Issues and Suggestions in Monitoring in a VMware environment!
Despite having the same network monitoring requirements, virtual and physical networks are often monitored independently. The monitoring tools that are effective on the physical network are unable to provide any insight into what is happening in the virtual environment because it appears as a single device on the physical network. As a result, network managers and engineers cannot get a single view of overall network activity.
Network monitoring solutions typically capture data from the network, store it in a database on a central server, and provide a web interface to view the data (packets).
They can be divided into three categories:
This article concentrates on traffic-based monitoring using full packet capture.
Network monitoring in a VMware virtual environment - Read on!
The success of VMware is built on its ability to faithfully emulate a physical server and network environment, so it should come as no surprise that it emulates the security and monitoring requirements too. Just as in a physical environment, it is necessary to monitor the servers in the virtual environment to diagnose and prevent application performance bottlenecks, security threats, unauthorized user behavior, and regulatory non-compliance.
The network monitoring options that are available for physical networks are also available for VMware virtual networks.
The key to setting up packet capture in a VMware environment is to set the virtual NIC of the packet capture appliance to operate in promiscuous mode. By default, a NIC is configured to accept only the data packets that are intended specifically for it, but in promiscuous mode a NIC will accept all data packets flowing through the switch.
Unified monitoring of the physical and VMware environment
There are two approaches to implementing unified monitoring of the physical and VMware environment:
Install the packet capture software as a virtual appliance in the VMware environment and configure it to capture data from the physical network.
Install the packet capture software on a physical PC or server, and capture data from the virtual network.
Unified monitoring to packet capture virtual appliance
With this approach, you would associate two virtual NICs with the packet capture appliance, as shown in the diagram below. One of these NICs is connected to the same virtual as the other virtual machines hosted on the VMware ESX server switch (virtual switch 1). The second virtual NIC on the packet capture appliance is connected to a dedicated virtual switch (virtual switch 2), which in turn is associated with a dedicated physical NIC that is connected to the monitoring port on the physical switch.
Because the virtual NICs associated with the packet capture appliance are operating in promiscuous mode, they can see all traffic flowing through virtual switch 1 and virtual switch 2.
Unified monitoring to physical packet capture device
With this approach, a packet capture appliance in the VMware ESX environment captures data from the virtual network switch.
The VMware ESX server is connected to the core switch on the physical network, and the port to which it is connected is a monitored port. The packet capture appliance on the physical network, which is connected to the monitoring port, is therefore able to capture and store the traffic data from the virtual network.
A Recommended approach
There are advantages and disadvantages to both approaches, so ultimately how you implement a unified network monitoring environment will depend on the needs of your own organization and network. On balance, we believe storing traffic data in the physical environment is the preferred approach. If the virtual environment is unavailable for any reason, the physical data capture server will still be available, whereas if you store the captured data in the virtual environment it goes down with the ship.
For a more detailed discussion of approaches to network monitoring in a physical and virtual environment, download the following whitepaper:
Author profile - Darragh Delaney is Director of Technical Services at NetFort Technologies. Darragh is Cisco CCNA certified and has extensive experience in the IT industry, having previously worked for O2 and Tyco before joining NetFort Technologies in 2005. As Director of Technical Services and Customer Support, he interacts on a daily basis with NetFort customers and is responsible for the delivery of a high quality technical and customer support service. http://ie.linkedin.com/in/darraghdelaney