Upload File

distributing and stacking endaceprobes with endacefabric

  • Home
  • Documents
  • Distributing and Stacking EndaceProbes with EndaceFabric
3
endace.com page 1 END_sb_distributing_and_stacking_endaceprobes_with_endacefabric_1.0_0119 © Copyright Endace Technology Limited, 2019. All rights reserved. Information in this data sheet may be subject to change. SOLUTION BRIEF Combining lossless, high-speed packet capture with the ability to host a wide range of network security and performance analytics solutions, EndaceProbes give customers the freedom to deploy their choice of best-of- breed network security and performance analytics solutions on a common hardware platform. To enable SecOps and NetOps teams to rapidly remediate security events, performance issues or network problems, a network recording solution must be able to: monitor any network link, of any speed monitor various points throughout a network - which may be global in scale enable visibility into encrypted traffic provide the ability to quickly and easily search for packets of interest anywhere across the network. The EndaceFabric architecture makes this all possible. EndaceProbes can be deployed at various points throughout a network to provide a network-wide fabric that delivers centralized visibility. The architecture also enables groups consisting of multiple EndaceProbes to be “stacked” to create logical EndaceProbes capable of massive throughput and capacity. Stacking also increases the hosting capacity available for deploying third-party network security and performance analytics solutions. This document gives an overview of the EndaceFabric architecture and two of its key components, EndaceCMS™ and InvestigationManager™, and shows how this architecture can scale to enable sustained recording at 100Gbps and beyond, with capacity to store weeks or months of network history. The challenge for SecOps teams Fast and effective response to security and network performance issues means being able to see what’s happening on the network, and quickly identifying the root cause of issues when they are detected. With surety. To become truly agile and responsive, global organisations proactively capture and record network traffic so they can identify and respond to issues quickly and efficiently. Bandwidth explosion, global footprints and the need to record up to a month of network history have driven Endace to develop the EndaceFabricarchitecture and EndaceProbestacking with lightning-fast, global search. How stacking can address this challenge Over the last decade, Endace’s EndaceProbe™ Analytics Platforms have earned a reputation for high-performance and reliability. They are available in a range of models to suit deployments from the edge to the core of the network, with the new, petabyte-capable 9200 Series setting new industry benchmarks for throughput, capacity and affordability. Distributing and Stacking EndaceProbes with EndaceFabric Enabling rapid, centralized investigations across a fabric of globally distributed EndaceProbes and leveraging the scalable architecture of EndaceFabric to create logical EndaceProbes with massive throughput and capacity EndaceCMS Single EndaceProbe Single EndaceProbe Logical EndaceProbe (Stack) Logical EndaceProbe (Stack) InvestigationManager(s) Diagram 1. EndaceFabric Architecture

Upload: others

Post on 29-Apr-2022

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Distributing and Stacking EndaceProbes with EndaceFabric

endace.compage 1END_sb_distributing_and_stacking_endaceprobes_with_endacefabric_1.0_0119

© Copyright Endace Technology Limited, 2019. All rights reserved. Information in this data sheet may be subject to change.

SOLUTION BRIEF

Combining lossless, high-speed packet capture with the ability to host a wide range of network security and performance analytics solutions, EndaceProbes give customers the freedom to deploy their choice of best-of-breed network security and performance analytics solutions on a common hardware platform.

To enable SecOps and NetOps teams to rapidly remediate security events, performance issues or network problems, a network recording solution must be able to:

• monitor any network link, of any speed

• monitor various points throughout a network - which may be global in scale

• enable visibility into encrypted traffic

• provide the ability to quickly and easily search for packets of interest anywhere across the network.

The EndaceFabric architecture makes this all possible. EndaceProbes can be deployed at various points throughout a network to provide a network-wide fabric that delivers centralized visibility. The architecture also enables groups consisting of multiple EndaceProbes to be “stacked” to create logical EndaceProbes capable of massive throughput and capacity. Stacking also increases the hosting capacity available for deploying third-party network security and performance analytics solutions.

This document gives an overview of the EndaceFabric architecture and two of its key components, EndaceCMS™ and InvestigationManager™, and shows how this architecture can scale to enable sustained recording at 100Gbps and beyond, with capacity to store weeks or months of network history.

The challenge for SecOps teamsFast and effective response to security and network performance issues means being able to see what’s happening on the network, and quickly identifying the root cause of issues when they are detected. With surety.

To become truly agile and responsive, global organisations proactively capture and record network traffic so they can identify and respond to issues quickly and efficiently. Bandwidth explosion, global footprints and the need to record up to a month of network history have driven Endace to develop the EndaceFabric™ architecture and EndaceProbe™ stacking with lightning-fast, global search.

How stacking can address this challengeOver the last decade, Endace’s EndaceProbe™ Analytics Platforms have earned a reputation for high-performance and reliability. They are available in a range of models to suit deployments from the edge to the core of the network, with the new, petabyte-capable 9200 Series setting new industry benchmarks for throughput, capacity and affordability.

Distributing and Stacking EndaceProbes with EndaceFabric

Enabling rapid, centralized investigations across a fabric of globally distributed EndaceProbes and leveraging the scalable architecture of EndaceFabric to create logical EndaceProbes with massive throughput and capacity

EndaceCMS

Single EndaceProbe

Single EndaceProbe

Logical EndaceProbe

(Stack)

Logical EndaceProbe

(Stack)

InvestigationManager(s)

Diagram 1. EndaceFabric Architecture

Page 2: Distributing and Stacking EndaceProbes with EndaceFabric

endace.compage 2END_sb_distributing_and_stacking_endaceprobes_with_endacefabric_1.0_0119

© Copyright Endace Technology Limited, 2019. All rights reserved. Information in this data sheet may be subject to change.

SOLUTION BRIEF

InvestigationManager is designed to be used by analysts performing investigations and offers network-wide search and visualization from a single pane of glass.

At the heart of InvestigationManager is EndaceVision™, a built-in, browser-based investigation tool that allows analysts to select data sources from multiple EndaceProbes and analyze recorded traffic from all these sources simultaneously. EndaceVision provides a variety of data visualization tools, including traffic breakdowns, top talkers, flows and conversations. Users can drill-down by time, user, server, protocol, application, or a variety of other attributes.

Once they have identified the ‘packets of interest’ relevant to a particular investigation analysts can view these packets directly in a Wireshark UI – removing the need to download large packet capture files across the network to a local host for analysis.

Multiple instances of InvestigationManager can be deployed as required – increasing the number of investigations that can be conducted simultaneously by different users. InvestigationManager instances are deployed as virtual appliances and have a no-cost license.

Introducing EndaceFabricTo ensure end-to-end visibility across the network, EndaceProbes are typically deployed in various locations, often at points of interconnect with the public internet, subnetworks, branch offices and private data centers.

Endace created the EndaceFabric™ architecture (see Diagram 1) to solve the challenge of managing large numbers of distributed EndaceProbes and performing investigations that span multiple physical EndaceProbes at the same time. An EndaceFabric consists of multiple physical and/or virtual EndaceProbes, managed by EndaceCMS, with network-wide investigation, search and data-mining provided by instances of InvestigationManager.

EndaceCMS is designed for Operations and/or IT staff. It enables central management of a fabric of physical and virtual EndaceProbes and InvestigationManager instances. EndaceCMS allows administration functions - such as user administration, remote software upgrades and remote configuration - to be performed on multiple appliances simultaneously. An instance of EndaceCMS can be used to manage a fabric of appliances and may be deployed as either a physical or virtual appliance.

A single needle-in-a-haystack search for specific packets-of-interest across a hundred EndaceProbes and a hundred petabytes of recorded packet data can take less than a minute, with interim responses from individual EndaceProbes being displayed in InvestigationManager as they complete. See Diagram 2.

Distributed Processing for Amazingly Fast SearchDue to the distributed, parallel nature of the EndaceFabric architecture, searches can be conducted on a hundred EndaceProbes simultaneously in much the same time as it takes to perform a search on a single EndaceProbe. InvestigationManager queries each EndaceProbe involved in the search and consolidates the results, distributing the workload.

Initiate search

Receive Results

Analyst Investigation Manager

EndaceProbeQuery

Response

Query

Response

Query

Response

EndaceProbe

EndaceProbe

Query

Response

EndaceProbe(s)

Diagram 2. EndaceFabric’s Horizontally Scalable Architecture Enables Amazingly Fast Search

Page 3: Distributing and Stacking EndaceProbes with EndaceFabric

endace.compage 3END_sb_distributing_and_stacking_endaceprobes_with_endacefabric_1.0_0119

© Copyright Endace Technology Limited, 2019. All rights reserved. Information in this data sheet may be subject to change.

For more information on the Endace portfolio of products, visit:

endace.com/products

For further information, email: [email protected] Endace™, the Endace logo, DAG™ and Provenance™ are registered trademarks in New Zealand and/or other countries of Endace Technology LimitedOther trademarks used may be the property of their respective holders. Use of the Endace products described in this document is subject to the Endace Terms of Trade and the Endace End User LicenseAgreement (EULA).

SOLUTION BRIEF

How “Stacks” Work A Network Packet Broker supporting the required line rate (e.g. 100GbE) is used to load balance traffic from a TAP or SPAN port across each EndaceProbe in a stack. The Network Packet Broker may also be used to decrypt encrypted traffic before forwarding to the EndaceProbes for recording.

Searches and investigations are performed using InvestigationManager, selecting each EndaceProbe in the stack as a data source. In effect, InvestigationManager presents a stack, or even an entire fabric of

Diagram 3. Stacking EndaceProbes

EndaceProbe EndaceProbe EndaceProbe EndaceProbe(s)

Network Packet Broker

Monitored Link

e.g 100GbETAP

Up to 40GbE Up to 40GbE Up to 40GbE Up to 40GbE

Conclusion The EndaceFabric architecture enables almost unlimited recording speed and capacity, scalable hosting and high-availability. EndaceProbes can be grouped or stacked to support sustained recording speeds of 100Gbps and beyond, and to provide storage capacity sufficient for months of full packet data.

As needs change, an EndaceFabric can be easily extended by incrementally adding more EndaceProbes to the stack to accommodate higher speed recording, increase hosting capacity, or provide deeper storage to enable network history to be retained for longer.

The following documents can be downloaded from the Endace Support Portal (https://support.endace.com) or obtained from your Endace sales representative. They provide further detail on how to deploy a fabric of EndaceProbes and EndaceProbe stacks, including architectural considerations, sizing parameters and hardware and software requirements.

• Technical brief: EndaceFabric Design Guidelines

• Technical brief: Design Guidelines for Stacking EndaceProbes

EndaceProbes, as a single logical EndaceProbe. For analysts, the UI and workflow are practically identical to performing an investigation on a single EndaceProbe.

For ultra-high availability and hitless software upgrades, stacks may be deployed with N+1 redundancy so there is sufficient throughput and capacity even in the unlikely event that a hardware failure takes one of the EndaceProbes offline.


3D Logarithmic Interconnect : Stacking Multiple L1 Memory Dies … · 2015-07-28 · memory dies and create different height stacks with identical dies, ... 3D Stacking with 4 stacked

LED notched fibre distributing system QMB1 with HBU2 test

Distributing Matrix Computations with Spark MLlibstanford.edu/~rezab/slides/reza_mllib_maryland.pdf · 2014-10-22 · Distributing Matrix Computations with Spark MLlib. A General

COMMERCIAL AND INDUSTRIAL FREE STANDING COILS · 2016. 1. 22. · (1) STEAM AND STEAM DISTRIBUTING (1) STEAM DISTRIBUTING (SAME END CONN.) STEAM DISTRIBUTING (WITH TWO SUPPLIES) SUPPLY

Project: Stacking and sorting toy plan Page 1 of 12 ...€¦ · Project: Stacking and sorting toy plan Page 1 of 12 Stacking and sorting toy With this free plan you can make a Stacking

COUPLING FOCUS STACKING WITH PHOTOGRAMMETRY TO ILLUSTRATE ... N18/Pdf/JPT_n018... · COUPLING FOCUS STACKING WITH PHOTOGRAMMETRY TO ILLUSTRATE SMALL FOSSIL TEETH ... megapixel APS-C

Stacking up with OpenStack: Building for High Availability

Microsoft SQL Server Distributing Data with R2 Bertucci

Higher Revenue with the Same Demand: Distributing Bidders

RACK SUPPORTED STACKING SYSTEM WITH … SUPPORTED STACKING SYSTEM WITH INTEGRAL CRANE MANUAL 32 R3 ... engagement design, ... systems all comply with the Crane

Verb Specification Guide - Steelcase - Office Furniture ... · PDF fileChevron Tables 8 Team Tables ... Verb Specification Guide ... Stacking Stacking Stacking L Stacking T Stacking

Nonconvex Rigid Bodies with Stacking - University of British Columbia

inst - Speed Stacks Store (Sport Stacking) · PDF file · 2017-05-17timing device of the World Sport Stacking Association (WSSA) and combines a precision Timer with an optimum stacking

Stacking Battery Energy Storage Revenues with Enhanced ... · 1 Stacking Battery Energy Storage Revenues with Enhanced Service Provision P. V. Brogan1*, R. Best 1, J. Morrow1, R

Pallet racking systems – a stacking system with limitless ... · Pallet racking systems – a stacking system with limitless versatility SSI SCHAEFER’s pallet racking sys-tems

COUPLING FOCUS STACKING WITH PHOTOGRAMMETRY TO ILLUSTRATE ... N18/Pdf/JPT... · COUPLING FOCUS STACKING WITH PHOTOGRAMMETRY ... Coupling focus stacking with photogrammetry to illustrate

Ryerson University CPS8304 1 Distributing Computing with Java

Palletization Method for Oversized Part Stacking with an

Jenfold Tematic Pro - Jensen-Group · The Tematic Pro is available with a range of stacking conveyor solutions. 11 Stacking directly on a conveyor Stacking directly on a conveyor

Available Finishes€¦ · Hutch Unit: 19.75” x 90.75” Bullet Top Workstation with Stacking Bookcase Shown in: Auburn 108.5” x 106.5” COVER: Bullet Top Workstation with Stacking

Biodegradable Mg–Zn–Y alloys with long-period stacking ... · PDF fileBiodegradable Mg–Zn–Y alloys with long-period stacking ordered structure: Optimization for mechanical

Stacking MailGuard with Microsoft Office 365 VA › hubfs › Stacking... · MAILGUARD HELP DESK: Stacking MailGuard with Office 365 3 4. To create a new Inbound Connector, select

Low-Cost 3D Chip Stacking with ThruChip Wireless Connectionsweb.stanford.edu/class/ee380/Abstracts/141022-slides.pdf · 2014-10-22 · Low-Cost 3D Chip Stacking with ThruChip Wireless

Focus Stacking with only Photoshop Elements · Focus Stacking with only Photoshop Elements Focus stacking means the use of multiple exposures focussed at slightly different planes

Creating and Distributing Mobile Web Applications with PhoneGap

Stacking With Auxiliary Features · 2018-01-08 · Stacking With Auxiliary Features Nazneen Fatema Rajani Dept. Of Computer Science University of Texas at Austin [email protected]

180 DINING / SEATING - 180.… · Stacking Chair with Arms Stacking Lounge Chair Stacking Lounger Starting with a simple chair, the no-nonsense lines of 180 have the hallmark of a

Entity Centric Coreference Resolution with Model Stacking

An Overview of Distributing Data with Geodatabasesdownloads2.esri.com/.../ArcGISServer_DistributingData_nov2007.pdf · An Overview of Distributing Data with Geodatabases J-9546 October

Stacking policy for solving the container stacking problem ...ils2016conference.com/wp-content/uploads/2015/03/ILS2016_SC03_4.pdf · Stacking policy for solving the container stacking

Distributing Matrix Computations with Spark MLlib

Distributing Testing and Test Reporting with Selenium

Supplemental Information Stacking Microfluidic Systems 3D ... · Supplemental Information 3D-Printed Flow Distributor with Uniform Flow Rate Control for Multi-Stacking Microfluidic

Distributing data sessions: supporting remote ...eprints.lse.ac.uk/41895/1/Distributing_data_sessions(lsero).pdf · Distributing Data Sessions: Supporting remote collaboration with

Stacking Chair · 2020-07-08 · MN5000S Monaco Stacking Chair - Poly Seat MN5000P Monaco Stacking Chair - Upholstered Seat 8050 Monaco Stacking Chair Storage Dolly Also available