Just as its jet pilots need visibility, AirTran Airways needs visibility into its network for security and unexpected bumps. The airline company is finding the move to virtualization is bringing in yet more need for visibility.
AirTran's MPLS-based network reaches into data and call centers, remote offices, hangars and airport locations. When AirTran first deployed Lancope's StealthWatch a few years ago to monitor network traffic at a core switch inside its Atlanta data center, it was mainly to assist in complying with the Payment Card Industry (PCI) security guidelines, says Michelle Stewart, chief information security officer there. "But we gained visibility about who was doing what on our network," Stewart says.
For instance, the StealthWatch appliance made it clear when individuals streaming football videos were saturating a link, or when security and patch updates were stressing network availability to remote offices with lower-speed links, especially when VoIP was in use for voice communications.
The StealthWatch appliance helped eliminate blind spots and became a tool that AirTran managers could use to establish acceptable-use policies that allowed employees some online flexibility but stopped network saturation, Stewart says.
Lancope this week also announced it's added a so-called "Data Loss Alarm" capability to StealthWatch. This capability flags suspicious traffic flows, mainly based on profiles related to volume, but doesn't block it.
The next challenge in network visibility is arriving with virtualization as more of AirTran's servers move from physical servers to VMware-based virtual machines sharing a single physical server.
"Today, from VM to VM, I don't see traffic," says Stewart about how traffic might move from one VM to another within the same physical server. Stewart is looking at how to address this by possibly deploying more monitoring capability into the VM environment to evaluate many factors, including latency.
AirTran is looking at using a software-based product from Lancope, called StealthWatch FlowSensor VE, which is a so-called "virtual appliance" that runs on the VMware ESX platform to export NetFlowv9 traffic information and application metrics on virtual machines to the StealthWatch management console. FlowSensor VE was tested by VMware and approved in its partner program last year.
Lancope's CTO Adam Powers notes the company is working on yet more monitoring approaches for virtualization, including one specially designed to address situations where the VMware-based switch in VMware-based environments is basically swapped out for Cisco Nexus 1000v, Cisco's first virtual switch.