Brocade Telemetry Solutions
|
|
- Sherilyn Evans
- 8 years ago
- Views:
Transcription
1 WHITE PAPER Service provider Brocade Telemetry Solutions telemetry applications such as Monitoring and Lawful Intercept are important to Service Providers and impose unique requirements on network equipment. Brocade network telemetry devices offer the most scalable monitoring solutions that allows operators advanced visibility into their network.
2 Telemetry is used by organizations to monitor their networks for security intrusion detection, application performance management, packet inspection and analysis and a wide range of other applications. Co-location and hosting companies can offer value-added telemetry services to their customers. In addition, organizations are required by federal mandate to be able to monitor specific individuals or groups. This paper describes the requirements for Service Provider (SP) networks to support Monitoring (NM) and Lawful Interception (LI) applications. In addition, the paper provides use cases for Brocade telemetry solutions in the mobile backhaul and data center markets. Introduction telemetry refers to the monitoring and reporting of information on a network. Monitoring (NM) is used by Service Providers (SPs) to evaluate network performance and for security applications. SPs use monitoring applications for content types such as voice, video, and text. Monitoring these services for quality and performance is important for Service-Level Agreement (SLA) conformance. It is also important to SPs to measure their network performance to maximize returns from their assets. Lawful Intercept (LI) has become very important to Law Enforcement Agencies (LEAs) in the wake of increased security threats. LI laws, such as Communications Assistance for Law Enforcement Act (CALEA), dictate that information on specific individuals or groups be made available to LEAs when needed. This paper describes the requirements for SP networks and data centers to support Monitoring and Lawful Intercept applications. (It should be noted that large campus networks also have similar requirements.) Monitoring Monitoring (see Figure 1) refers to the applications that run in the network for the purposes of evaluating network performance. These applications include application performance management, packet inspection, VOIP analyzers, video analyzers, compliance enforcement tools, and a wide range of other applications. They also include security-related applications such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). While most of these applications are for internal use by organizations, some are used for revenue generation. With the increasing adoption of cloud technologies and related security concerns, demand for access to monitored network data is rising. Therefore, Cloud Service Providers, co-location providers, and hosting companies are offering value-added security and monitoring services to their customers. Monitoring applications are thus becoming increasingly important to Service Providers. 2
3 Routing/Switching Figure 1. High-level architecture for Monitoring. Tapped streams Monitoring Telemetry devices VoIP, video analyzers, IDS/IPS servers, data feed analyzers, data mining tools The requirements for network devices in NM applications depend on the number of applications and the scale of the network being monitored. General application requirements include: Wire-speed delivery of data to servers that run applications such as VOIP analyzers, video analyzers, and traffic monitors. Ability to support 40 Gigabit Ethernet (GbE) and 100 GbE hardware interfaces to accommodate the growing need for high bandwidth monitoring, to support large volumes of data being carried by networks. No impact to the switching/routing network by any monitoring activities such as turning on or off monitoring. The switching/routing network should not see any packet drops or degradation in bandwidth, latency, or other performance metrics when it is being monitored. Isolation of specific streams that pertain to the application being monitored. devices should to be able to support a large number of sophisticated filters to apply to thousands of streams tapped from the switching/routing network. Replication to a specific port or set of ports to allow multiple servers to analyze the same traffic stream. Data can be load balanced across multiple servers to allow for optimal utilization of compute resources. Lawful Intercept Law Enforcement Agencies (LEAs) can be regulatory, administrative, or intelligence agencies. These agencies are required to be able to monitor an individual s or organization s voice, video, are text communications as authorized by judicial authorities. Data is primarily collected as evidence or for investigative analysis. The monitored individual s or organization s calls are tapped at the Service Provider s network and data is sent directly to LEAs. The data collection and its subsequent consumption are all done in accordance with local laws. Data could be collected and examined in real time or the collected data could be retained for future use. The process of collecting and consuming tapped data is referred to as Lawful Intercept. Figure 2 shows the general dynamics of an intercept. The LEA originates an intercept request for an individual or organization to the appropriate entity. In many cases, this could be the Service Provider or operator, such as an ISP, providing Internet, IP telephony, and other services to the individual or organization. In some cases, the intercept may have to penetrate the internal network of an organization, such as a university or business enterprise. 3
4 Service providers Figure 2. Lawful Intercept enforcement. data Administration and mediation devices Warrant for specific individual or organization Enterprises Requested data (secure) Law enforcement agencies Universities The requirements for LI have been defined by different laws and organizations. The introduction of IP telephony and use of varied communication forms such as , text messages, social media, and so on, has led to a substantial change in the way LI is defined and implemented. LI has been extended to include monitoring of these content types together with traditional telephone calls. In the US, the CALEA defines the requirements of LEAs for monitoring telecommunication networks. The actual requirements for various LEAs vary based on the nature of the LEA and its jurisdiction. Common requirements are: The subject of investigation could be an individual, organization, or equipment that belongs to the target individual or organization. A warrant (court order) is required to intercept a subject s messages. SPs should not supply unauthorized information to the LEAs. The LI systems must be able to expedite all requests for intercepts of the subject s communications given the time-sensitive nature of these requests. The interception should be transparent to the subject. The interception should not affect the SP s services in any way, including services offered to the subject and to other customers. There could be multiple simultaneous interception requests by LEAs on the same or different subject to the SPs. The intercepted information should not be accessed by unauthorized entities or personnel including SPs and other intermediaries involved in the interception. To this extent, the data should be hidden by encryption and other methods. The intercepted information should be in a format that can be delivered to the LEA network, which may reside outside the carrier s premise. Two kinds of Information are requested of SPs by the LEAs: Contents of Communication (CC). CC includes actual contents of the intercepted data. CC can include voice, video, or textual data and has come to encompass the wide variety of data forms represented by media consumption in the current digital age. Intercept Related Information (IRI). IRI includes information such as duration, time and date and frequency of a session, and the number of unsuccessful attempts to establish a session. It also includes location-based information such as area of the origination and destination of the session. Other technical parameters, such as MAC and IP addresses, can also be included in IRI data. 4
5 Functional Requirements for NM/LI Three main functions are defined for NM/LI applications: Capturing. For both NM and LI applications, capturing of packets includes the task of extracting information from the communications network. Capturing should not affect the SP network that carrying traffic. For LI, this function includes identifying the sources that will be able to provide the requested information. For instance, this could involve isolating routers or gateways in the network that are carrying the information and extracting this information from these devices within the guidelines described above. The extraction has to be non-intrusive to the SP. Filtering. NM requires the ability to include fine grain filters to gain visibility into specific data streams being monitored. LI requires that unauthorized information cannot be extracted from the network. Thus, information captured has to be filtered to include only authorized information. Delivery. For NM, the filtered information is delivered to the server banks that perform data analysis. Several servers could look at the same data for different analysis requiring data replication. Data is also load balanced across several servers. For LI, filtered information has to be delivered to the Law Enforcement Monitoring Facility (LEMF). The LEMF may not reside in the same premise as the Service Provider. In this case, information is encrypted if it has to be transported over a public network. Architectures for LI/NM The network devices that are used to capture and filter data, such as switches and routers, have several requirements to comply with LI/NM requirements. These devices should offer high-performance switching capabilities. They should be able to isolate the specific voice, video, or data streams requested for the intercept, based on IP address, MAC address, TCP/ UDP headers, and other fields. Filters have to be enabled on the devices, which are switching traffic at wire speed, and should not cause any degradation in switching performance of the network device. This is to prevent subjects from detecting interception events. Typically, Service Providers design monitoring networks depending on their needs, size, and budget. There are at least two network architectures that an SP can use to design a monitoring network: Inband and Out-of-band monitoring networks. Inband Architecture In Inband network architectures (shown in Figure 3), the SP transport network is used to perform both tapping and filtering of traffic streams. This requires that network devices mirror traffic streams that are traversing it to draw out the required streams, while also being able to switch or route traffic without disruption. The devices should see no noticeable impact to switching performance due to traffic mirroring activities. The network devices should be capable of applying a large number of sophisticated filters to volumes of data traversing the Service Provider network. These filters should be able to isolate the traffic streams being monitored. segment Routing/Switching Incoming data segment Figure 3. Inband Monitoring. Intercepted data Monitoring station 5
6 Inband networks combine monitoring and routing functions within the same device. Therefore, this architecture collapses network layers and costs less to build (CapEx). Since there are fewer devices to maintain, the Inband network is easier to manage. A consolidated network management system can be built to reduce the burden of heterogeneous management software. Operating costs, such as those for power and cooling, are lower. Thus, this architecture offers Service Providers a compelling solution for lower CapEx and OpEx. However, inband network monitoring also reduces the scalability of the monitoring network. Because the same network device does both routing/switching and monitoring, its data forwarding resources and compute resources are divided between these two functions. A network operator looking to build a larger monitoring service is limited by the capacity of these devices. Furthermore, network configuration could become very complicated as the monitoring functionality of the network increases, because of the complexity of filters and data replication rules that need to be applied to the devices. These limitations could force SPs to deploy multiple devices as the monitoring portion of the network increases in size. Out-of-Band Architecture Out-of-band network architecture (shown in Figure 4) separates the monitoring network from the user network. tap equipment is used to replicate data streams with no impact to the switching/routing network. The tapped data streams are fed into the monitoring network, which consists of network devices that filter and replicate data as needed. This data is directed to the LEA network for LI applications or to a server bank for the SP s internal monitoring functions such as accounting, billing, and performance measurements. Thus monitoring activities have no bearing on the SP data delivery and switching network. Routing/Switching Figure 4. Out-of-band Monitoring. taps Monitoring Tapped streams Filtered streams To LEA network or monitoring server banks devices This architecture has several advantages. First, the transport network is insulated from failures in the monitoring network, which provides a greater degree of resiliency to the transport network because of little to no interference from monitoring devices. Second, this architecture allows the monitoring network to scale better. The monitoring network can process a large number of high-bandwidth traffic streams such as video. The network can scale to accommodate increased monitoring needs. Third, sophisticated filters can be applied at multiple layers in the monitoring network to achieve fine-grained isolation of traffic streams. Since network devices are used only for monitoring activities, their resources are fully dedicated to this function. 6
7 However, with the increased scale of the monitoring network comes an increased cost of buying and managing more network equipment. Diverse network equipment such as network taps, network switching and filtering devices, and network management systems increase the need for network management. Service Providers can choose between inband and out-of-band network monitoring architectures depending on their unique requirements and growth objectives. Brocade Telemetry Solutions Brocade telemetry devices can perform both inband and out-of-band network monitoring. They are purpose built for carrier class routing and resiliency and advanced monitoring capabilities. Brocade Solutions for Inband Monitoring Inband monitoring networks can use Brocade devices to both route and monitor traffic in the network simultaneously. Following are some benefits of using Brocade solutions for Inband network monitoring: Brocade devices are capable of replicating (or mirroring) traffic at wire speed at both ingress inputs (ingress) ports and output (egress) ports. Traffic on Link Aggregations Groups (LAGs) can also be monitored with the same capabilities as on regular physical ports. Traffic at the input and output ports can be filtered before replication to tap only traffic of interest. Traffic can be filtered on criteria such as IP address, MAC address, VLAN ID, and TCP ports to provide granular filters. It is possible to mirror of traffic on 10 GbE ports to traffic analyzers connected to 1 GbE or 100 Megabit per second (Mbps) ports. Brocade devices can filter and replicate at wire speed. There is no performance degradation on the transport network due to filtering. There is also no impact on the transport network when monitoring is turned on or off as per LI requirements that the subject should not be aware of any monitoring activities on the SP network. Traffic streams from multiple monitored ports can be aggregated to the same mirror port connected to traffic analyzers. This reduces the number of ports needed for monitoring. Brocade devices are 40 and 100 GbE ready. No forklift upgrades are needed to convert a monitoring network to higher-speed interfaces, making these networks future proof. Secure access is supported using RADIUS/TACACS+ authentication. SSH is also supported for secure login sessions. SNMP and syslog support is included to generate traps and alerts for specific network events. SNMP queries provide port and flow statistics for further analysis. Brocade devices support sflow, a technology that uses sampling technology to direct packets to any collector. This can be particularly useful for performance monitoring applications such as bandwidth analyzers. Brocade Solutions for Out-of-Band Monitoring Out-of-band monitoring networks install network taps in the transport network to access traffic. Brocade devices receive these feeds and can perform filtering and replication to traffic analyzers. Following are some of the benefits of Brocade devices for out-of-band network monitoring applications: Brocade devices can filter and replicate traffic to 100 Mbps, 1 GbE, or 10 GbE interfaces. These devices provide 256 x 10 GbE ports and 1536 x 1 GbE ports at wire speed, making them the highest-capacity network monitoring devices in the industry. Customers save significantly on operating expenses due to consolidation of network layers. 7
8 Brocade telemetry devices are 40 GbE and 100 GbE ready for out-of-band monitoring offering a high level of investment protection for future network expansion. As with inband networks, advanced filtering is possible on the ingress or egress ports for flexibility in enforcing policies at ingress, egress, or both locations. Brocade devices offer advanced load balancing capabilities. Both the ingress and egress ports can be LAGs. Traffic can be load balanced to traffic analyzers based on criteria such as IP address (IPv4 or IPv6), MAC address, VLAN, and TCP/UDP ports. Options can be enabled to load balance bi-directional conversations to the same server. The devices also offer users knobs to change load balancing traffic distribution for further flexibility. Brocade devices bring the resiliency of carrier grade to monitoring networks. With dual management cards and in-service upgradeability, Brocade devices guarantee less downtime. Secure access with SSH, TACACS+, RADIUS, and so on is supported as above for out-ofband monitoring as well. Brocade devices also support sflow for out-of-band monitoring. Applications for Brocade Telemetry Solutions Mobile Backhaul Mobile carriers have a great interest in monitoring traffic in their network, particularly as mobile devices become more powerful and can deliver richer content. Profiling of content gives them access to useful trends. Monitoring data allows them to secure their networks and also improve network performance. Traffic--multimedia content of voice, video, Internet traffic, or text--from cell towers is delivered to a master switching center on wire line or microwave media. Aggregated traffic at the center can be sent to different destinations such as an ISP for internet traffic, POTS for voice traffic, or a core backbone for mobile operator s valueadded internal services, as shown in Figure 5. To ISP Figure 4. Brocade mobile backhaul telemetry solution. Cell towers Master switching center taps To POTS To core backbone Servers for VoIP analysis, accounting, monitoring, etc. Brocade telemetry device There are a range of telemetry applications such as VOIP traffic analysis, accounting, and application performance monitoring that mobile operators use to monitor their networks. This analysis is performed on traffic aggregated at master switching centers. LI applications also reside at these centers to enable law enforcement agencies to capture data from subjects. Out-of-band network monitoring architectures are ideal for these requirements. taps are installed to tap traffic from the cell towers, which is then directed to a Brocade telemetry device. 8
9 The Brocade telemetry device can filter, replicate, and load balance traffic to multiple analyzer tools. The availability of different speed interfaces allows mobile operators to build a monitoring network per network requirements. With Brocade telemetry devices that are ready for 40 GbE and 100 GbE interfaces, the monitoring network is future proof to accommodate traffic increases resulting from upgrades to LTE (a mobile communication standard). Further, with advanced load balancing capabilities that allow more than 640 Gbps of traffic to be load balanced, the monitoring network can grow on demand. Thus the Brocade devices offer unparalleled investment protection. Data Centers Organizations make substantial investments to protect data centers from security risks such as attacks by hackers. Federally mandated LI applications can be implemented at data centers or co-location facilities Monitoring systems are installed to survey several locations in the data center to prevent the network from being compromised and to isolate the source of the attack. For instance, the paths between the border and core routers or those between the border router and the Internet connection to the ISP can be monitored for attacks from outside the data center, as shown in Figure 6. Links at server access layers can be monitored for possible security compromises and also for server performance. Internet Data Center Brocade telemetry device IDS servers Figure 6. Brocade data center telemetry solution. Brocade telemetry device IDS servers Multi-tenant or co-location hosting companies offer value-added services to their customers such as compute, storage, and Web services. With the Brocade telemetry systems, they can also offer value-added security services to their customers. With these services, hosting companies provide IDS and IPS services to detect and prevent security attacks on customer resources. This service can be applied to a specific customer s traffic by filtering specific traffic signatures with Brocade telemetry devices--without affecting other customer traffic. Secure access to these devices also ensures privacy for customers monitored data. Brocade telemetry devices offer more than 256 ports of wire-speed 10 GbE ports and 1,536 ports of GbE ports per system. This offers significant savings in OpEx with consolidation of devices and elimination of network layers. These devices operate at true line-rate to allow monitoring of large numbers of high-bandwidth data streams at several points in the data center simultaneously without the need to expand network capacity too frequently. Brocade devices offer carrier grade resiliency and in-service upgrade features, which reduces downtime in monitoring networks and creates a monitoring service that meets the Service- Level Agreements (SLAs) that co-location providers offer to their customers. 9
10 Summary telemetry is an important application for Service Providers. Monitoring is important for organizations to secure their networks and monitor performance of their applications. Lawful Intercept is federally mandated and requires SPs to be able to monitor subjects. LI imposes architectural requirements on SP networks. Both Monitoring and Lawful Intercept applications impose similar architectural requirements on network devices. Today s network operators and security teams are seeking scalable, cost-effective, and intelligent capabilities to interrogate all border and/or internal LAN traffic at speeds far exceeding 10 Gbps. Brocade telemetry solutions offer significant value by providing the capabilities demanded by monitoring applications. Brocade devices offer robust, future-proof, scalable hardware solutions and non-compromising performance guarantees. These devices have the highest 10 GbE/1 GbE capacities in the industry and are 40 GbE/100 GbE ready today. architects can design tomorrow s NM/LI solutions with Brocade devices today, which makes Brocade telemetry solutions a compelling choice for the monitoring needs of all SP networks. References ITU-T Technology Watch Report #6, Technical Aspects of Lawful Interception, Lawful Interception for IP s, Aqsacom, Inc., articles/liipwhitepaperv21.pdf ETSI TS , under Lawful Interception, Telecommunications Security, version 1.1.1, Handover Specification for IP delivery, February RFC 3924, Cisco Architecture for Lawful Intercept in IP s TSI Standard: ES V1.1.2 ( ) Telecommunications security; Lawful Interception (LI); Requirements for network functions About Brocade Brocade connects the world s most important information delivering proven networking solutions for today s most data-intensive organizations. From the data center to highperformance Ethernet networks, Brocade is extending its 15-year heritage as a leading innovator of advanced storage and networking technology. The world s largest enterprise networks, government entities, and global service providers rely on Brocade to maximize the business return on their data. It s no wonder 90 percent of the world s most critical business information flows through Brocade solutions. Quite simply, Brocade enables today s complex businesses to run. Where other vendors produce networking that s ordinary, Brocade is committed to delivering the extraordinary. To find out more about Brocade products and solutions, visit 10
11 Appendix: Lawful Intercept Architecture Figure 7 shows the LI Architecture described by European Telecommunications Standards Institute s (ETSI) ES V1.1.2 ( ). Most of the other standards describe similar architectures for LI. The LEMF and the SP (operator) networks are clearly separated by various types of Handover Interfaces (HI), namely HI1, HI2, and HI. The first HI port, HI1, transports various kinds of administrative information including warrants between LEA and the SP network. HI1 could even be paper documents handed over to the SP operator by the LEA. HI2 transports IRI from the Service Provider to the LEMF. HI3 transports CC information between the LEMF and the Service Provider. Administrative functions at network operator HI Handover Interface HI1 Administration HI2 Intercept Related Information (IRI) HI3 Content of Communication (CC) Figure 7. Brocade mobile backhaul telemetry solution. Internal intercept function (CC and IRI) Service information Content of communication HI1 LEMF Mediation functions (CC and IRI) HI2 HI3 HI SP network LEA network The LEA issues warrants, which are processed by the administrative functions at the network operator. These requests are passed on to network equipment such as network taps, monitoring devices, and switc Lawful intercept architecture. hes, which are used to capture and filter data to be delivered to the LEAs. Mediation devices further secure the data and transport it to the LEA network. 11
12 WHITE PAPER Corporate Headquarters San Jose, CA USA T: European Headquarters Geneva, Switzerland T: Asia Pacific Headquarters Singapore T: Brocade Communications Systems, Inc. All Rights Reserved. 10/10 GA-WP Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary s, MyBrocade, and VCS are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO
WHITE PAPER www.brocade.com IP NETWORK SECURITY Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO The Non-Stop Secure Network, a Brocade and McAfee joint solution,
More informationBuilding Tomorrow s Data Center Network Today
WHITE PAPER www.brocade.com IP Network Building Tomorrow s Data Center Network Today offers data center network solutions that provide open choice and high efficiency at a low total cost of ownership,
More informationData Center Evolution without Revolution
WHITE PAPER www.brocade.com DATA CENTER Data Center Evolution without Revolution Brocade networking solutions help organizations transition smoothly to a world where information and applications can reside
More informationBrocade One Data Center Cloud-Optimized Networks
POSITION PAPER Brocade One Data Center Cloud-Optimized Networks Brocade s vision, captured in the Brocade One strategy, is a smooth transition to a world where information and applications reside anywhere
More informationEthernet Fabrics: An Architecture for Cloud Networking
WHITE PAPER www.brocade.com Data Center Ethernet Fabrics: An Architecture for Cloud Networking As data centers evolve to a world where information and applications can move anywhere in the cloud, classic
More informationMulti-Chassis Trunking for Resilient and High-Performance Network Architectures
WHITE PAPER www.brocade.com IP Network Multi-Chassis Trunking for Resilient and High-Performance Network Architectures Multi-Chassis Trunking is a key Brocade technology in the Brocade One architecture
More informationBrocade SIP-Intelligent Application Switching for IP Communication Services
WHITE PAPER Application Delivery Brocade SIP-Intelligent Application Switching for IP Communication Services Highlights the value of highly available and scalable application switching and details the
More informationChoosing the Best Open Standards Network Strategy
WHITE PAPER IP network Choosing the Best Open Standards Network Strategy In order to truly align the enterprise infrastructure strategy with business requirements, organizations must be free to choose
More informationBrief Summary on IBM System Z196
WHITE PAPER www.brocade.com DATA CENTER Deploying Strategic Data Center Solutions for IBM zenterprise System z Environments The Brocade DCX Backbone provides industry-leading performance, scalability,
More informationEnsuring a Smooth Transition to Internet Protocol Version 6 (IPv6)
WHITE PAPER www.brocade.com APPLICATION DELIVERY Ensuring a Smooth Transition to Internet Protocol Version 6 (IPv6) As IPv4 addresses dwindle, companies face the reality of a dual-protocol world The transition
More informationTen Ways to Optimize Your Microsoft Hyper-V Environment with Brocade
WHITE PAPER Server Connectivity Ten Ways to Optimize Your Microsoft Hyper-V Environment with Brocade To maximize the benefits of network connectivity in a virtualized server environment, Brocade works
More informationScalable Approaches for Multitenant Cloud Data Centers
WHITE PAPER www.brocade.com DATA CENTER Scalable Approaches for Multitenant Cloud Data Centers Brocade VCS Fabric technology is the ideal Ethernet infrastructure for cloud computing. It is manageable,
More informationGet the Most Out of Data Center Consolidation
WHITE PAPER www.brocade.com DATA CENTER Get the Most Out of Data Center Consolidation Brocade networking solutions help ensure that organizations benefit from decreased costs and increased business agility
More informationBrocade sflow for Network Traffic Monitoring
WHITE PAPER Service provider Brocade sflow for Network Traffic Monitoring Although both sflow and NetFlow enjoy widespread industry adoption, sflow is the better technology for traffic monitoring. Business
More informationDeploying Brocade VDX 6720 Data Center Switches with Brocade VCS in Enterprise Data Centers
WHITE PAPER www.brocade.com Data Center Deploying Brocade VDX 6720 Data Center Switches with Brocade VCS in Enterprise Data Centers At the heart of Brocade VDX 6720 switches is Brocade Virtual Cluster
More informationMultitenancy Options in Brocade VCS Fabrics
WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy.
More informationThe Business Case for Software-Defined Networking
WHITE PAPER The Business Case for Software-Defined Networking Brocade enables customers a means of reducing costs of service delivery through Software-Defined Networking (SDN) technologies. In addition,
More informationHow To Connect Your School To A Wireless Network
WHITE PAPER campus networks Enabling the Wireless School The growing demand for Wireless LAN access in K 12 schools. Many K 12 schools are seeking new technological solutions that help optimize learning
More informationBrocade Network Monitoring Service (NMS) Helps Maximize Network Uptime and Efficiency
WHITE PAPER SERVICES Brocade Network Monitoring Service (NMS) Helps Maximize Network Uptime and Efficiency Brocade monitoring service delivers business intelligence to help IT organizations meet SLAs,
More informationBrocade Campus LAN Switches: Redefining the Economics of
WHITE PAPER www.brocade.com Enterprise Campus Networks Campus LAN Switches: Redefining the Economics of Campus Networks Efficient switching technology and flexible acquisition models help enterprises reduce
More informationNETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes
WHITE PAPER www.brocade.com NETWORK FUNCTIONS VIRTUALIZATION The Top Five Virtualization Mistakes Virtualization is taking the IT world by storm. After years of IT build-out, virtualization suddenly fixes
More informationWHITE PAPER. Cloud Networking: Scaling Data Centers and Connecting Users
WHITE PAPER Cloud Networking: Scaling Data Centers and Connecting Users While the business promise of cloud computing is broad, there are a few basic enabling themes underlying an effective cloud design:
More informationIntroducing Brocade VCS Technology
WHITE PAPER www.brocade.com Data Center Introducing Brocade VCS Technology Brocade VCS technology is designed to revolutionize the way data center networks are architected and how they function. Not that
More informationBrocade Monitoring Services Security White Paper
WHITE PAPER Monitoring Services Security White Paper In today s globally connected world, the enterprise network is a strategic platform, a platform that demands deep and instantaneous integration between
More informationFibre Channel over Ethernet: Enabling Server I/O Consolidation
WHITE PAPER Fibre Channel over Ethernet: Enabling Server I/O Consolidation Brocade is delivering industry-leading oe solutions for the data center with CNAs, top-of-rack switches, and end-of-row oe blades
More informationWHITE PAPER. Gaining Total Visibility for Lawful Interception
WHITE PAPER Gaining Total Visibility for Lawful Interception www.ixiacom.com 915-6910-01 Rev. A, July 2014 2 Table of Contents The Purposes of Lawful Interception... 4 Wiretapping in the Digital Age...
More informationDEDICATED NETWORKS FOR IP STORAGE
DEDICATED NETWORKS FOR IP STORAGE ABSTRACT This white paper examines EMC and VMware best practices for deploying dedicated IP storage networks in medium to large-scale data centers. In addition, it explores
More informationThe Road to SDN: Software-Based Networking and Security from Brocade
WHITE PAPER www.brocade.com SOFTWARE NETWORKING The Road to SDN: Software-Based Networking and Security from Brocade Software-Defined Networking (SDN) presents a new approach to rapidly introducing network
More informationBrocade and EMC Solution for Microsoft Hyper-V and SharePoint Clusters
Brocade and EMC Solution for Microsoft Hyper-V and SharePoint Clusters Highlights a Brocade-EMC solution with EMC CLARiiON, EMC Atmos, Brocade Fibre Channel (FC) switches, Brocade FC HBAs, and Brocade
More informationSolution Guide: Brocade Server Application Optimization for a Scalable Oracle Environment
Solution Guide: Brocade Server lication Optimization for a Scalable Oracle Environment Optimize the performance and scalability of Oracle applications and databases running Oracle Enterprise Linux (OEL)
More informationNETWORK FUNCTIONS VIRTUALIZATION. Segmenting Virtual Network with Virtual Routers
WHITE PAPER www.brocade.com NETWORK FUNCTIONS VIRTUALIZATION Segmenting Virtual Network with Virtual Routers INTRODUCTION For the past 20 years, network architects have used segmentation strategies to
More informationFacilitating a Holistic Virtualization Solution for the Data Center
WHITE PAPER DATA CENTER Facilitating a Holistic Virtualization Solution for the Data Center Brocade solutions provide a scalable, reliable, and highperformance foundation that enables IT organizations
More informationWHITE PAPER. Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager
WHITE PAPER Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager ALREADY USING AMAZON ELASTIC LOAD BALANCER? As an abstracted service, Amazon ELB
More informationCloud Optimized Performance: I/O-Intensive Workloads Using Flash-Based Storage
WHITE PAPER Cloud Optimized Performance: I/O-Intensive Workloads Using Flash-Based Storage Brocade continues to innovate by delivering the industry s first 16 Gbps switches for low latency and high transaction
More informationIMPLEMENTING VIRTUALIZED AND CLOUD INFRASTRUCTURES NOT AS EASY AS IT SHOULD BE
EMC AND BROCADE - PROVEN, HIGH PERFORMANCE SOLUTIONS FOR YOUR BUSINESS TO ACCELERATE YOUR JOURNEY TO THE CLOUD Understand How EMC VSPEX with Brocade Can Help You Transform IT IMPLEMENTING VIRTUALIZED AND
More informationExtreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF
Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF TECHNOLOGY STRATEGY BRIEF Extreme Networks CoreFlow2 Technology Benefits INCREASED VISIBILITY Detailed monitoring of applications, their
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationCloud-Optimized Performance: Enhancing Desktop Virtualization Performance with Brocade 16 Gbps
Cloud-Optimized Performance: Enhancing Desktop Virtualization Performance with Brocade 16 Gbps Discussing the enhancement of Desktop Virtualization using 16 Gbps Fibre Channel and how it improves throughput
More informationBROCADE OPTICS FAMILY
DATA SHEET www.brocade.com BROCADE OPTICS FAMILY ENTERPRISE LAN SWITCHING Highly Reliable, Brocade- Qualified Optics HIGHLIGHTS Rigorously tested for performance and reliability by Brocade Hot-swappable
More informationSave Budget Dollars using Smart Data Access Technology
Save Budget Dollars using Smart Data Access Technology Data Centers can benefit from Smart Data Access Technology Fall 2011 Copyright 2011. Network Critical NA LLC. All Rights Reserved. 1. The data center
More informationCOMPARING STORAGE AREA NETWORKS AND NETWORK ATTACHED STORAGE
COMPARING STORAGE AREA NETWORKS AND NETWORK ATTACHED STORAGE Complementary technologies provide unique advantages over traditional storage architectures Often seen as competing technologies, Storage Area
More informationADVANCING SECURITY IN STORAGE AREA NETWORKS
WHITE PAPER ADVANCING SECURITY IN STORAGE AREA NETWORKS Brocade Secure Fabric OS provides a reliable framework for enhancing security in mission-critical SAN environments As organizations continue to broaden
More informationObserver Probe Family
Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software
More informationOut-of-Band Security Solution // Solutions Overview
Introduction A few years ago, IT managed security using the hard outer shell approach and established walls where traffic entered and departed the network assuming that the risks originated outside of
More informationAllied Telesis provide virtual customer networks
Solutions Network Virtualization Allied Telesis provide virtual customer networks over shared Ethernet infrastructure Solutions Network Virtualization Today s building management companies can derive revenue
More informationIntelligent Data Access Networking TM
Gigamon TM delivers intelligent data access solutions to enhance monitoring of service provider and enterprise data centers. The company s world-renowned GigaVUE orange boxes aggregate, filter and replicate
More information40 Gigabit and 100 Gigabit Ethernet Are Here!
WHITE PAPER www.brocade.com High- Performance Networks 40 Gigabit and 100 Gigabit Ethernet Are Here! The 40 Gigabit and 100 Gigabit Ethernet standards were adopted by the Institute of Electrical and Electronics
More informationSafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and
SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and Management SafeNet Network Encryption and Isolation Solution
More informationBest Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive
White Paper Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive 26601 Agoura Road, Calabasas, CA 91302 Tel: 818.871.1800 Fax: 818.871.1805 www.ixiacom.com
More informationChapter 1 Reading Organizer
Chapter 1 Reading Organizer After completion of this chapter, you should be able to: Describe convergence of data, voice and video in the context of switched networks Describe a switched network in a small
More informationSolving Monitoring Challenges in the Data Center
Solving Monitoring Challenges in the Data Center How a network monitoring switch helps IT teams stay proactive White Paper IT teams are under big pressure to improve the performance and security of corporate
More informationCLE202 Introduction to ServerIron ADX Application Switching and Load Balancing
Introduction to ServerIron ADX Application Switching and Load Balancing Student Guide Revision : Introduction to ServerIron ADX Application Switching and Load Balancing Corporate Headquarters - San
More informationCloud Service Delivery Architecture Solutions for Service Providers
WHITE PAPER www.brocade.com SERVICE PROVIDER Cloud Service Delivery Architecture Solutions for Service Providers White Paper for Network Managers Brocade enables service providers to transition from bandwidth
More informationJuly, 2006. Figure 1. Intuitive, user-friendly web-based (HTML) interface.
Smart Switches The Value-Oriented Alternative for Managed Switching White Paper September, 2005 Abstract This White Paper provides a short introduction to Web Smart switches and their importance in a local
More informationThe Advantages of IP Network Design and Build
WHITE PAPER www.brocade.com DATA CENTER The Benefits of a Dedicated IP Network for Storage Application, storage, and virtualization companies recommend a dedicated IP storage network to ensure deterministic
More informationethernet services for multi-site connectivity security, performance, ip transparency
ethernet services for multi-site connectivity security, performance, ip transparency INTRODUCTION Interconnecting three or more sites across a metro or wide area network has traditionally been accomplished
More informationBROCADE PERFORMANCE MANAGEMENT SOLUTIONS
Data Sheet BROCADE PERFORMANCE MANAGEMENT SOLUTIONS SOLUTIONS Managing and Optimizing the Performance of Mainframe Storage Environments HIGHLIGHTs Manage and optimize mainframe storage performance, while
More informationSimplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage
Simplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage David Schmeichel Global Solutions Architect May 2 nd, 2013 Legal Disclaimer All or some of the products detailed in this presentation
More informationMulti Stage Filtering
Multi Stage Filtering Technical Brief With the increasing traffic volume in modern data centers, largely driven by e-business and mobile devices, network and application performance monitoring has become
More informationNEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service
NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service This document describes the benefits of the NEWT Digital PBX solution with respect to features, hardware partners, architecture,
More informationVirtualized Security: The Next Generation of Consolidation
Virtualization. Consolidation. Simplification. Choice. WHITE PAPER Virtualized Security: The Next Generation of Consolidation Virtualized Security: The Next Generation of Consolidation As we approach the
More informationSimple Law Enforcement Monitoring
Simple Law Enforcement Monitoring Fred Baker draft-baker-slem-architecture-01.txt ftp://ftpeng.cisco.com/fred/ietf/slem.ppt ftp://ftpeng.cisco.com/fred/ietf/slem.pdf The message I wish had been found in
More informationWHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges
WHITE PAPER Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges www.ixiacom.com 915-6914-01 Rev. A, July 2014 2 Table of Contents Load Balancing A
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationWHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM
NOTE: Foundry s ServerIron load balancing switches have been certified in Microsoft s load balancing LCS 2005 interoperability labs. Microsoft experts executed a variety of tests against Foundry switches.
More informationBest Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies
Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies Reaching a Balance Between Communications and Security
More informationGaining Operational Efficiencies with the Enterasys S-Series
Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction
More informationBrocade Fabric Vision Technology Frequently Asked Questions
Brocade Fabric Vision Technology Frequently Asked Questions Introduction This document answers frequently asked questions about Brocade Fabric Vision technology. For more information about Fabric Vision
More informationSession Border Controllers in Enterprise
A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by: Speakers Natasha Tamaskar VP Product Marketing
More informationVoice Over IP Performance Assurance
Voice Over IP Performance Assurance Transforming the WAN into a voice-friendly using Exinda WAN OP 2.0 Integrated Performance Assurance Platform Document version 2.0 Voice over IP Performance Assurance
More informationMonitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges
2011 is the year of the 10 Gigabit network rollout. These pipes as well as those of existing Gigabit networks, and even faster 40 and 100 Gbps networks are under growing pressure to carry skyrocketing
More informationTransparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG
Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG This document provides best-practice guidance for Brocade ServerIron ADC deployments using Transparent Cache Switching (TCS) with
More informationBrocade Solution for EMC VSPEX Server Virtualization
Reference Architecture Brocade Solution Blueprint Brocade Solution for EMC VSPEX Server Virtualization Microsoft Hyper-V for 50 & 100 Virtual Machines Enabled by Microsoft Hyper-V, Brocade ICX series switch,
More informationWhat is Carrier Grade Ethernet?
WHITE PAPER IP Network What is Carrier Grade Ethernet? The ability to transport Ethernet over different transport technologies raises the exciting proposition of Ethernet services not only in campus or
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationExploring Software-Defined Networking with Brocade
WHITE PAPER www.brocade.com IP Network Exploring Software-Defined Networking with Brocade This paper provides an overview of Software-Defined Networking (SDN), its expected role in cloud-optimized networks,
More informationBASCS in a Nutshell Study Guide for Exam 160-020 Brocade University Revision 03-2012
BASCS in a Nutshell Study Guide for Exam 160-020 Brocade University Revision 03-2012 2013 Brocade Communications Corporate Headquarters - San Jose, CA USA T: (408) 333-8000 info@brocade.com European Headquarters
More informationThe Brocade SDN Controller in Modern Service Provider Networks
WHITE PAPER The Controller in Modern Service Provider Networks The OpenDaylight-based Controller combines innovations with modular software engineering and model-driven network management for a cost-effective,
More informationObserver Probe Family
Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software
More informationWHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)
WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary
More informationCisco Catalyst 3750 Metro Series Switches
Cisco Catalyst 3750 Metro Series Switches Product Overview Q. What are Cisco Catalyst 3750 Metro Series Switches? A. The Cisco Catalyst 3750 Metro Series is a new line of premier, customer-located switches
More informationSecure Access Complete Visibility
PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationPartner with the UK s leading. Managed Security Service Provider
Partner with the UK s leading Managed Security Service Provider The Talk Straight Advantage Established in 2007, Talk Straight is an ISP with a difference, and is at the forefront of a revolution in cloud
More informationMethods for Lawful Interception in IP Telephony Networks Based on H.323
Methods for Lawful Interception in IP Telephony Networks Based on H.323 Andro Milanović, Siniša Srbljić, Ivo Ražnjević*, Darryl Sladden*, Ivan Matošević, and Daniel Skrobo School of Electrical Engineering
More informationQRadar Security Intelligence Platform Appliances
DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management
More informationAs IT organizations look for better ways to build clouds and virtualized data
DATA SHEET www.brocade.com BROCADE VDX 6720 DATA CENTER SWITCHES DATA CENTER Revolutionizing the Way Data Center Networks Are Built HIGHLIGHTS Simplifies network architectures and enables cloud computing
More informationScale-Out Storage, Scale-Out Compute, and the Network
WHITE PAPER www.brocade.com DATA CENTER Scale-Out Storage, Scale-Out Compute, and the Network Brocade VDX switches with Brocade VCS Fabric technology provide an automated, efficient, scale-out network
More informationBROCADE NETWORK ADVISOR
DATA SHEET www.brocade.com BROCADE NETWORK ADVISOR NETWORK MANAGEMENT Simplified Network Management for Today s Increasingly Dynamic Networks HIGHLIGHTS Simplifies operations by providing an intuitive
More informationAPPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)
High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder) This solution leverages interoperable and best-of-breed networking and security products, tailored
More informationCentral Office Testing of Network Services
Central Office Testing of Network Services Rev 4 Application Note Ethernet is rapidly becoming the predominant method for deploying new commercial services and for expanding backhaul capacity. Carriers
More informationWHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)
WHITE PAPER Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Protecting Your Network From the Inside-Out Internal Segmentation Firewall (ISFW) Table of Contents Summary
More informationSTAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.
STAR-GATE TM Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards. In this document USA Tel: +1-703-818-2130 Fax: +1-703-818-2131 E-mail: marketing.citi@cominfosys.com
More informationWhy sample when you can monitor all network traffic inexpensively?
Why sample when you can monitor all network traffic inexpensively? endace power to see all europe P +44 1223 370 176 E eu@endace.com americas P +1 703 964 3740 E usa@endace.com asia pacific P +64 9 262
More informationBrocade VCS Fabrics: The Foundation for Software-Defined Networks
WHITE PAPER DATA CENTER Brocade VCS Fabrics: The Foundation for Software-Defined Networks Software-Defined Networking (SDN) offers significant new opportunities to centralize management and implement network
More informationBusiness Case for BTI Intelligent Cloud Connect for Content, Co-lo and Network Providers
Business Case for BTI Intelligent Cloud Connect for Content, Co-lo and Network Providers s Executive Summary Cloud computing, video streaming, and social media are contributing to a dramatic rise in metro
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More information