Flow-based Monitoring of Your Virtual Network
The StealthWatch
FlowSensor VE is a virtual appliance that exports NetFlow v9 and key application metrics to provide anomaly detection and network performance monitoring for virtual environments. This virtual appliance extends Lancope’s physical network visibility to virtual environments by analyzing virtual network traffic to detect and address configuration problems, inefficiencies in resource allocation, security violations and policy violations before any failure or degraded performance occurs.
StealthWatch FlowSensor VE enables:
-
Deep Virtual Monitoring — performance, capacity and availability management of all virtual technologies, down to the performance metrics of individual virtual machine (VM) instances and the applications that reside within
-
Unified Visibility — complete visibility into security, network, user and application activity across virtual networks
-
Single Dashboard — central management and monitoring of global infrastructure across virtual and physical environments through seamless integration with the physical network visibility solution
-
Lightweight, Scalable, Fast Deployment — extreme efficiency with low impact on I/O and CPU to ensure maximum performance of the virtual environment
Explore the Anatomy of Virtual Network Visibility.
Read the StealthWatch FlowSensor VE datasheet and find out What's New in StealthWatch 6.1.
Deployed on a VMware ESX host, the StealthWatch FlowSensor VE captures vital traffic statistics to address multiple virtualization challenges, including gaining virtual network topological and location awareness, securing virtual networks, demonstrating compliance, controlling VM sprawl and tracking virtual machines when they are moved via VMware VMotion, to help maximize the benefits associated with server virtualization.
Lancope’s innovative approach to monitoring virtualized servers differs wildly from comparative technologies, which conduct processing on the virtualized servers themselves and utilize significant virtual resources. Lancope’s centralized analysis eliminates the overhead associated with disparate virtual security tools, enabling scalable, centrally managed enterprise protection. Easily deployed, lightweight and user friendly, the StealthWatch FlowSensor VE can help contain costs and maximize return on investment (ROI) of server virtualization.
The StealthWatch FlowSensor VE is a lightweight virtual appliance designed to provide visibility into the virtual network using NetFlow traffic accounting technology. The FlowSensor VE monitors all communications across the virtual network backplane, translating ethernet frames into "flow records" which are sent out of the Virtual Server across the physical network to a dedicated FlowCollector.
How It Works
The FlowSensor VE uses NetFlow traffic accounting technology previously available only in network equipment, such as routers, switches and WAN optimization devices. Once installed on the VMware ESX server, the FlowSensor VE connects to the Service Console API to retrieve information about how the virtual network is configured. Then, the FlowSensor VE captures raw ethernet frames from the virtual switch, combines the traffic data with information found in the API and sends an account of the traffic across the network to a FlowCollector.
Out-Of-Band Design
The FlowSensor VE is designed to unobtrusively monitor virtual traffic with minimal impact to the production environment, streaming traffic accounting information out of the virtual server to a FlowCollector server. The FlowSensor requires just 512MB of physical memory, (1) CPU @ 2000MHz and only 1.2GB of disk, yet monitors virtual network traffic rates up to 1Gbps. Lancope achieves this unparalleled speed to resource ratio because the FlowSensor VE does not analyze and only creates flows. Processing, storage and reporting of flows occur at Lancope's FlowCollector appliance, where dedicated CPU, memory and disk are available.
Flow Collection
The FlowSensor VE requires a NetFlow v9-capable FlowCollector to provide basic functionality. Implementing the FlowSensor along with Lancope's FlowCollector — the StealthWatch FlowCollector for NetFlow appliance — provides advanced functionality and enables full utilization of all NetFlow v9 options templates available within the FlowSensor VE. Lancope's StealthWatch FlowCollector for NetFlow receives, stores and processes flows generating over 180 unique reports designed to detail every aspect of the virtual network.
|
Minimum Disk Space Requirements |
VMware ESXi Versions Supported |
Minimum Memory Requirements |
Minimum CPU Requirements |
|---|---|---|---|
|
1.4 GB |
3.5 and 4.0 |
512 MB |
2 GHz |
To see a full list of the supported applications, click here.
The FlowSensor VE recognizes more than 900 application variants and their classifications, such as:
- Peer-to-Peer (e.g., BitTorrent, eDonkey and Kazaa)
- Business-critical (e.g., Exchange, LDAP and SAP)
- Social media (e.g., Facebook, MySpace and LinkedIn)
- Streaming audio and video (e.g., YouTube and Pandora)
- Instant Messaging (e.g., Jabber and MSN)
- Voice over IP (e.g., Skype, H.323 and SIP)
- Mobile (e.g., Blackberry)
- Tunneling (e.g., SSL, IPsec, L2TP and GRE)
- Standard applications (e.g., HTTP and DNS)
- Gaming (e.g., World of Warcraft and Xbox)
