26
Visibility Platform for AWS Quick Start 1 Visibility Platform for AWS Quick Start The purpose of this Quick Start is to deploy Gigamon’s Visibility Platform on Amazon Web Services (AWS) and explore the benefits of visibility into data-in-motion when monitoring and securing your cloud environment. The Quick Start Guide provides step-by-step instructions on how to create the tunnel endpoints to connect to the monitoring tools and how to design a monitoring session. Introduction to the Visibility Platform for AWS The biggest challenge in managing and securing the data traversing the public cloud today include the inability to access all traffic and data, lack of visibility into East-West traffic needed for compliance, lateral threat mitigation, and more. In an on-premise deployment, there are options to get access to traffic from the infrastructure for real-time analysis via TAPs (physical or virtual) and SPAN sessions. When deploying applications and workloads in the public cloud, none of these options are available. Using agent-based monitoring could lead to a very complex architecture, especially if multiple tools need access to the same traffic for inspection and analysis. An efficient and optimal solution to overcome these challenges is to use the Gigamon Visibility Platform for AWS, the industry’s first pervasive visibility platform that provides consistent visibility into data-in-motion across the entire enterprise. The Gigamon Visibility Platform for AWS integrates with your AWS environment, mirrors the application traffic, and replicates the traffic customized using Flow Mapping® to network and security tools that reside on cloud or on-premise.

Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Embed Size (px)

Citation preview

Page 1: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Visibility Platform for AWS Quick Start

Visibility Platform for AWS Quick Start

The purpose of this Quick Start is to deploy Gigamon’s Visibility Platform on Amazon Web Services (AWS) and explore the benefits of visibility into data-in-motion when monitoring and securing your cloud environment.

The Quick Start Guide provides step-by-step instructions on how to create the tunnel endpoints to connect to the monitoring tools and how to design a monitoring session.

Introduction to the Visibility Platform for AWSThe biggest challenge in managing and securing the data traversing the public cloud today include the inability to access all traffic and data, lack of visibility into East-West traffic needed for compliance, lateral threat mitigation, and more.

In an on-premise deployment, there are options to get access to traffic from the infrastructure for real-time analysis via TAPs (physical or virtual) and SPAN sessions. When deploying applications and workloads in the public cloud, none of these options are available. Using agent-based monitoring could lead to a very complex architecture, especially if multiple tools need access to the same traffic for inspection and analysis.

An efficient and optimal solution to overcome these challenges is to use the Gigamon Visibility Platform for AWS, the industry’s first pervasive visibility platform that provides consistent visibility into data-in-motion across the entire enterprise.

The Gigamon Visibility Platform for AWS integrates with your AWS environment, mirrors the application traffic, and replicates the traffic customized using Flow Mapping® to network and security tools that reside on cloud or on-premise.

1

Page 2: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Key Capabilities• Consistent way to access network traffic

• Distribute traffic to multiple tools

• Customize traffic to specific tools

• Elastic visibility as workloads scale out

Overview of the ArchitectureThe Gigamon Visibility Platform for AWS supports two deployment modes—Hybrid and Public Cloud.

Hybrid Cloud Deployment.

The Gigamon Visibility Platform for AWS extends an enterprise’s on-premise Gigamon Visibility Platform to the AWS public cloud regardless of where your applications reside. Refer to the figure above. The entire Visibility Platform is managed by a single management appliance called GigaVUE Fabric Manager (GigaVUE-FM). Using GigaVUE-FM, the traffic flow maps can be created to customize and send the monitored traffic to the specific tools in the AWS public cloud or on-premise. Once a map is configured, GigaVUE FM updates all the nodes in the Visibility Platform automatically. As your instances/workloads scale, they are automatically added to the flow maps and the traffic is monitored immediately.

2 Gigamon Visibility Platform for AWS

Page 3: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Public Cloud Deployment

Gigamon’s Visibility Platform extends its capabilities to the public cloud model with multiple VPCs for applications, business units, or tenants. Refer to the figure above. GigaVUE-FM and the monitoring tools reside in the SecOps VPC, while the monitored traffic from the Application A and Business Unit A VPCs are sent to the cloud monitoring tools through VPC peering links.

Gigamon Visibility Platform ComponentsTo complete this Quick Start with ease, the following necessary components are already configured within the AWS:

PrerequisitesBefore deploying this Quick Start, Gigamon recommends you to try the Visibility Platform for AWS Test Drive, a proof-of-concept to showcase the benefits of traffic intelligence in managing, securing, and understanding data-in-motion in your AWS environment. This test drive provides a VPC with use cases and sample workflow to view the traffic in AWS. For more information about the AWS Test Drive, refer to AWS Test Drive.

Components Description

GigaVUE Fabric Manager (GigaVUE-FM)

A web-based interface for creating flow maps and sending monitored traffic to specific tools.

G-vTAP agent An agent that is deployed in the Elastic Compute Cloud (EC2) instance. This agent mirrors the selected traffic from the instances (virtual machines) to the GigaVUE® V Series node.

GigaVUE V Series Node

A visibility node that aggregates mirrored traffic from an AWS instance, applies filters, and distributes the optimized traffic to the monitoring tools using the standard Layer 2 (L2) GRE tunnels.

Visibility Platform for AWS Quick Start 3

Page 4: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

After signing up for the Quick Start, you will receive a confirmation email on deploying the Quick Start components in your VPC. The following components are deployed in your AWS account:

In this email, you will also receive the following two information:

• Security Group—A link to your new security group. Modify this security group to add additional protocols and your IP for securing your Quick Start environment.

• Fabric Manager—A link to the GigaVUE Fabric Manager with the login credentials.

Modifying the New Security GroupThe following protocols are added to the new security group:

• HTTPS—Enables DeployNow framework to deploy the Quick Start environment.

• SSH—Allows you to login to JumpBox.

• RDP—Allows you to connect remotely to Wireshark.

You must add your IP to these security protocols in order to secure your Quick Start environment from unauthorized access.

4 Gigamon Visibility Platform for AWS

Page 5: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

1. In the confirmation email, click the security group link.

Figure 1-1: Confirmation Email

2. In the Security Group page, click the Inbound tab.

Figure 1-2: Clicking the Inbound Tab

Visibility Platform for AWS Quick Start 5

Page 6: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

3. Click Edit.

Figure 1-3: Editing the Inbound Rule

4. In the Edit Inbound rules dialog box, click Add Rule. Add the following rules:

a. In the Type drown-down list, select HTTP.

b. In the Source drop-down list, select My IP.

c. Repeat step a and step b to add the SSH and RDP types.

Figure 1-4: Adding the Protocols

5. Click Save.

Disabling the Access KeyThe security credentials must be modified to make the access key inactive so that the programmatic access to the Quick Start environment is disabled. When the programmatic access is disabled, no changes can be made to the Quick Start environment while you are using the proof-of-concept.

NOTE: The access key must be made active before destroying the Quick Start environment.

6 Gigamon Visibility Platform for AWS

Page 7: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

1. Go to Services > IAM.

Figure 1-5: Opening the IAM Dashboard

2. In the IAM dashboard, click Users.

Figure 1-6: Opening the Users Page

3. In the Search field, enter the user name. Click the quickstart user name link.

Figure 1-7: Opening the Users: QuickStart Page

Visibility Platform for AWS Quick Start 7

Page 8: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

4. Click the Security Credentials link.

Figure 1-8: Making the Access Key Inactive

5. Locate the Access Key ID and click the Make Inactive link.

Logging into GigaVUE-FMThe GigaVUE Fabric Manager is pre-deployed with the components of the visibility platform such as GigaVUE V series node, G-vTAP agent, G-vTAP Controller, and so on. Tunnels are created from the GigaVUE V series nodes to the monitoring tools using a standard L2 Generic Routing Encapsulation (GRE) or Virtual Extensible LAN (VXLAN) tunnel. Once the tunnels are created, monitoring sessions are designed to include or exclude the instances that you want to monitor. You can also choose to monitor egress, ingress, or all traffic.

1. In the confirmation email, click the Fabric Manager link. GigaVUE-FM login page is displayed.

2. In the same email, click the link next to the password. The AWS instances page is displayed. Copy the Instance ID which is used as the password for logging into GigaVUE-FM.

8 Gigamon Visibility Platform for AWS

Page 9: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

3. In the GigaVUE-FM login page, enter admin as the username and the Instance ID as the password. Click Log In.

4. Click See Eula. Scroll down, select the I Accept the terms check box, and click OK.

5. In the left navigation bar, click AWS.

Visibility Platform for AWS Quick Start 9

Page 10: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Creating Tunnel EndpointsThe customized traffic from the GigaVUE V Series node is distributed to the tunnel endpoints using a standard L2 Generic Routing Encapsulation (GRE) or Virtual Extensible LAN (VXLAN) tunnel.

To create the tunnel endpoints:

1. Go to AWS > Configuration > Tunnel Library.

Figure 1-9: Opening the Tunnel Library Page

2. Click New. The Add Tunnel page is displayed as shown in Figure 1-10 on page 10.

Figure 1-10: Adding a Tunnel Endpoint

3. Select or enter the appropriate information as shown in Table 1-1 on page 10.

Table 1-1: Fields for Tunnel Endpoint

Field Description

Alias The name of the tunnel endpoint.

NOTE: Do not enter spaces in the alias name.

Description The description of the tunnel endpoint.

Type The type of the tunnel.

Select L2GRE or VXLAN to create a tunnel. If you choose VXLAN, you must enter the remote tunnel port.

Traffic Direction The direction of the traffic flowing through the GigaVUE V Series node.

Choose Out for creating a tunnel from the GigaVUE V Series node to the destination endpoint.

NOTE: Traffic Direction In is not supported in the current release.

10 Gigamon Visibility Platform for AWS

Page 11: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

4. Click Save.

Creating a Monitoring SessionGigaVUE-FM automatically collects inventory data on all target instances and ENIs available in your AWS environment. You can design your monitoring session to include or exclude the instances that you want to monitor. You can also choose to monitor egress, ingress, or all traffic.

When a new target instance is added to your AWS environment, GigaVUE-FM automatically detects and adds the instance into your monitoring session. Similarly, when an instance is removed, it updates the monitoring sessions to show the removed instance.

To design your monitoring session, refer to the following sections:

• Creating a New Session on page 11

• Creating a Map on page 13

• Adding Applications to the Monitoring Session on page 18

• Deploying the Monitoring Session on page 20

• Viewing the Statistics on page 23

• Viewing the Topology on page 24

Creating a New SessionYou can create multiple monitoring sessions within a single VPC connection.

To create a new session:

1. Select AWS > Monitoring Session.

Remote Tunnel IP The IP address of the tunnel destination endpoint.

NOTE: You cannot create two tunnels to the same IP address.

Remote Tunnel Port (Optional) The port number of the tunnel destination endpoint.

NOTE: This option is displayed only if you select VXLAN as the tunnel type.

Source Subnet (Optional) The subnet to be used to send traffic to the tunnel endpoints.

Table 1-1: Fields for Tunnel Endpoint

Field Description

Visibility Platform for AWS Quick Start 11

Page 12: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

2. Click New. The Monitoring Sessions page is displayed.

3. Enter the appropriate information in the MONITORING SESSION INFO as shown in the Table 1-2 on page 12.

Table 1-2: Fields for Session Info

Field Description

Name The name of the monitoring session.

Connection The alias name of the AWS connection.

12 Gigamon Visibility Platform for AWS

Page 13: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Creating a MapEach map can have up to 32 rules associated with it. Table 1-3 on page 13 lists the various rule conditions that you can select for creating a map, inclusion map, and exclusion map.

Table 1-3: Conditions for the Rules

Conditions Description

L2, L3, and L4 Filters

Ether Type The packets are filtered based on the selected ethertype. You can choose IPv4, ARP, or RARP.

L3 Filters for Ether Type

If you choose IPv4, the following L3 filter conditions are displayed:

• Protocol

• IP Fragmentation

• IP Time to live (TTL)

• IP Type of Service (TOS)

• IP Explicit Congestion Notification (ECN)

• IPv4 Source

• IPV4 Destination

If you choose ARP or RARP, Protocol is displayed as the L3 filter condition.

L4 Filters for Protocol

If you select TCP, UDP, or SCTP protocol, the following L4 filter conditions are displayed:

• Port Source

• Port Destination

MAC Source The egress traffic from the instances or ENIs matching the specified source MAC address is selected.

MAC Destination The ingress traffic from the instances or ENIs matching the specified destination MAC address is selected.

Target Selection Filters

VM Name Source The egress traffic from the instances or ENIs matching the specified instance name is selected.

VM Name Destination The ingress traffic from the instances or ENIs matching the specified instance name is selected.

VM Tag Source The egress traffic from the instances or ENIs matching the specified instance name and key value is selected.

VM Tag Destination The ingress traffic from the instances or ENIs matching the specified instance name and key value is selected.

Tunnel Name Source The egress traffic from the instances or ENIs that are connected to the specified tunnel name is selected.

NOTE: This feature is not supported in the current release.

Pass All All the packets coming from the monitoring instances are passed through the filter.

Visibility Platform for AWS Quick Start 13

Page 14: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

When you select a condition without source or destination specified, then both egress and ingress traffic is selected for tapping the traffic. For example, if you select Ether Type as IPv4, TCP as the protocol, and do not specify IPv4 source or destination, then both egress and ingress traffic is selected for monitoring purpose.

When you select a condition with either source or destination specified, it determines the direction based on the selection. For example, if only IPv4 source is selected as shown in Figure 1-11 on page 14, the egress traffic from the instances in the subnet 10.0.1.0/24 is selected for tapping the traffic.

Figure 1-11: Creating a Map for Tapping Egress Traffic

NOTE: You can create Inclusion and Exclusion Maps using all default conditions except Ether Type and Pass All.

To create a new map:

1. Select AWS > Monitoring Session.

2. Click New. The Monitoring Sessions page is displayed.

3. Create a new session. Refer to Creating a New Session on page 11.

4. From Maps, drag and drop a new map template to the workspace. If you are creating an exclusion or inclusion map, drag and drop a new map template to their respective section at the bottom of the workspace.

14 Gigamon Visibility Platform for AWS

Page 15: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

The new map page is displayed as shown in Figure 1-12 on page 15.

Figure 1-12: Creating a New Map

5. Enter the appropriate information for creating a new map as shown in Table 1-4 on page 15.

Table 1-4: Fields for Creating a New Map

Parameter Description

Alias The name of the new map.

NOTE: The name can contain alphanumeric characters with no spaces.

Visibility Platform for AWS Quick Start 15

Page 16: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

NOTE: Do not create duplicate map rules with the same priority.

6. Click Add to Library and save the map for reuse using one of the following ways:

• Select an existing group from the Select Group list and click Save.

• Enter a name for the new group in the New Group field and click Save.

NOTE: The maps saved in the Map Library can be reused in all the monitoring sessions in the VPC.

7. Click Save.

To edit or delete a map, click a map and select Details to edit the map or Delete to delete the map as shown in Figure 1-13 on page 16.

Figure 1-13: Editing or Deleting a Map

Comments The description of the map.

Map Rules The rules for filtering the traffic in the map.

To add a rule:

a. Click Add a Rule.

b. Select a condition from the Rule 1 list.

c. Assign a priority and action set.

d. Enter a comment for the rule.

e. Specify a value for the selected condition.

NOTE: Repeat steps b through d to add more conditions.

NOTE: Repeat steps a through e to add nested rules.

Table 1-4: Fields for Creating a New Map

Parameter Description

16 Gigamon Visibility Platform for AWS

Page 17: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Click the Show Targets button to view the monitoring targets highlighted in blue. Refer to Figure 1-14 on page 17.

Figure 1-14: Viewing the Topology

Click on to expand the Targets dialog box. Click on to change the view from topology to viewing the instance names. To view more details about the instance tag name, direction of tapping, and so on, click the arrow next to the instance name. Refer to Figure 1-15 on page 17.

Figure 1-15: Viewing the instance Details

Visibility Platform for AWS Quick Start 17

Page 18: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Filter the instances based on the VM name, IP address, or the MAC address. Refer to Figure 1-16 on page 18.

Figure 1-16: Filtering the instances

Adding Applications to the Monitoring SessionGigamon supports the following GigaSMART applications with the Visibility Platform for AWS:

• Sampling

• Slicing

• Masking

To add an application:

1. Drag and drop an application from APPLICATIONS to the graphical workspace.

18 Gigamon Visibility Platform for AWS

Page 19: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

2. Enter the appropriate information as shown in Table 1-5 on page 19.

Table 1-5: Adding the Applications

Application Field Description

Sample Alias Specifies the name of the sample.

State Specifies the state, which determines whether the application is sampling packets randomly.

Sampling Type Determines the type of sampling you can choose. The sampling types are as follows:

• Random Simple — The first packet is selected randomly. The subsequent packets are also selected randomly based on the rate specified in the Sampling Rate field.

For example, if the first packet selected is 5 and the sampling rate is 1:10, the 10 packets are selected randomly for sampling.

• Random Systematic —The first packet is selected randomly. Then, every nth packet is selected, where n is the value specified in the Sampling Rate field.

For example, if the first packet selected is 5 and the sampling rate is 1:10, then every 10th packet is selected for sampling: 15, 25, 35, and so on.

Sampling Rate Specifies the ratio of packets to be selected. The default ratio is 1:1.

Slice Slice Length Specifies where the packet slicing must occur. Either the protocol’s header or the protocol’s payload information is sliced before sending the data to the monitoring tools.

Protocol Specifies an optional parameter for slicing packets on the data coming from the selected protocol. The options are as follows:

• None

• IPv4

• IPv6

• UDP

• TCP

Mask Offset Specifies the offset from which the application should start masking data following the pattern specified in the Pattern field.

You can specify this value in terms of either a static offset, that is, from the start of the packet or a relative offset, that is, from a particular protocol layer as specified in the Protocol field.

Length Specifies the length of the packet for masking.

Pattern Specifies the pattern for masking the packet. The value of the pattern is from 0 to 255.

Protocol Specifies an optional parameter for masking packets on the data coming from the selected protocol.

Visibility Platform for AWS Quick Start 19

Page 20: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Deploying the Monitoring SessionTo deploy the monitoring session:

1. Drag and drop one or more maps from the MAP Library to the workspace.

2. (Optional) To add Inclusion and Exclusion maps, drag and drop the maps from the Map Library to their respective section at the bottom of the workspace.

3. (Optional) Drag and drop one or more applications from the APPLICATIONS section to the workspace.

NOTE: For information about adding applications to the workspace, refer to Adding Applications to the Monitoring Session on page 18.

4. Drag and drop one or more tunnels from the TUNNELS section.

Figure 1-17 on page 20 illustrates three maps, one exclusion map, one application, and two tunnel endpoints dragged and dropped to the workspace.

Figure 1-17: Dragging and Dropping the Maps, Applications, and Monitoring Tools

5. Hover your mouse on the map, click the red dot, and drag the arrow over to another map, application, or tunnel. Refer to Figure 1-18 on page 21.

NOTE: You can drag multiple arrows from a single map and connect them to different maps and applications.

6. Hover your mouse on the application, click the red dot, and drag the arrow over to the tunnel endpoints.

20 Gigamon Visibility Platform for AWS

Page 21: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

In Figure 1-18 on page 21, the traffic matching the rules in each action set is routed to maps, applications, or monitoring tools.

Figure 1-18: Connecting the Maps, Applications, and Monitoring Tools

7. Click Show Targets to view details about the subnets and monitoring instances.

The instances and the subnets that are being monitored are highlighted in blue.

8. Click Deploy to deploy the monitoring session.

The status is displayed as Success in the Monitoring Sessions page. The session is successfully deployed on all GigaVUE V Series nodes and G-vTAP agents.

If the monitoring session is not deployed properly, then one of the following errors is displayed:

• Partial Success—The session is not deployed on one or more instances due to G-vTAP or GigaVUE V Series node failure.

• Failure—The session is not deployed on any of the GigaVUE V Series nodes and G-vTAP agents.

Visibility Platform for AWS Quick Start 21

Page 22: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Click on the status link to view the reason for the partial success or failure. Refer to Figure 1-19 on page 22.

Figure 1-19: Deployment Status

9. Click View under Statistics to view and analyze the incoming and outgoing traffic.

You can also do the following in the Monitoring Session page:

• Use the Redeploy button to redeploy a monitoring session that is not deployed or partially successful.

• Use the Undeploy button to undeploy the selected monitoring session.

• Use the Clone button to duplicate the selected monitoring session.

• Use the Edit button to edit the selected monitoring session.

• Use the Delete button to delete the selected monitoring session.

22 Gigamon Visibility Platform for AWS

Page 23: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Viewing the StatisticsThe Monitoring Session Statistics page lets you analyze the incoming and outgoing traffic on an hourly, daily, weekly, and monthly basis. The traffic can be viewed based on kilobits/second, megabits/second or gigabits/second.

Figure 1-20: Viewing the Monitoring Session Statistics

You can click on Incoming Maps, Outgoing Maps, and Ratio at the bottom of the graph to view the statistics individually.

You can expand the View Monitoring Session Diagram and click on each individual map, application, and tunnel to view more details about the incoming and outgoing traffic on the selected statistics page. The Map Statistics page lets you choose the map rules to view the traffic matching the selected rule.

Figure 1-21: Viewing the Map Statistics

Visibility Platform for AWS Quick Start 23

Page 24: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Viewing the TopologyYou can have multiple VPC connections in GigaVUE-FM. Each VPC can have multiple monitoring sessions configured within them. You can select the connection and the monitoring session to view the selected subnets and instances in the topology view.

To view the topology diagram:

1. Select AWS > Topology.

2. Select a connection from the Select connection... list. The topology view of the subnets and instances is displayed.

3. (Optional) Select a monitoring session from the Select Monitoring Session...list. The topology view of the monitored subnets and instances in the selected session is displayed.

4. Select one of the following check boxes:

• Source— Displays the topology view of the source target interfaces that are being monitored.

• Destination—Displays the topology view of the destination target interfaces where the traffic is being mirrored.

• Other—Displays the topology view of the non-G-vTAP agents such as GigaVUE V Series Controllers, G-vTAP Controllers, monitoring tools, and instances that are being used in the connection.

Figure 1-22: Viewing the Topology

5. (Optional) Hover over or click the subnet or VM Group icons to view the subnets or instances present within the group.

24 Gigamon Visibility Platform for AWS

Page 25: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

In the topology page, you can also do the following:

• Use the Filter button to filter the instances based on the VM name, VM IP, Subnet ID, or Subnet IP, and view the topology based on the search results. Refer to Figure 1-23 on page 25.

Figure 1-23: Filtering in Topology View

• Use the Default View button to view the topology diagram based on the source interfaces of the monitoring instances.

• Use the arrows at the right-bottom corner to move the topology page up, down, left, or right. Click the Fit-to-Width icon to fit the topology diagram according to the width of the page.

• Use + or - icons to zoom in and zoom out the topology view.

Visibility Platform for AWS Quick Start 25

Page 26: Visibility Platform for AWS Quick Start - Gigamon · Visibility Platform for AWS Quick Start 1 ... This test drive provides a VPC with use cases and sample workflow to ... † IP

Next StepsOnce you have created the monitoring session, you might want to use Wireshark to view the traffic flowing from the instances within your Quick Start environment to the monitoring tools.

Also, use JumpBox as the traffic viewer instance to connect to other instances in your deployment. For details, refer to the confirmation email as shown in Figure 1-24 on page 26.

Figure 1-24: Traffic Viewer Instance Details in Confirmation Email

Contacting GigamonIf you have any questions, contact Gigamon. Gigamon will reach out to you shortly to answer your questions and provide you with more information.

To learn more about Gigamon’s visibility platform for AWS, visit Gigamon at https://www.gigamon.com/aws.

Copyright © 2017 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners.

4125-01 02/17

26 Gigamon Visibility Platform for AWS