The Phantom Benefactor: Virtual Tap adds a key layer of monitoring
- By Greg Crowe
- Nov 02, 2011
Server virtualization is a cost-effective way of providing network services. It does all the things that a conventional array of separate physical servers can do, but takes up much less rack space, and uses a heck of a lot less power. It’s definitely the way of the future in terms of running a network.
Basically the way it works is that an actual computer runs an application that allows it to create virtual machines (VMs). These VMs act just like independent computers, with their own processing power, memory, and hard drive space.
But in actuality they are pieces of software that are using the resources of the physical computer. The VMs do all of their business with each other as quick as two applications running on the same machine (because that’s essentially what they are). Any communication with the rest of the network or beyond is done through an encapsulated tunnel.
More GCN Lab reviews:
Slick iPad app helps detectives become super sleuths
At last, a key drive the government can love
However, there is one major problem with this method, the one reason that might make network administrators for government organizations hesitate to adopt it. While any data going through a tunnel to or from a virtual space can be regulated just like any other conventional network traffic, the communication between virtual servers within the same space is typically not monitored. Only when traffic enters or leaves that space can traditional monitoring appliances catch suspicious activity, but by then it may already be too late.
The Phantom Virtual Tap from Net Optics answers this need quite nicely. The Virtual Tap consists of two components: the Phantom Monitor, which keeps track of the virtual traffic, and the Phantom Manager, a web-based administrator console that shows the activity in a variety of forms.
The Phantom Monitor installs onto a network’s virtual host, and inserts itself “in-line” between the virtual machines and the virtual switch, or v-switch, which is in the hypervisor kernel of the virtualization host. From there it can monitor and report all IP traffic between all of the virtual devices in that space. It manages to do this without interfering in the inter-VM traffic, and no modifications of the VMs are necessary to make the Tap work.
It sends the encapsulated data through the same tunnel that the rest of the network traffic uses to leave the virtual space. At that point Phantom Manager can show the activity at a glance and generate reports. Since Manager is Web-based it can be accessed on any computer in the network.
The statistics generated can be drilled down to even the packet level, so the root cause of any suspicious activity should be possible to find with this monitor. One installation of Phantom Manager can manage multiple Virtual Taps, which is useful because an instance of the Tap needs to be installed on each physical server hosting a virtual space.
The Phantom Virtual Tap is a great resource for a network that already has a virtualization solution in place. However, for those administrators thinking about throwing the VMWare on a server, Net Optics does provide an array of appliances and software that may also be useful. These items, such as tunneling appliances and data monitoring switches, may be necessary to set up the virtual environment you need, and they are built to integrate with the Phantom suite.
If server virtualization is a direction you were thinking of taking your network, or if you already have done it and discovered that traffic monitoring is now a concern, then the Phantom Virtual Tap from Net Optics may be just what you are looking for.
There are a lot of appliances that do what Virtual Tap does in the physical space. We’ve reviewed quite a few. But this is the only one we are aware of that works in the virtual space, which is a need that government will soon have in abundance. For filling that need, the Virtual Tap earns the GCN Lab Product of the Month for November.Net Optics, www.netoptics.com