In today's environment, a company has to depend upon its network to be fully functional in order to conduct business. In other words, the network has to be protected from external attacks (such as virus attacks, malware attacks, etc.). To ensure the vitality of the company, network taps and monitoring devices may be employed to monitor the network traffic.
To facilitate discussion. FIG. 1 shows a simple block diagram of a network environment. Consider the situation wherein, for example, data traffic is flowing through a network arrangement 100. In a typical network, a plurality of switches (130, 132 134, and 106) may be employed, to route data through the network. For example, network traffic from servers 136, 138 and 140 may be flowing through the network via switch 134.
To monitor the network traffic, network taps may be employed. In an example, a monitoring port, such as span port 122, may be configured to copy network traffic flowing through switch 134. The copied network traffic may then be forwarded to an inline tap device, such as a director device 104, for processing. For network traffic that originates from switches that do not have built-in span function, director device 104 may also include tap module (such as tap 102) that is configured for copying network traffic data for processing. Upon receiving the network traffic, director device 104 may process the data (such as filtering, regenerating, and aggregating) before forwarding the network traffic to one of the monitoring devices (142, 144, and 146).
In a typical network environment, such as the one described above in FIG. 1, the network tap device, such as director device 104, is physically connected (directly or indirectly) to the other devices/machines within the network. For example, director device 104 has a direct physical connection to switch 134. In another example, director device 104 is physically connected to servers 136, 138 and 140 via switch 134. By being physically connected, director device 104 is able to tap into the network and monitor the traffic flow.
As can be appreciated from the foregoing, having the ability to tap into the network enables a company to monitor traffic flowing throughout its network. As a result, the company is able to manage and even prevent potential problems. Unfortunately, not all network traffic can be monitored. The ability to monitor network traffic is usually limited to the physical relationship a network tap device has with the other machines/devices (e.g., computers, servers, switches, etc.) that are physically connected to the network. However with the popularity of the Internet, a new type of network (a virtual network) has emerged that has challenged the capability of the current monitoring tools (e.g., network tap devices, monitoring devices, etc.).
In a virtual network, such as a cloud-computing network, network traffic is flowing through computing resources that may be abstract representations of the actual physical hardware. As discussed herein, cloud-computing network/environment refers to an environment in which computing resources (such as storage and software applications) are shared and accessed via the Internet. Typically, the computing resources are located remotely or on a virtual machine (such as a virtual server). As defined herein, a virtual machine is a software representation of a computing device.
FIG. 2A shows a system infrastructure for implementing a cloud-computing environment. Cloud-computing environment may be offered as an infrastructure-as-a-service (IAAS 204), platform-as-a-service (PAAS 206), or software-as-a-service (SAAS 208). The most basic infrastructure available, IAAS 204 may include a physical layer 202 that may include as physical hardware server 210. Above this layer is the virtualization layer hypervisor 212, which is a software component that resides on the physical hardware server 210 and provides virtualization capability to the hardware. Above the physical layer are the software applications such as firewall 214, virtual routers 216, virtual switch 218, and encryption service 420, in essence. IAAS 204 provides its members with network and storage capability.
At the next infrastructure. PAAS 206 incorporates the services provided at IAAS 204 in addition to providing access to virtual servers (222 and 224). With PAAS, members may now have access to server capability in addition to the network and storage capability offered at IAAS 204. PAAS 206 usually does not provide software management; therefore, members in this cloud infrastructure are still responsible for managing their own software applications.
As the most comprehensive infrastructure implementation, SAAS 208 provides the services offered by PAAS 206 in addition to access to software applications (248, 250 and 252). Members in this cloud, now have access to a complete solution of an abstraction infrastructure with a virtual networks and virtual servers that offers a range of applications and storage capability. Entities that currently offer this type of cloud infrastructures include Google.com (254), Salesforce.com (256), and MobileMe.com (258).
As can be appreciated from the foregoing, a cloud-computing environment offers different types of cloud infrastructures that may satisfy different individual and/or organization's requirements. In addition, since the cost of computing resources can be distributed across a greater numbers of members, membership into the various different cloud networks have experienced an exponential growth. As a result, the amount of network traffic flowing through a virtual environment has significantly increased.
With cloud computing, network traffic may now be flowing through computing resources (such as storage and software applications) that are not limited by geography or space. Instead, computing resources are now available through a virtual environment. Since the purpose of the virtual computing resources (e.g., virtual servers, virtual switches, virtual storage area, etc.) is to maximize the overall network computing resources, at least portion of the virtual computing resources are configurable. In other words, the system administrator may move a portion of the virtual computing resources among the available physical resources in an attempt to perform load balancing. In addition, the size of the virtual computing resources may be altered depending upon the need and actual usage of the virtual computing resources. Since network traffic is now flowing through a virtual environment that are not geographically bound and that may expand and contract as needed, monitoring of network traffic becomes virtually impossible.
Consider the situation wherein a company's network environment is no longer the traditional hardwired network environment. Instead, the company's network environment includes a hybrid of the physically connected devices and also computing resources available through a cloud-computing environment (FIG. 2B), in this environment, a director device 262 is physically connected to servers 264, 266, and 268 via a switch 270. Thus, director device 262 is able to monitor the network traffic flowing between the servers and the switch.
In order to make certain computing resources available to its members, the company may also establish a private cloud 278 wherein different computing resources (such as access to storage and software applications) may be made available through a plurality of virtual servers 272, 274 and 276. If the virtual servers are located off premise, the ability to monitor the network traffic flowing through private cloud 278 becomes virtually impossible since private cloud 278 is an abstraction and is not physically available. Thus, a physical connection can not be established between the virtual servers on private cloud 278 and director device 262.
Being off premise is not the only reason why a physical connection can not be established between director device 262 and private cloud 278. Another reason for the connectivity issue is that computing, resources on a cloud may not always be associated with the same physical host computing device. Since the virtual computing resource is a software implementation, the virtual computing resource may be moved between physical hosts in response to load balancing.
A physical connection between director device 262 and a cloud-computing environment such as private cloud 278 is further hindered by the elasticity nature of a cloud. Since the cloud is an abstraction infrastructure, the size of the cloud may be expanded or shrunk based on demands and needs. For example, the storage capacity of private cloud 278 may expand if more memory is allotted to virtual server 272.
As can be appreciated from the foregoing, the task of monitoring network traffic to ensure the vitality of a company become a challenge since network taps and other monitoring devices are unable to perform their basic functions given that as physical connection between the network taps and the virtual computing resources can not be established. Thus, in today Internet environment, many of the network traffic may be flowing unmonitored through a cloud-computing network. Given that some of the unmonitored network traffic may be corrupted or may contain malware and can damage the integrity and vitality of a company, the ability to monitor network traffic, regardless of its origin or the type of network it traverses, remains crucial.
Accordingly, arrangements and methods for performing network monitoring on a cloud-computing network environment are desirable.