Big Monitoring Fabric™ enables dynamic, pervasive visibility of virtual machines, containers and public cloud apps


BSN Labs

Try BCF in the Hands-on Online Lab Now!

Data center’s transformation towards software-defined data center (SDDC) as well as persistent threat of sophisticated cyber-attacks are driving organizations to deploy pervasive visibility infrastructure to allow monitoring of any flow, via any monitoring tool, at any time.

SDDC transformation – including private clouds and cloud-native applications – are causing highly distributed workloads, including virtual machines (VMs) and containers, to create high bandwidth east-west traffic patterns. VM and container density within a server is also increasing significantly, driving demand for in-server monitoring of VM-to-VM and container-to-container traffic.

Adoption of public cloud for deploying applications and services, such as Amazon Web Services (AWS) and Microsoft Azure, is further creating blind spots for monitoring and new requirements for consistent monitoring of workloads across on-premise and public cloud infrastructure.

Big Monitoring Fabric (Big Mon) brings visibility to any workload – bare-metal, VM, Container, on private or public infrastructure. Big Mon’s SDN-based logical fabric architecture enables programmatic interactions with virtualization and cloud orchestration systems for both intra-server and inter-server traffic monitoring.

Dynamic Virtual Machine (VM) Monitoring

Big Mon provides a flexible, SDN-programmable visibility infrastructure for monitoring VMware SDDC as well as OpenStack cloud environments. It supports two deployment modes for intra-server and inter-server VM-to-VM traffic monitoring:

  • Continuous monitoring of VM traffic: virtual switches can be configured to granularly SPAN VM-to-VM traffic leveraging built-in vSwitch traffic filters. The SPAN traffic is aggregated and processed by the Big Mon fabric as per monitoring policy and then sent to the associated monitoring tools. This mode is useful for continuous VM traffic monitoring.
  • Dynamic monitoring of VM traffic: The Big Mon controller interacts programmatically with VMware vSphere or OpenStack networking to create an on-demand SPAN session for enabling VM-to-VM visibility. This mode is useful for immediate troubleshooting of VM performance or connectivity issues.

For VMware SDDC, Big Mon controller leverages VMware vSphere APIs to dynamically SPAN VM traffic. Intra-server and Inter-server VM traffic belonging to vSphere, NSX, and Virtual SAN can be monitored.

Demonstration of dynamic VM-to-VM monitoring is available here .

Dynamic Virtual Machine (VM) Monitoring

Big Mon’s API-driven approach is in contrast with the legacy “monitoring VM” alternative, which is intrusive, costly and performance impacting. The legacy alternative requires careful coordination between virtualization and network admins during deployment, troubleshooting, as well as SW upgrades – thus significantly reducing operational agility. An additional VM for monitoring has its own CapEx cost, plus it robs CPU cycles from application VMs thus driving overall CapEx cost even higher.

Container Monitoring

Containers are a new atomic unit of computing that is ideal for emerging cloud-native, distributed applications. Containers enable application portability by allowing applications to be developed on a laptop and run on a server or in a cloud environment. “Develop once, run anywhere” is a powerful software development paradigm shift, which also benefits IT organizations to achieve continuous integration and continuous deployment (CI/CD) processes for application lifecycle management. Data center operators are evaluating various container technologies, including Docker, Kubernetes, Mesosphere and Red Hat OpenShift.

Containers offer a layer of abstraction – like virtual machines – but are lightweight, have much higher density and tend to have a much shorter lifecycle. Containers enable microservices-based distributed applications where an application is decomposed into multiple network-connected microservices, with each microservice packaged in its own container. This highly distributed application architecture leads to tremendous increase in east-west traffic compared to monolithic applications.

To provide container-centric visibility, Big Mon architecture supports both deployment models: containers in VMs and containers on bare-metal hosts. It enables container visibility in VMware vSphere as well as Linux KVM environments.

Demonstration of container traffic monitoring within vSphere VM is available here.

Container Monitoring

Public Cloud Monitoring

As application developers leverage public cloud resources – such as AWS and Microsoft Azure – to develop and run applications, IT organizations need to ensure compliance and security policies are extended to public cloud workloads. In AWS, for example, a multi-tier application can run in an isolated Virtual Private Cloud (VPC), lacking any traffic monitoring capability.

Big Mon extends its logical monitoring fabric to public cloud environments. It supports two deployment models:

  • Single Big Mon for unified traffic visibility of both on-premise and public cloud applications (as shown in the diagram)
  • Self-contained Big Mon in public cloud for independent (isolated) visibility environments

Big Mon also allows a flexible tool deployment model where existing on-premise centralized tool farms can continue to be used for public cloud traffic. Additionally, some monitoring tools can also be placed in the public cloud.

Demonstration of self-contained monitoring in public cloud is available here .

Cloud Monitoring

Big Monitoring Fabric Advantages

Big Mon has unique architectural advantages for monitoring SDDC and cloud-native applications:

  • SDN architecture allows API-driven programmability for dynamic visibility of virtualization and cloud workloads with no additional CapEx cost
  • One logical fabric and centralized management extends visibility to off-premise public clouds without incurring additional OpEx
  • Built-in analytics provides full telemetry of endpoints, control-plane traffic (e.g. DHCP and DNS), flow-level analysis and top talkers.
  • Open hardware provides vendor choice and up to 50% cost benefit over legacy box-by-box network packet brokers (NPBs).