Kemp Flowmon Collector

Network traffic flow monitoring, analysis and reporting are essential tools for NetOps and SecOps teams as they provide the visibility needed to ensure their networks are running smoothly and securely.

There are many products on the market but some are little more than a disparate collection of point solutions with no correlation across them.

Kemp's Flowmon product family stands out as the entire portfolio can be managed from its Flowmon Monitoring Center (FMC). This provides a single pane of glass that both NetOps and SecOps can peer through to gather a wealth of information ranging from diagnostics, performance and capacity planning to incident investigation, cyber threat detection and encrypted traffic analysis.

We are reviewing the Flowmon Collector appliance, which is a dedicated platform for the collection, long-term storage and analysis of NetFlow, IPFIX and sFlow data. It includes an integral Flowmon Probe which natively collects L2/L4 information, while Flowmon's IPFIX extension adds essential L7 statistical data.

The appliance is available as hardware rackmount models, can be deployed on cloud services such as AWS, Azure and Google Cloud Platform and virtualised on VMware, Hyper-V and KVM hosts. We opted for the VMware version, deployed the OVF template on our VMware vSphere host in five minutes and, to monitor all the lab's network traffic, moved the Probe monitoring ports to separate vSwitches and dedicated physical adapters with promiscuous mode enabled and connected to switch span ports.

From the Flowmon Configuration Center (FCC) web console, we viewed the appliance's system and storage status and for the monitoring ports, ensured their flow export target was the local host. The Collector supports third-party flow generators which just need their target IP address set to the Collector's management ports.

Once the Collector and Probe are configured to your requirements, flow storage quotas have been applied and management access secured, you can move over to the FMC console. From here, you can manage all flow sources, view traffic graphs for each one and drill down for more detailed information by selecting any part of the graphs.

From the Analysis section, you view flow data graphs, choose a time slot and pick the channels and protocols you want to see. Right click on the portion of interest and a pop-up context menu offers 26 query options, ranging from IP-to-IP or port-to-port conversations and L7 applications to host OSs, VLAN labels and source or destination MAC addresses.

FMC provides tools for creating email and SNMP trap alerts for specific events, viewing active devices (handy for spotting BYOD activity) and pulling up all details on VoIP calls. Reporting is extensive and we particularly liked the Chapters option, which combines profiles and source data channels to present information on anything from top talkers and problematic connections to L7 analysis for specific service usage.

The Dashboard and Report console presents remarkable levels of information and its dashboard can be customised with an extensive range of widgets. It's incredibly easy to use and we had our first dashboard created without any reference to the manual.

Adding new dashboard elements is a simple four-click process as the configuration page provides 34 predefined widgets ranging from service, mail and database protocols to operating systems, browsers, G-Suite and Microsoft 365. If you've created custom Channels from the FMC console, these will appear in the widget menu for addition to the dashboard.

Kemp Flowmon is ideal for NetOps and SecOps teams as it amalgamates every network monitoring function into a single unified platform. The Flowmon Collector delivers complete visibility into network performance while security can be augmented with Kemp's Anomaly Detection System, Application Performance Monitoring and on-demand full packet capture analysis. NC

Product: Flowmon Collector
Supplier: Kemp Technologies
Web site: www.flowmon.com
Sales: sales@kemp.ax