Monitor application traffic in any public cloud to ensure compliance and security

IT organizations now see the need to monitor workloads running within public cloud data centers, just as they monitor their own data centers. For most organizations this means flow- level and deep-packet monitoring for security, troubleshooting, and accounting use cases. Organizations struggle to meet the need for oversight, as public cloud providers do not offer network taps or access to switches to configure SPAN ports, which is how IT typically does the monitoring on-premises.

Big Mon Fabric – Public Cloud provides comprehensive and cost-effective monitoring

The Big Mon Fabric – Public Cloud (BMF-PC) addresses the monitoring challenge with a cloud- based network packet broker (cloud NPB) residing in a monitoring virtual public cloud (VPC). Packets are replicated and forwarded to this VPC from any workloads and associated VPCs. A dedicated monitoring VPC within the same user account keeps the network packet broker local, secured, and accessible. Moreover, the cloud NPB is cost effective, as traffic stays local between the VPCs without venturing out to the WAN.

Public Cloud

Big Mon Fabric – Public Cloud inserts a virtual network packet broker within the user’s cloud account. Via auto-discovery and configuration, the virtual NPB enables full packet monitoring of any VPC- or VNet-related workload.

The compelling feature here is around the ability to create an out-of-band local VPC and local virtual switching, from the workloads to the VPC and from within the VPC, to the tool of choice. This approach offers the same capabilities as the Big Monitoring Fabric – Enterprise Cloud version, where a dedicated VPC replaces SPAN and TAP ports.

Big Mon Fabric – Public Cloud offers functional advantages

    • Uses local, dedicated, secure VPC-based network packet broker for centralized packet- based monitoring of all VPCs within the user’s public cloud account.
    • Requires no hardware or software features from the public cloud provider other than a VPC.
    • Keeps traffic local for reduced costs and security advantages.
    • Centralizes all monitoring tools within the NPB VPC and assigns user-friendly tags for easy configuration.
    • Makes available access for multiple IT organizations, based upon access rights and monitoring policies. This limits the traffic monitoring and tool sprawl that often results as individual tools proliferate.
    • Integrates with the Big Switch Networks Multi-Cloud Director for centralized hybrid cloud management.
    • Plugs in compatibility with industry standard OVAs, AMIs, and ISO-based workloads and monitoring tools.
    • Offers multi-department sharing of the NPB VPC for use by security ops, network ops, and compliance teams.
    • Employs automated discovery of the VPCs within the user account for ease of configuration and for visibility and auditing of workload activities.
    • Makes it possible for IT organizations to leverage their favorite security and network operations tools, as long as they are in virtual machine form factors. This reduces training time and team resistance to moving to the cloud.
    • Big Mon Fabric – Public Cloud removes one of the most significant barriers to adopting cloud infrastructures: visibility and deep-packet monitoring.

Public Cloud

The example of discovered workloads includes many of their attributes from the BMF – Public Cloud inventory table. The workloads can be configured with monitoring policies to direct copies of the packets to dedicated VPCs and point them to a specific monitoring tool.