DATA SHEET. Riverbed Cascade Shark Family

Riverbed Cascade Shark Family

Overview

Riverbed understands packet capture and analysis better than any other company. Three leading innovators in this field – Steve McCanne, co-creator of TCPDUMP, Loris Degioanni, creator of WinPcap, and Gerald Combs, creator of Wireshark^® software – continue the advancement of Riverbed application-aware network performance management (NPM) solutions that today’s leading enterprise and government organizations rely upon for their IT performance needs.

When business-critical applications fail, the impact can be serious. Today’s IT operations and management teams need to be one step ahead with real-time, actionable information to identify and diagnose problems before the business is impacted.

Cascade Shark products not only alert on issues, but can also help diagnose where the problem is and what’s causing it.

Cascade Shark products provide rich visibility and information about application and network performance to enable smarter decision-making and faster, easier problem diagnosis.

Cascade Shark products are typically deployed wherever detailed real-time and historical analysis is needed, such as within the data center, headquarters or key branch offices. They can be used as an integral part of the complete Cascade visibility solu- tion or as a standalone troubleshooting solution

Comprehensive, Application-Aware Network

Performance Management

Businesses that need enterprise-wide visibility into network and application performance should turn to the Cascade application- aware network performance management suite. The Cascade product family enables proactive monitoring and troubleshoot- ing of application and network performance, automated discovery of applications and their dependencies, and delivers a consistent and reliable end-user experience.

Cascade Shark products are an integral component of the Cascade suite. They export summarized metrics derived from the packet data to the Cascade Profiler appliance for advanced behavioral analysis, monitoring, reporting, and alerting on application performance. Because the metrics from the Cascade Shark product are de-duplicated and integrated with flow-based data from other sources and stored in the same logical record, IT operators can streamline the troubleshooting workflow and accelerate the triage process.

DATA SHEET: Cascade Shark Family

Cascade Shark Family

Continuous, High-Speed Packet Capture,

Indexing, and Storage

The Cascade

Shark appliance from Riverbed

Technology provides continuous, high-speed

packet capture, indexing, and storage to ensure

that packet-level information is always available

for end-to-end performance monitoring and for

granular, real-time and back-in-time analysis.

Deploy in three ways for maximum coverage

– dedicated appliance, virtualized software, or

embedded functionality in Riverbed

Steelhead

WAN optimization products – Cascade Shark solu-

tions allow organizations to:

»  Accelerate application troubleshooting with

fast retrieval and analysis of packet and trans-

action data

»  Solve intermittent performance problems

without having to recreate them

»  Gain end-to-end visibility with continuous export

of application-enhanced metrics to the Cascade

Profiler console

»  Accommodate any monitoring requirement with

flexible storage capacity options

Key Benefits

Whether deploying Cascade Shark appliances, Virtual Cascade^® Shark, Steelhead appliances running embedded Cascade Shark functionality or any combination, the Cascade Shark family provides a powerful, easy-to-use, and cost-effective solution for monitoring and troubleshooting complex or intermittent performance and security-related problems, without having to transfer large files across the network. By continuously recording the packets traversing the network, rich troubleshooting details are always available when the IT staff needs them.

As a result, the Cascade Shark family saves time and money by helping IT troubleshoot problems faster, minimizing the effect downtime has on business productivity by reducing or avoiding business-stopping slowdowns or outages. It also enhances IT pro- ductivity by avoiding lost time waiting for problems to reoccur.

“I am not sure how the folks at Riverbed are index-

ing their traces, but it is night and day faster than

anyone else. I cannot begin to tell you how much

time this saves especially when on a high pressure

conference call with people breathing down your

neck wanting to know what the problem is. Riverbed

Cascade, keep it coming!”

Mike Canney, Principal Network Analyst, getpackets.com

OPTIMIZED BRANCH

INTERNET

WAN

Steelhead

Cascade Profiler, Sensor & Gateway Cascade Sensor-VE

Steelhead with embedded Shark functionality

PG

Cascade Shark products provide both packet capture and storage, and send application-enhanced metrics to Cascade Profiler for centralized analysis, monitoring, reporting and alerting. The Cascade Pilot analysis console provides direct access to packet-level details for back-in-time forensic analysis. Cascade Shark products are available in three species: Cascade Shark appliance, Virtual Cascade Shark software, and embedded Shark functionality on Steelhead WAN optimization products.

Cascade Shark Species

Cascade Shark products deliver scalable, high-performance packet capture, rapid indexing, and long-term storage, enabling real-time and back-in-time forensic analysis and reporting of network and security events across physical and virtual environ- ments. Cascade Shark species passively and non-intrusively monitor key network links to provide greater visibility into network-based application traffic.

The Cascade Shark family consists of three species:

s Cascade Shark appliances, which provide dedicated, continu- ous packet capture at 1GbE and 10GbE line rates

s Virtual Cascade Shark software, which provides simultaneous packet capture and flow export to monitor inter-VM within virtualized environments

s Embedded Cascade Shark functionality on Steelhead appli- ances, which provides on-demand packet capture for remote site troubleshooting at no additional cost

Cascade Shark appliances

Virtual Cascade Shark

Embedded Shark on Steelhead Continuous

capture 9 9 -

On-demand

capture 9 9 9

Packet indexing

for fast analysis 9 9 9

Flow export to

Profiler 9 9 -*

Analysis by

Cascade Pilot 9 9 9

Monitor live traffic with views &

watches

9 9 -

Runs in virtual

environment - 9 -

Disk space 4TB to 32TB 50GB to 2TB 15GB to 119GB Supports

real-time traffic (VoIP)

9 9 -

Table 1: Comparing the capabilities of the various Cascade Shark species.

*CascadeFlow export is performed by Steelhead appliance itself, not embedded Shark functionality.

Cascade Shark

Cascade Shark is a dedicated, continuous packet capture appliance capable of sustained line-rate, multi-gigabit per second recording, and storage of network traffic using high- performance 1GbE and 10GbE capture cards. Cascade Shark appliances are available in five models: the entry-level CSK 1100, the mid-range CSK 2100 and 2200, and the high-end CSK 3100 and 3200.

Cascade Shark Appliances

Size Storage NIC

Slots Capture Cards

CSK 1100 1U 4TB 1 2-port 1GbE card

or 4-port 1GbE card

CSK 2100 2U 8TB 2 Any combination of

2-port 1GbE card, 4-port 1GbE card or 2-port 10GbE SFP+

card Up to 2 NICs per

system

CSK 2200 2U 16TB 2

CSK 3100 3U 16TB 2

CSK 3200 3U 32TB 2

Table 2: Cascade Shark appliances are available in a variety of models for deploy- ment flexibility.

Virtual Cascade Shark

Virtual Cascade Shark is a software version of Cascade Shark that has been virtualized to run on VMware ESXi environments.

It taps into the virtual switch in an ESX hypervisor to monitor the performance of all inter-VM traffic. Virtual Cascade Shark software is unique in that it can simultaneously send summarized data to the Cascade Profiler console for analysis and reporting and continuously capture, index, and store full packet data on the local server or on a storage area network (SAN) for back-in- time analysis with Cascade^® Pilot software.

Virtual Cascade Shark software can also be used to “build your own” packet capture appliance. Leverage any virtualized server running VMware ESXi – such as an existing virtualized branch office server or a Cisco SRE blade on a Cisco Integrated Services Router (ISR G2) – to gain cost-effective remote visibility. Monitor branch LAN traffic by spanning from the switch to the physical NIC on the server in addition to monitoring intra-server (VM-to- VM) traffic.

DATA SHEET: Cascade Shark Family

“Because we capture and store all the traffic moving

through our two primary data centers, we always

have the information available whenever an appli-

cation team reports an issue. When this happens,

we go straight to Cascade to determine if anything

abnormal was happening at the time. Cascade helps

us quickly determine if it’s a network, server or

third-party issue.”

Network engineer, BlueCrest Capital Management stored packets

s Baseline virtual environment traffic analysis to identify abnormal changes in performance

s Monitoring for security threats

Virtual Cascade Shark Software VSK-00050 VSK-00200 VSK-00400 Packet Storage Up to 50GB Up to 1TB Up to2TB

Hypervisor VMware ESXi 4.1

vCPU 2

Memory 2GB

System Disk

Space 30GB

Capture Ports Up to 4

Management

Ports 2

Table 3: Virtual Cascade Shark software is licensed according to required storage space.

dispatch a technician.

Cascade Pilot software is used to schedule and initiate on- demand capture jobs on the Steelhead appliances. Packet data is indexed and stored directly on the Steelhead appliance. Storage is a fixed amount that varies according to Steelhead model (see Table 4 below). Just as with the Cascade Shark appliance, traffic is analyzed directly on the remote Steelhead using Cascade Pilot as the management and analysis console so that large trace files do not need to be transferred across the network. Trace files automatically appear in Cascade Pilot under the appropriate Steelhead probe and TCPDUMP folder.

Access to embedded Cascade Shark is password protected so that only users with TCPDUMP permission on the Steelhead appliance can access the packet capture functionality.

Packet Storage Capacity on Steelhead Appliances Steelhead

model

250 L/M/H

550 L/M/H

1050 L/M/H

2050 L/M/H

5050

L/M/H 6050 7050 L/M Packet

storage capacity

15GB 15GB 15GB 15GB 59GB 119GB 119GB

Table 4: Storage dedicated to embedded Cascade Shark functionality differs by Steelhead model.

Unique Capabilities

Some of the advantages that Cascade Shark provides over other packet capture and analysis solutions include:

Multi-gigabit per second ethernet traffic capture – Cascade Shark includes Shark Packet Recorder, which is capable of continuous, reliable recording of multi-gigabit per second network traffic to disk. Shark Packet Recorder is a customized dump-to-disk utility based on the 1GbE and 10GbE capture cards and a specially designed RAID-enhanced packet storage system.

Distributed analysis – Cascade Pilot software analyzes trace files directly on remote Cascade Shark products, eliminating the need to export large trace files across the network for local analysis.

Only the results of the analysis (called “views”) are sent to Cascade Pilot. Once the data has been refined and the packets of interest identified using Cascade Pilot, only that small subset of packets need be sent over the network to Wireshark for decod- ing. Distributed analysis also means that when the network is experiencing issues, Cascade is not part of the problem.

Smart packet indexing – Packet metadata, called microflows, provides efficient real-time indexing of packets. It enables users to quickly search terabytes of data and provides a seamless transition between flow-based information in Cascade Profiler and packet-level information in Cascade Shark. Smart indexing of packets accelerates troubleshooting, reducing the time it takes to identify and diagnose complex performance issues.

Selective recording – The option to record all or just a portion of the packet payload is important for meeting compliance with many regulatory initiates, such as HIPAA or PCI DSS; it can also extend the amount of packet data that can be stored and the length of time it is available for analysis.

Multiple capture jobs – The ability to perform multiple, separate capture jobs on a Cascade Shark species enables IT staff to dedi- cate different amounts of storage to each job to flexibly extend storage time for critical applications. For example, one capture job could dedicate a certain amount of the storage on a Cascade Shark appliance to recording a few days’ worth of traffic, retain- ing the entire packet header and payload for a business-critical CRM application. Meanwhile, a second capture job could use the remaining storage to store a week’s worth of all other traffic, recording only the packet header.

Precision time stamping – Cascade Shark appliances can adopt the precision time stamps from network tap aggregators for greater accuracy and for coordinated time stamping across the network and with other monitoring tools in a customer’s environment. Precision time stamping is critical for low-latency trading environments or other time-sensitive applications and provides better accuracy for multi-segment analysis. Supported network taps include:

s Gigamon SMT-436 GigaSMART blade for the GigaVue-2404 s cPackets cPacket cVU & cTap families (with Precision Timing

module option)

s VSS Monitoring Distributed Traffic Capture Series

Sophisticated packet analysis with Cascade Pilot – Cascade Pilot software is designed to seamlessly and securely connect with one or more remote Cascade Shark products to enable rapid and simplified analysis of long-duration packet data. All of the features of Cascade Pilot are available in the distributed envi- ronment, including an extensive collection of views, drill-down analysis, retrospective visualization and analysis of long-duration traffic statistics, a flexible trigger-alerting mechanism, and simplified, professional report generation. Once connected, the interaction between Cascade Pilot and Cascade Shark appears as if it were local.

Wireshark integration – Wireshark, the leading open source pro- tocol analyzer, can be used to analyze trace files recorded by any Cascade Shark product. Tight integration and seamless hand off from Cascade Pilot to Wireshark streamlines troubleshooting and takes advantage of the network staff’s expertise with Wireshark without having to learn yet another approach.

10.10.10/24 Business

Web

Capture jobs

Network Traffic

Retention time

30 days 5 days 5 days SAP

Business Apps 10.10.10/24 Citrix Email

P2P Backup

SSL VoIP

SAP

172.16.1/24 192.168.1/2 172.16.2/24

Figure 2: Cascade Shark and Virtual Cascade Shark appliances can simultaneously record multiple capture jobs. Each job can capture specified traffic, selectively record the header and/or payload information, and store the data for varying amounts of time, as determined by the amount of storage dedicated to the job.

DATA SHEET: Cascade Shark Family

fine-grained analysis

s Ability to adopt precision time stamps from network tap aggregators. Supported network taps include:

- Gigamon SMT-436 GigaSMART blade for the GigaVue-2404 - cPackets cPacket cVU & cTap families (with Precision Timing

module option)

- VSS Monitoring Distributed Traffic Capture Series s Capable of multiple concurrent capture jobs, each capable

of sustained line-rate recording and flexible storage time for critical applications

s Smart file indexing accelerates packet analysis by up to 10,000x

s Uses a custom file system optimized for time-based queries s Selective recording of all or a portion of the packets extends

the amount of data that can be recorded and the length of time it is available for analysis

s Multi-terabyte packet recordings are represented as a single

“virtual file” in Cascade Pilot to streamline in-depth analysis and traffic visualization

of sustained line-rate recording and flexible storage time for critical applications

s Smart file indexing accelerates packet analysis by up to 10,000x

s Uses a custom file system optimized for time-based queries s Selective recording of all or a portion of the packets extends

the amount of data that can be recorded and the length of time it is available for analysis

s Multi-terabyte packet recordings are represented as a single

“virtual file” in Cascade Pilot to streamline in-depth analysis and traffic visualization

Embedded Cascade Shark on Steelhead

s On-demand packet capture and indexing s Storage options range from 15GB to 119GB s Requires Cascade Pilot 3.0 or later

s Smart file indexing accelerates packet analysis by up to 10,000x

s Selective recording of all or a portion of the packets extends the amount of data that can be recorded and the length of time it is available for analysis

s Requires RiOS 7.0 or later

BR-CS06252012

About Riverbed

Riverbed delivers performance for the globally connected enterprise. With Riverbed, enterprises can successfully and intelligently implement strategic initiatives such as virtualization, consolidation, cloud computing, and disaster recovery without fear of compromising performance. By giving enterprises the platform they need to understand, optimize and consolidate their IT, Riverbed helps enterprises to build a fast, fluid and dynamic IT architecture that aligns with the business needs of the organization.

Additional information about Riverbed (NASDAQ: RVBD) is available at www.riverbed.com.

Riverbed Technology 199 Fremont Street San Francisco, CA 94105 Tel: +1 415 247 8800 Fax: +1 415 247 8801 www.riverbed.com Riverbed Technology Pte. Ltd.

391A Orchard Road #22-06/10 Ngee Ann City Tower A Singapore 238873 Tel: +65 6508-7400

Riverbed Technology Ltd.

One Thames Valley Wokingham Road, Level 2 Bracknell RG42 1NG United Kingdom Tel: +44 1344 401900 Riverbed Technology K.K.

Shiba-Koen Plaza Building 9F 3-6-9, Shiba, Minato-ku Tokyo, Japan 105-0014 Tel: +81 3 5419 1990

©2012 Riverbed Technology. All rights reserved.

Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein may not be used without the prior written consent of Riverbed Technology or their respective owners.

2005, 2006, 2007, 2008, 2009, 2011