Gigamon Precryption™ with Secure Tunnel to Gain Visibility into the Containerized Environment (6.4)

Introduction

The Cloud implementations have vastly transformed with digital transformation. In Cloud, the application services can be broken down as micro services and managed from different Containers. However, the communication between the containers on the same host introduces a new blind spot that can be exploited by the threat actors. Moreover, various communication protocols leverage TLS to encrypt and encapsulate their contents—protecting them from being observed or modified in transit. Although this is great for privacy and confidentiality, it creates a serious blind spot for security even though enterprises spend a lot of money and resources on IT security solutions.

This visibility gap can be addressed by Gigamon Cloud Suite which aggregates the traffic for further processing and monitoring. To achieve the goal of fully inspecting the traffic for the customers, Gigamon Precryption™ technology delivers plaintext visibility of encrypted communications to the full security stack, without the traditional cost and complexity of decryption and thus redefines security for virtual, cloud, and containerized applications. To further secure the precrypted data flow from user workload to the Gigamon fabric, Gigamon has introduced secure tunnels feature that enables secure delivery of the precrypted data.

This GVD focuses on deploying the Gigamon cloud suite with Precryption™ and Secure Tunnel in Azure AKS cluster using Universal Cloud Tap - Container (UCT-C) solution. It aims to acquire traffic from Azure AKS cluster and deliver plaintext visibility into encrypted traffic, secure the plaintext traffic during transit from user workloads to Gigamon fabric, and subsequently forward it to the tools in an out-of-band fashion.

Design Topology

Design Overview

This design illustrates deploying Gigamon Cloud Suite in an Azure cloud. Traffic on AKS clusters in the Azure cloud will be acquired using Linux Kernel Hook and forwarded to the V-Series nodes for traffic aggregation. The V-Series node will process the acquired traffic using GS applications and later forward it to tools.

Gigamon Cloud Suite in this solution consists of the following components:

  • GigaVUE-FM: A web-based fabric management and orchestration interface that provides a single-pane-of-glass visibility, management, and orchestration of both the physical and virtual traffic in the UCT.

  • UCT Controller: The management component of UCT to control and communicate with UCT Pods. The UCT Controller collects the data from the UCT Pods and sends the collected statistics and heartbeats to GigaVUE-FM.

  • UCT Pod: The primary UCT module responsible for programming eBPF configurations, such as tapping containers, traffic to be filtered, adding tunnel encapsulation to the filtered traffic, and forwarding to the tools or to the GigaVUE V Series 2.0 nodes. The UCT Pod also sends the statistics and heartbeats to the UCT Controller.

  • GigaVUE V Series node: For aggregating all the traffic, optimizing the traffic by removing the duplicate packets, and forwarding the traffic to either new or existing tool probes.

Common Design

In this GVD, we had primarily discussed deploying UCT solution on Azure AKS, but the same design and deployment steps can be re-used for other platforms too, such as AWS EKS with V-Series node on AWS cloud or Native Kubernetes with V-Series node under Anycloud using 3rd-party orchestration on any other platforms.

 

To learn more about this solution, read complete details on the Gigamon Community: Gigamon-Precryption-with-Secure-Tunnel-to-gain-Visibility-into-the-containerized-environment-6-4