Supplementing the Existing Tools to Gain Deep Observability in Azure (5.15)

Introduction

Enterprises are now adopting the multi-tool approach to meet the security and compliance requirements, and prevent to vendor lock-in. To enable this approach, Gigamon Cloud Suite's Application Metadata Intelligence (AMI) can be applied to export layer-7 metadata in addition to current export of NetFlow records with high fidelity. These records can be exported either in IPFIX/CEF format to multiple tools (max 4) at the same time. The Cloud Suite also has pre-defined templates to quickly deploy the tools. This Gigamon Validated Design (GVD) illustrates how enterprises can deploy Gigamon Cloud Suite's AMI services to export the layer-7 metadata for improving the security posture.

Refer to Gigamon Validated Designs in the Gigamon community's knowledge base for more such designs. Please contact your Gigamon Sales contact for more information about the Gigamon solutions.

Design Topology

Design Overview

This design illustrates deploying Gigamon Cloud Suite's AMI solution to monitor the target VMs located across two tiers viz.,Web tier and App tier. The tool tier illustrates two tools, a traditional NetFlow collector (Kibana) that is deployed for monitoring the L2-L4 traffic with the following configuration and a new tool, such as a Splunk that is deployed for monitoring the layer-7 traffic.

This design presumes monitoring all the target VMs. Hence, the V Series node/s would be configured to pass all IPv4 traffic. However, you can choose to monitor specific target VMs either by configuring filtering rules to match the IP address of specific hosts/interfaces or by configuring the inclusion/exclusion maps (refer to the Deployment Steps section).

Collect configuration for exporting layer 2-4 traffic attributes.

  •  Counter
    • Bytes – 32
    • Packets – 32
  • Timestamp
    • Sys-Uptime First
    • Sys-Uptime Last
    • Flow-Start Seconds
    • Flow-End Seconds
    • Flow-Start Milliseconds
    • Flow-End Milliseconds
  • Data Link
    • Source MAC
    • Destination MAC
    • VLAN
  • Interface
    • Input
    • Output
  • IPv4
    • ToS
    • Protocol
    • Source Address
    • Destination Address
  • Transport
    • Source Port
    • Destination Port
    • TCP Flags
      • ACK
      • CWR
      • ECE
      • FIN
      • PSH
      • RST
      • SYN
      • URG
    • UDP Source/Destination Port
    • TCP Source/Destination Port
    • TCP Sequence Number

Collect configuration for exporting layer-7 traffic attributes.

  • Telnet
    • Auth-Success
    • Login
    • Password
    • Rtt
    • Term-Data
    • Term-Type
    • Default-Username
    • Desktop-Height
    • Desktop-Width
    • Username-Ascii
    • Username-Raw
    • Version
  •    
    • Rtt
    • Server-Agent
    • User-Agent
    • Version