“As enterprises move more deeply into the latest data centre technologies, such as 10GbE, server virtualisation and software-defined networking, they are finding that visualising what is happening in their networks has become more challenging,” said Lee Doyle, principal analyst, Doyle Research. “This is compounded by the fact that many tools that worked well at 1Gbps speeds simply have not scaled up to 10Gbps. This has critical implications for the ways that enterprises approach security monitoring, forensics and network performance management, which can only be addressed by tools that are designed to enable network visualisation at 10Gbps speeds and above.”
As enterprises become more complex, NetOps and SecOps personnel are looking for new ways to improve their network visibility to ensure network security, guarantee performance of network-centric applications and to verify compliance with service level agreements (SLAs). Existing 10GbE NetFlow generators only provide sampled data on 10GbE links, as do switches and routers that are capable of generating NetFlow. Additionally, NetFlow generation on switches and routers significantly impacts their performance, especially during denial-of-service attacks. These sampled NetFlows don’t provide the visibility necessary to resolve critical network issues. By providing unsampled NetFlows, the EndaceFlow 3040 provides complete visibility in 10GbE networking environments.
By providing 100 per cent NetFlow generation, new threats to network security and performance can more easily be detected, identified and resolved - resulting in the detection of a wider range of network anomalies and intrusions in the security operations space and the identification of network choke points that impact application performance - and can be further treated with packet-based network recording and analysis tools.
“Traditionally, end users have used routers and switches to generate sampled NetFlows, which severely limits behavioural analysis and can impact switch and router performance,” said Mike Riley, senior vice president and general manager, Endace portfolio, Emulex. “The Emulex EndaceFlow 3040 addresses these issues by offloading NetFlow generation onto a purpose-built appliance that can generate unsampled NetFlow across multiple 10GbE links. This gives our customers all of the data they need to diagnose and resolve complex security and network performance issues on 10GbE networks in a fraction of the time previously required.”
The Emulex EndaceFlow 3040 delivers complete network visibility through the unique combination of the following features and capabilities:
· Extreme Performance: The EndaceFlow 3040 provides complete full-stream flow visibility at 10Gbps over any combination of IPv4 and IPv6-based networks with up to 30Gbps of flow generation and a total active flow cache size of 64 million.
· Custom Filtering: The EndaceFlow 3040 supports up to 120 filters across four collectors for load balancing flow records across multiple collectors, enabling users to customise exports to gain visibility of specific networks within the data centre.
· Advanced Hash Load Balancing (HLB): The advanced HLB feature of the EndaceFlow 3040 minimises manual configuration with flow safe load balancing, reducing OPEX.
· Ease of Integration: The EndaceFlow 3040 supports V5 (IPv4), V9 (IPv6) and Internet Protocol Flow Information Export (IPFIX) flow formats and a broad range of fields, allowing the EndaceFlow 3040 to seamlessly integrate with any NetFlow collector in the market.
When the EndaceFlow 3040 is combined with behavioural-based analytics tools from partners such as Lancope and SevOne, NetOps and SecOps personnel are able to create complete solutions that significantly speed resolution of critical network and security issues. In the case of one customer, this reduced their time-to-resolution (TTR) for critical incidents from 30-50 hours to only a couple of hours. The result is significantly improved network uptime and lower OPEX through reduced TTR for these critical incidents.
“Lancope’s StealthWatch System collects and analyses NetFlow to provide cost-effective, behaviour-based network performance and protection,” said Kerry Armistead, vice president of product management, Lancope. “Our enterprise customers know how critical the security and performance of their data centre networks are to the success of their business and the Emulex EndaceFlow 3040 delivers the performance and load balancing needed to support even the largest and most distributed networks in use today.”
“Speed, scale and simplicity are essential elements of the SevOne Network Performance Management and Monitoring solution,” said Casey Murray, vice president global strategic alliances, SevOne. “These attributes are mirrored in Emulex’s EndaceFlow 3040, allowing our customers to easily scale their existing NetFlow analytics investments into 10GbE environments. This makes the combination ideal for large public and private sector organisations managing the performance of their critical IT infrastructures.”