Comprehensive software reviews to make better IT decisions
AWS VPC Traffic Mirroring Improves Out-of-Band Traffic Inspection
AWS VPC Traffic Mirroring gives customers more visibility for out-of-band traffic inspection. This feature is another useful tool for monitoring in the AWS cloud.
AWS developed VPC Traffic Mirroring in response to its customers’ desire to have greater visibility into network traffic within their Virtual Private Clouds (VPC).
A Virtual Private Cloud is a software-defined networking environment in the AWS cloud in which the customer has full control over IP addresses and routing of instances within the VPC. Before Traffic Mirroring, the primary native AWS service that gave customers visibility into their VPC’s network behavior was VPC Flow Logs.
VPC Flow Logs is a useful feature but has some limitations. The Flow Logs feature gives users an auditable record of metadata about the traffic in the VPC, but while it records information such as which instances are communicating over which ports, it doesn’t allow for inspection of the packets themselves.
VPC Traffic Mirroring allows AWS customers to gain real-time visibility and inspection into the traffic flowing through the virtual machines in their VPC, without having to install agents on those operating systems. Customers simply enable traffic mirroring on their Elastic Network Interfaces (ENIs, virtual network cards), and can then decide where to forward the traffic and what filters to apply.
VPC Traffic Mirroring then forwards the packets wrapped in metadata to the target, which could be another instance or a Network Load Balancer in front of a group of instances, to analyze that traffic. Customers can analyze the traffic using open-source tools, custom-built solutions, or commercial off-the-shelf solutions purchased on AWS Marketplace from partners such as Cisco, Palo Alto, or Riverbed.
Source: AWS Online Tech Talks, YouTube, Feb. 26, 2020
Currently, Traffic Mirroring is only supported on Nitro-based instances (C5, M5), though AWS has mentioned that it may expand support to additional instance types in the future if demand warrants.
Traffic Mirroring users must be cognizant of bandwidth limitations based on the filters they apply. If forwarding all traffic, that will double the bandwidth. According to AWS, however, in the event that bandwidth throughput caps out, the mirrored traffic will be dropped from the VPC before any production traffic will be dropped.
There are two important things to keep in mind when configuring traffic mirroring: filters and sessions. A filter tells VPC Traffic Mirroring what kind of traffic to mirror. For example, customers could apply a filter to protocols such as HTTP or to a particular port range.
Each filter is then captured in a particular session on the target, so a single instance can be mirroring traffic for multiple sessions at once. These sessions will be captured in the priority order in which they’ve been configured. For example, if the first session is configured to capture HTTP traffic only and the second session TCP, the first will capture the HTTP traffic and the second will capture everything except the HTTP traffic captured by the first session.
VPC Traffic Mirroring allows for real-time inspection, monitoring, and troubleshooting of network traffic within customers’ VPCs without the need to install agents on those devices.
This is a handy tool in customers’ toolbox, providing much more visibility than VPC Flow Logs. Unlike VPC Flow Logs, however, Traffic Mirroring requires a good deal of effort to set up and additional cost, in the form of both configuration and infrastructure management.
Customers need to define the appropriate filters for each ENI based on the nature of the traffic going through the attached instance and the analysis that will be performed on that traffic. They will also need to build or buy the software tools to analyze the packets and build out additional infrastructure in their VPCs in the form of more instances and probably Network Load Balancers, all at additional cost.
Clearly, running workloads in the cloud well requires a lot more effort than simply running in the cloud. Infrastructure & Operations professionals are needed to ensure appropriate configuration and monitoring of AWS VPCs just as much as they have been for on-prem data centers and co-los.
For those with the skills who are willing to put in the work, VPC Traffic Mirroring should help improve their security posture and enable operational excellence for VPC workloads involving mirrored traffic.
Want to Know More?
COVID-19 has forced software companies and their suppliers to refocus efforts around prioritizing systems and workflows that are nearly 100% digital in nature. As a result, Info-Tech has observed the quick emergence of six market themes that are highly relevant post COVID-19. This note series will profile key vendors and how they fit into the post-COVID-19 world.
COVID-19 has forced software companies and their suppliers to refocus efforts around prioritizing systems and workflows that are nearly 100% digital in nature. As a result, Info-Tech has observed the quick emergence of six market themes that are highly relevant after COVID-19. This note series will profile key vendors and how they fit into the post-COVID-19 world.
Oracle has announced the general availability of Exadata Cloud@Customer, a managed service that enables enterprises to unlock the previously cloud-first features of Oracle's Autonomous Database for on-premises data centers. This offering is ideal for enterprises that must conform with regulatory and/or technical challenges that force on-premises database residency.
Microsoft Cloud Services Usage Surges 775% for Teams in Regions With Enforced Social Distancing – Part 2
Experiencing issues when using Microsoft online services? You are not alone. Capacity constraints were being hit, pre-COVID-19, and usage has surged in regions with enforced social distancing.
Google has announced a premium support plan for its cloud customers, promising a 15-minute response to the highest severity tickets. Google’s cloud has long struggled with enterprise customers – especially when compared to giants Microsoft and AWS – and this announcement is the latest incarnation of Google’s push to better serve a critical constituency.
Microsoft Announces Expansion of Azure Canadian Infrastructure, Offers Data Residency and High Availability
In January, Microsoft announced what it’s calling “the largest expansion of its Canadian-based cloud computing infrastructure” since 2016. Additional availability zones and services will increase capacity for cloud-hungry Canadians, and the addition of an Azure ExpressRoute site in Vancouver will guarantee security and performance in a regulated jurisdiction.
Microsoft’s announcement that server-side encryption with customer managed keys for Azure Managed Disks is now available is welcome news for security-minded public cloud customers. Managing one’s own keys in a cloud environment can be an important step in complying with regulatory requirements, and this new feature should open Azure Managed Disks to a wider group of customers who may have held back for this reason.
Amazon Web Services (AWS) has provided its customers with better options for Virtual Private Cloud (VPC) ingress routing. Customers will have to consider which works best for their needs.
Microsoft Cloud Services Usage Surges Over 700% in Regions With Enforced Social Distancing: How Could This Impact Your Organization?
Organizations have been running into capacity constraints on cloud infrastructure in regions with enforced social distancing due to COVID-19. Having a back-up plan will be critical to your business continuity plans.