Application Visibility Overview
Contrail Service Orchestration (CSO) supports application visibility, a feature that enables you to protect your network against application-level threats.
The feature provides security management information such as the type, bandwidth consumption, and behavior of applications running on your network. As the SP administrator, OpCo administrator, or tenant administrator with the required tenant-level privileges to access the Application Visibility page, you can use this information to identify application-level threats to your network. For example, you can identify threats posed by applications that consume excess bandwidth and cause data loss due to network bandwidth congestion. You can also control the applications at a granular level by managing the type of traffic allowed to enter or exit the network.
You require application visibility because it helps you overcome the various challenges faced by your network. For example:
Web-based applications use nonstandard ports and encryption, which make effective management of traffic flows challenging.
Applications such as social networking, peer-to-peer file sharing, and Webmail change their communication ports and protocols dynamically, or tunnel within other commonly used services such as HTTP or HTTPS, to avoid traditional security mechanisms. This makes the implementation of access control challenging.
Benefits of Application Visibility
Traffic management―Application visibility provides insight into applications running on the network. You can analyze applications running on the network for performance and assurance. In addition, you can define application policies to steer and control applications, on a granular level, to meet Service-level Agreements (SLAs).
Network threat protection—Use application visibility to identify application-level threats based on the risk level of each application running on the network. You can then mitigate these threats by adding appropriate firewall policy intents to allow, restrict, or block network access to applications.
Effective bandwidth management―Application visibility provides information about the bandwidth consumption of each application running on the network. You can use this information and rate-limit applications that consume excess bandwidth.