PacketMotion, a company focusing on User Activity Management and Network Visibility, announced the availability of its VM-to-VM traffic monitoring solution, PacketSentry Virtual Probe.
The lack of visibility on VM-to-VM traffic is a key issue when considering the security of virtual machines: it makes impossible or extremely difficult to actually monitor very relevant network traffic, and to correctly satisfy some requirements for security compliance or internal audit. The “black hole” of VM-to-VM has been pointed out multiple times, and various vendors gave different answers to this issue.
PacketSentry Virtual Probe has been implemented as a guest VM sitting on the virtual network and connected to promiscuos mode ports on the virtual switch. It will then monitor and secure traffic on VMware clusters leveraging the extensive PacketSentry database: such systems should always be managed by the network and security teams rather than the virtualization administrators, ensuring segregation of duties and allowing security management to be executed by the people in charge of it.
CPU consumption is said to be around 3-5 percent, and the configuration should be painless. Pricing starts at $4,995 for a 5 pack of monitored servers/VMs, with a $21,995 price tag for a 25 pack
The product leverages a different approach to capture and analyze network traffic when compared to some of its competitor – VMware’s vShield comes to mind, even if they indeed cover slightly different requirements: instead of using Hypervisor’s API or customization of the core infrastructure, like reimplementing the virtual switch code, PacketSentry simply requires the virtual switch to be put in promiscuous mode on the ports it is inspecting.
This approach has been used in the past by non-dedicated solutions or products not engineered for virtualization to achieve intra-switch visibility: it is unclear what the real-world impact of running an in-memory copy of the network traffic actually is, but VMware is clear in stating that performance-wise promiscuous ports are a bad idea. Yet, the performance requirements declared by PacketMotion are well within a reasonable threshold: the first real-world benchmarks will surely help shredding the doubts.
PacketMotion has now been added to the radar and will be followed by virtualization.info.