Monitoring your networks in Azure – BRK3298

Monitoring your networks in Azure  – BRK3298


>>GOOD AFTERNOON. WELCOME TO THE SESSION ON NETWORK MONITORING. I ALSO HAVE MY CO-PRESENTER HERE. ON TUESDAY, OUR CVP GAVE LAUNCH A WHOLE SET OF NETWORKING PRODUCTS. OVER THE COURSE OF THE WEEK, THEY’VE GIVEN OUR DEEP DIVES ACROSS VARIOUS ASPECTS OF NETWORKING AND COVERED THE CONNECTIVITY OFFERINGS. THEY COVERED THE APPLICATION SECURITY RELATED OFFERINGS AS WELL AS APPLICATION DELIVERY. IN THIS SESSION, WE WILL COVER THE MONITORING-RELATED PILLAR. SO THE OFFERINGS THAT WE HAVE THAT WILL HELP YOU DEBUG AND KEEP TABS ON YOUR NETWORK IN THE CLOUD AND HELP YOU MONITOR NETWORKING-RELATED ISSUES. WHILE LOOKING AT THE NET BOOK MONITORING ITSELF, ONE OF THE BIG CHALLENGES IS NOT IN NETWORK ITSELF. ESPECIALLY IN THE CLOUD. IF YOU LOOK AT THE CONSULTS THAT PEOPLE HAVE — ON PREMISES NETWORK, IT’S ONE ABOUT AVAILABILITY. IT’S NOT MUCH OF A PROBLEM. ON THE CLOUD NETWORK IS USUALLY ALSO MUCH BETTER THAN THE TYPICAL ON PREMISES NETWORK. THE ISSUE IS ONE OF VISIBILITY. ON THE CLOUD NETWORK, WE DO NOT HAVE THE RELEVANT TOOLS THAT GIVE US VISIBILITY INTO WHAT’S GOING ON. THE CLOUD NETWORK APPEARS TO US AS A BIG BLACK BOX. THIS IS A PROBLEM WITH MANAGEMENT TRENDERS WHO HAVE BEEN IN THE BUSINESS FOR THE BETTER PART OF TWO DECADES. AND 2450EZ PEOPLE HAVE PROVIDED A NUMBER OF SOLUTIONS ACROSS THE ENTIRE GAMETE OF NETWORK MANAGEMENT. THE MANAGEMENT TOOLS YOU COULD ARGUE COULD BE USED ON THE CLOUD. THE REALITY IS THEY DON’T WORK. THESE TOOLS FOR CLOUD READINESS. SO THE MANAGEMENT REACH OF MANY OF THESE STOPS AT THE CLOUD PERIMETER. FORTUNATELY, FOR AZURE USERS AND CLOUD USERS. THEY HAVE BEEN PROVIDING CLOUD MONITORING SOLUTIONS. WE HAVE BEEN MONITORING CLOUD FOR A LONG TIME. EVEN MUCH BEFORE AZURE. WE HAVE PROPERTIES SUCH AS SEARCH ENGINES, HOTMAIL. SO WE HAVE TOOLS THAT GIVE US A HIGHER DEGREE OF VISIBILITY. IN DISCUSSING THESE, I WILL COVER MOST CAPABILITIES OF THESE TOOLS. IN WHAT WE DO ON PREMISES AND WHAT THE CLOUD SET OF TOOLS CAN DO. WHEN YOU HAVE AN ISSUE, YOU LOOK AT THE EXISTING NETWORKING MONITORING. YOU HAVE PROBABLY TAKEN AN OPEN SOURCE. YOU LOOK AT THEM. INFORMATION FROM VARIOUS POINTS ON NETWORK. AND PRESENT THEM BY WAY OF CHARGE, ET CETERA. NOW, SHOULD YOU FIND ANY SUSTAINED ABNORMALITY IN THESE GRAPHS, THAT’S WHEN YOU LOOK AT THE DIAGNOSTIC LOGS. WE CALL THIS AS THE PHASE. IS THERE A PROBLEM? IS THERE A DEEFB NATION FROM THE EXISTING NETWORK. AS — I WILL COVER SOME OF THESE IN THE NEXT FEW MINUTES. NEXT PHASE IS THE TROUBLESHOOTING PHASE. YOU DISCOVERED THERE IS SOMETHING WRONG IN THE NETWORK. THE NEXT STEP IS TO ASCERTAIN THAT, YES, SOMETHING IS WRONG AND WHAT IS THE EXACT PROBLEM? THIS IS WHAT WE CALL THE TROUBLESHOOTING PHASE. YOU USE TO TEST THE AVAILABILITY AND THEN IF YOU FIND AN ISSUE WITH PERFORMANCE, THE SEGMENT ON THE PART WHERE THERE’S A PROBLEM. THIS IS WHERE WE HAVE A NUMBER OF TOOLS THAT COVER VARIOUS ASPECTS OF THE NETWORK. SO WE HAVE THE CONNECTION MONITOR. WE TROUBLESHOOT AND I’LL GO MANY OF THESE. IDEALLY, ON THE CLOUD NETWORK, YOU DON’T WANT TO SPEND HOURS SPENT ON DEBUGGING ON REVIEWING A LOT OF THE DATA. THAT’S WHERE THE ROLE OF MONITORING SOLUTIONS COMES IN. SO YOU HAVE SOLUTIONS LIKE NETWORK WATCH AND SUBSOLUTIONS LIKE NETWORK PERFORMANCE MONITOR WHICH WILL DO END TO END MONITORING FOR YOU. AND REPORT ONLY WHEN THEY DETECT AN ISSUE. CAN GO IN AND FIX THE PROBLEM. THE MONITORING SOLUTION ITSELF IS ACCEPTED. AGREED UPON BY PEOPLE. AND PART OF YOUR WORK FLOW. THIS IS WHERE YOU MOVE TO THE NEXT LEVEL. OPTIMIZING IT FOR CAPACITY. OPTIMIZING IT FOR PERFORMANCE, EFFICIENCY, ET CETERA. AND FINALLY, DATA EXISTS IN OTHER SILOS. MAY BE CAPTURING PERFORMANCE RELATED DATA. SO THE NETWORK PORTFOLIO ALLOW YOU TO EXPORT THE DATA AND ACROSS OTHER SOLUTIONS. SO MOVING ON TO THE FALL SOLUTION. IN THE PRE-CLOUD WORLD, YOU USE TO EVEN CLOUDS. AND CORRESPONDING ON THE LINUX AND NETWORK WORLD WE HAVE LOG INFORMATION. ALL OF THE INFRASTRUCTURE AND APPLICATIONS PUT OPERATIONAL SIGNALS INTO AZURE MONITOR. THIS IS A SNAPSHOT OF SOME OF THE KEY NETWORKING FUNCTIONS THAT WE HAVE IN THE CLOUD. AND THE METRICS THAT ARE PUT OUT IN AZURE MONITOR. SO TYPICALLY, THE MOST COMMON METRICS THAT YOU NEED TO SEE IF THINGS ARE FINE , THAT’S THE METRICS PART. FAILED REQUESTS, ET CETERA. IF YOU NEED TO DRILL FOR IT, YOU CAN ACCESS THE LOGS FROM EACH OF THESE. THINK OF AZURE MONITOR AS THE EVENT LOG FOR THE CLOUD. SO YOU CAN IS WANT TO TRACK. AND CREATE DASH BOARDS FOR THESE. IF YOU ARE INTERESTED IN OFF LINE PROCESS, CLICK ON THE DOWNLOAD LINK. THE DATA ITSELF GIVEN THE LARGE VOLUME OF DATA, IT HAS ACCESS SO WE CAN SLICE THE DATA. YOU CAN ALSO GENERATE THE AZURE MONITOR AS YOUR ALERT. CONSUME THEM AS EMAILS OR IF YOU HAVE ORCHESTRATION SYSTEMS IN PLACE, YOU CAN USE WEB HOOKS TO CONSUME THIS DATA. AND IS RETAINED FOR THREE MONTHS. NOW THROUGH AZURE MONITOR, YOU ARE LOOKED AT THE VARIOUS SIGNALS AND THERE IS A NETWORKING ISSUE. THE NEXT STEP IS TO DEEP DOWN DOUBLE DOWN AND CHECK WHAT THE NET ISSUE IS. THAT’S WHERE NETWORK WATCHER COMES IN. IT’S A CLOUD AWARE. NETWORK MONITORING SOLUTION. NETWORK MONITORING SUITE OF SOLUTIONS. IT HAS SUBCAPABILITIES WITHIN IT. SO LIKE THE THING THAT WE DISCUSSED EARLIER, YOU CAN DO CONNECTIVITY CHECKS. YOU CAN TROUBLESHOOT CONFIGURATION ISSUES OR FIREWALL RELATED ISSUES. THE EASIEST WAY TO GET TO NETWORK WATCHER IS SEARCH FOR NETWORK WATCHER IN THE SEARCH PORTAL. AND YOU SEE THE WHOLE SLEW OF CAPABILITIES. THE CONNECTIVITY MONITOR, THINK OF THIS AS THE EQUIVALENT OF THE CLOUD. IT IS LOGICAL POLICY AWARE. CAN DETECT VARIOUS POINTS IN THE NETWORK. BUT THE APOLOGY AS WE AS A CUSTOMER SEE IT. IT CAN DETECT CONFIGURATION ISSUES THAT MAY BE BLOCKING CONNECTIVITY. IN THIS PARTICULAR CASE, I HAVE A VM ON MY LEFT SIDE TRYING TO CONNECT TO AN ON-PREMISE ON THE EXTREME RIGHT. CONNECTION MONITOR HAS DETECTED THERE ARE THREE DIFFERENT HOPS. TWO ARE IN AZURE. AND ONE IS THE REMOTE ROUTER. THE PACKETS THAT ARE UNABLE TO GET PAST THE FIRST GATEWAY. WHICH IS BLOCKING ALL OUR TRAFFIC. LET’S TAKE ANOTHER EXAMPLE. WE HAVE A MULTI-TIER APPLICATION THAT IS NOT FUNCTIONAL. AGAIN, THREE TIERED APPLICATION. THE FRONT END WHICH IS THE FIRST ONE YOU SEE IS ABLE TO CONNECT TO THE APPLICATION TIER. BUT THE MIDDLE TIER IS NOT ABLE TO CONNECT TO THE LAST TIER. THE RIGHT MOST NECK WHICH IS HOSTING THE DATABASE. HERE IN THIS CASE, THE DATABASE IS HOSTED ON THE VM AND THE FIREWALL IS BLOCKING INCOMING TRAFFIC. YOU CAN SCHEDULE CONNECTION MONITOR BASIS. YOU CAN SET IT IN MULTIPLES OF FOUR. YOU CAN SET ALERTS. SHOULD YOU CHOOSE TO INTEGRATE THIS DATA TO MONITORING SOLUTIONS AND INTEGRATE WITH LOGICAPS. NOW, CONNECTION MONITORING ITSELF WORKS FROM YOU CAN RUN THIS TEST FROM ANY VM OR ANY APPLICATION GATEWAY IN AZURE TO ANY DESTINATION. OUR DESTINATION HERE BEING A COMBINATION OF AN IP ADDRESS AND A PORT. WE ALSO HAVE DIAGNOSTICS AND HEALTH INFORMATION FOR OTHER CAPABILITIES THAT WERE ANNOUNCED ON TUESDAY. WE HAVE HEALTH INFORMATION FOR VPN GATEWAY, ET CETERA. WHEN YOU USE TO CONNECT TO EXTERNAL NETWORKS, THE HEALTH OF THE CONNECTION ITSELF IS A FUNCTION OF TWO VARIABLES. ONE IS THE HEALTH OF THE GATEWAY. THE SECOND ONE IS GATEWAY CONNECTION ITSELF. RUNNING THE DIAGNOSTICS AVAILABLE FROM WITHIN YOUR NETWORK WATCHER PORTAL WILL CHECK THE GATEWAY ITSELF AND THE GATEWAY CONNECTION. YOU CAN ACCESS — YOU CAN ACCESS THE GATEWAY LOCKS ALSO. WE CHECK TO FIX ISSUES. MANY OF THE COMMON ISSUES WE FIND ARE ISSUES SUCH AS THE GATEWAY MAY BE IMPROPERLY CONFIGURED. YOU CAN ALSO ACCESS THE DIAGNOSTIC LOGS IN THIS CASE. THERE MAY BE SITUATIONS — THE NETWORK ITSELF IS FUNCTIONAL. SO THERE ARE APPLICATIONS ON THE NETWORK THAT ARE AVAILABLE TO TALK AND PERFORM SPECIFIC ACTIONS. PROBABLY DUE TO THE WAY IT CONTRACTS TO THE NETWORK. GENDER IN THE WIDELY USED THAT ANALYZE THIS AND PROVIDE REPORTING ON THIS. IT’S SUPPORTED ON THE OPERATING SYSTEMS. YOU CAN STORE THE DATA IN THE BLOG FILE OR STORAGE BLOCK OR INTO FILE ON THE LOCAL VM. GIVEN THE LARGE VOLUME OF DATA WITH THE PACKET CAPTURED OVERTIME, WE HAVE THE NECESSITIES YOU CAN USE. SO, FOR EXAMPLE, LIMIT THE CAPTURE TO A CERTAIN DURATION. YOU CAN ALSO LIMIT THE PACKET CAPTURE TO A CERTAIN HEADERS. JUST IN CASE YOU ARE INTERESTED IN HEADERS. YOU CAN ALSO LIMIT THE PACKET CAPTURE TO APPLY ONLY WHEN A SPECIFIC I-T ON THE LOCAL SIDE OR REMOTE SIDE IS INVOLVED. NOW, THERE WILL BE INSTANCE S YOU HAVE TO KEEP TRACK OF ALL OF THE INTERACTIONS IN THE NETWORK. YOU CAN TURN ON FLOW LOGS. IT IS A TRANSACTION BETWEEN A SOURCE AND A DESTINATION. THE DESTINATION IT IS TRYING TO REACH. THE KIND OF TRANSACTION AND WHETHER THE TRANSACTION WENT THROUGH OR WAS BLOCKED. NOW, MANY OF THE ORGANIZATIONS ACROSS HEALTHCARE ACROSS INSURANCE AND MANY OF THE INDUSTRY VERTICALS USE FLOW LOGS ON A REGULAR BASIS TO CAPTURE AND KEEP RECORD OF THE STRAIGHT OF THE NETWORK. THE FLOW LOGS ARE VERY LOW LATENT — LATENCY. ALLOWS US TO CAPTURE THE FLOW LOGS ACROSS ALL OF YOUR SUBSCRIPTIONS GIVEN THESE ORGANIZATIONS HAVE MULTIPLE SUBSCRIPTIONS CATERING TO VARIOUS DEPARTMENTS. YOU CAN CAPTURE ALL OF THE SUBSCRIPTIONS IN ALL OF THE FLOW LOGS ACROSS THE SUBSCRIPTIONS INTO A SINGLE SUBSCRIPTION. THERE ARE A NUMBER OF TOOLS FROM MICROSOFT FOR ANALYZING THE DATA. IT’S A SOLUTION FROM MICROSOFT THAT SOFTS THE SAME PROBLEM. TRAFFIC ANALYTICS LOOKS AT THE FLOW LOG DATA. ONE OF THE BIGGEST ISSUES IS LACK OF VISIBILITY. AND WHEN IT COMES TO VISIBILITY, HERE YOU HAVE THE DASH BOARD. THE GLOBAL MAP AND IT GIVES YOU A VIEW OF HOW WE ARE USING THE CLOUD. THE NUMBER OF REGIONS THAT ARE ACTIVE. THE NUMBER OF REGIONS YOU DEPLOY INTO. OTHER THAT ARE BASICALLY INACTIVE. WHAT APPLICATIONS ARE RUNNING ON YOUR NETWORK? IT’S POSSIBLE THAT DURING THE DESIGN PHASE, NETWORK ARCHITECT ND SOMEONE HAS INSTALLED A DATABASE SERVER. IT WILL BE A TEDIOUS TASK AND SEE IT. YOU WILL BE ABLE TO DETECT THE TYPE OF WORKLOAD. AND BE ABLE TO AUDIT YOUR NETWORK. YOU CAN ALSO DETECT WHO THE TOP TALKERS ARE. THE PROTOCOLS AND USE THE ONES THAT ARE ACTIVE ON THE NETWORK. FROM A SECURITY STAND POINT, TRAFFIC ANALYTICS CAN FIND WHICH OF YOUR VMs AND SUBNETS ARE TALKING TO KNOWN MALICIOUS SOURCES. AND COMBINE IT WITH OTHER SECURITY FEEDS YOU HAVE AND LOOK AT IT INSIDE. IT’S POSSIBLE YOU HAVE VMs THAT ARE BACK END VMs AND ATTEMPTING COMMUNICATION TO THE OUTSIDE. WE CAN DETECT THAT. THIS IS INFORMATION YOU CAN USE IN BETTER DESIGN. THE THIRD USE CASE IS OPTIMIZATION. IN THIS PARTICULAR CASE, YOU SEE THAT WE HAVE DEPLOYED OUR WORKERS. ONE OF OUR SERVICES HAVE DEPLOYED WORKLOADS. IN THE BULK OF THE USERS ARE COMING IN FROM EUROPE OR ASIA REGION. OBVIOUS SIGN YOUR WORKLOAD IS BETTER OFF IN THE REGION. THE PERFORMANCE IS BETTER BECAUSE THE LATENCY IS GOING TO BE SIGNIFICANTLY REDUCED WHEN THE SERVERS ARE CLOSER TO THE USERS. NOT GENERATING ANY TRAFFIC. YOU CAN REDUCE, SHUT THEM DOWN AND REDUCE COSTS. WE HAVE A SOLUTION THAT MONITORS NETWORK. IT MONITORS CONNECTIVITY BETWEEN ANY TWO FORMS ON NETWORK. MAY BE TWO SUBNETS. BRANCH AND THE DATA CENTER AND BRANCH AND A CLOUD ARE ANY COMBINATIONS OF THESE. SO HERE, MONITORING CONNECTIVITY TO EXCHANGE ONLINE. AND THIRD PARTY SERVICES, WEB SERVICES, ET CETERA. IT HAS ALL OF THE PARTS AVAILABLE BETWEEN THE SOURCE AND THE DESTINATION. HAS DETECTED ALL OF THE HOPS AND THE PERFORMANCE OF EACH. NOW, QUITE OFTEN, THE SERVICE OUTAGE, WE RUN INTO AN ISSUE WHETHER IT’S — THE QUESTION THAT USUALLY ARISES AND LEADS TO A LOT OF BACK AND FORTH IS WHETHER IT’S A KNELT WORKING ISSUE OR APPLICATION ISSUE. SO THE TOP LINE YOU SEE, THE LINE WITH A LOT OF SPIKES, APPLICATION RESPONSE TIME CHLT AND IT’S THE NETWORK LATENCY GRAPH. YOU CAN SEE IT’S FAIRLY CONSTANT. THE APPLICATION RESPONSE TIME IS SPIKING. IN THIS PARTICULAR CASE, THE NETWORK IS NOT THE PROBLEM. IT’S AN APPLICATION ISSUE. THE PERFORMANCE IS DUE TO AN APPLICATION. NOW, CONTRAST THIS WITH THIS PARTICULAR CHART. YOU SEE WHEN THERE’S A SPIKE IN NETWORK PERFORMANCE, THERE HAS ALWAYS BEEN A SPIKE CORRESPONDING SPIKE IN APPLICATION RESPONSE TIMES. NETWORK PERFORMANCE MONITOR CAN ALSO MONITOR THE PRIMARY AND SECONDARY THAT’S AVAILABLE. AND WE CAN GIVE YOU THE LAWS AND LATENCY. AND ALSO DETECT THE PRIMARY MAY BE UP BUT THE SECONDARY IS DOWN. LOOKS LIKE IT’S FUNCTIONAL BUT JUST WAITING FOR THE PRIMARY TO FAIL BEFORE YOU LOSE CONNECTIVITY. OTHER CONDITIONS IS FINE BUT ROUTES ARE MISS CONFIGURED. AND TRAFFIC IS NOT FLOWING. BASICALLY, PAYING FOR A SERVICE YOU ARE NOT UTILIZING. WE CAN DETECT THE CAPACITY UTILIZATION THAT IS THE E-R BAND WIDTH ARE USED BY ANY PARTICULAR VNET. THEY CAN MONITOR BOTH PRIVATE AS WELL AS MICROSOFT PEERING. OUR RECENT ANNOUNCEMENT THAT WE RELEASED IS THE ABILITY TO USE ONE INSTANCE TO MONITOR — ACROSS ALL OF YOUR SUBSCRIPTIONS. WITH THAT, I WOULD LIKE TO INVITE KOPTICK TO FINISH.>>HI. SO HE TALKED A LOT ABOUT TROUBLESHOOTING BETWEEN SUPPORTING AZURE. SO WHAT I WANT TO TALK ABOUT IS A NEW CAPABILITY WE ARE LAUNCHING IN AZURE WITHIN NETWORKING. THIS IS TO BRING A COMPLETELY NEW ECO SYSTEM INTO AZURE. THE SCENARIO IS BASICALLY IN YOUR ON-PREMISE DATA CENTER NETWORKS, YOU ARE USED TO SOLUTIONS. CONTINUOUS MONITORING OF NETWORKS. YOU HAVE YOUR IDEAS AND IDP SOLUTIONS. AND YOU WANT TO BE ABLE TO USE THOSE CAPABILITIES IN AZURE AND LOOK FOR CAPABILITIES IN AZURE. I WANT TO SERVE THE CONTEXT ON WHERE WE ARE COMING FROM WITH RESPECT TO THINKING ABOUT THE SOLUTION. A WAY TO START WITH THE TRADITION ON-PREMISE NETWORK. YOU HAVE YOUR INFRASTRUCTURE THE PHYSICAL NETWORK AND STUFF LIKE THAT. SO IF YOU ARE GOING TO GET TRAFFIC FROM THIS AND WANT TO DO PERFORMANCE MANAGEMENT AND SCENARIOS WITH THIS, YOU ARE GOING TO ATTACH A TAP AT DIFFERENT POINTS. THIS TAP IS SOMETHING THAT DOESN’T ENTER INTO THE PRODUCTION TRAFFIC. YOU ARE ABLE TO MAKE A COPY OF THE PACKET AND ABLE TO SEND IT TO YOUR PACKET BROKERS. THEY ARE HARDWARE APPLIANCES THAT YOU ARE DEPLOYING DATA CENTERS. SO WHAT YOU THEN DO IS YOU HAVE ECO SYSTEM OF DIFFERENT TYPES OF APPLICATION OPERATIONS, NETWORK OPERATIONS, SECURITY OPERATIONS AND FORENSICS BASICALLY. YOU ARE TAKING A DEEP COPY OF THE ENTIRE PAY LOAD. AND ABLE TO SEND THIS TRAFFIC TO THE TOOLS. THE TOOLS REQUIRE THE METADATA SO THEY ARE ABLE TO KIND OF MANAGE THIS SET UP IN THE ON-PREMISE DATA CENTER. NOW, WHEN IT MOVES TO THE CLOUD, THE QUESTION A LOT OF CUSTOMERS ASKING IS HOW DO I GET COMPLETE VISIBILITY? IT’S ONE SCENARIO. BASICALLY, ABLE TO TAKE THE DATA AND SOLVES ALL OUR PROBLEMS. IF YOU WANT TO ROLL THE SCENARIOS AND FIND OUT IF THERE’S ANY PERFORMANCE ISSUES BETWEEN THE DEPARTMENTS WITHIN THE CLOUD AND STUFF LIKE THAT AND USING TOOLS IN THE ON-PREMISE AND WANT TO USE THE SAME TO BRING THE TOOLS IN THE CLOUD, CUSTOMERS HAVE BEEN LOOKING FOR SOLUTIONS LIKE THIS. JUST ABOUT A YEAR BACK, WE DID THIS PROBLEM AND LOOKING AT IT QUITE CLOSELY. WE HAVE A COUPLE SOLUTIONS IN THE MARKETPLACE. THESE SOLUTIONS ARE AGENT BASED. SO HIGHLIGHTED THE SOLUTION THEY HAVE IN THE MARKETPLACE. THEY ARE USED TO ACQUIRE THE TRAFFIC FROM THE LOCAL NETWORKS. AND THEY STREAM THE PACKET TO THE VCDs WHICH ARE NETWORK APPLIANCES WHICH CAN — AND THEN YOU ARE ABLE TO THEN STREAM IT TO MULTIPLE DIFFERENT TOOLS. IT WORKS EFFICIENTLY AND EVERYTHING IS FINE. THIS IS AGENT BASE. AGENT BASED SOLUTIONS HAS A LOT OF PROBLEMS. IF YOU ARE THINKING ABOUT FEEDING THE SOLUTIONS IN DIFFERENT TYPE OF A SECURITY, YOU HAVE ONE AVAILABILITY TYPE OF PROBLEMS IN SELLING THE AGENTS. COVERAGE GAPS THAT YOU CANNOT SOLVE WORKLOADS YOU ARE RUNNING IN AZURE. AND ALSO HAS PERFORMANCE IMPLICATIONS. AND THEN IF YOU ALREADY HAVE AN OPERATING WORKLOAD IN THE CLOUD AND YOU WANT TO USE AN AGENT BASED SLAUGSS, TO WORK WITH YOUR EXISTING WORKLOADS IS A CHALLENGE BASICALLY. SO IT ALSO CAUSES A LOT OF FRICTION BETWEEN SECURITY OPERATIONS. AND SECURITY OPS NO NEED IN ACCESS TO BE ABLE TO RUN THE AGENTS AND ALSO TO BE ABLE TO MAINTAIN AND UPDATE THE AGENTS AND STUFF LIKE THAT. SO ALL OF THIS IN THE CONTEXT OF CONTINUOUS VISIBILITY FOR TRAFFIC IN THE CLOUD, IT CAME TOGETHER AND WE HAVE BEEN THINKING ABOUT THIS PROBLEM AND HOW TO BRING THIS ECO SYSTEM BACK AND PROVIDE SOLUTIONS TO CUSTOMER. SO WE ARE HAPPY TO ANNOUNCE IN PLATFORM NATIVE SOLUTION TO BE ABLE TO ACQUIRE TRAFFIC FROM THE PUBLIC LOAD WITHOUT USING AGENTS. SO IT’S BASICALLY JUST LIKE HOW WE DO IN NETWORKS, CAN BE SECURITY GROUPS AND STUFF LIKE THAT. THEY ARE USING OUR AZURE RESOURCE MANAGER APIs. BE ABLE TO GO AND ATTACH A TAP. SO IN THIS PICTURE, I HAVE WASH — VIRTUAL MACHINES. SO ALL THIS TRAFFIC IS CONTINUOUSLY STREAMED TO THE PACKET BROKERS. SO WHAT WE HAVE DONE IS BASICALLY A HANDFUL OF NETWORK PARTNERS. AND BROUGHT THEM INTO THE CLOUD. AND THEY ARE WORKING TOWARDS LAUNCHING THE SOLUTIONS IN THE MARKETPLACE. BEHIND THIS PACKET BROKERS, YOU HAVE ALL THE TOOLS FOR THE APPLICATION PERFORMANCE MANAGEMENT. AND FORENSIC I CANS AND SECURITY. WE ARE BUILDING AND GROWING ECO SYSTEM WITH THE PARTNERS THAT ARE GOING TO OFFER THE SOLUTION INTO THE CLOUD BASICALLY. SO ECO SYSTEM OF PARTNERS. AND THE OTHER THING THAT I WANTED TO HIGHLIGHT IS JUST LIKE YOUR DATA CENTER NETWORKS, IF YOU HAVE SECURITY OPERATIONS WHO HAVE THE DESCRIPTION OF PLACING THE TABS WHERE THEY WANT AND ACQUIRE THE TRAFFIC AND SEND IT TO THE PACKET BROKERS, WE ARE ABLE TO DO THE SAME THING IN AZURE JUST BY ACCESS CONTROL. FOR YOU TO BE ABLE TO KIND OF ADMINISTRATE POLICIES ON THEM. SO THE SECURITY OPS WITHIN A MONITORING BOUNDARY AND NOT BE ABLE TO TAMPER THE TAP. SO HERE IS THE ECO SYSTEM OF PARTNERS. STARTING FROM THE BOTTOM, WE HAVE PACKET BROKERS. WE HAVE BIG SWITCH. ONE OF THE THINGS I WANTED TO HIGHLIGHT IS THE WAY THIS ECO SYSTEM IS MOVING IS BASICALLY, YOU DON’T HAVE TO KIND OF GO AND CONFIGURE A TAP. SOME OF THE SOLUTIONS ARE VERY CREATIVE. COULD BE A SUBSCRIPTION OR SET OF RESOURCE GROUPS. COULD BE NETWORKS WITHIN THE REGION. YOU CAN GO AND KIND OF SAVE IT HERE. SO WHAT THEY WILL DO IS THEY TALK TO THE NETWORK TAP AND AUTOMATICALLY ATTACH A TAP AND THEY CAN STREAM IT TO THE END OF THE PACKET COLLECTOR AND INTO THE TOOLS BASICALLY. AND APPLICATION PERFORMANCE MANAGEMENT SOLUTIONS. AND IN THE SECURITY SPACE, THEY’VE BEEN ABLE TO BUILD A GOOD ECO SYSTEM. SO THESE ARE REALLY CREATIVE SOLUTIONS WHICH OFFER THIS PREDICTION AND SOLUTIONS.>>IN THIS CASE, I’M USING A CL COMMAND. I DON’T HAVE ANY AGENTS, I’M JUST REMOTELY CALLING AN API. AND IT IS NOW SAYING THAT ANY TRAFFIC GOING THROUGH A VM I WANT A COPY OF THAT. SO LET’S SWITCH TO THE TOOL. HERE IF YOU ARE SEEING, THESE ARE THE TRAFFIC THAT IS COMING IN. SO ANY TRAFFIC THAT IS GOING THROUGH A PRODUCTION VM, WE ARE MAKING A COPY OF IT WITHOUT HAVING ANY AGENTS. CONTINUOUSLY STREAMED TO THIS DESTINATION. SO TO MAKE IT MORE FUN, LET ME SWITCH TO MY APPLICATION VM. I’M GOING TO INITIATE THE PORT SCAN FROM HERE. FROM 10 624 TO 10647. LET’S SEE WHAT HAPPENS. SO THE PORT SCAN HAS STARTED HERE. STARTED IN ALL OF THE VMs HERE FROM 10624 TO 47. SO LET ME SWITCH AND SHOW YOU HOW THIS LOOKS. SO IF YOU SEE HERE, I’M ABLE TO SEE ALL THE TRAFFIC GOING FROM THAT. IT’S TARGETING ALL THE VMs AND I’M ABLE TO SEE ALL THE TRAFFIC TO THIS VM. LET ME SWITCH TO THE PLANS AND SHOW IT HOW IT LOOKS. SO WHAT I’VE DONE IS CREATED A DEVICE GROUP. BASICALLY ALL MY VMs SO THE IMAGES ARE 10614. IT’S INITIATING THE TRAFFIC. SO LET ME SWITCH HERE AND SHOW YOU A MAP ON HOW IT LOOKS. SO IT’S BASED ON THE TRAFFIC. THE PRODUCTION TRAFFIC — ALL THIS TRAFFIC DOING A DEEP PACKET INSPECTION COMING FROM A MALICIOUS VM AND ENTERING THIS VIEW FOR YOU. SO NOW, I SET UP AN ALERT ON THIS AND I’M ABLE TO NOW SEE ALL OF THESE DATABASE VMs ARE NOW WITHIN THE HAVE A SIN — VICINITY OF AN ATTACK. IF YOU LOOK AT THE MALICIOUS VM AND LOOK AT THE TCP PACKETS CENTER OF THIS. SO NOT ABLE TO GET EACH OF THE PACKETS AND ANALYSIS PACKETS. SO IF I’M GOING TO THESE APPLIANCES THAT ARE ABLE TO KIND OF GIVE INFORMATION IN TERMS OF AN ACTUAL THREAD THAT HAS HAPPENED. ABLE TO REPORT THIS PARTICULAR MALICIOUS VM IS THE ONE THAT CAUSES THAT ACT BASICALLY. SO LET ME JUST SWITCH BACK TO MY SLIDE DECK. SO I’M GOING TO SHOW YOU A SMALL VIDEO OF HOW NET SCOPE IS USING THE NETWORK APP AND THEY ARE ABLE TO PROVIDE SOLUTIONS OF MANAGEMENT.>>TRANSLATE THE UNPACK ADJECTIVE DATA INTO KEY PERFORMANCE METRICS WITH SMART DATA TO MONITOR THE HEALTH OF NETWORKS, APPLICATIONS AND THEIR DEPENDENCIES. THE COMPONENTS OF THE SOLUTION COMPRISED V STREET WHICH GENERATES THE SMART DATA AND THE Y DATA. AND THE PLATFORM WHICH RECEIVES THE SMART DATA AND TOP DOWN WORK FLOWS. INTELLIGENT ANALYSIS ALERTING, REPORTING AND DRILLING DOWN. THIS DEMO SHOWS IT IN ACTION MONITORING A MULTI-TIERED APPLICATION. HERE’S THE DASH BOARD WITH EACH ONE ILLUSTRATING HIGH LEVEL MATRIX. WE’VE HIGHLIGHTED THESE METRICS BUT, OF COURSE, THERE’S MANY TO CHOOSE FROM. FROM THIS, DNS HAVE PROBLEMS. LET’S DIG IN TO THE APP LAYER BY LOOKING AT THE SPECIALIZED SERVICE MONITOR. THE TOP ROWS INDICATE KEY PERFORMANCE METRICS. IF WE FOCUS ON THE PERFORMANCE BETWEEN APP SERVER 1, WE SEE APPLICATION LATENCY IS HIGH AND GENERALLY MUCH HIGHER THAN OTHER COMMUNICATIONS HERE. LOOKING AT THE PERFORMANCE VARIATION, THIS IS CONSISTENTLY DEGRADED. TO DRILL DOWN ON THESE ISSUES, WE CAN GO TO SESSION ANALYSIS. AND JUST THE SELECTED SESSIONS. HERE WE SHOW SESSION METRICS RANGING FROM THE URL SLOW TO SEARCH AS WELL AS THE ARROWS WITH THE LIGHTER DIAGRAM WITH OUR 500 INTERNAL SERVER. AND FROM HERE, WE CAN MINE THE PACKETS STORED. THIS SHOWS THE FORENSICS AND WHERE THE ARROWS ARE FROM. YOU SEE THIS IS FROM VTAT IN CAPTAIN INVESTIGATION. FOR THIS DEMONSTRATION, IT’S IMPORTANT TO KNOW IT’S ANALYZING THE PERFORMANCE AND WE SEE THIS AS HTP APPLICATION TRAFFIC. IN SUMMARY, THIS WAS A QUICK DEMONSTRATION PROVIDING THE Y DATA TRANSFORMED TO Y DATA AND IN COMBINATION PROVIDES KEY INSIGHTS TO PERFORMANCE AND DEPENDENCIES IN HYBRID CLOUD.>>SO AT THIS POINT, WE ARE PREVIEWING THE NETWORK TAP AND WE ARE HAPPY TO RECEIVE CALLS FROM THE CUSTOMERS TRYING THIS CAPABILITY. EXCITING TO SEE WE ARE ABLE TO STORE ECO SYSTEM OF PARTNERS OR LOOKING AT OFFERING SOLUTIONS. SO I WANT TO ROLL A VIDEO.>>FLEXIBILITY, RESILIENCY AND SCALE ABILITY ARE SOME OF THE INITIATIVES INVOLVED IN US TO MOVE TO PUBLIC CLOUD. WE DECIDED TO GO WITH AZURE VERSUS OTHER CLOUD PROVIDERS DUE TO THE SEAMLESS INTEGRATION WITH ON-PREMISE INFRASTRUCTURE AND SCALE AND FLEX INTO THE CLOUD. WE HAVE IN-DEPTH MICROSOFT STAFF HERE. WE USE APPLICATIONS LIKE SYSTEMS CENTER, OMS AND HYPER V WHICH INTEGRATE INTO THE CLOUD SPACE. PLAYED A KEY ROLE IN OUR ON-PREMISE INFRASTRUCTURE. OUR PARTNERSHIP HAS BEEN SUCCESSFUL IN HELPING US AND WE’RE VERY EXCITED TO BE ABLE TO USE THEM IN THE CLOUD SPACE. SO THAT WE CAN INTEGRATE WITH OUR ON-PREMISE AND AZURE SPACE. WILL ACTUALLY HELP REDUCE THE OVERHEAD AND TOTAL COST OF OWNERSHIP BY NOT HAVING TO INSTALL ENGINE-BASED CLIENTS ON EVERY SINGLE HOST THROUGH OUR PRODUCTION CATEGORY. AND HELP WITH THE EASE OF DEPLOYMENT. IT WAS A REALLY GOOD EXPERIENCE. PROVIDES THE COMPLETE TOTAL SOLUTION.>>SO AT THIS POINT, WE ARE IN PREVIEW. SO WHAT WE WOULD LIKE TO DO IS BASICALLY, FOR ANY CUSTOMERS INTERESTED, THERE IS A LOT OF DOCUMENTATION AS WELL. IF YOU COULD SEND AN EMAIL TO THE MAILING LIST. WHAT WE WANT TO BE ABLE TO DO IS MAKE SURE THAT YOUR ON-BOARDING EXPERIENCE IS GOOD AND YOU HAVE A VERY GOOD EXPERIENCE. WE WOULD LIKE TO MATCH YOU WITH A PARTNER WITH WHOM YOU’LL HAVE A SOLUTION. SO IF YOU ARE INTERESTED IN THIS CAPABILITY, WE HAVE A PREVIEW. AND GOING TO TRY TO GET THIS INTO A LEVEL CAPABILITY. IF YOU ARE A PARTNER TRYING TO HAVE A SOLUTION, WE HAVE AN EMAIL HERE. EMAIL US AND WE’LL TELL YOU HOW TO MAKE YOU A PARTNER.

Leave a Reply

Your email address will not be published. Required fields are marked *