Net Optics Phantom User Manual

Data Sheet I Phantom Virtualization Tap

Monitoring for Virtualized Computing

The Net Optics Phantom Virtualization Tap™ is a network trac monitoring and access solution for virtualized computing environments

developed for converged data centers. It captures data passing between virtual machines (VMs) and sends trac of interest to virtual and

physical monitoring tools of choice. This innovative software Tap supports all major hypervisors, including VMware vSphere ESXi 4.x/5.x,

Microsoft Hyper-V 2012, Redhat KVM, and Parallels. Unprecedented visibility of packet-level data lets you manage virtual network security,

compliance, and performance using your choice of instrumentation layer tools—physical or virtual; local or remote. Because the Phantom

Virtualization Tap can bridge virtual-to-physical in converged environments, you can maintain current policies while continuing to use

your existing physical monitoring tools.

The Virtual Monitoring Challenge

Enterprises have been utilizing Tap solutions for network trac access for
many years. Trac capture, analysis, replay, and logging are now part of
every well-managed network environment. In recent years, the signicant
shift to virtualization—with penetration exceeding 50%—is yielding great
benets in eciency. However, today’s virtualization-based deployments
create challenges for network security, compliance, and performance
monitoring. This is because Inter-VM trac is optimized to speed up
connections and minimize network utilization. This imposes invisibility on
physical tools unable to extend easily into the new environments. Costly
new virtualization-specic tools plus training can aect the economic
benets and cost-savings of virtualizing. Currently, many tools suer from
limited throughput, hypervisor incompatibility, and excessive resource
utilization.

Next generation data centers use virtualization technology to deploy
private/public cloud environments on a single physical server, or across a
clustered group of servers. Traditional Taps cannot see the trac between
the VMs that reside on the same hypervisor (east to west trac), nor can
they “follow” VMs as they get migrated from one host to another.

At a Glance

• 100 percent visibility of trac between Virtual

Machines (VMs) and inter-blade visibility

• Installs in hypervisor kernel for full trac

visibility

• Enables visibility and control of network
trac in all best-of-breed hypervisors in
the virtual environment: VMware vSphere
ESX/ESXi Server 4.X/5.X; Citrix XenServer 5.6.x;
Redhat KVM 2.6.32; Oracle VM 3.0; Microsoft

Hyper-V 2012

• Generates Layer 2 and 3 statistics (packet

count, utilization, etc.)

• TapFlow™ multi-layer L2-4 ltering engine

• Extends monitoring and access into the

Inter-VM networking layer

• Applies existing physical monitoring
tools, processes, and procedures to the
virtual network

• No interference with the data stream or VMs

• No modications needed in VMs

• Mirrors Inter-VM trac to virtual and physical

monitoring tools of choice

• Sends mirrored trac out physical NICs
in encapsulated tunnels

Visibility is further reduced by the complexity of blade servers: with each
blade running multiple VMs on a hypervisor. Trac running on blades
servers share a common backplane, presenting a network blind spot, as
the physical network and its attached tools unable to see trac from the
internal network packets.

The Phantom Virtualization Tap Solution

The Phantom suite of software products provides 100% visibility of virtual

network trac, including the unseen inter-VM trac on hypervisor stacks.
This milestone solution has now expanded to support the industry’s leading
hypervisors. The Phantom Monitor is vSwitch agnostic supporting the
virtual standard switch, virtual distributed switch and next generation SDN
since it installs at the kernel level ( mirroring the network packets before
it arrives at the vSwitch). It is a software implementation of a switching
mechanism that manages communications between virtual network
devices and works identically to the physical switch. The Phantom Monitor
can mirror all trac within the virtual switch, apply smart TapFlow™ ltering,
and send trac of interest to any monitoring tools of choice. It can even
pass the mirrored trac to a physical port so physical tools can monitor
the data. Virtual trac is bridged to the physical world in an encapsulated
tunnel that can be terminated by a Net Optics xFilter™, Phantom HD™
and send trac to Director™ Data Monitoring Switch, or at any capable
termination point of your choosing.

• xFilter™, Phantom HD™ terminates encapsulated

tunnels and sends trac to Net Optics Director
or to any of your existing monitoring tools

• One Phantom Virtualization Tap monitors trac

between VMs (one monitor instance is required
to be installed on each physical server)

• Scalable to support and administer high-density

environments

• Centralized Management for Phantom

Virtualization Taps VM (included software
component) manages multiple Phantom
Virtualization Taps and network trac

Data Sheet I Phantom Virtualization Tap

Monitoring for Virtualized Computing

Flexible Installation Options

The Phantom Virtualization Tap is engineered to integrate seamlessly with, and forward trac to Net Optics family of Director switches. To oer optimal exibility

and further extend your installation options, the Phantom Virtualization Tap is available in various bundles of Net Optics software and Director-series hardware. The
Tap is oered both as an add-on to the existing Net Optics monitoring infrastructure, and as a software-only standalone solution.

Red Hat KVM

Citrix

MS Hyper V

Phantom
Monitor™

VMware ESXi

GRE Tunnel

Centralized Management

Platform

Phantom HD™

GRE Terminator

Spyke™

Monitoring Tool

Centralized Management Web Console

vm 1 vm 2 vm 3

vSwitch

Hypervisor

LAN/WAN

Unique Capabilities

The Phantom Virtualization Tap provides these unique capabilities to the virtual computing environment:

• A multi-hypervisor solution that performs network monitoring at the hypervisor kernel level providing full view of the trac owing between VMs, regardless of

their current physical locations

• Implemented at the kernel; delivers the ability to dierentiate between specic VM instances in replicated environments, and keep monitoring and logging the

VMs even as they are moved between hypervisors (dierent physical servers or locations)

• The industry’s only integrated solution for converged (virtual and physical) environments. Fully hypervisor-agnostic and virtual switch-agnostic, the Phantom

Virtualization Tap works seamlessly with Net Optics’ Director series of data monitoring switches

• Centralized Management—a unied network management tool —provides an easy-to-use, Web-based GUI interface

System Requirements

VMware vSphere ESX/ESXi Server 4.X/5.X; Microsoft
Hyper-V 2012; Citrix XenServer 5.6.x; Redhat KVM 2.6.x,
Oracle VM 3.0, and Parallels Cloud Server 6.0

Phantom Manager for Phantom Virtualization Taps
VM: Management and reporting engine that runs in a

VM.

Phantom Monitor: A Phantom Monitor is installed

in each hypervisor. The Phantom monitor has two
components: a Phantom Monitor Control VM and a
Phantom Monitor Module, which is a hypervisor kernel.

Network Connectivity

Phantom Manager for Phantom Virtualization Taps VM
virtual appliance must be accessible via HTTPS to access
the application interface.

DNS and NTP services should be available for all
components.

TCP 443 and 8443 must be available between Phantom
Manager for Phantom Virtualization Taps and Phantom
Monitor Control VMs.

TCP 902 must be available between Phantom Manager
for Phantom Virtualization Taps and the Hypervisor
hosts.

Net Optics® is a registered trademark of Net Optics, Inc. Copyright 1996-2014 Net Optics, Inc. All rights reserved. Additional company and product names
may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. 815-0026-001 PUBPTAPD Rev E 12/13

Disk Storage

10 GB free space (minimum)

Web Browser

Internet Explorer 6 or later, Firefox 2 or later, Safari 4.x or later

Virtual Appliance System Requirements

Compressed size of Virtual Appliances:

Phantom Manager for Phantom Virtualization Taps VM:

Approximately 1.2 GB

Phantom Monitor Control VM:

Approximately 1.3 GB
Uncompressed size of system:

Phantom Manager for Phantom Virtualization Taps VM:

16.0 GB

Phantom Monitor Control VM: 4.0 GB
Memory Size:
Phantom Manager for Phantom Virtualization Taps VM:

256 MB (No more than 2GB)

Phantom Monitor Control VM: 385 MB

(No more than 385 MB)

Part Numbers

PT-DC-25 Phantom DC Starter

Phantom Tap software and license:
2 Phantom Manager + 25 Monitors perpetual license

PT-DC-50 Phantom DC Standard

Phantom Tap software and license:
5 Phantom Manager + 50 Monitors perpetual
license

PT-DC-100 Phantom DC Extreme

Phantom Tap software and license: Unlimited number
of Phantom Manager + 100 Monitors perpetual
license

PT-01-Custom Phantom Virtualization Tap

1 Phantom Manager + 1 Monitor, One Year License

5303 Betsy Ross Drive

Santa Clara, CA 95054
Tel: +1 (408) 737-7777

www.netoptics.com