• No results found

VSS - Game Changing Technology

N/A
N/A
Protected

Academic year: 2021

Share "VSS - Game Changing Technology"

Copied!
23
0
0

Loading.... (view fulltext now)

Full text

(1)

VSS - Game Changing Technology

Dean Beaver

(2)
(3)

Danaher..The Best Kept Secret

(4)

What is a Network Packet Broker?

4

Network packet brokers solve the visibility challenge by easily scaling with your network

and delivering only the traffic you need to see.

“The use of network packet brokers (NPBs) allows better visibility into and longevity of tool investments

spanning network application monitoring (NPM), application performance monitoring (APM), security,

network forensics and other monitoring technologies that require packet data.”

Gartner (4/2012)

NPB’s : Fault-tolerant Design, 100% Uptime, Unparalleled Scale

More

Tools

Need

Access

Visibility

Scalability

Cyber

Security

Tool

(5)

Network Packets

Today

Evolution of NPB – Growing Need

5

© 2003-2013 VSS Monitoring. All rights reserved.

NPB Improving Network Intelligence, Lower TCO, Better ROI

NPB Analyzer Tools Business Intelligence Network Packets

Future

Network Packets

3

optimized, focus on core Analyzer performance analytic functions Analyzer + NPB = Total Solution Shifting packet optimization functions toward NPB

2

1

Business Intelligence Business Intelligence

(6)

Optimize Tools

Reduce tool clutter

Capture

Groom and Filter

Better Visibility

Scalability

Fault Tolerence

Media Conversion

Better NW Access

Value of a Network Packet Broker

Network Infrastructure Service Provider Apps Database DC Core Enterprise Data Center Network Performance & Security Monitoring Applications DLP IPS APM VoIP Analyzer Data

Recorder Interception Lawful

(7)

VSS is a Different NPB Solution

Network Infrastructure Service Provider Apps Database DC Core Enterprise Data Center Network Packet Brokers Network Performance & Security Monitoring Applications DLP IPS APM VoIP Analyzer Data

Recorder Interception Lawful

What We Do

 NPB +, Any Packet to Anywhere in your network

What We Enable

 E2E visibility for converged networks. Big Data problem.

 Active/in-line monitoring and threat protection

 High availability, Self-Healing

Why We Win

 Unparalleled scalability, Virtual 4000+ port chassis

 Game changing technologies

 System approach vs. Silo

(8)

The NPB Opportunity

Growth across enterprise segments

Mobile Service Assurance VOIP/IPTV Monitoring Bandwidth Optimization (55%)* Application / Network Performance Mgmt Latency Monitoring VOIP Monitoring WAN Optimization (19%)* Lawful Interception Policy Control DDOS Prevention Data Compliance (5%)* Network Forensics Intrusion Prevention Web Security Malware Protection Data Compliance (21%)*

Service Provider

Enterprise

Network

Performance

Driven

Network

Security

Driven

~$360M

2012

2017

~$800M 22%+ CAGR

Total NPB

Core NPB NPB+ (virtualization, SDN, Direct to Storage) 8 * Indicates distribution of VSS 2013 YTD Revenue

(9)

Robust Partner Ecosystem

Internal Use Only | 9

Security / DPI

Service Provider Enterprise Security Enterprise A/NPM

Network Infrastructure Network Monitoring/ Security Applications Network Packet Brokers (NPBs)

(10)

VSS Monitoring = Technology Leadership

10

Customer

V

alue

BASIC INTERMEDIATE ADVANCED

Network Taps

Bypass

1

st Gen T

AP

Active, Inline Aggregation

L2-L7 Grooming

Time/Port Stamping

Protocol Stripping

Microburst Protection

De-Duplication

Di str ib uted T AP

Broadest Feature Set

Unparalleled Scalability

© 2003-2013 VSS Monitoring. All rights reserved.

VSS Monitoring is the only NPB maker to use Port-based Hardware Acceleration, which lets

customers achieve higher performance rates for a wider range of use cases.

Tool Chaining

vSlice

vCapacity

GTP Load Balance

Fragment Reassembly

Dynamic DPI

vMesh

(Self-healing Fabric)

IMSI Balancing

Port HW Acceleration

Ne twork P acket B roker

vNetConnect

(Virtual)

vSpool

(Direct to Storage)

(11)

Traditionally, the audit trail is …

11

© 2003-2013 VSS Monitoring. All rights reserved.

Spooled directly to hard drives on tools

DLP IPS APM NPM Forensics

(12)

Write to Disk – vSpool

12

© 2003-2013 VSS Monitoring. All rights reserved.

Traditional Probe Deployment

vSpool Implementation

Multiple Probe Types Vendor Neutral

Proprietary Hardware Standard Infrastructure

Applications

 Stock exchange

 Data compliance & audit

 Network forensics

 Subscriber intelligence & data monetization

Solution

1. Spool network data (PCAP) directly to common

storage infrastructure

2. Centralize storage - Store once, analyze many

3. “Virtualize” monitoring tools.

4. Scale beyond on-board storage

Existing Storage Servers

DLP IPS APM NPM Forensics

(13)

Use Case 1: VSS Node to NAS

13

(14)

Security & Monitoring Infrastructure Today

14

© 2003-2013 VSS Monitoring. All rights reserved.

Distributed Denial of Service Secure Web Gateway Advanced Persistent Threat NextGen Fire Wall Intrusion Prevention System

Security Event &

Incidental Management Forensics

Application Performance Monitor Network Behavior Analysis Data Loss Prevention Intrusion Detection System Lawful Intercept DATACENTER Apps Databases DC Core Branch A Branch B Customer

Security & Forensics Tools

compete for network access

• Unable to keep up with

network speeds

• Add unnecessary

complexity and risk

(15)

Optimize Tool Performance

 Speed/Media conversion

 L2-L7 traffic grooming

 Load balancing / Asymmetric Routing support

Security Service Assurance

 High availability for tools

 Fault tolerance for tools & networks

 Custom health-checks

 Thresholds, alerts & auto triggers

Defense-in Depth-Architecture

 Security-in-Series – Security Service Chaining

 Add defense layers on-demand

 Minimize network re-instrumentation

 Decrypt Once; Feed Many tools

16

© 2003-2013 VSS Monitoring. All rights reserved.

NGIPS Filter & Flow Balancing Filter & Flow Balancing (Passive) Filter

Segment A Segment A Segment B Segment B Security Analytics Anti APT / ATA

SSL Clear Txt

Transparent

SSL Proxy

Network Packet Brokering (NPB) vProtector

With VSS - Simplified Design and Deployment for

(16)

Value Proposition:

 Optimize traffic delivery to any & all security monitoring tools

 Centralize monitoring tools

 Support multiple 1/10G tools in multiple 1/10/40G segments

 Full network visibility

 Unlimited scalability

 Self-healing data delivery fabric

 Maximize ROI from tool investments

vMesh™ – A Unique Fabric Approach to NPB

17

© 2003-2013 VSS Monitoring. All rights reserved.

Distributed Denial of Service Secure Web Gateway Advanced Persistent Threat NextGen Fire Wall Intrusion Prevention System

Security Event &

Incidental Management Forensics

Application Performance Monitor Network Behavior Analysis Data Loss Prevention Intrusion Detection System Lawful Intercept

ACTIVE TOOLS PASSIVE TOOLS

(17)

Silo vs. System View of the Network

18

© 2003-2013 VSS Monitoring. All rights reserved.

(18)

Silo vs. System View of the Network

19

© 2003-2013 VSS Monitoring. All rights reserved.

(19)

vStack over IP Cloud-Ready Monitoring

© 2003-2013 VSS Monitoring. All rights reserved.

VSS Solution

 Centralized tool farm

 Secure data encryption (AES)  Scalable to any number VSS

devices

 Time sync over NTP, GPS, PTP

 “Probeless monitoring” across domains/WAN

Challenges  Tools silos  Tools congestion

 Management overhead (Opex)  Visibility across network

domains

 Need to ensure SLA of cloud services 20 Datacenter A Corporate Client HQ Branch Site Datacenter B Monitoring Tools NOC WAN Cloud Services

(20)

Manage all VSS NPBs

Bulk software updates

Drag & drop

Topology & rule mgmt from single pane

Any location

Virtualize Traffic access

Vmware and Cisco

Benefits:

Simplified device mgmt / lower TCO

All VSS brokers supported & incorporated

in topology

Any packet anywhere, anytime

vMC™: Manage from Network-wide Perspective

22

(21)

Total Visibility with vNetConnect

23

© 2003-2013 VSS Monitoring. All rights reserved.

Virtual Workloads

Agentless visibility into East-West traffic

Uses virtual server to connect traffic to

monitoring tools outside vEnvironment

Programs vMesh traffic grooming and

mapping for seamless SDM

(22)

VSS vMC Integration with VMware vCenter

(23)

Value Proposition:

 Write traffic once, read by many tools

 Centralized data collection capability

 Tool visibility into remote locations/traffic without remote tools

 High availability enterprise wide, Self-healing

 Maximize ROI from tool investments (1GB tool in 10GB NW)

 Inline/Passive interchangeability and line rate grooming

 Virtual traffic visibility without an instance or agent

 Virtual chassis with over 4000 ports and growing

VSS – Game Changing Technology

25

© 2003-2013 VSS Monitoring. All rights reserved.

Tool Chaining

vSlice

vCapacity

GTP Load Balance

Fragment Reassembly

Dynamic DPI

vMesh

(Self-healing Fabric)

IMSI Balancing

Port HW Acceleration

vNetConnect

(Virtual)

References

Related documents

The HRQOL scores of manual workers are higher than those of mental workers and the unemployed; women's HRQOL scores are lower than men's; HRQOL scores of those who have a

Software-defined networking (SDN) is already changing the data center network, but now the technology could redefine other parts of the network, as well as the network

If we are to understand why ethnicity means more in one place than another, why some identifications matter more than others to their bearers, and why the 'same' identification

In category A, the backgrounds due to misidentified leptons are derived from data and the associated systematic uncertainties are calculated by propagating the uncertainties in the

Data Center Organization Enterprise Infrastructure services Technical services System administration Database administration Web Messaging Network services Data Center

Developing a partnership with a help desk provider to help you handle your reactive customer support will add more services to your line card, increase your engagement with

Equally at home in the enterprise network, or demanding service provider metro networks, EPSR provides a solution that meets the modern network requirements of high bandwidth

Microsoft Volume Shadow Copy Service (VSS) supports SQL Server database backup and recovery to simplify data protection and ensure high availability and data integrity. VSS