ebook - the case for scalability in large enterprise data centers

eBook: The Case for Scalability in Large Enterprise Data Centers

Sponsored by

The Case for Scalability in Large Enterprise Data Centers


Chapter 1: As Data Centers Grow, Network Monitoring is a Non-Starter Without the Right Architecture

What does the modern enterprise data center look like? In the case of Visa, one of the world’s largest financial services companies, it looks like this: a 140,000-square-foot, hurricane- and earthquake-proof building in a secret location along the East Coast, with 376 servers, 277 switches, 85 routers, 42 firewalls and 3,000 miles of cable.

When there are more than 15,000 different entities connecting to your network, you need power under the hood. For Visa, that power

comes from capacity, and you get to capacity only through a network architecture that is scalable.

The company has built a network with the ability to process up to 30,000 transactions at a time – far more than it has ever actually had to handle. It’s that capacity that allows Visa to process more than 200 million transactions a day and 2,500

each second.

If you’re counting, that adds up to somewhere in the neighborhood of up to 80 billion transactions a year, each one

requiring several types of monitoring and analysis as it flows through the network.

An extreme example? Perhaps, but such huge loads are getting more commonplace all the time – by necessity.

As we continue to create more and more data — by 2015 the digital universe will create approximately 10 zettabytes of data, 40 zettabytes by 2020 — demands are increasing on the enterprise data center. According to the Cisco Global Cloud Index, data center traffic will have tripled between 2012 and 2017, when global data centers will be handling 7.7 zettabytes of data annually.

That volume and the increasing velocity of information will present a problem for many companies that might already be struggling to monitor the traffic they have now. The simple reason: their network monitoring capabilities are not built to easily scale up.

2

eBook: The Case for Scalability in Large Enterprise Data Centers 3

Patched-Together Networks Can’t Scale

For many, the problem comes from the insufficient patchwork method used to construct the network. A small box here fixes one problem. A small box there fixes another. All done in a struggle for visibility on a network that’s growing too big and too fast for the network security group to handle.

Eventually, the network becomes like an old house that accommodates a slew of new appliances with a patchwork of overloaded extension cords and power strips. At some point, the circuits will overload and start to cause problems, or even fires. The homeowner is forced to start ripping out and replacing breaker boxes and outlets, all because his electrical system was not scalable.

The same goes for network monitoring. If you aren’t built to scale, your options later will be to patch things together or rip-and-replace. Building scalability into network monitoring systems can mitigate or solve three problems that chronically challenge enterprise data centers:

• A lack of 100-percent visibility: Traditionally, data centers have more ports to monitor than they have tools to do the job, and that presents unnecessary exposure to companies faced with meeting Service Level Agreements and government regulations. It used to be that gaining 100-percent visibility on all the data passing through a data center required more TAPs, SPANs and tools. That gets expensive in a hurry. What’s needed is an architecture and intelligent switching devices that allow network operations personnel to aggregate data and then precisely channel it to the appropriate monitoring tools so that no data is missed or dropped.


Patched-Together Networks Can’t Scale (cont.)

• Data center sprawl: Too often, monitoring is not part of a data center’s architecture from the beginning. It’s a patchwork of monitoring tools attached to TAPs and SPANs throughout the data center. That leads to an inefficient mess that is difficult to monitor from one place. What’s needed is a chassis that can accommodate your current monitoring needs – say 150 ports – and also has room for you to grow to a couple hundred ports or even a couple thousand.

• The rocky transition from 1G to 10G: As networks move from 1G to 10G speeds — and eventually to 40G and 100G speeds — data centers will be forced to buy new hardware if the ports on its monitoring switches aren’t able to handle the increase. That means downtime and network unavailability while those changes are made. But it’s not just switches. It’s also tools. Oversubscription of those tools — i.e. pushing several 10G (ingress) links to 1G (egress) tools — means dropped packets and lost visibility. What these data centers need is a monitoring switch that can address all needed input speeds ranging from 100M, to 40G and beyond, and provide the necessary performance to filter out the needed tool data in real time.


No industry is immune to being overwhelmed by data: financial corporations, telecom companies, shipping/logistics firms, retailers, pharmaceuticals, insurance, government, healthcare. All are vulnerable to becoming constrained due to scalability issues.

Instead of being able to add increased network monitoring capability as it’s needed, companies – because of limitations of the switches and architecture used to build their networks – are forced into large-scale and expensive changes.

Take the example of one regional bank holding company in the United States. The company needed to provide increased visibility of production traffic flows to a variety of monitoring and security tools at two separate data centers.

The company’s existing network monitoring setup consisted of a limited number of network TAPs feeding a monitoring switch. This system provided limited visibility and was not scalable, and thus could not address regular microbursts in network traffic. The architecture also generated substantial duplicate packets that the switch was not equipped to eliminate, creating challenges in monitoring and tool oversubscription that ultimately added to tool costs.

When the company was faced with a network expansion — a project requiring installation of new network TAPs and new port SPANs, adding a tremendous amount of data flow to the monitoring tools — the old switch simply couldn’t accommodate the load. It was time to rip and replace.

The company needed a solution that was scalable, one that had enough port and trunking capacity to handle the network growth the leaders knew was coming. It also needed to be intelligent, featuring advanced technology that allowed for multi-stage filtering, deduplication and other features that would help the network operate more efficiently.

Without those things, the company would find itself back in the same barrel in another few years. With those things, the company would be poised to grow without IT constraints.

All Industries Today Need to Consider Scalability


That’s what enterprise leaders must keep in mind: The need for network expansion is coming, sooner rather than later, and the needs will only continue to grow. Data centers will continue to be centralized and tool types will proliferate, leading to thousands more network monitoring points and many more filtering requirements.

The need to accommodate scalability in network monitoring will likely never end, so the wisest path is to plan for it now.

In the following pages, we’ll talk about ways to future-proof large enterprise networks with scalable solutions that provide total network visibility. That means starting with the right network architecture that listens to traffic in all the right places and employing switches that allow for expansion to handle ever-increasing volumes without losing any visibility.

Those switches also need to come with intelligent features, such as deduplication, packet slicing and time stamping, features that help with the difficult task of parsing the massive flow of packets and channeling each to the right tool for analysis – all at line rate and without losing critical data.

Enterprise Leadership Needs to RememberThat Scale is Only Increasing


Chapter 2: Network Architecture is the First Step to Scalability

You have to walk before you can run. It’s common-sense advice, almost cliché, but it’s true. Too often, we skip the preliminary steps needed to ensure success.

The same is true for network monitoring. Getting the most out of monitoring tools and achieving 100-percent visibility starts with making sure the

network is properly constructed. Network architecture is the first step to scalability.

Are the taps properly placed? Are the SPAN/Mirror sources configured to achieve total visibility for

security, application performance monitoring and network breakdown indicators? If the answer to either or both questions is no — and not just those questions, but if there are any inefficiencies anywhere in the network — then those issues need to be addressed first.

Network monitoring can’t be retrofitted as an afterthought. It needs to be designed in

conjunction with the network architecture. That means when someone designs the monitoring

system, the capabilities of the intelligent network monitoring switch allow for the creation of a system

that efficiently brings in data, manipulates it, and directs the required data — and only the required data

— to the proper tools.


Factors and Special Considerations

There are two things to keep in mind when building a network monitoring solution made for scalability. First is the physical, things such as hardware, data ports, capacity, bandwidth and throughput.

With a scalable solution, you should be able to easily add ports. Ideally, that will be done through blade extension, and that’s part of the value of finding blades and chassis that are interchangeable. Other strategies rely more on stacking and cabling between boxes, which is doable but leads to a reduction in capacity due to a loss in port availability. That’s part of the value of a solution like APCON’s IntellaFlex 3288-XR chassis. It gives a true 288 ports of non blocking connectivity.

A solution that relies on stacking and cabling leads to the second consideration that needs to be made when constructing a monitoring solution, and that’s provisioning and software management. Put simply, the more complicated you make the network monitoring solution, the more complicated it will be to manage and operate.

It’s a bit like a bicycle with a rider that has piled every available space with a box or a bag. The bike becomes hard to handle and everything is so precariously balanced that the chances of the bicycle getting where it’s supposed to go with everything intact is slim.

The same goes for a monitoring solution that’s patched or banged into place with brute force. A solution that consists of small boxes with low port count might patch a momentary need, but in the process of fixing one problem complexity has been added to the network. And complexity means there will be extra work in the configuration. It also makes it harder to manage growth. One small box leads to another small box leads to another small box.

Pretty soon, you have what looks like a stack of pizza boxes and amounts to a mess. The complexity continues to grow, and in the process of fixing one problem more have been created.


Centralized Monitoring Makes Better Use of Tools

Once the network architecture is put in place, the data needs to be distributed to the analysis tools. There might be reasons to do the monitoring on-site, but centralizing your monitoring to one location can allow you to realize some economies of scale.

Whether it’s a couple of different buildings on a campus or even data centers in different locations, centralization of monitoring can allow a company to save money by making the most use of the equipment and tools it already has in place instead of buying more.

The same is true in a large data center. Centralizing there also allows a business to use its tools more efficiently and effectively. This is where scalability becomes crucial, because without the number of ports needed to connect all the tools, you can’t share the tools effectively.

One consideration in sharing tools across organizations is to make sure user rights, security and user groups are in place. You want to be able to control access to these ports, especially those that go to, for example, a security tool. You might want members of your security group and no one else to access those ports.

Usability and efficient access to not only the switch but also the tools themselves is all part of scalability.


Scalability and simplicity seem to go hand-in-hand. An elegant, well-designed network architecture makes scalable network monitoring possible. But network architecture doesn’t come together without the right monitoring switch.

If you have a monitoring solution that can truly scale, from small data centers to large data centers, you don’t have to make ad hoc connections to route around things.

The right switch also helps engineers design for growth, another key to scalability.

A switch with small port count can look like an appealing solution. As we said earlier, it fills an immediate need. It might even do so in a cost-effective manner. But, other than cost savings, what are you really getting? You’re getting port limitations, switch configuration complexity, user interface difficulties, and a lack of ability to scale quickly.

Don’t just install the minimum port count you need today. Make sure your network monitoring switch can scale based on the number of connections you might need in the future. Make sure the switch has the ability to grow to 10G, 40G, 100G. That will minimize the amount of rework and re- architecture you’ll need down the line.

We’ll talk more about the characteristics of truly scalable network monitoring switches, including user-friendly provisioning and management capabilities, in our next chapters.

Why the Switch is Critical to Building the Right Architecture


Chapter 3: Leading Intelligent Monitoring Switches Enable Scalability

A lot of time has been spent talking about the right network monitoring architecture, the right network monitoring switch, and how together they can be combined for a scalable monitoring solution.

Obviously, not just any switch is the right switch. The right intelligent switch has features that help maximize capacity and make management as simple

as possible. It has features that allow network architects to avoid unnecessary complexities and the “pizza box” problem we

talked about earlier.


The right switch incorporates these key features:

Firmware management tools – A common management system provides for the distribution of updates out to switches. Engineers aren’t forced to go out and spend time loading the updates a switch at a time. From an operations perspective, this removes the headache of making sure that you have the right firmware load for the right switch. You can push one load or a limited number of loads out to the switches, making management infinitely easier.

Multiple, remote switch management – In addition to providing switch metrics — How much is each switch utilized? What’s the bandwidth threshold? — remote switch management makes several tasks simpler.

First, remote management eliminates the need to physically access the switch. For example, you might have a link issue that affects multiple

data centers. If you don’t have a remote switch management capability, you’re dependent on local staff to do the work,

meaning redundant effort.

Second, with automated trunking and best-route management through the switches, remote switch management simplifies

trunking and centralized capabilities. Engineers can tell the system, “I want to connect this tool to this data feed,” and the system will figure out the best path and be able to make those connections. No one has to go to three different switches and manually program each switch to make those individual hops and jumps.

12

Leading Intelligent Monitoring Switches Enable Scalability


Leading Intelligent Monitoring Switches Enable Scalability

Interchangeable port blades – Interchangeability is key to scalability because it reduces the number of different types of components you have, whether that’s the actual data blades themselves or the controller or power supplies or different modules that support the chassis. If the parts are interchangeable, it makes the monitoring system easier to support.

The other benefit of interchangeability — and this is a big one — is the ability to hot-swap in service. If a blade goes out, the spare can be installed and re-cabled without taking the whole system down.

Throughput capacity – Companies that aren’t using scalable monitoring switches must loop and connect boxes each time they ramp up to handle increased capacity. In doing that, they reduce the number of ports they can use to connect tools for data storage, collection or monitoring, thereby reducing throughput capacity.

It’s also important to be able to switch and connect tools at line rate. Connecting all your tools at line rate means a network doesn’t lose packets. Large amounts of data don’t have to be stored for later analysis, making the monitoring semi-real time.

Moving forward, as we evolve from 10G to 40G to 100G, it’s going to be increasingly important to make sure a switch’s advanced features — along with future packet modification and manipulation functions — are all integrated and performed at the blade level. Pushing advance features from the backplane to the ingress point — managing data at the edge — increases efficiency and scale.

Next, we’ll get more into the features that make today’s leading switches intelligent and help enhance the efficiency – and scalability – of monitoring power.


Chapter 4: Integrated Features Make Today’s Monitoring Switches ‘Intelligent’

For a network monitoring switch to be truly effective, it needs to be more than a traffic cop sending packets this way and that.

The switch also needs to be able to manipulate those packets so the tools see only the information they need. A switch needs to be able to recognize and remove duplicate packets. It needs to help make the most of your manpower and get maximum value from your tools.

That’s the kind of enhanced capability we mean when we talk about an intelligent network monitoring switch. It means the switch includes integrated, intelligent features that enhance your ability to keep tools running efficiently and achieve 100-percent visibility.

An intelligent switch manipulates the data stream to maximize your investment in monitoring tools. With features like multi-stage filtering, load balancing, packet manipulation (slicing, stripping, masking, deduplication, time stamping), an intelligent switch is doing much more than simply routing packets.

These features allow businesses to work smarter and more efficiently – and to achieve scalability.


Aggregation and Multi Stage Filtering

An intelligent network monitoring switch accepts network traffic from ports, mirror ports, passive and managed TAPs, and single port connections from switches, routers and any other device on a network. It also has the ability to connect to any number of network monitoring tools. And it uses intelligent packet aggregation and filtering to connect any number of data sources to your monitoring tools. Its design allows for low-latency aggregation of many data input sources to one or many outputs. And finally, it allows for connections, aggregation groups or multi-cast rules to be set up with simple point-and-click configuration management.

Even aggregated data, though, still has to be sorted, and that’s the job of multi-stage filtering. Multi-stage filtering allows network administrators to apply a preset group of tailored filters to aggregated data streams in a prioritized, systematic way. The filtering is done on ingress, improving switch efficiency and allowing for advanced features to be applied to filtered traffic, which leads to more accurate processing. Up to three levels, or stages, can be configured with a multi-stage filter. In response to each filter, data packets can be passed down the stack, passed to the next level of filtering, or passed out an egress port. This allows the administrators to precisely specify the destination of every packet passing through the switch, at full line rate with the assurance of no dropped packets.

Effective packet filtering in an APCON Series 3000 switch with IntellaFlex blades allows you to direct optimized data streams to any monitoring device on your network.


Trunking

Before 40G trunks, network operators would need to spend precious operational time, money and effort routing numerous 1G and 10G links to different aggregation switches and network analyzer tools in different locations.

With 40G trunking, companies can efficiently and effectively move much larger sets of data, in some cases the entire network, across a simple link, allowing them to expand the virtual capability and capacity of an aggregation switch.


Deduplication

Any network monitoring system that approaches total network visibility must deal with duplicate packets. Simply put, if your network is tapped in multiple locations and uses SPAN or Mirror ports to retransmit some or all production traffic to the monitoring system, your network monitoring switch will receive multiple copies of the same packet as it traverses your network. In some cases, up to 55 percent of traffic received at the network monitoring switch might be duplicate packets.

Duplication causes several problems if the network monitoring switch is not able to eliminate copies. The first and most pervasive issue is that tools such as network data recorders become overloaded, reducing their effective look-back time window. Over time, this load of duplicate packets results in unnecessary purchases of expensive tools.

Another issue: Duplicate packets make it difficult for application performance and network performance monitoring tools to reconstruct sessions

accurately, leading to errors when a user’s interaction can no longer be reliably recreated and reviewed.

To adequately serve APM/NPM tools and to maximize the efficiency of network data recorders and other time-based tools, duplicate packets must be identified and eliminated from the data stream. In a modern financial data center, this must happen in real time at full line rate of the network. An ultrafast, low-latency network monitoring switch with advanced intelligent network monitoring technology is required.


Management

To maintain maximum efficiency and complete visibility, switches must be monitored and managed. Obviously, it’s dramatically easier if that can be done from a central location.

With APCON’s TITAN EP graphic user interface, all network switch management can be done from one screen. Connections can be made. Filters can be applied. Utilization reports can be generated. Network professionals can manage any connection between data sources and tools.

Titan will instantly determine the optimal path from the data source to the target device and establish essential connections. The GUI also allows users to perform necessary switch maintenance, like running automatic switch backups, restore settings and firmware upgrades.

With all these capabilities rolled into a single intelligent network monitoring switch, networks can gain a leg up in the struggle for scalability.

eBook: The Fight for Full Network Visibility in a Dangerous World

Chapter 2: Leading Intelligent Monitoring Switches Enable Scalability

For a network monitoring switch to be truly effective, it needs to be more than a traffic cop sending packets this way and that.

The switch also needs to be able to manipulate those packets so the tools see only the information they need. A switch needs to be able to recognize and remove duplicate packets. It needs to help make the most of your manpower and get maximum value from your tools.

That’s the kind of enhanced capability we mean when we talk about an intelligent network monitoring switch. It means the switch includes integrated, intelligent features that enhance your ability to keep tools running efficiently and achieve 100-percent visibility.

An intelligent switch manipulates the data stream to maximize your investment in monitoring tools. With features like multi-stage filtering, load balancing, packet manipulation (slicing, stripping, masking, deduplication, time stamping), an intelligent switch is doing much more than simply routing packets.

These features allow businesses to work smarter and more efficiently – and to achieve scalability:

Chapter 5: Is Your Network Monitoring System Future-Proof?

19

Forty zettabytes, each one equal to one sextillion bytes. That’s the amount of data the world will produce each year by 2020.

In the face of that unimaginable wave, today’s enterprise faces a quandary. How do you simultaneously monitor what’s already a network-crushing amount of data while also building out a network monitoring system that can handle what’s ahead?

Or, put another way, how do you future-proof your investment? As you’ve seen, the only way is through scalability.

The first step is to construct a network architecture that’s designed from the outset to be monitored. The right architecture efficiently brings in the data, manipulates it, and directs the required data — and ONLY the required data — to the tools.

Without the right network design, engineers are forced to use a brute-force method of monitoring, purchasing dozens of tools and connecting each one to a single data source. That’s a solution that’s neither intelligent nor elegant. And, it’s not easily scalable.

Achieving scalability also means using switches that can do more than just route data to the right analysis tool. They also should be able to manipulate the data so that the analysis tools — often a significant investment in their own right — only get the data that they need, helping them operate at maximum efficiency. An intelligent switch will offer features like load balancing, deduplication, multi-stage filtering and packet manipulation.


Is Your Enterprise Network Ready for What’s Coming?

The question now is this: Are you ready? The data’s coming. Is your system set up in a way that you won’t drop packets and be able to maintain 100-percent visibility when traffic is 10 times what you face now?

If the answer is no, then your network isn’t future-proof.

APCON’s switches provide complete network visibility and improved network security tool and network monitoring tool performance. Our industry- leading aggregation and filtering technology and multi-switch management software minimizes network downtime and maximizes monitoring tool investments.

In addition, APCON’s scalable network monitoring solution allows enterprise data centers worldwide to feel confident that the investment they make in monitoring today isn’t one they will have to make again tomorrow.

With chassis and blades that are interchangeable, they can scale up capacity as needed so they stay ahead of the exponential increase in data loads that are coming.


APCON, Inc.9255 SW Pioneer CourtWilsonville, Oregon 97070 USATel: +1 503–682–4050Toll Free: 1–800–624–6808

Engineering Design Center501 W President George Bush Highway, Suite 100Richardson, Texas 75080 USA

E-mail: [email protected]

APCON, Inc. ▪ apcon.com ▪ +1 503–682–4050 ▪ 800–624–6808© 2014 APCON, Inc. All Rights Reserved.

@APCON ▪ company/APCON ▪ APCON is an Equal Opportunity Employer – MFDV14028-R1-0413

ebook - the case for scalability in large enterprise data centers

Documents