Splunk adds visibility into virtual environments
- 10 September, 2012 19:46
When transitioning workloads to virtual environments, one of the big drawbacks for data center administrators can be a loss of visibility.
When a problem occurs, it can be difficult to get a handle on details like which users are affected and by how much as well as the causal links between the user layer, the application layer and the underlying infrastructure. This is often because the hypervisor abstracts the data about the underlying hardware.
"Monitoring the dynamic nature of virtualization with tools designed for single-technology silos creates a significant challenge for administrators," says Dave Bartoletti, senior analyst at Forrester Research. "There is a growing need for solutions that provide cross-tier visibility to effectively troubleshoot, monitor and analyze data across silos and deliver real-time business insights and operational intelligence."
Splunk--—provider of an engine that collects, indexes and analyzes massive volumes of machine-generated data--—thinks big data is the answer. Splunk customer CloudShare, —a San Mateo, Calif.-based provider of pre-production cloud for dev and test, demos and POCs,— sees a constant stream of data from its network/gateways/firewalls, backend, virtual machines, applications, web servers, databases and storage.
CloudShare's infrastructure as a service (IaaS) platform is designed to grant each customer--—including a large number of Fortune 500 firms like HP, SAP, Microsoft and IBM--—its own private multi-VM networked environment, including compute resources, networking, IP and preinstalled OS. During peak hours, its system performs about 500 VM resume/suspend operations an hour. Its VMware performance data alone comes in at about 2 million events per hour.
Getting a handle on that data, let alone correlating and analyzing it, is a tricky proposition. In its early days, Elad Gotfrid, CloudShare's director of IT, says the company got by with traditional monitoring tools. But it soon outgrew them.
Scaling Out With Splunk
"In the beginning, we used a traditional monitoring tool, which was good for a small scale," Gotfrid says. "Once you start to grow up, you see the scale doesn't allow you to use a traditional monitoring system anymore. You need higher visibility."
Gotfrid explains that CloudShare went with a new offering from Splunk--—then in beta--—called Splunk App for VMware, specifically designed for the VMware virtual layer. Originally, CloudShare brought in Splunk to monitor the performance of its virtual machines. But once the company saw the possibilities, it spread to every area of the business. He notes that CloudShare uses Splunk to collect performance stats, logs and events from the virtualization layer and then correlate that information with network, storage, OS and application events. This allows IT to contextualize infrastructure data and track business metrics such as usage and resource costs per trial and business user.
Dashboards link operational data from both physical and virtual sources, providing vital information to network operations, customer support, marketing, sales and R&D. CloudShare even leverages it to fight fraud by using network device and firewall information to create attack signatures that trigger automatic blocks or trigger alerts to network operations.
"At CloudShare, we think of Splunk as our eyes and ears," Gotfrid says. "Splunk software enables us to understand and oversee every aspect of our operations. The key asset we achieve from Splunk software is the ability to correlate business data with performance metrics. Compiling data about our customers and understanding which resources are being utilized allows us to understand and plan our capacity based on clear trends we identify."
Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at firstname.lastname@example.org
Read more about applications in CIO's Applications Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Endpoint Security and Virtualisation
Besides form factor, virtual systems are not really that different than physical systems. They both use the same operating systems and applications. They both present users with computing resources such as RAM and hard drives. Consequently, the ability to exploit vulnerabilities in a physical environment will present a significant threat to virtualised environments as well. This paper examines the different endpoint security methods for virtualised environments and presents how Endpoint Protection security provides optimal performance, protection and manageability.
Agentless Security for Virtual Environments
Virtualised datacentres, desktops, and cloud computing should be secured by the same strong protection technologies as physical machines. However, traditional agent-based solutions that are not architected for virtualisation can result in a number of significant operational security issues. Find out more about the first agentless security platform solution.
Implementing A Security Analytics Architecture
According to the 2012 Verizon Data Breach Investigations report, 99% of breaches led to data compromise within “days” or less, whereas 85% of breaches took “weeks” or more to discover. This presents a significant challenge to security teams as it grants attackers extended periods of time within a victim’s environment. More “free time” leads to more stolen data and more digital damage. Principally, this is because today’s security measures aren’t designed to counter today’s more advanced threats. Read on.