Customer experience: Deploying Monitoring as a Service in Amazon AWS and Virtual Environments

Here are some conversations that I am having with increasing regularity after the established need for installing network monitoring and security protection.

The conversation starts because Flowmon Networks has world-class network visibility and monitoring solutions. We can deploy a “collector” which can ingest and process NetFlow traffic (and many if not all vendor specific perturbations) from any switch, router, or network device that can export flow data. For environments that are challenged in generating flow data due to constraints or limitations of existing network equipment we can deploy a “probe” directly onto a SPAN or Mirror port within existing infra-structure or using a TAP (test access point). The Flowmon probe will generate accurate, consistent and unsampled flow data including customized IPFIX fields for enhanced L7 visibility. And then on top of those building blocks Flowmon can provide cutting-edge Anomaly Detection software that utilizes Network Behavior Analysis (NBA) techniques that leverage Machine Learning, Artificial Intelligence, Heuristics, and Behavior Patterns.

Customer challenges

Customer: “All of that sounds great! I want to deploy your solution!” … but they are challenged by some or all of the constraints listed bellow, plus occasionally a few more related to data security and protection. “What can I do to enable a light-weight subscription based (SaaS) solution for network monitoring (MaaS) and security (SECaaS)?”. This particular customer also had very light-weight, i.e. virtual, data centers distributed around the world but initially wanted to deploy in their North American region. The North American region had extra security requirements that restricted where the data could be hosted and how the data can be transmitted between the flow data generation and collector.

Solution Process

  1. Because consistent and accurate flow data sources did not exist across the distributed data center architecture, the customer solution started by deploying a virtual Flowmon probe. The virtual probe can be deployed in VMWare, Hyper-V, and KVM and in this instance the customer chose VMWare for one data center and KVM for another. The virtual probe instances utilized a vSwitch as a port mirror. The probes were installed on 1G virtual monitoring ports and the flow export was configured for IPFIX.

  2. The customer preferred to deploy their collector in the cloud for a few reasons. They wanted flexibility to grow their monitoring as a service on demand. They wanted to preserve their CAPEX budget and start with a subscription model. Flowmon Networks offers low barrier of entry subscription based solutions whether deployed in a virtual or cloud environment. Potential caveat, normal Amazon Web Service (AWS) would not suffice because of the customer’s handling of protected data so the deployment had to be installed on the AWS GovCloud instance. In addition to network monitoring, the customer wanted to install our ADS module which can be installed as a plug-in module on the collector in the AWS GovCloud.

  3. Customer network traffic from the data center needs to be exported as flow data to the centralized collector in AWS GovCloud. Therefore the export was configured via TCP/TLS connection using the private keys generated by the customer.

  4. Last, but not least, the customer did not want to have to create or maintain any of the AWS commercial accounting and logistics so Flowmon and its partner network included all of the AWS costs and services as part of the overall subscription based solution.

Conclusions

Companies search for new ways how they can execute and manage their internal networks in a cost-efficient (CAPEX and OPEX) manner as their traffic explodes. Yet, they do not have the rack space or connectivity to simultaneously operate the network and still maintain a sandbox to continue to try emerging solutions and technologies. They need to shift their procurement model from product to subscription based models. And they furthermore cannot build and maintain various virtual and cloud environments and hire staff with expertise in each area. The answer for such concerns is Flowmon Networks, a leader in network visibility, monitoring and security solutions. We can deploy our solutions in the cloud, in a virtual environment, and can also deploy in a hybrid data center and therefore we are keeping up with the ever-increasing complexity of technical and commercial needs of our customers.