This month's Network Innovation Award winner is Ixia, a unit of Keysight Technologies, for its CloudLens Public cloud visibility software. CloudLens Public supports Amazon Web Services, Microsoft Azure, Google Cloud, IBM Bluemix and Alibaba Cloud, and it relies on a combination of containers and a software-as-a-service management portal to underpin its operation. The software lets companies see into their providers' data centers and gives them tools to quickly diagnose performance problems.
SearchNetworking talked to Scott Register, vice president of product management, cloud and security at Ixia, based in Calabasas, Calif., to discuss Ixia CloudLens Public's capabilities and features.
The interview has been edited for length and clarity.
What are enterprises finding when they move to the public cloud?
Scott Register: Enterprises have always needed to see what's going on in their private networks -- whether they were physical or virtual. They wanted access to all of their data, wherever it is, and they want to be able to see it and secure it. Now, these customers are migrating to the cloud, but they are finding they don't have the same answers they did when everything was on premises. How do they monitor quality of service? How do they know they've been breached? These were fundamental and necessary questions they could no longer answer.
What are some of the barriers?
Register: When you move to the cloud, the provider doesn't give you the same type of infrastructure you had when on premises. You can't get to the network, you can't get to the hypervisor and you can't install any type of monitoring tap. When you're on premises, you can rearrange your network to suit your requirements -- your compliance, your security and your monitoring requirements.
But, once you move to the cloud, you don't have visibility into that, and that was a gating factor for customer success. Unless they can answer those questions, they could not, in many cases, go live with their critical apps in the cloud.
What was the Ixia CloudLens approach in helping overcome some of these issues?
Register: First, we wanted to answer those questions, but we also wanted to make sure that any solution we came up with preserved the reasons why companies move to the cloud. It's not just cost; companies are seeking elasticity and scale on demand, and paying for the capacity they actually need. That meant our solution would have to scale up and down just as easily as whatever application they were rolling out -- both technologically and from a pricing perspective.
It also had to be cloud-agnostic; we needed to avoid any sort of vendor lock-in. That forced us to be very focused on how we wanted to build Ixia CloudLens Public and what we wanted the core feature set to be. It couldn’t be a 'lift and shift.'
So, Ixia CloudLens Public uses a combination of containers and a software-as-a-service interface to accomplish those goals?
Register: Yes. There are two components. The first is an endpoint agent, which in Linux environments is a Docker container, and a slightly different agent for Windows. But what is interesting is we use the same agent at either end of the connection. And these endpoints are really smart.
The second aspect is the SaaS management portal. You don't have to have any type of management-type server. You just log into our portal, and that's where you set your policy. You start by defining groups. 'These are my database servers, these are my application servers, these are my web servers,' and you characterize those by instance type, applications that are running or operating system, etc.
What happens next?
Register: Once you set the policy, and when an endpoint wakes up, or either a new application instance is spun up or a new [monitoring] tool instance is spun up, they phone home to the management portal. The policy is downloaded, and [the agents understand the policies they need to implement.]
How quickly does the software respond?
Register: Part of that communication with the management portal also tells it where all of the other endpoints are. So, let's say you've got 100 workloads and two monitoring tools running because you want a ratio of 50 application servers supported by one monitoring tool. And then you spin up another 25 workloads. Well, that means you need one more monitoring tool. Those source instances know. And it also means they can rebalance, if necessary. For instance, if the workload decreases, you turn off one of your monitoring tools instances, [and] we'll automatically just rebalance that traffic. The intelligence is pushed out to those endpoints.
How is multicloud supported?
Register: The traffic between the workloads and the tools is all sent in a VPN tunnel. So, that's where it doesn't matter if your workloads are in Amazon Web Services, but your monitoring tools are in [Microsoft] Azure. We give you that kind of flexibility to be multicloud and even on premises and move all your traffic around in a secure way.
Ixia CloudLens Public is a cloud-native application. What does that mean?
Register: That was one of our core design principles -- to ensure there wasn't a single point of failure. We didn't want to have to rely on some type of intermediate node [to ensure communications and visibility]. If you have built a system that can't survive at least the temporary failure of one component, then you've built a system that doesn't reflect the realities of running applications in the cloud.
That's why we push all the intelligence out to the endpoint. If one workload dies or if a particular monitoring tool dies, in a few milliseconds, we've recovered around that. We also wanted to make sure there was no software that needed to be installed, and that the billing model was very much in line with [the cloud] application billing model, where you are paying based on usage.
How are customers using Ixia CloudLens Public? Is there any type of deployment scenario that you perhaps didn't expect?
Register: I guess it would be the size of the customers. Usually, your early customers tend to be smaller companies, but even I was surprised by some of the names [using the software.] I can't give you names, but they are like big-box retailers, big web conferencing companies, big security companies. It's not surprising that security has been the biggest single driver; a third is around performance monitoring.
What are your thoughts about companies that still might be reluctant to use the public cloud?
Register: There are valid reasons, in some cases. There are compliance issues; there are security issues. A lot of these challenges are related to cost; some are related to visibility and control of the infrastructure. They're just not sure it's going to work. But what we can do is tell those companies that they can have security and monitoring capabilities they can be comfortable with, and that we can help them answer compliance and performance questions.
A guide to multicloud management
Taking a look at CloudLens Public
How to manage cloud migrations
- Cloud App Networking Trends –NetFoundry
- 5 Network Metrics For Evaluating Network Performance In The Cloud –AppNeta
- Tips for your Cloud Network Migration –NetFoundry
- Check the network before moving to the cloud –SearchSecurity.com