As adoption of Amazon Web Services (AWS) is accelerating at a dizzying pace, it is becoming critical for IT organizations to gain visibility into application traffic on the AWS infrastructure. For most organizations this means both flow-level intelligence and deep packet-level monitoring for security, troubleshooting, and application performance of their AWS workloads. AWS and Big Switch Networks have been collaborating to provide comprehensive packet and flow-level visibility within AWS, similar to that available within enterprise on-premises data centers.
In 2018, Big Switch released its first version of the AWS monitoring solution: Big Monitoring Fabric (Big Mon) for AWS. This solution has enabled organizations to monitor AWS application traffic both within and across multiple Amazon Virtual Private Clouds (VPCs) through an integrated, single pane-of-glass to achieve packet and flow-level visibility of AWS workloads. Application traffic – typically filtered through user-defined policies – is delivered to one or more monitoring tools hosted on AWS. This solution necessitated a lightweight software agent, installed automatically on AWS instances being monitored, to replicate application traffic for monitoring.
Agentless Amazon VPC Traffic Mirroring with Big Monitoring Fabric
AWS is launching its native Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring feature at AWS re:Inforce in June 2019. It is a new Amazon VPC feature that enables customers to gain insight into network traffic across their Amazon VPCs for content inspection and threat monitoring. The traffic mirroring service allows application (instance) traffic to be replicated for third-party monitoring/inspection services without the need for agents. Big Switch Networks is working with AWS to deliver the next phase of its Big Mon monitoring solution for AWS by leveraging Amazon VPC traffic mirroring APIs. This solution further simplifies monitoring operations even more than the current solution and offers a secure and elastically scalable way to monitor application traffic on AWS. Big Mon for AWS with Amazon VPC traffic mirroring provides packet replication at the Elastic Network Interface (ENI) level without using any user-space packet forwarding agents. The filtering, replication, and advanced network packet broker functionalities offered by the solution will enable the right application traffic to be sent to the right tool(s) for inspection and monitoring. The entire monitoring workflow is created through a single intuitive Big Mon for AWS controller dashboard, or can be automated via the Big Mon controller’s RESTful interface.
Figure 1: Big Mon for AWS with Amazon VPC Traffic Mirroring -- Solution Benefits
Big Mon for AWS with Amazon VPC Traffic Mirroring -- Solution Benefits
Elastic, Secure and Dedicated Solution Within AWS
The solution offers elastic, secure and centralized monitoring of all VPCs within the user’s AWS account. The Big Mon for AWS with Amazon VPC traffic mirroring solution offers enhanced security as it provides packet replication at the ENI level without the need for agents.
Single Pane of Glass Management
The Big Mon controller for AWS acts as a centralized and intuitive dashboard for creating the entire monitoring workflow – from selecting AWS workloads to monitor, to creating and applying rules for filtering and related packet/flow manipulation functions, as well as delivering filtered traffic to selected monitoring tools.
Shared Infrastructure to Eliminate Tool Silos
Multiple IT teams (for example, security ops, network ops, and compliance) can leverage the same Big Mon for AWS monitoring infrastructure. These multiple teams can create monitoring policies, depending on their access rights, to deliver traffic to the respective set of tools of their interest. This eliminates the tool duplication and tool sprawl.
Hybrid Cloud Monitoring with Multi-Cloud Director
The Big Mon for AWS controller integrates with the Big Switch’s Multi-Cloud Director (MCD) for centralized hybrid cloud management across both AWS and on-prem environments.
More resources on this topic:
“Big Switch Networks – a Cloud-First Networking company – is a pioneer in bringing cloud innovations to enterprise networking and monitoring. Our Big Monitoring Fabric (Big Mon) solution for visibility and security leverages cloud-first design principles enabling enterprises to accelerate AWS public cloud adoption for their security- and compliance-sensitive applications. Big Mon’s integration with Amazon VPC traffic mirroring APIs enables agentless monitoring, elastic visibility, and traffic filtering via single Big Mon controller dashboard. With common operational workflows across AWS and on-premises environments, IT organizations can realize consistent monitoring for hybrid cloud, while reducing cost, enhancing security and compliance, and meeting operational SLAs.”
– Prashant Gandhi, VP and Chief Product Officer, Big Switch Networks