GIGAVUE CLOUD SUITE FOR PUBLIC CLOUD | SOLUTION BRIEF

GigaVUE Cloud Suite for

Public Cloud
Unparalleled Network and Application Visibility

Organizations are increasingly migrating to public

cloud Infrastructure-as-a Service (IaaS) to take
advantage of scale, elasticity, and availability.

IaaS cloud providers operate under a shared

Customer Data
responsibility model — the cloud provider is
responsible for security of the cloud, whereas the Platform, Applications, Identity, and Access Management

CUSTOMER
Resposible for Security
IaaS customer is responsible for security in the cloud. IN the Cloud
Operating System, Network and Firewall Configuration

GigaVUE® Cloud Suites resides in the VPCs and Client-Side

Data Encryption
Server-Side
Data Encryption
Network
Traffic Protection
VNets and aggregates flows from all compute
Compute
Compute Storage Databases Networking
Networking
sites, including from native traffic mirroring Resposible for Security
IAAS

OF the Cloud
nodes. These suites provide advanced high- Regions
Regions Availability Zones
Availability Zones Edge Locations
Edge Locations
performance traffic processing such as removing
duplicate packets, identifying and filtering
applications, generating advanced metadata Figure 1: IaaS Shared Security Model.
and optimally distribute and load balance data
to the appropriate network monitoring and
security tools. This helps ensure effective and
comprehensive cloud security.

Key Features Key Benefits

• GigaSMART® intelligence – includes packet • Delivery of optimized traffic to offload security and
de-duplication, slicing, masking, and tool networking monitoring tools
load balancing • 100 percent visibility into your multi-cloud
• Application Intelligence – automatically identify infrastructure located workloads
and filter over 3,500 apps and generate 5,000 • Ensure visibility across interconnected virtual clouds
metadata attributes and regions and on-premises tools
• Traffic acquisition with traffic mirroring services or • Simplified and automated deployment of a dynamic
with GigaVUE vTAPs with IPsec and prefiltering visibility fabric with limitless scalability
• Transit gateway support • Discovery of new workloads, proper traffic direction
• Integration of GigaVUE-FM with AWS, Azure and and adjustment of the visibility tier, all without
third-party cloud management suites to instantiate manual intervention
unlimited virtual nodes
• Centralized orchestration and management with a
single-pane-of-glass GUI using GigaVUE-FM
 AWS
Private Cloud Azure Load
VPC Balancing
Elastic Load Balancer
Amazon
Cloud Watch Azure API
GigaVUE-FM
Visibility Tier Visibility Tier IPSec
Web Tier IPSec Web Tier

Elastic Load V Series V Series

Balancer Azure Load
Balancing

App Tier IPSec

Visibility & Analytics Fabric
IPSec App Tier
Tunneling Tunneling
Amazon
Tool Tier Tool Tier
RDS
Tool Tier
Azure SQL
Availability Zone Database

Region Virtual Network

Figure 2: GigaVUE Cloud Suite for Multi-Clouds.

Key Considerations for IT, Cloud, and Security Architects

While IaaS vendors ensure protection from the physical datacenter up to the hypervisor, security and compliance
of data and applications rests on IT teams, who must ensure that workloads are deployed securely and perform as
required. To automatically and proactively identify and remediate security and performance limitations, accurate
visibility into the cloud environment is imperative.

IT, cloud, and security architects are responsible for addressing the following questions before they can successfully
deploy applications in a public cloud:

• As part of the shared responsibility model, how do I assure that the cloud is being used securely by everyone in
the enterprise?
• How do I run more applications while meeting the needs for applying compliance and security controls?
• What methods can be used to realize a fully automated environment that dynamically adjusts for workload relocations?
• Can the necessary traffic processing performance levels with proper scalability be assured in the cloud?
• As applications are moved from on-premises to the cloud, can the same traffic processing be applied, including
application identification and filtering, payload masking, packet de-duplication, app-aware metadata generation and
tool load balancing?
• Are there effective methods to reduce the cost of backhauling traffic when the tools monitoring traffic in the cloud
are on-premises versus part of a tool tier in the cloud?
• How is granular VM and container visibility achieved while minimizing agent sprawl and simultaneously sending
traffic to multiple tools?
• Which orchestration tools (in addition to the cloud vendor) are supported by the visibility and analytics fabric vendor?
Terraform, Ansible, Chef, Puppet?

Not addressing these considerations slows down the migration of applications to the cloud, and leaves the organization
vulnerable to potential security breaches, with potential impact to reputation and brand.

© 2022 Gigamon. All rights reserved. SOLUTION BRIEF | GIGAVUE CLOUD SUITE FOR PUBLIC CLOUD
The Solution
Gigamon CloudVUE Cloud Suites deliver automated intelligent network and application traffic visibility for dynamic
workloads running in multiple clouds including AWS, Azure, GCP and Oracle and enables increased security, operational
efficiency, and high-performance processing across these environments. Organizations can optimize costs with up to
100 percent visibility for security without increasing load on compute instances as more security tools are deployed.

Figure 3: Centralized management, automation, and straightforward

process with IaaS vendor orchestration suites and Gigamon Fabric Manager.

GigaVUE G-vTAPs GigaVUE V Series Nodes

For traffic acquisition, lightweight G-vTAPs are Traffic aggregation, intelligent high-performance
deployed within compute instances that mirror traffic packet processing, and distribution occurs within the
to the V Series. Key benefits include: GigaVUE V Series nodes, which are deployed within
the visibility tier (see Figure 2). Key benefits include:
• Single, lightweight instance minimizes impact on
compute nodes • Automatic Target Selection (ATS): Automatically
extract traffic from any workload with an agent
• Reduction in application downtime — there is no
deployed without explicitly specifying VPCs
need to redesign applications when adding new
tools • Flow Mapping®: Selection of L2–4 traffic
• Agent filters traffic of interest prior to sending it via • GigaSMART intelligence: Packet de-duplication, slicing,
IPsec to the GigaVUE V Series to reduce application sample, and masking combined with load balancing
and data egress costs to optimize traffic sent to tools, reducing tool overload
• Fully interoperable with native traffic mirroring
• Application Filtering Intelligence: Automatically
identify and filter out thousands of applications in real-
time and direct their traffic to the appropriate tools
• Application Metadata Intelligence: Generate over 5000
metadata attributes across applications and protocols
to enhance security and monitoring tool effectiveness.

© 2022 Gigamon. All rights reserved. SOLUTION BRIEF | GIGAVUE CLOUD SUITE FOR PUBLIC CLOUD
GigaVUE-FM (Fabric Manager)
Centralized orchestration and management are done by GigaVUE-FM. Tight coupling with Ansible, AWS CloudWatch,
Azure Network Watcher and third-party orchestration suites, including Terraform, Ansible, Chef, and Puppet, automatically
instantiates, configures, and monitors G-vTAP and V Series instances and supports dynamic workload migrations.

• Detect compute instance changes in the virtual clouds and automatically adjust the visibility tier, through pre-built
integration with the orchestrator’s APIs
• Publish REST APIs: Integrate with a broad range of orchestrators and tools to dynamically adjust traffic received or to
orchestrate new traffic policies
• Auto-discover and visualize end-to-end network topology, including virtual cloud workloads, by using an intuitive
drag-and-drop user interface
• Eliminate manual processes and errors by automatically identifying each new workload and its associated traffic
mirroring via ATS, and then configuring the traffic mirroring to direct traffic to the V Series Nodes
• Deep integration with multiple orchestration tools automatically instantiate the G-vTAP Modules and Controllers, as well as
the V Series and their optional proxies.

Conclusion
Whether your organization is already using IaaS public cloud providers or considering a future migration, GigaVUE
Cloud Suite solutions provide intelligent network traffic visibility for workloads running in the cloud. Integration with
multiple cloud orchestrator APIs automatically deploys a visibility tier in all virtual clouds, whether based on VPCs,
VNets, or VCNs, collects aggregated traffic and applies advanced packet processing prior to sending selected traffic to
existing security tools. With GigaVUE, organizations can obtain consistent insight into their infrastructure across multi-
cloud and their on-premises environment.

Worldwide Headquarters
3300 Olcott Street, Santa Clara, CA 95054 USA
+1 (408) 831-4000 | gigamon.com

© 2022 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other
countries. Gigamon trademarks can be found at gigamon.com/legal-trademarks. All other trademarks are the trademarks of their
respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

03.22_03