Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Network Monitor on Vitual Machine

Created: 28 Nov 2012 | 3 comments
jawad1987's picture

Hey can anyone answer these queries

 

1) Has anyone successfully done Network Monitor deployment on VM in enterprise environment?

2) Can it be done?

3) Why Symantec doesn't support Network Monitor on virtual machine?

Comments 3 CommentsJump to latest comment

jjesse's picture

In my VM demo environement I have Network Monitor running on a VM, but I'm not really seeing traffic, I'm using it to fake traffic by puttin emails etc in the drop folder and it processing.

The problem is the amount of traffic you would miss due to the virtual NIC.  I don't know exact specs on what the limitation of the virtual NIC is but this is the reason that NM isn't supported on a virtual machine.

 

Someone who knows more about Virtual Machines and Virtual NICs might be better able to correct/direct me.

 

Hope it helps,

Jonathan

Jonathan Jesse Practice Principal ITS Partners

xlloyd's picture

It can be done, it's just not supported by Symantec probably because it's not an ideal scenario and there would be several performance complaints.

The thing is that unless you are using a Cisco UCS to run VMWare, you'll run into problems creating a SPAN port and sending it to the box. Cisco UCS has a feature that you can create several virtual NICs and assign them to a physical NICs. I'm not sure if other servers have that function so that means that if you send a TAP or SPAN to a physical NIC on the server, all the virtualised servers attached to that physical NIC will be receiving all the network traffic.

You end up with 2 realistic options:

  1. In the virtualised environment, you dedicate an entire physical NIC to the Network Monitor server
  2. Run the vCenter on a Cisco UCS or other server that gives you the same virtual NIC feature

Given either of those situations, I can't see any reason why it wouldn't work. It's probably not supported because Symantec probably doesn't plan to or hasn't yet tested any of those configurations in house yet. As to whether it will be supported in the future, you'd have to ask a Symantec employee if it's on the roadmap.

~Xavier

If this post has helped you, please vote up or mark as solution
kishorilal1986's picture

Yes, It was also in my preveous company. But Database required physical machine. Other detection Server can on VM. You can find more on below links.

https://www-secure.symantec.com/connect/forums/sym...