Abstract Organizations that rely on the reliability, security, and performance of their networks can no longer afford to wait for outages or security breaches to occur before installing test access points. Net Optics Monitoring Access Platform (MAP) outlines a plan to design monitoring access into the network architecture from the edge to the core before issues arise, so that problems can be debugged quickly, or prevented from occurring in the first place. A MAP can provide 100 percent visibility of the data needed to optimize the entire network, improving customer and employee experiences, increasing network administrator efficiency, and leveraging investments in expensive network monitoring tools.
Introduction The reliability, security, and speed that today s businesses need from their networks can only be achieved by having the right monitoring access and filtering solutions already in place when network issues arise. We can no longer afford to wait until monitoring tools are actually deployed before adding test access ports for security and performance monitoring. Moreover, relying on Span ports, hubs, and planned maintenance windows is proving costly and time consuming. The industry s new direction is to design and deploy monitoring access upfront, as an integral part of the enterprise network infrastructure. Net Optics Monitoring Access Platform (MAP) outlines a plan for accessing links and capturing 100 percent of the data needed to optimize your entire network, from the edge to the core. An integrated MAP can: Improve network performance Add in-line appliance bypass and fail-over Provide needed forensics for compliance and peace of mind By designing your monitoring access platform into the network architecture before network outages or security breaches occur, Net Optics solution portfolio extends monitoring visibility across your entire infrastructure: at the edge, in the data center, and within the core. Everyone from IT s networking, security, and telephony organizations can now leverage access points to maintain security, network efficiency, and user productivity. At the Edge Bypass Regeneration WAN visibility Forensic Protect and maintain a reliable Internet presence with Net Optics Bypass Switches providing fail-safe connectivity for in-line security, WAN optimization, and threat management appliances. Added link protection ensures that network traffic continues to flow between network devices even in the event an IPS or firewall experiences a power failure or software mishap. Regeneration Tap ibypass Switch IDS Analyzer RMON IPS Internet For more granular visibility, Regeneration Taps enable multiple security and performance-monitoring tools to simultaneously gather network information on important network edge links, eliminating contention for monitoring access between groups with different responsibilities, goals, and monitoring needs. Network Taps can also be used to directly monitor DS3 and E3 links to optimize what is being sent down expensive WAN links. Unnecessary traffic destined for remote and distributed campus environments can be captured and eliminated without taking down a link to deploy in-line tools.
In the Data Center Automation Media conversion Span port and in-line monitoring Matrix Switch As the central location of Forensic an organization s key IT resources, and an integral Analyzer application services point, the data center uses a variety of traffic and interface types that create challenges for capturing needed performance and compliance RMON IDS information. Because companies rely heavily on automated tools like ERP and CRM applications, business continuity and disaster recovery are key concerns in today s data center network architecture. Application performance and intra-department security monitoring are also crucial aspects of any data center deployment. The need to ensure that service level agreements are met, compliance is achieved, and applications perform as planned make it important to simultaneously capture data from multiple links. Net Optics In-line Matrix Switches are essential building blocks for satisfying data center monitoring access needs. These devices enable an arsenal of up to four different monitoring tools to be automatically switched across 16 to 32 selected network links. Basic monitoring can be enhanced through programmed timestamps across a full set of network links, providing statistical sampling that continuously scans for anomalies that may indicate security or performance issues. For further visibility, intelligent itap devices measure and display peak utilization rates, packet counts, and user-configurable alarms through both front panel interfaces and software management utilities. The itap becomes an integral troubleshooting component with or without external monitoring appliances attached. Converter Taps offer useful connectivity options when media types differ between network interfaces and available monitoring tools. Media conversion allows for efficient use of resources without the need to rent or purchase further tools. Media Converters can also extend the reach of network links for horizontal distribution and riser cables by converting copper to fiber, or multi-mode fiber to long-reach single-mode fiber. Traffic distribution in the data center can mean a large number of network switches, each requiring a separate tool for Span port monitoring. Net Optics Span Link Aggregators centralize traffic from up to eight network switches or Span ports, connecting them to as many as four tools that may have varying functionality such as performance optimization, intrusion detection, and VoIP monitoring. However, network architects must be aware that Span ports can drop significant link errors and even whole packets when a switch reaches a busy state. Using in-line Link Aggregation devices instead of Span ports improves your troubleshooting capability by ensuring that 100 percent of the traffic you need is captured, even under high traffic load conditions.
Within the Core High-speed fiber One Gigabit and 10 Gigabit monitoring resources Aggregation and load balancing In the network core, high-speed 1 Gigabit and 10 Gigabit network links interconnect mission-critical server and storage grids to efficiently deliver the resources needed for business applications, network-based services, and video transfers. Link Aggregator Network Tap Forensic The Net Optics family of 1 and 10GigaBit Fiber Taps and Matrix Switches meet today s access demands for line-rate data capture at high speeds, Forensic RMON Analyzer IDS without degrading performance or losing traffic visibility. Connections for SC and LC interfaces provide support for today s evolving media standards. As an added benefit, these fully optical Fiber Taps do not require power to operate, conserving outlets and lowering overall electricity consumption. Link Aggregation is particularly useful in the network core when load balancers distribute requests to multiple servers. A Link Aggregation Tap can collect the traffic from as many as four links, so the monitoring tool sees all the requests regardless of which servers process them. In addition, asymmetrical traffic in meshed network environments can be captured and replayed for essential compliance and trouble-shooting requirements. Blade system technology presents a unique challenge for monitoring access. Current blade offerings make no provision for Tapping into the network links that run through blade system backplanes from network blades to individual server blades. Therefore, it is especially important to plan monitoring access at the external connections to blade switches, utilizing passive Copper or Fiber Taps. Depending on the anticipated utilization of the link bandwidth, it may be cost-effective to use a Link Aggregation Tap to send the traffic from multiple links to a single monitoring tool, or simultaneously to a set of different types of monitoring tools. The ability to optimize monitoring tool resources is also important. In both the data center and the core, Link Aggregator Taps, Regeneration Taps, and Matrix Switches easily enable shared use of tools, and provide a way to manage expensive resources more efficiently.
MAP Evolution Higher port density Increased flexibility TapFlow filtering The need for network monitoring will continue to grow as network services expand, security breaches become more costly, and governance rules and government regulations tighten. Monitoring access solutions will evolve as well. Taps will increase in speed and have more ports to accommodate ever-increasing numbers of links that must be monitored. Aggregation, regeneration, and matrix switching functionality will converge in access devices that provide more flexibility for applying a pool of monitoring tools across a collection of links. Moreover, access devices will take a more active role in the overall monitoring solution, using iassist and TapFlow filtering technologies to shape the traffic so monitoring tools can operate more efficiently. Some of these capabilities are already available today. For example, Net Optics currently offers a GigaBit Fiber Link Aggregator that copies traffic aggregated from four GigaBit Fiber links to four SFP monitor ports, essentially incorporating the regeneration function as well as aggregation. These trends will lead Net Optics to announce more intelligent and automated solutions in the upcoming months, providing exciting new opportunities for designing monitoring access across the entire network infrastructure.
MAP Benefits When new services or link failures impact network operation, issues must be debugged rapidly and resolved before resources begin deteriorating. This activity should require minimal disruption, and utilize available resources if possible. Permanent monitoring access points designed into the network architecture provide the flexibility to attach and remove needed monitoring tools at any time, without disrupting traffic or entailing major reconfiguration. Deploying a monitoring access platform across the entire network infrastructure is cost effective because it brings the organization the following benefits: Network uptime is improved and performance is increased because monitoring access is instant and ubiquitous. As a result, customers as well as employees and partners enjoy a better user experience when accessing services over the network and Internet. Network administrators work more efficiently because they have all the information they need to ensure network health, without waiting for maintenance windows or needing to get authorization to change the network configuration to install a Tap. Business risk is decreased because mission-critical business applications can be monitored with 100 percent visibility, and because network access is available for security and compliance monitoring. Return on investment is multiplied because expensive monitoring tools can be utilized more efficiently and leveraged over many network links. For organizations that rely on their networks and what organization today does not? a Monitoring Access Platform is the key to optimal network performance, reliability, and security. About Net Optics Net Optics is the leader in innovative passive in-line devices for network security, traffic analysis, and IT monitoring solutions. Our products are used to access and monitor networks by enterprises, service providers, and government organizations globally. Leading vendors of protocol analyzers, RMON probes, and IPS appliances have chosen Net Optics products to sit in the networks of their customers from T1 to 10 Gigabit links. For further information on Tap technology: http://www.netoptics.com/support/whitepapers Distributed by: Net Optics, Inc. 5303 Betsy Ross Drive Santa Clara, CA 95054 (408) 737-7777 cs-support@netoptics.com www.netoptics.com BRAIN FORCE Software GmbH Ohmstr. 12 D - 63225 Langen (near Frankfurt/M.) Tel: +49 (0)6103 906-767 Email: netoptics@brainforce.com www.network-taps.eu