Riverbed NPM Enhances Cloud Visibility with Support for Azure NSG Flow Logs
Cloud adoption was expanding rapidly even before COVID-19. During, and even after the pandemic, cloud plans and adoption increased even faster to adapt to work-from-home needs and to increase resiliency.
Multi-cloud continues to be the dominant cloud strategy, implemented by more than three-quarters (76%) of organizations.1 Analyst firm ESG defines multi-cloud as more than one IaaS provider. Also, the use of infrastructure as a service (IaaS) has almost doubled in the last five years, from 42% in 2107 to 78% in 2021.2
So clearly, today’s new normal is multi-cloud and hybrid networks, with an almost endless array of cloud-based business applications and workloads. As a result, enterprises are addressing concerns about the unpredictable performance of cloud workloads impacting overall business productivity. Moreover, mapping all the relationships across apps, hardware and networking devices for each IT-delivered service is notoriously difficult to do, especially in a rapidly evolving cloud environment. Therefore, it’s no surprise that 51% of organizations claim understanding app dependencies as the top cloud migration challenge. Further, 45% view the ability to assess on-premises vs cloud costs as a top challenge.3
Support for Azure NSG Flow Logs
This release of Riverbed NetProfiler (v10.20) does its part to jump on the cloud bandwagon and to address some of these challenges. It now supports the ingestion of Azure NSG Flow Logs, the native mechanism of flow generation offered by the Azure platform. Azure NSG Flow records are collected and exported to our Azure Function.
Using this Azure flow data, NetProfiler provides two specific Azure cloud reports:
- Azure NSG Flow Information
- Azure Billable Data Transfer
The Azure NSG Flow Information Report provides rich visibility into usage in the cloud. It shows applications, hosts, and conversations by VNETs, Regions, and Availability Zones. Most importantly, it can map any application relationships across the network for any service, addressing that top concern. NetProfiler’s extensive traffic reporting can also be used to report on and to study Azure NSG Flow log data.
On the other hand, the Azure Billing Data Transfer report helps you understand where cloud costs are occurring so you can make better plans and decisions to help minimize costs. It provides visibility into traffic volumes by Azure pricing policies. For example, it lets you know how much traffic is egressing the cloud – the most expensive type of cloud data – versus how much is traversing VNETs, the next tier of pricing. Knowing how the traffic is flowing across VNETs, regions, and cloud-egress also help determine whether services and their dependencies are all efficiently deployed, or whether there are more efficiencies to be had. By placing different services in the same VNET or same region, you gain pricing and latency efficiencies.
Together these reports help answer the tough questions:
- What apps are running in the cloud?
- How’s the cloud network performing?
- Who’s talking to whom?
- How and where is traffic flowing through the cloud?
- Which VNETs, Regions, and Availability Zones are experiencing the most traffic?
- Are apps and services efficiently deployed?
- Is any traffic leaving the cloud?
- Where are you are incurring costs? And how can you save money?
The new Azure reports are located at Reports->All Reports->Cloud Reports. Except for the Azure vs AWS terminology differences, the reports are similar to their AWS counterparts.
In NetProfiler 10.14 (August 2018) we introduced AWS VPC Flow Log support. It required customers to manually configure and maintain AWS hostgroups (Region/AZ/VPC) to run the AWS visibility reports. This can be a laborious and error-prone process.
With recent improvements made by AWS to their AWS VPC Flow logs, NetProfiler utilizes those improvements to automate the groupings. NetProfiler polls the AWS Management Console for the metadata and populates the corresponding AWS hostgroup definitions. However, there are two requirements for this polling to work:
- It requires outbound Internet access from NetProfiler to your AWS management console.
- And, you cannot have overlapping CIDR definitions.
Lastly, by popular demand, we added a new widget in the Billable Transfer Report called “Billable Data Transfer between VPCs in the same Region” to the AWS Billable Data Transfer Report, and a comparable version to Azure. I think the title of this report makes it pretty clear what data this report provides!
To sum it up, NetProfiler 10.20 is an important release. In addition to these cloud enhancements, we made a slew of other updates, including a new easy-to-use homepage, free-form search, security updates, and more.
1 ESG Master Survey Results, Technology Spending Intentions Survey, March 2019.
2 ESG Master Survey Results, Technology Spending Intentions Survey, Dec 2020