made it much easier to start a business as infrastructure is ubiquitously available in the cloud. Not only have new startups taken advantage of the unlimited computing capacity offered by the public cloud, companies of all sizes have realized true digital transformation potential with a new class of modern applications that have resulted in additional revenue opportunities.
More than 51% of the enterprises surveyed in a recent Rightscale report are making use of both public and private cloud, but security, visibility and monitoring remain one of the biggest concern of the CIOs and CSOs. While IT has robust security, compliance and visibility architectures coupled with monitoring tools for on-prem data centers, such robust security systems are lacking in the public cloud.
Enterprises & telcos have made use of systems called network packet brokers (NPBs) on-prem with a primary purpose of traffic aggregation for monitoring purposes. Once the traffic is aggregated via taps or SPAN/port mirroring, it is then replicated to one or many security and monitoring tools after being filtered. The ability to see this traffic allows tools such as IDS, breach detection and mitigation security tools to alert customers about the threat vector that exists in the network and mitigation of such attacks. Traffic can also be consumed by other performance monitoring, troubleshooting and customer experience tools.
Aggregating, filtering and replicating traffic to multiple security tools in the cloud is a complex problem. The security problem gets compounded as customers provision more and more VPCs (vNETs in Azure) within a public cloud. These complex topologies within a public cloud not only require a solution that can provide security and monitoring, not just for one VPC or on a per VPC basis, but a solution that is capable of multi-VPC monitoring.
Solving this problem requires bringing a NPB functionality to the cloud. With the introduction of Big Monitoring Fabric - Public Cloud (Big Mon), Big Switch Networks is doing exactly that.
Big Switch has offered the on-prem version of Big Monitoring Fabric, Big Mon-Enterprise Cloud, for a number of years. With the introduction of Big Mon – PC, the same pervasive monitoring can be extended to AWS public cloud. This brings a level of consistency, compliance and a common interface for monitoring across diverse infrastructures. With Big Mon for AWS, customers can monitor any EC2 instances, an entire subnet or an entire VPC within an AWS private cloud.
Image: Illustration of Big Mon – PC for a single AWS VPC
Image: Illustration of a multi-VPC monitoring solution
What sets this architecture apart from anything else that is attempting to solve the same problem is Big Mon’s unique capability of monitoring multiple VPCs from a single point of control. This helps organizations centralize the cloud tool-farm in one VPC instead of needing to replicate across every VPC. This not only makes the solution cost-effective, but at the same time helps customers improve their security posture in the public cloud. In addition to supporting monitoring across multiple VPCs, Big Mon - PC can auto-scale as the workloads auto-scale to allow for that dynamic workload scaling.
For more information, watch the demo here,
Director, Systems Engineering