Introduction
Enterprises adopt Software-Defined Data Centers (SDDC) to leverage the benefits of Software-Defined Networking (SDN). The challenge with SDDC is in gaining visibility into the traffic between virtualized workloads, especially the traffic between workloads residing on the same physical server, to ensure that the same security controls are uniformly deployed across both physical and virtual workloads. Gigamon's Visibility Platform for VMware NSX-T provides the much-needed visibility and also lets organizations leverage the existing security tools stack resulting in huge cost savings, reduced complexity, and administrative overhead. Gigamon's solution also supports cluster-based and host-based deployment modes. The following Gigamon Validated Design (GVD) illustrates deploying the solution.
Design Overview
Visibility for VMware NSX-T Data Center
Gigamon leverages NSX Service Insertion to provide visibility into the traffic between the virtualized workloads. As illustrated below, upon configuring NSX Manager in the GigaVUE-FM, the Gigamon Traffic Visibility Service registers itself as partner service. The Traffic Visibility Service is then installed on the NSX compute clusters through the vCenter user interface that deploys V Series nodes for traffic acquisition, following which security policies are created to forward copies of the network traffic to the Gigamon Visibility Fabric.
.png)
Figure 1: Logical topology illustrating integrating security tools such as IDS, Anti-malware, APM using Gigamon Visibility and Analytics Fabric.
With GigaVUE-FM version 5.11 release, we could deploy V Series as the Gigamon's service VM instead of GigaVUE-VM (GVM), where V Series solution is vastly more capable in traffic transformation applications such as slicing, masking, and deduplication right within the V Series node rather than relying on the GigaVUE H Series appliances. This greatly optimizes the traffic overhaul across sites and network bandwidth utilization when compared to GVM. Similar to the GVM solution V Series nodes acquire traffic from different transport nodes but with the GigaSMART capability processes the traffic before sending it to security and analytic tools for inspection. This GVD focuses on providing visibility in an ESXi cluster with two or more hosts in a clustered environment.
In GigaVUE-FM 5.11.00 version,
- We can deploy V Series 2 in both Static and DHCP mode for Gigamon's service VM.
- IPv6 support for management (only DHCP) and Tunnel interfaces of V Series node.
- In-addition to existing traffic transformation apps such as slicing, masking and de-duplication within the V Series node we can also deploy load balancer.
- Support for VXLAN as an egress tunnel.
- The image server URL could be in the format http://<Server_IP>:<custom_port>/Vseries file2.ovf while it was only possible to use it on port 80 previously.
To learn more about this solution, read complete details on the Gigamon Community: Deploying GigaVUE Cloud Suite for VMware NSX-T using V Series (5.11).
