Security Admins
Network security is serious business, on both physical and
virtual networks. Since traffic between VMs passes through virtual
switches but not necessarily out onto traditional networks, you
will need to identify and defend against new threats on the virtual
network.
These include:
- VMs configured to use unwanted protocols
- Trust level breaches as VMs move from low-trust machines to
high-trust machines
- Lack of visibility/auditability of network traffic through
virtual switches
- Creation of new VMs with outdated or incorrect network
configurations
- Inefficient VLAN approaches which route traffic out to physical
switches and then back into the same server
- Spread of infections and malware among VMs on the same physical
server
You will need purpose-built solutions designed with virtual
networks in mind, capable of staying attached to VMs as they are
created, moved, suspended and decommissioned.
VM Admins
Virtualization opens up gaps in traditional physical network
analysis and security. Administrators of virtual systems need
purpose-built tools capable of seeing and analyzing virtual network
traffic in order to troubleshoot and audit their systems. The Altor
VF is one such tool.
Application Troubleshooting in the Virtual
Network
Consider the most frequent interruption for a systems
administrator: a complaint or ticket from users claiming that an
application is not responding. Since there are many potential
causes for this symptom, network administrators judge their
troubleshooting tools based on how well they identify possible
problems and how fast explanations can be checked. Some root causes
might include:
- The target application not running or not responding. Perhaps
the application is truly down, or additional copies of it need to
be created.
- A misconfigured DHCP service. Within the virtual network, there
might be multiple DHCP servers, or no DHCP support, or errors in
setting up the service. This would keep clients from finding the
right VM. (Similar mistakes with other protocols including DNS and
NTP might block access.)
- Layers of multi-tier virtual applications are not
communicating. With web presentation services split from core
applications and database engines, corporate applications may have
3 or 4 separate processes that need to communicate, each running in
a separate VM. Pinging the web server won't reveal which back-end
service is unresponsive.
- Unusual spike in traffic or backup processes. Users may be
reacting to external events which degrade response time. Imagine
the additional load on time-and-expense applications on the last
day for completing expense reports. Separating production traffic
trends from system issues is fundamental for application
troubleshooting.
- Some users don't have permission to use this application.
Verifying that a virtualized application is working for some users
is a first step to asking if the complaining user is permitted
access.
- An infected virtual web server is flooding the virtual network.
At one enterprise customer, more than 60% of servers were infected
with Nimda or SQL Slammer, creating a cascade of malicious
traffic.
And so on. A general symptom can have many potential root causes,
so virtual network administrators need tools that can sort among
these causes.
Administrators using tools located on the external physical
network may be unable to distinguish among these problems:
radically different causes that nevertheless look the same from the
outside. Administrators need real-time tools with visibility into
the virtual network in order to resolve virtual application
outages.
Also, since users often report problems long after the event has
passed ("I was unable to get into the HR system on Saturday, but
only reported it when I came into the office on Monday"), tools
must provide visibility into previous time periods. Make sure that
your tools can look back historically, troubleshooting the moment
when a problem occurred.
