Enterprise IT needs visibility into the network and security status of their workloads, whether hosted on premises, or within AWS. While many AWS workloads are sandboxes for application development teams (DevOps), it is important to analyze these workloads. Increasingly, public cloud workloads are also fulfilling mission-critical production needs for many organizations. Enterprise IT must be ready to determine the best location, security posture, and bandwidth allocation when deploying workloads. Having traffic pattern details as well as security analysis and recommendations readily available, helps organizations make the ideal hosting decisions to meet their business needs.
vRealize Network Insight (vRNI) Supports Amazon Web Services (AWS) Public Cloud. The vRNI traffic monitoring features provide visibility into native AWS constructs such as Virtual Private Clouds, VMs, Security Groups, firewall rules, and tags. vRNI also analyzes AWS traffic flows to provide security and micro-segmentation views of cloud workloads. This means you’ll be able to plan micro-segmentation and understand traffic patterns using data collected from your AWS instances.
Let’s review a simple Amazon Web Services (AWS) VPC setup to articulate the value vRealize Network Insight can offer from a Day 1 Day 2 perspective.
- We have an on-premise instance of vRealize Network Insight managing AWS.
- There are two VPCs i.e. CRM and Common Services.
- VPC CRM consists of CRM Application which comprises of 3 tiers i.e. Web, APP and DB.
- Internal users of Company can access Web Tier of the CRM on 80 internally via Jump-box.
- Web tier talks to App tier on port 8080.
- App tier talks to DB tier on port 3306.
- Web tier is open for internal datacentres VM on port 80.
- From Jump-box in VPC: CRM all virtual machines have ssh access on port 22.
- All tiers of VPC: CRM talks to DNS server on 53 and LogServer on 514 on VPC: Common Services.
- This means connection to DB to Log Server (used for backup services) must exist as configured by the Administrator but this, in fact, is the problem area where the problem lies.
Detailed explanation and troubleshooting steps can be seen here Security for Public Clouds (AWS) with vRealize Network Insight
You can also explore this use case by undertaking Hands on Lab – HOL-1829-01-NET – Getting Started with vRealize Network Insight