This Blog was authored by Jason Burns, Staff Solutions Architect at Nutanix.
Are your application deployments taking too long? Manual processes and extensive back-and forth between the application team and the network team can stretch the time it takes to deploy an application from hours into weeks. If your network seems like a black box, or if managing your application projects seems to drag on and on, the networking toolset available in Nutanix AHV can help simplify network operations and get your applications up and running quickly and securely.
Applications rely on the network more than ever. Application design best practices call for separating crucial functions using multiple containers, VMs, or hosts to provide scalability and easy maintenance—and then you have to connect each separate piece to the network. Regardless of your deployment platform, the network is part of your application. When there is a problem in the network, your application is the first place that problem shows up. When you need to grow your application or add a new service, you have to configure the physical and virtual networking so the new pieces can talk with existing components. When an attacker gains a foothold in one part of your application, they can use this same network to explore all of your application’s connected pieces.
To handle the complexity involved in successfully deploying and managing your application’s network, three things are essential:
This blog series breaks down these networking requirements and highlights the AHV features announced at Nutanix .NEXT that can help you build a one-click network.
Part 1: AHV Network Visualization (this post)
Part 2: AHV Network Automation and Integration
Part 3: AHV Network Microsegmentation
Part 4: AHV Network Function Chains
Part 1: AHV Network Visualization
When you abstract an application into a virtual environment, you can lose visibility into the network connections between parts of the application. This visibility is crucial to solving problems quickly and ensuring at a glance that your network is behaving as expected.
AHV allows you to trace network path statistics and connectivity via the Prism web console. From a single interface, administrators can view VMs, individually or by group, along with their virtual and physical network paths. With Prism, you can follow a virtual NIC on a VM through the hypervisor to the physical switch in one easy-to-view portal. This display shows common paths between different VMs to assist with problem isolation, as you can see in the figure below.
For example, we could view the network paths of mailbox servers 1 and 2 to find out they're both using the same physical switch. At each of the hops along the path, we can track statistics such as throughput and packet errors. We can even reach into the physical switch using SNMP to query statistics there and bring them into the Prism interface. These statistics could reveal that a common switch interfacebetween these mailbox servers, such as Ethernet8 shown above, is experiencing errors, and we might look at replacing the cable.
Looking at paths and connectivity is a great first step in visualization and provides a good high-level overview of network connections and state. However, what really drives an application are the network flows.
Network flows are often expressed in a language of IPs, ports, and protocols that is completely decoupled from the application (but required for creating firewall rules). Nutanix application policies and flow visualization show you these flows in the language of your application, rather than the language of the network.
In the figure below, we’re creating a policy that allows traffic from a few defined groups to our Exchange application. Nutanix AHV flow visualizations show us that there are a number of traffic sources that our policy doesn’t capture, so we can revise the policy to more closely resemble the real world traffic sent to, from, and within our applications—before ever enabling it. We can also quickly and easily see when traffic flows violate this policy.
Visualization allows you to preview the impact of your newly defined policy,so you can make quick course corrections as needed before applying it.
We'll dive deeper into creating these application policies in a later post on microsegmentation and security. In our next post, we’ll focus on automation and integration, which make it easy to deploy your application in the network without a lot of back and forth between the network and virtualization teams.