Monday, May 21, 2018

Crack that egg – Limitations of traditional networking solutions

Last week I had the opportunity to be at Interface Atlanta. This is a networking conference, so I heard a lot about software defined networking and network functions virtualization. There is a big push within large organizations for products such as VMWare NSX and Cisco ACI.

Traditional IT is becoming more and more cumbersome for large organizations to maintain and manage. Traditional IT is like an egg. You can see the shell, but you can’t see what’s going on within it.

The egg shell represents the network edges or what we call the North-south traffic. However, in the last few years as more and more applications and servers have become virtualized, its gets hard to manage the yolk and the egg-white which basically represents the East-West traffic.

Software defined networking and solutions such as VMWare NSX provide valuable benefits to enterprise customers.

  1. Makes provisioning flexible and fast – Setting up a network in NSX is as easy as creating VM’s in vCenter. 
  2. Granular security – SDN has the ability to provide fine grained security when dealing with logical firewalls and micro-segmentations.
  3. Reduce costs – There is a lower hardware cost and improved efficiency in the management of the network.

Most attendees I spoke to at Interface made decisions on moving towards SDN solutions such as NSX, however, they did not have a strategy for monitoring their new gen networks. They still believed they could use traditional monitoring solutions to help monitor this new wave in Networking.

Most traditional monitoring solutions provide visibility to the network edges without giving the networking team the visibility into traffic flow within their virtual environment. There are many disadvantages that come along with this – 
  1. Security – North-South traffic firewalls are not invincible. Sometimes Malwares can break through the firewall and start infecting the VM’s. This is where East-West traffic visibility comes handy. 
  2. Virtual packet drops – Virtual packet drops cannot be detected by traditional monitoring solutions. I was talking to a customer recently who had recently migrated to a newer “more efficient” datacenter. They experienced slowness after the migration and the networking team using their traditional monitoring tools were unable to discover this issue. After bringing in a consultant and installing a east-west monitoring solution, they were quickly able to identify their issue as virtual packet drop issue. 
  3. Micro-segmentation – Traditional monitoring tools cannot identify the different micro-segmented “islands” and relationships between different VM’s. Moreover, creating micro-segmentation rules is not a one-off process. It requires continuous iterations through monitoring.  

With next gen software defined networking solutions such as VMWare NSX, it’s important to use next solutions geared towards giving you that East-west traffic visibility. It’s time to crack open that egg!

Friday, May 18, 2018

Tear down the Wall!!!

Over the last few months, as I’ve been attending the VMUG UserCon events, I have been getting feedback from the attendees on their monitoring practices.

One such question was “How many tools do you own for the monitoring and troubleshooting of your private and public cloud environment?”

We discovered that most people have about 2-4 monitoring solutions for their datacenter. Each does its own specific task of either monitoring whether its uptime, the compute resources, storage or even the applications and networks. These tools create certain barriers and its quite hard to correlate across these monitoring tools to get to the root cause.

In certain cases, employees within a team are responsible for only a certain task. They use a single tool, and if their tool shows everything is ok, then they feel they are vindicated from the problem. This creates a siloed working atmosphere within the same department. 

Having people within a same department work in siloes has a lot of dangerous implications such as –

  1.       "Finger-Pointing” where conflicts between different people leads to unwanted resentment.  
  2.       "Not my job” mindset where a person has a myopic focus on a certain task.
  3.        Knowledge Isolation” where someone unintentionally get isolated from critical information.
Within these companies that have been surveyed, it has been observed that IT operations teams such as those handling the virtualization or cloud infrastructure such as VMWare, AWS or Azure get the wrath of this blame game. Often, the requests are very vague such as “Increase the memory or CPU”, without actual evidence that infrastructure is the leading source of error.

Solutions for the infrastructure teams provide great details on the infrastructure side, however the information on the networking and application side are minimal. This scenario reminds me of the “Not Hot Dog” app from the TV show Silicon Valley!

Application teams can use these infrastructure monitoring solutions to identify any infrastructure related issues, however if the problem does not lie in the Infrastructure, we circle back to the “Not Hot Dog” scenario, where the root cause has still not been determined.

This is where teams require a full-stack visibility solution which would tear down the walls between the application, network and IT operations teams! The main objective of the full stack visibility solution is to provide organizations with the capability to see through the barriers and identify the root cause immediately, with the added benefits optimizing the efficiency of the team, so they could focus on projects that really matter.

Being an outstanding leader – 5 L’s of leadership (From Pat Gelsinger’s keynote at VMUG Wisconsin)

I have been wanting to write this article since my last visit to Milwaukee for the VMUG Wisconsin Usercon a couple of week...