Enterprise Management Associates, profile picture
Uploaded byEnterprise Management Associates
PDF, PPTX841 views

Best Practices for Building Scalable Visibility Architectures

The document outlines best practices for building scalable visibility architectures, presented by experts Jim Frey and Scott Register. It covers key definitions, components, and the importance of visibility architecture in managing network traffic for performance and security operations. The webinar emphasizes the need for adaptive and resilient infrastructures due to the rapid growth of network traffic and tools.

Embed presentation

Download as PDF, PPTX
Best Practices for Building Scalable Visibility Architectures Jim Frey VP of Research Network Management Enterprise Management Associates Scott Register Senior Director Product Management Ixia February 11, 2014
Today’s Presenters Jim Frey Vice President of Research, Network Management Jim has over 25 years of experience in the computing industry developing, deploying, managing, and marketing software and hardware products, with the last 20 of those years spent in network and infrastructure operations and security management, straddling both enterprise and service provider sectors. Scott Register Senior Director, Product Management Scott has more than 15 years of experience leading product management operations for global technology companies. Scott lead product management at BreakingPoint Systems prior to its acquisition by Ixia. Other past experience includes leading product lines for Blue Coat, Permeo, and Check Point Software. Slide 2 © 2014 Enterprise Management Associates, Inc.
Logistics for Today’s Webinar Questions • Log questions in the Q&A panel located on the lower right corner of your screen • Questions will be addressed during the Q&A session of the event Event recording • An archived version of the event recording will be available at www.enterprisemanagement.com Event presentation • A PDF of the PowerPoint presentation will be available Slide 3
Agenda • What is a Visibility Architecture? • Definitions and Drivers • Best Practices and Decision Points • Topology • Tap or SPAN? • In-line vs Out-of-Band • Dealing with Virtualization • Key Features for NPBs • Ixia Visibility Solutions • Wrap-up and Key Takeaways • Q&A Slide 4 © 2014 Enterprise Management Associates, Inc.
Visibility Architecture Defined Systemic approach to establishing access to network traffic streams for packet-based monitoring and management purposes Slide 5 © 2014 Enterprise Management Associates, Inc.
Visibility Architecture Defined Systemic approach to establishing access to network traffic streams for packet-based monitoring and management purposes Key Value • Permanent, adaptive packet stream management infrastructure for reliable, resilient, effective network and security operations Essential Attributes • Scalability • Sustainability • Flexibility Slide 6 © 2014 Enterprise Management Associates, Inc.
Basic Components of a Visibility Architecture … Network Infrastructure Slide 7 © 2014 Enterprise Management Associates, Inc.
Basic Components of a Visibility Architecture Packet Analysis & Monitoring Systems Performance Monitor Performance Monitor Security Monitor Packet Recorder … … Network Infrastructure Slide 8 © 2014 Enterprise Management Associates, Inc.
Basic Components of a Visibility Architecture Packet Analysis & Monitoring Systems Performance Monitor Performance Monitor Packet Recorder Security Monitor … Tap Tap SPAN SPAN … Network Infrastructure Slide 9 © 2014 Enterprise Management Associates, Inc.
Basic Components of a Visibility Architecture Packet Analysis & Monitoring Systems Performance Monitor Performance Monitor Security Monitor Packet Recorder … Visibility Architecture … Tap Network Visibility Controller (a.k.a. Network Packet Broker) Tap … SPAN SPAN … … Network Infrastructure Slide 10 © 2014 Enterprise Management Associates, Inc.
NVC/NPB Defined Heart of the Visibility Architecture • Network devices that provide managed access to packet streams from SPAN and TAPs to network and security analysis tools NVCs provide advanced features beyond simple “Agg Tap” • 1:1, 1:M, M:1, and M:M connections between packet sources and packet consumers (tools) • Filtering and manipulating packet streams to improve effectiveness and efficiency of tools • Load balancing tools for greater resilience Slide 11 © 2014 Enterprise Management Associates, Inc.
NVC/NPB Defined Heart of the Visibility Architecture • Network devices that provide managed access to packet streams from SPAN and TAPs to network and security analysis tools NVCs provide advanced features beyond simple “Agg Tap” • 1:1, 1:M, M:1, and M:M connections between packet sources and packet consumers (tools) • Filtering and manipulating packet streams to improve effectiveness and efficiency of tools • Load balancing tools for greater resilience Aliases…. • Network Monitoring Switch • Matrix/Aggregation Switch • Data Access Switch • Distributed Filter Tap Slide 12 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture? Network Growing Faster than the Tools! Maximum networking link speeds within data center / core networks 100M 1G 10G 40G 100G 0% 10% Current 20% 30% 40% 50% Planned in 12 months Sept. 2013; Sample Size = 177 Slide 13 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture? Network Growing Faster than the Tools! Maximum networking link speeds within data center / core networks 100M 1G 10G 40G 100G 0% 10% Current 20% 30% 40% 50% Planned in 12 months Tools Challenged to Keep Pace! Sept. 2013; Sample Size = 177 Slide 14 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture? Growing Number of Tools! Types of tools attached to NVCs/NPBs Network Performance Monitor Data Loss Prevention Intrusion Detection / Prevention Troubleshooting / Packet Analyzers (e.g. packet “sniffers”) Compliance Monitor Data / Packet Recorder Application Performance Monitor VoIP / UC / Video Analyzer Current 0% 10% 20% Planned in 12 months 30% 40% 50% 60% Sept. 2013; Sample Size = 177 Slide 15 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture? Growing Number of Tools! Types of tools attached to NVCs/NPBs Network Performance Monitor Data Loss Prevention Intrusion Detection / Prevention Troubleshooting / Packet Analyzers (e.g. packet “sniffers”) Compliance Monitor Data / Packet Recorder Application Performance Monitor VoIP / UC / Video Analyzer Current 0% 10% 20% Planned in 12 months 30% 40% 50% 60% Can’t accommodate using old/dedicated approach! Sept. 2013; Sample Size = 177 Slide 16 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture? In-Lines Use Cases for Security Deployments Security priorities: Never Higher Threat landscape: Never More Daunting One important answer: Active Enforcement • Intrusion Prevention Systems (IPS) • Data Loss Prevention (DLP) Sept. 2013: Sample Size = 177 Slide 17 © 2014 Enterprise Management Associates, Inc.
Why a Visibility Architecture? In-Lines Use Cases for Security Deployments Security priorities: Never Higher Threat landscape: Never More Daunting One important answer: Active Enforcement • Intrusion Prevention Systems (IPS) • Data Loss Prevention (DLP) Major concerns • Performance of IPS, DLP • Resilience of IPS, DLP Potential answer • Highly efficient, packet switching • Advanced resilience features Sept. 2013: Sample Size = 177 Slide 18 © 2014 Enterprise Management Associates, Inc.
Who Is Ixia? The MOST TRUSTED names in networking trust Test Visibility Security Enterprises trust IXIA to:  Assess vendor equipment and applications  Improve network security posture  Improve network and application visibility and performance Service Providers trust IXIA to:  Improve and speed service delivery  Speed roll out of next gen services  Improve network and application visibility and performance Equipment Manufacturers trust IXIA to:  Develop next generation devices  Speed time to market  Improve performance and reliability Chip Fabricators trust IXIA to:  Validate protocol conformance  Speed time to market Slide 19
Best Practices for Visibility Architectures Slide 20 © 2014 Enterprise Management Associates, Inc.
Best Practices: Where NVCs/NPBs Are Deployed Where has your organization deployed Network Visibility Controllers (NVCs)? Data center core network Top of Rack Data center Edge (ingress/egress) Campus backbone Remote sites DMZ End of Row Backhaul links Other (Please specify) 0% Current 10% 20% 30% 40% 50% 60% 70% Planned in 12 months Sept. 2013; Sample Size = 177 Slide 21 © 2014 Enterprise Management Associates, Inc.
Best Practices: Where NVCs/NPBs Are Deployed Where has your organization deployed Network Visibility Controllers (NVCs)? Data center core network Top of Rack Data center Edge (ingress/egress) Campus backbone Remote sites DMZ End of Row Backhaul links Other (Please specify) 0% Current 10% 20% 30% 40% 50% 60% 70% Planned in 12 months Points of Concentration & Control Sept. 2013; Sample Size = 177 Slide 22 © 2014 Enterprise Management Associates, Inc.
Poll Question If you have network or security monitoring tools that require SPAN ports or TAP connections, do you (select one): A. B. C. D. Slide 23 Plan to expand use of SPAN ports Plan to expand use of TAPs Plan to add both more SPAN ports and TAPs Have no plans to add more SPAN ports or TAPs © 2014 Enterprise Management Associates, Inc.
Best Practices: Mixing SPAN and TAP for Access 50.0% 40.0% 30.0% 20.0% 10.0% 2009 2013 0.0% Sample Size = 165 (Sept 2009); 177 (Sept 2013) Slide 24 © 2014 Enterprise Management Associates, Inc.
Best Practices: Mixing SPAN and TAP for Access 50.0% 40.0% 30.0% 20.0% 2009 2013 10.0% 0.0% Need Both, but Leaning Towards Taps Sample Size = 165 (Sept 2009); 177 (Sept 2013) Slide 25 © 2014 Enterprise Management Associates, Inc.
Data Deduplication Necessity if using SPAN ports A A D D C A F C C E D B F E A  Increase throughput efficiency to monitoring tools  Reduce monitoring tool overload  Improve monitoring tool processing efficiency  Eliminate duplicate packet storage Slide 26 C B A
Best Practices: In-Line vs. Out-of-Band deployments Are NVCs deployed in-line anywhere within your organization's network? No, and no plans to do so 10% 40% No, but planning to do so Yes – currently deployed in-line 50% Sept. 2013: Sample Size = 177 Slide 27 © 2014 Enterprise Management Associates, Inc.
Best Practices: In-Line vs. Out-of-Band deployments Are NVCs deployed in-line anywhere within your organization's network? No, and no plans to do so 10% 40% No, but planning to do so Yes – currently deployed in-line 50% Essential: Load Balancing + Bypass Technology Sept. 2013: Sample Size = 177 Slide 28 © 2014 Enterprise Management Associates, Inc.
Inline Security Typical Inline Security Deployments Campus Network Cloud Branch Core Data Center Why Inline Security? Critical Considerations  Threat prevention, not reaction  Cannot take the network down  Satisfy compliance requirements  Cannot slow or block application traffic  Prevent IPR and publicity “issues”  Must scale with network demands Slide 29
Best Practices: Dealing with Virtualized Environments Approaches using or considering for adding packet monitoring to virtualized environments Packet analysis tools deployed on VMs for intra-host visibility SPAN/Port Mirroring from virtual switches Virtual taps Header stripping for overlay encapsulations 0% 20% 40% 60% 80% Sept. 2013; Sample Size = 156 Slide 30 © 2014 Enterprise Management Associates, Inc.
Best Practices: Dealing with Virtualized Environments Approaches using or considering for adding packet monitoring to virtualized environments Packet analysis tools deployed on VMs for intra-host visibility SPAN/Port Mirroring from virtual switches Virtual taps Header stripping for overlay encapsulations 0% 20% 40% 60% 80% Select Techniques Based on Specific Needs Sept. 2013; Sample Size = 156 Slide 31 © 2014 Enterprise Management Associates, Inc.
Virtual Visibility Core Switch Network Packet Brokers Enables inter-VM, east-west traffic monitoring to eliminate the blind spots in virtualized environments Top of Rack Switch Virtualized Host Hypervisor vSwitch Kernel Module Virtual Tap VM VM VM VM App App App App App OS Slide 32 VM OS OS OS OS
Best Practices: Key NVC/NPB Features Most important packet manipulation features (Mean by role) Load Bal across multiple tools Inbound Filtering Outbound Filtering Decryption Time stamping Tunneling Port labeling Masking De-duplication IPv6 support Header stripping (de-encapsulation) Media conversion (i.e. 10G to 1G) Packet slicing 3 = Critical 2 = Helpful 1 = Not Important 2.00 Executive 2.25 2.50 2.75 Staff Sept. 2013; Sample Size = 177 Slide 33 © 2014 Enterprise Management Associates, Inc.
Feature Priorities Vary by Industry Vertical Financials Manufacturing 1. Inbound Filtering 1. Load Balancing 2. Load Balancing 2. Outbound Filtering 3. Outbound Filtering 3. De-duplication/Tunneling 4. Time Stamping Healthcare/Pharma All Others 1. Load Balancing 2. Inbound Filtering 2. Inbound Filtering 3. Packet Slicing / IPv6 / 3. Decryption Port Labeling / Outbound Filtering Slide 34 1. Load Balancing 4. Tunneling © 2014 Enterprise Management Associates, Inc.
Creating A Network Visibility Architecture Visibility Architecture Remote Office Branch Office Campus Network Operations Network Taps App Aware Virtual & Cloud Access Core Data Center Private Cloud Virtualization Carrier Networks Wired and Mobile Slide 35 Out of Band NPB Inline Bypass Network Access Element Mgmt Performance Management Security Admin Policy Mgmt Inline NPB Packet Brokers Session Aware Applications Server Admin Data Center Automation Management Audit & Privacy Forensics
EMA: Key Takeaways on Visibility Architectures 1. Visibility Architectures provide both tactical and strategic advantages to security and operations 2. Deploy in the core first; expand to edge and remote sites over time 3. Top, most-valued NVC/NPB features are Load Balancing and Inbound/Outbound filtering, though other features may also be important based on vertical sector 4. Focus on scalability, flexibility, manageability, completeness when seeking solutions Slide 36 © 2014 Enterprise Management Associates, Inc.
Question & Answer: Please log questions in the Q&A Panel Jim Frey JFrey@enterprisemanagement.com @jfrey80 Scott Register sregister@ixiacom.com @swregister Download this FREE White Paper from the follow-up email you receive from EMA! Or go to the Ixiacom.com home page and click on the EMA webinar banner. Slide 37

More Related Content

PDF
Taming the Beast: Extracting Value from Hadoop
byEnterprise Management Associates
 
PDF
Hadoop Does Not Equal Big Data
byEnterprise Management Associates
 
PDF
How to Succeed with SD-WAN Operations
byEnterprise Management Associates
 
PPTX
ManageEngine - Forrester Webinar: Maximize your application performance to en...
byManageEngine
 
PPTX
Software License Optimization and ITSM - Drive Efficiency and Cost Savings
byFlexera
 
PPTX
Webinar - 8 ways to align IT to your business
byManageEngine
 
PPTX
Growing Monitoring to Keep Up with Technology and Business Demands
byZenoss
 
PDF
Who Broke My Cloud? SaaS Monitoring Best Practices
byThousandEyes
 
Taming the Beast: Extracting Value from Hadoop
byEnterprise Management Associates
 
Hadoop Does Not Equal Big Data
byEnterprise Management Associates
 
How to Succeed with SD-WAN Operations
byEnterprise Management Associates
 
ManageEngine - Forrester Webinar: Maximize your application performance to en...
byManageEngine
 
Software License Optimization and ITSM - Drive Efficiency and Cost Savings
byFlexera
 
Webinar - 8 ways to align IT to your business
byManageEngine
 
Growing Monitoring to Keep Up with Technology and Business Demands
byZenoss
 
Who Broke My Cloud? SaaS Monitoring Best Practices
byThousandEyes
 

What's hot

PPTX
Why Zenoss is Right for You
byZenoss
 
PDF
TransUnion's Impact of Impact
byZenoss
 
PPTX
ITAM 2015-2020: How new technology will shape the role of the IT Asset Manager
byJon Stevens-Hall
 
PPTX
Office 365 Monitoring Best Practices
byThousandEyes
 
PDF
Digital Transformation, Cloud Adoption and the Impact on SAM and Security
byFlexera
 
PPTX
ITAM Best Practices - Knowledge14
byMartin Thompson
 
PPTX
Digital Operations Excellence - PagerDuty Summit Series Keynote
byPagerDuty
 
PDF
Flexera Software Solutions for Enterprises
byFlexera
 
PDF
AdminStudio Suite Datasheet
byFlexera
 
PPTX
Managing Growth at Sanofi - How TrueSight Capacity Optimization Helped Align ...
byBMC Software
 
PDF
Enterprise Architecture - Information Security
byAjay Kumar Uppal
 
PDF
Optimizing Identity Governance using Perseus IAM
byAldo Pietropaolo
 
PPTX
CMDB - Use Cases
byPuru Amradkar
 
PDF
Monitoring Consumer Digital Experience
byThousandEyes
 
PDF
Business Application Support and Automation for a Government Organization
byAspire Systems
 
PPTX
BMC Engage - ITAM 2015-2020: The Evolving Role of the IT Asset Manager
byJon Stevens-Hall
 
PPTX
V center application discovery manager customer facing technical presentation
bysolarisyourep
 
PPTX
Why SaaS BI
byBirst
 
PPTX
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
byRiverbed Technology
 
PPTX
How Citrix Aligns IT to Business Goals
byBMC Software
 
Why Zenoss is Right for You
byZenoss
 
TransUnion's Impact of Impact
byZenoss
 
ITAM 2015-2020: How new technology will shape the role of the IT Asset Manager
byJon Stevens-Hall
 
Office 365 Monitoring Best Practices
byThousandEyes
 
Digital Transformation, Cloud Adoption and the Impact on SAM and Security
byFlexera
 
ITAM Best Practices - Knowledge14
byMartin Thompson
 
Digital Operations Excellence - PagerDuty Summit Series Keynote
byPagerDuty
 
Flexera Software Solutions for Enterprises
byFlexera
 
AdminStudio Suite Datasheet
byFlexera
 
Managing Growth at Sanofi - How TrueSight Capacity Optimization Helped Align ...
byBMC Software
 
Enterprise Architecture - Information Security
byAjay Kumar Uppal
 
Optimizing Identity Governance using Perseus IAM
byAldo Pietropaolo
 
CMDB - Use Cases
byPuru Amradkar
 
Monitoring Consumer Digital Experience
byThousandEyes
 
Business Application Support and Automation for a Government Organization
byAspire Systems
 
BMC Engage - ITAM 2015-2020: The Evolving Role of the IT Asset Manager
byJon Stevens-Hall
 
V center application discovery manager customer facing technical presentation
bysolarisyourep
 
Why SaaS BI
byBirst
 
Digital Experience Management—The Key to Delivering Exceptional Digital Exper...
byRiverbed Technology
 
How Citrix Aligns IT to Business Goals
byBMC Software
 

Viewers also liked

PDF
Leveraging a big data model in the IT domain
byVSS Monitoring
 
PDF
Analyst deck-20160524-final
byixiademandgen
 
PDF
Command Your Data Center - Net Optics/Ixia
byNetwork Performance Channel GmbH
 
PPTX
Big Data in Action
byCarrie Kelly
 
PPT
Network Critical
bygigamon
 
PPTX
Is the Network Tap Mightier Than the Sword
byLiveAction Next Generation Network Management Software
 
PPTX
NetScout nGeniusONE overview
byBAKOTECH
 
PPTX
La recreación.
byWilnelly Espinoza
 
DOCX
Shooting schedule-location
byrhsmediastudies
 
PPTX
Demo Arbo Management Systeem
byRoger Pieter Lam
 
PPTX
Vanguardia
byRubén Becerra
 
PPTX
Demo Arbo Management Systeem
byRoger Pieter Lam
 
PDF
Cover stroy
byOommen John P
 
DOC
69177635 autocad-2
byWilson Morales
 
DOCX
INTRO SUCESSFUL PROJECTS
byRauf Marfyne
 
PPT
Seguridad Voip
byAlejandro Torres Aguilera
 
Leveraging a big data model in the IT domain
byVSS Monitoring
 
Analyst deck-20160524-final
byixiademandgen
 
Command Your Data Center - Net Optics/Ixia
byNetwork Performance Channel GmbH
 
Big Data in Action
byCarrie Kelly
 
Network Critical
bygigamon
 
Is the Network Tap Mightier Than the Sword
byLiveAction Next Generation Network Management Software
 
NetScout nGeniusONE overview
byBAKOTECH
 
La recreación.
byWilnelly Espinoza
 
Shooting schedule-location
byrhsmediastudies
 
Demo Arbo Management Systeem
byRoger Pieter Lam
 
Vanguardia
byRubén Becerra
 
Demo Arbo Management Systeem
byRoger Pieter Lam
 
Cover stroy
byOommen John P
 
69177635 autocad-2
byWilson Morales
 
INTRO SUCESSFUL PROJECTS
byRauf Marfyne
 
Seguridad Voip
byAlejandro Torres Aguilera
 

Similar to Best Practices for Building Scalable Visibility Architectures

PDF
Network Visibility Architecture for the Hybrid, Multi-Cloud Enterprise
byEnterprise Management Associates
 
PDF
Ixia/Net Optics - Visibility Architecture Solution Brief
byNetwork Performance Channel GmbH
 
PDF
Next-Generation Network Packet Brokers: Defining the Future of Network Visibi...
byEnterprise Management Associates
 
PDF
A new perspective on Network Visibility - RISK 2015
byNetwork Performance Channel GmbH
 
PDF
Visibility and Automation for Enhanced Security
bypatmisasi
 
PDF
Visualizing your Network Health
byDellNMS
 
PDF
Visualizing Your Network Health
byDellNMS
 
PDF
HSB15 - Pavel Minarik - INVEATECH
bySplend
 
PPTX
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
byEmulex Corporation
 
PDF
PLNOG15: Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a...
byPROIDEA
 
PDF
EMA Network Security Survey Findings (SEP 2016)
byLora O'Haver
 
PDF
Solving the Visibility Gap for Effective Security
byLancope, Inc.
 
PPT
Top IT Management Practices for Government Entities
bySolarWinds
 
PPTX
Detect Threats Faster
byForce 3
 
PDF
How to Select a Next-Generation Packet Broker to Manage Digital Transformation
byEnterprise Management Associates
 
PDF
Gigamon - Network Visibility Solutions
byTom Kopko
 
PPTX
Security-Centric Networking
byLiveAction Next Generation Network Management Software
 
PDF
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
byDellNMS
 
PDF
Gigamon Pervasive Visibility into SDDC/NSX Deployments
byAngel Villar Garea
 
PDF
The New Intelligent Network: Building a Smarter, Simpler Architecture
byLiveAction Next Generation Network Management Software
 
Network Visibility Architecture for the Hybrid, Multi-Cloud Enterprise
byEnterprise Management Associates
 
Ixia/Net Optics - Visibility Architecture Solution Brief
byNetwork Performance Channel GmbH
 
Next-Generation Network Packet Brokers: Defining the Future of Network Visibi...
byEnterprise Management Associates
 
A new perspective on Network Visibility - RISK 2015
byNetwork Performance Channel GmbH
 
Visibility and Automation for Enhanced Security
bypatmisasi
 
Visualizing your Network Health
byDellNMS
 
Visualizing Your Network Health
byDellNMS
 
HSB15 - Pavel Minarik - INVEATECH
bySplend
 
Tap DANZing - Arista Networks Redefining the Cost of Accessing Network Traffic
byEmulex Corporation
 
PLNOG15: Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a...
byPROIDEA
 
EMA Network Security Survey Findings (SEP 2016)
byLora O'Haver
 
Solving the Visibility Gap for Effective Security
byLancope, Inc.
 
Top IT Management Practices for Government Entities
bySolarWinds
 
Detect Threats Faster
byForce 3
 
How to Select a Next-Generation Packet Broker to Manage Digital Transformation
byEnterprise Management Associates
 
Gigamon - Network Visibility Solutions
byTom Kopko
 
Security-Centric Networking
byLiveAction Next Generation Network Management Software
 
Visualizing Your Network Health - Driving Visibility in Increasingly Complex...
byDellNMS
 
Gigamon Pervasive Visibility into SDDC/NSX Deployments
byAngel Villar Garea
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
byLiveAction Next Generation Network Management Software
 

More from Enterprise Management Associates

PDF
Cloud Network Traffic Data: Empowering Network and Security Operations in the...
byEnterprise Management Associates
 
PDF
Unifying Compliance Across Hybrid Clouds: How Network and Security Teams Can ...
byEnterprise Management Associates
 
PDF
Readying Enterprise Networks for Artificial Intelligence
byEnterprise Management Associates
 
PDF
From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation an...
byEnterprise Management Associates
 
PDF
Mastering Multi-Cloud: Network Strategies for Today's Hybrid Environments
byEnterprise Management Associates
 
PDF
Migration Without Regret: Balancing Risk and Reward in Workload Automation Mo...
byEnterprise Management Associates
 
PDF
How Network Teams are Powering Stronger Cybersecurity: Closing Gaps in Vulner...
byEnterprise Management Associates
 
PDF
Enterprise Strategies for Hybrid, Multi-Cloud Networks
byEnterprise Management Associates
 
PDF
Unlocking the Future of Observability: OpenTelemetry’s Role in IT Performance...
byEnterprise Management Associates
 
PDF
The AI Advantage: How IT Leaders are Redefining Operations in 2025
byEnterprise Management Associates
 
PDF
The Future of Workload Automation and Orchestration: Driving Digital Transfor...
byEnterprise Management Associates
 
PDF
From Adversaries to Allies: Bridge the NetOps-SecOps Gap with Network Observa...
byEnterprise Management Associates
 
PDF
Network Observability: Managing Performance Across Hybrid Networks
byEnterprise Management Associates
 
PDF
Zero Trust Networking: How Network Teams Support Cybersecurity
byEnterprise Management Associates
 
PDF
Navigating the Future of Security Operations Centers (SOC) with Agentic AI
byEnterprise Management Associates
 
PDF
Securing Tomorrow: The Role of AI in Transforming Cybersecurity
byEnterprise Management Associates
 
PDF
Applying Generative AI to IT Operations Research
byEnterprise Management Associates
 
PPTX
Network as a Service: Understanding the Cloud Consumption Model in Networking
byEnterprise Management Associates
 
PDF
Orchestrating Data Transfers in the Digital Era: Navigating Challenges and So...
byEnterprise Management Associates
 
PDF
Network Management Megatrends 2024: Skills Gaps, Hybrid and Multi-Cloud, SASE...
byEnterprise Management Associates
 
Cloud Network Traffic Data: Empowering Network and Security Operations in the...
byEnterprise Management Associates
 
Unifying Compliance Across Hybrid Clouds: How Network and Security Teams Can ...
byEnterprise Management Associates
 
Readying Enterprise Networks for Artificial Intelligence
byEnterprise Management Associates
 
From Scripts to Platforms: Why Homegrown Tools Dominate Network Automation an...
byEnterprise Management Associates
 
Mastering Multi-Cloud: Network Strategies for Today's Hybrid Environments
byEnterprise Management Associates
 
Migration Without Regret: Balancing Risk and Reward in Workload Automation Mo...
byEnterprise Management Associates
 
How Network Teams are Powering Stronger Cybersecurity: Closing Gaps in Vulner...
byEnterprise Management Associates
 
Enterprise Strategies for Hybrid, Multi-Cloud Networks
byEnterprise Management Associates
 
Unlocking the Future of Observability: OpenTelemetry’s Role in IT Performance...
byEnterprise Management Associates
 
The AI Advantage: How IT Leaders are Redefining Operations in 2025
byEnterprise Management Associates
 
The Future of Workload Automation and Orchestration: Driving Digital Transfor...
byEnterprise Management Associates
 
From Adversaries to Allies: Bridge the NetOps-SecOps Gap with Network Observa...
byEnterprise Management Associates
 
Network Observability: Managing Performance Across Hybrid Networks
byEnterprise Management Associates
 
Zero Trust Networking: How Network Teams Support Cybersecurity
byEnterprise Management Associates
 
Navigating the Future of Security Operations Centers (SOC) with Agentic AI
byEnterprise Management Associates
 
Securing Tomorrow: The Role of AI in Transforming Cybersecurity
byEnterprise Management Associates
 
Applying Generative AI to IT Operations Research
byEnterprise Management Associates
 
Network as a Service: Understanding the Cloud Consumption Model in Networking
byEnterprise Management Associates
 
Orchestrating Data Transfers in the Digital Era: Navigating Challenges and So...
byEnterprise Management Associates
 
Network Management Megatrends 2024: Skills Gaps, Hybrid and Multi-Cloud, SASE...
byEnterprise Management Associates
 

Recently uploaded

PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PPTX
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Emancipatory Information Retrieval: Radically Reorienting Information Retriev...
byBhaskar Mitra
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 

Best Practices for Building Scalable Visibility Architectures

  • 1.
    Best Practices forBuilding Scalable Visibility Architectures Jim Frey VP of Research Network Management Enterprise Management Associates Scott Register Senior Director Product Management Ixia February 11, 2014
  • 2.
    Today’s Presenters Jim Frey VicePresident of Research, Network Management Jim has over 25 years of experience in the computing industry developing, deploying, managing, and marketing software and hardware products, with the last 20 of those years spent in network and infrastructure operations and security management, straddling both enterprise and service provider sectors. Scott Register Senior Director, Product Management Scott has more than 15 years of experience leading product management operations for global technology companies. Scott lead product management at BreakingPoint Systems prior to its acquisition by Ixia. Other past experience includes leading product lines for Blue Coat, Permeo, and Check Point Software. Slide 2 © 2014 Enterprise Management Associates, Inc.
  • 3.
    Logistics for Today’sWebinar Questions • Log questions in the Q&A panel located on the lower right corner of your screen • Questions will be addressed during the Q&A session of the event Event recording • An archived version of the event recording will be available at www.enterprisemanagement.com Event presentation • A PDF of the PowerPoint presentation will be available Slide 3
  • 4.
    Agenda • What isa Visibility Architecture? • Definitions and Drivers • Best Practices and Decision Points • Topology • Tap or SPAN? • In-line vs Out-of-Band • Dealing with Virtualization • Key Features for NPBs • Ixia Visibility Solutions • Wrap-up and Key Takeaways • Q&A Slide 4 © 2014 Enterprise Management Associates, Inc.
  • 5.
    Visibility Architecture Defined Systemicapproach to establishing access to network traffic streams for packet-based monitoring and management purposes Slide 5 © 2014 Enterprise Management Associates, Inc.
  • 6.
    Visibility Architecture Defined Systemicapproach to establishing access to network traffic streams for packet-based monitoring and management purposes Key Value • Permanent, adaptive packet stream management infrastructure for reliable, resilient, effective network and security operations Essential Attributes • Scalability • Sustainability • Flexibility Slide 6 © 2014 Enterprise Management Associates, Inc.
  • 7.
    Basic Components ofa Visibility Architecture … Network Infrastructure Slide 7 © 2014 Enterprise Management Associates, Inc.
  • 8.
    Basic Components ofa Visibility Architecture Packet Analysis & Monitoring Systems Performance Monitor Performance Monitor Security Monitor Packet Recorder … … Network Infrastructure Slide 8 © 2014 Enterprise Management Associates, Inc.
  • 9.
    Basic Components ofa Visibility Architecture Packet Analysis & Monitoring Systems Performance Monitor Performance Monitor Packet Recorder Security Monitor … Tap Tap SPAN SPAN … Network Infrastructure Slide 9 © 2014 Enterprise Management Associates, Inc.
  • 10.
    Basic Components ofa Visibility Architecture Packet Analysis & Monitoring Systems Performance Monitor Performance Monitor Security Monitor Packet Recorder … Visibility Architecture … Tap Network Visibility Controller (a.k.a. Network Packet Broker) Tap … SPAN SPAN … … Network Infrastructure Slide 10 © 2014 Enterprise Management Associates, Inc.
  • 11.
    NVC/NPB Defined Heart ofthe Visibility Architecture • Network devices that provide managed access to packet streams from SPAN and TAPs to network and security analysis tools NVCs provide advanced features beyond simple “Agg Tap” • 1:1, 1:M, M:1, and M:M connections between packet sources and packet consumers (tools) • Filtering and manipulating packet streams to improve effectiveness and efficiency of tools • Load balancing tools for greater resilience Slide 11 © 2014 Enterprise Management Associates, Inc.
  • 12.
    NVC/NPB Defined Heart ofthe Visibility Architecture • Network devices that provide managed access to packet streams from SPAN and TAPs to network and security analysis tools NVCs provide advanced features beyond simple “Agg Tap” • 1:1, 1:M, M:1, and M:M connections between packet sources and packet consumers (tools) • Filtering and manipulating packet streams to improve effectiveness and efficiency of tools • Load balancing tools for greater resilience Aliases…. • Network Monitoring Switch • Matrix/Aggregation Switch • Data Access Switch • Distributed Filter Tap Slide 12 © 2014 Enterprise Management Associates, Inc.
  • 13.
    Why a VisibilityArchitecture? Network Growing Faster than the Tools! Maximum networking link speeds within data center / core networks 100M 1G 10G 40G 100G 0% 10% Current 20% 30% 40% 50% Planned in 12 months Sept. 2013; Sample Size = 177 Slide 13 © 2014 Enterprise Management Associates, Inc.
  • 14.
    Why a VisibilityArchitecture? Network Growing Faster than the Tools! Maximum networking link speeds within data center / core networks 100M 1G 10G 40G 100G 0% 10% Current 20% 30% 40% 50% Planned in 12 months Tools Challenged to Keep Pace! Sept. 2013; Sample Size = 177 Slide 14 © 2014 Enterprise Management Associates, Inc.
  • 15.
    Why a VisibilityArchitecture? Growing Number of Tools! Types of tools attached to NVCs/NPBs Network Performance Monitor Data Loss Prevention Intrusion Detection / Prevention Troubleshooting / Packet Analyzers (e.g. packet “sniffers”) Compliance Monitor Data / Packet Recorder Application Performance Monitor VoIP / UC / Video Analyzer Current 0% 10% 20% Planned in 12 months 30% 40% 50% 60% Sept. 2013; Sample Size = 177 Slide 15 © 2014 Enterprise Management Associates, Inc.
  • 16.
    Why a VisibilityArchitecture? Growing Number of Tools! Types of tools attached to NVCs/NPBs Network Performance Monitor Data Loss Prevention Intrusion Detection / Prevention Troubleshooting / Packet Analyzers (e.g. packet “sniffers”) Compliance Monitor Data / Packet Recorder Application Performance Monitor VoIP / UC / Video Analyzer Current 0% 10% 20% Planned in 12 months 30% 40% 50% 60% Can’t accommodate using old/dedicated approach! Sept. 2013; Sample Size = 177 Slide 16 © 2014 Enterprise Management Associates, Inc.
  • 17.
    Why a VisibilityArchitecture? In-Lines Use Cases for Security Deployments Security priorities: Never Higher Threat landscape: Never More Daunting One important answer: Active Enforcement • Intrusion Prevention Systems (IPS) • Data Loss Prevention (DLP) Sept. 2013: Sample Size = 177 Slide 17 © 2014 Enterprise Management Associates, Inc.
  • 18.
    Why a VisibilityArchitecture? In-Lines Use Cases for Security Deployments Security priorities: Never Higher Threat landscape: Never More Daunting One important answer: Active Enforcement • Intrusion Prevention Systems (IPS) • Data Loss Prevention (DLP) Major concerns • Performance of IPS, DLP • Resilience of IPS, DLP Potential answer • Highly efficient, packet switching • Advanced resilience features Sept. 2013: Sample Size = 177 Slide 18 © 2014 Enterprise Management Associates, Inc.
  • 19.
    Who Is Ixia? TheMOST TRUSTED names in networking trust Test Visibility Security Enterprises trust IXIA to:  Assess vendor equipment and applications  Improve network security posture  Improve network and application visibility and performance Service Providers trust IXIA to:  Improve and speed service delivery  Speed roll out of next gen services  Improve network and application visibility and performance Equipment Manufacturers trust IXIA to:  Develop next generation devices  Speed time to market  Improve performance and reliability Chip Fabricators trust IXIA to:  Validate protocol conformance  Speed time to market Slide 19
  • 20.
    Best Practices forVisibility Architectures Slide 20 © 2014 Enterprise Management Associates, Inc.
  • 21.
    Best Practices: Where NVCs/NPBsAre Deployed Where has your organization deployed Network Visibility Controllers (NVCs)? Data center core network Top of Rack Data center Edge (ingress/egress) Campus backbone Remote sites DMZ End of Row Backhaul links Other (Please specify) 0% Current 10% 20% 30% 40% 50% 60% 70% Planned in 12 months Sept. 2013; Sample Size = 177 Slide 21 © 2014 Enterprise Management Associates, Inc.
  • 22.
    Best Practices: Where NVCs/NPBsAre Deployed Where has your organization deployed Network Visibility Controllers (NVCs)? Data center core network Top of Rack Data center Edge (ingress/egress) Campus backbone Remote sites DMZ End of Row Backhaul links Other (Please specify) 0% Current 10% 20% 30% 40% 50% 60% 70% Planned in 12 months Points of Concentration & Control Sept. 2013; Sample Size = 177 Slide 22 © 2014 Enterprise Management Associates, Inc.
  • 23.
    Poll Question If youhave network or security monitoring tools that require SPAN ports or TAP connections, do you (select one): A. B. C. D. Slide 23 Plan to expand use of SPAN ports Plan to expand use of TAPs Plan to add both more SPAN ports and TAPs Have no plans to add more SPAN ports or TAPs © 2014 Enterprise Management Associates, Inc.
  • 24.
    Best Practices: Mixing SPANand TAP for Access 50.0% 40.0% 30.0% 20.0% 10.0% 2009 2013 0.0% Sample Size = 165 (Sept 2009); 177 (Sept 2013) Slide 24 © 2014 Enterprise Management Associates, Inc.
  • 25.
    Best Practices: Mixing SPANand TAP for Access 50.0% 40.0% 30.0% 20.0% 2009 2013 10.0% 0.0% Need Both, but Leaning Towards Taps Sample Size = 165 (Sept 2009); 177 (Sept 2013) Slide 25 © 2014 Enterprise Management Associates, Inc.
  • 26.
    Data Deduplication Necessity ifusing SPAN ports A A D D C A F C C E D B F E A  Increase throughput efficiency to monitoring tools  Reduce monitoring tool overload  Improve monitoring tool processing efficiency  Eliminate duplicate packet storage Slide 26 C B A
  • 27.
    Best Practices: In-Line vs.Out-of-Band deployments Are NVCs deployed in-line anywhere within your organization's network? No, and no plans to do so 10% 40% No, but planning to do so Yes – currently deployed in-line 50% Sept. 2013: Sample Size = 177 Slide 27 © 2014 Enterprise Management Associates, Inc.
  • 28.
    Best Practices: In-Line vs.Out-of-Band deployments Are NVCs deployed in-line anywhere within your organization's network? No, and no plans to do so 10% 40% No, but planning to do so Yes – currently deployed in-line 50% Essential: Load Balancing + Bypass Technology Sept. 2013: Sample Size = 177 Slide 28 © 2014 Enterprise Management Associates, Inc.
  • 29.
    Inline Security Typical InlineSecurity Deployments Campus Network Cloud Branch Core Data Center Why Inline Security? Critical Considerations  Threat prevention, not reaction  Cannot take the network down  Satisfy compliance requirements  Cannot slow or block application traffic  Prevent IPR and publicity “issues”  Must scale with network demands Slide 29
  • 30.
    Best Practices: Dealing withVirtualized Environments Approaches using or considering for adding packet monitoring to virtualized environments Packet analysis tools deployed on VMs for intra-host visibility SPAN/Port Mirroring from virtual switches Virtual taps Header stripping for overlay encapsulations 0% 20% 40% 60% 80% Sept. 2013; Sample Size = 156 Slide 30 © 2014 Enterprise Management Associates, Inc.
  • 31.
    Best Practices: Dealing withVirtualized Environments Approaches using or considering for adding packet monitoring to virtualized environments Packet analysis tools deployed on VMs for intra-host visibility SPAN/Port Mirroring from virtual switches Virtual taps Header stripping for overlay encapsulations 0% 20% 40% 60% 80% Select Techniques Based on Specific Needs Sept. 2013; Sample Size = 156 Slide 31 © 2014 Enterprise Management Associates, Inc.
  • 32.
    Virtual Visibility Core Switch NetworkPacket Brokers Enables inter-VM, east-west traffic monitoring to eliminate the blind spots in virtualized environments Top of Rack Switch Virtualized Host Hypervisor vSwitch Kernel Module Virtual Tap VM VM VM VM App App App App App OS Slide 32 VM OS OS OS OS
  • 33.
    Best Practices: Key NVC/NPBFeatures Most important packet manipulation features (Mean by role) Load Bal across multiple tools Inbound Filtering Outbound Filtering Decryption Time stamping Tunneling Port labeling Masking De-duplication IPv6 support Header stripping (de-encapsulation) Media conversion (i.e. 10G to 1G) Packet slicing 3 = Critical 2 = Helpful 1 = Not Important 2.00 Executive 2.25 2.50 2.75 Staff Sept. 2013; Sample Size = 177 Slide 33 © 2014 Enterprise Management Associates, Inc.
  • 34.
    Feature Priorities Varyby Industry Vertical Financials Manufacturing 1. Inbound Filtering 1. Load Balancing 2. Load Balancing 2. Outbound Filtering 3. Outbound Filtering 3. De-duplication/Tunneling 4. Time Stamping Healthcare/Pharma All Others 1. Load Balancing 2. Inbound Filtering 2. Inbound Filtering 3. Packet Slicing / IPv6 / 3. Decryption Port Labeling / Outbound Filtering Slide 34 1. Load Balancing 4. Tunneling © 2014 Enterprise Management Associates, Inc.
  • 35.
    Creating A NetworkVisibility Architecture Visibility Architecture Remote Office Branch Office Campus Network Operations Network Taps App Aware Virtual & Cloud Access Core Data Center Private Cloud Virtualization Carrier Networks Wired and Mobile Slide 35 Out of Band NPB Inline Bypass Network Access Element Mgmt Performance Management Security Admin Policy Mgmt Inline NPB Packet Brokers Session Aware Applications Server Admin Data Center Automation Management Audit & Privacy Forensics
  • 36.
    EMA: Key Takeawayson Visibility Architectures 1. Visibility Architectures provide both tactical and strategic advantages to security and operations 2. Deploy in the core first; expand to edge and remote sites over time 3. Top, most-valued NVC/NPB features are Load Balancing and Inbound/Outbound filtering, though other features may also be important based on vertical sector 4. Focus on scalability, flexibility, manageability, completeness when seeking solutions Slide 36 © 2014 Enterprise Management Associates, Inc.
  • 37.
    Question & Answer: Pleaselog questions in the Q&A Panel Jim Frey JFrey@enterprisemanagement.com @jfrey80 Scott Register sregister@ixiacom.com @swregister Download this FREE White Paper from the follow-up email you receive from EMA! Or go to the Ixiacom.com home page and click on the EMA webinar banner. Slide 37