Shared Data Access Network (SDAN)

Slides:

Advertisements

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Advertisements

Getting Traffic to your Cluster. Where to Tap WAN or Internal – WAN Detect intrusion attempts and out-bound misbehavior – Internal Detect internal-internal.

NETWORK TRANSFORMATION THROUGH VIRTUALIZATION

Network Systems Sales LLC

RiT PatchView Solution

Stonesoft Roadmap WHAT FEATURES WILL COME IN

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

Campus LAN Overview. Objectives Identify the technical considerations in campus LAN design Identify the business considerations in campus LAN design Describe.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

A Scalable, Commodity Data Center Network Architecture.

It’s What You Can’t See That Will Sink You

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.

Troubleshooting Software Tools vs. Professional Test Equipment.

Barracuda Networks Steve Scheidegger Commercial Account Manager

Adam Leidigh Brandon Pyle Bernardo Ruiz Daniel Nakamura Arianna Campos.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.

S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,

Common Devices Used In Computer Networks

– Chapter 5 – Secure LAN Switching

Click to edit Master subtitle style Assignment 3 Networking Devices Leonard Ehalt.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.

Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus.

INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.

Chapter 6 – Connectivity Devices

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

VMware vSphere Configuration and Management v6

Security fundamentals Topic 10 Securing the network perimeter.

Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.

Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.

Network Components Kortney Horton LTEC October 20, 2013 Assignment 3.

CISCO NETWORKING ACADEMY Chabot College ELEC Ethernet Switches.

Introduction to Avaya’s SDN Architecture February 2015.

PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Embrace the Future of.

Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.

1 Copyright © 2013 Tap DANZing with Arista Networks Redefining the Cost of the Access Layer.

1 CONFIDENTIAL Maintainable Apps Apps are for business not for developers JANUARY 1, 2015.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

Cisco Study Guide

Secure High Performance Networking at BNL Winter 2013 ESCC Meeting John Bigrow Honolulu Hawaii.

Network Processing Systems Design

Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.

Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.

Security fundamentals

Solving Real-World Problems with Wireshark

LESSON 2.1_A Networking Fundamentals Understand Switches.

Utilize Internal Data via Mobile Business Apps

OptiView™ XG Network Analysis Tablet

Chapter 4 Data Link Layer Switching

Configuring EtherChannels and Switch Troubleshooting

File Manager for Microsoft Office 365, SharePoint, and OneDrive: Extensible Via Custom Connectors in Enterprise Deployments, Ideal for End Users OFFICE.

AKAMAI INTELLIGENT PLATFORM™

IS4680 Security Auditing for Compliance

Decisions, Decisions… Hosted vs. Premises-based VoIP Deployment

Security Delivery Platform for the Micro-segmented Data Center

Instructor Materials Chapter 8: Applied Networking

AT&T Firewall Battlecard

Presentation transcript:

Shared Data Access Network (SDAN) for Monitoring, Security, Performance J. Scott Haugdahl Principal Engineer, Blue Cross Blue Shield Former Asst. VP & Architect, US Bank Data Connectors Minneapolis, March 28th, 2013

The US Bank Experience Who is US Bank (Symbol: USB)? Part of U.S., a diversified financial services, holding company Fifth-largest commercial bank in the U.S with over 3,000 branches Recognized for its strong financial performance and prudent risk management, capital generation, and product quality What is Network Application Analysis (NAA)? Founded in 2008 as part of US Bank’s Network Planning and Engineering to adapt new thinking methods, tools, process, and collaboration in order to focus on resolving potential or chronic application performance problems Solutions oriented, not only the lower network (i.e. infrastructure) layers Gained a high level of visibility and credibility during pre-migration analysis to new data center Created the Shared Data Access Network (SDAN) to support security, monitoring, and analysis tools Why the SDAN? The only solution able to collect and aggregate multiple streams simultaneously from several tiers in real-time to feed Application Performance Monitoring (APM), fraud detection, security, and sniffer tools

Oh oh! Now what do we do?!

The Dark Ages “Technicians had to physically unplug and move tools from one tap or SPAN port to another. That necessitated change orders and scheduling during off hours, slowing the group’s agility and flexibility to monitor effectively.” - Royal Bank of Canada The data center crash cart. Not to mention tripping over wires or pulling the wrong one.

Is This the Best We Can Do?

Sharing SPANs Got Ugly Hey, It’s MY SPAN PORT! (Referee from Gigamon) (Dropped Packets) (Blade Server) Only two ports per 6509, problem with oversubscribing, port channels, Nexus 7k with top of rack 2k’s (line card fabric extension) is collapsing the architecture and making it worse – still only 2 spans per 7k

Fast Forward Gigamon Intelligent Matrix The Shared Data Access Network (SDAN) Collects & Sends Packets to Consumers Tapped Media Mirror Ports Load Balancers Firewalls Mainframe Switches UCS Fabric Blade Chassis Packet Sources Gigamon Intelligent Matrix Switching, Filtering, Aggregation, Slicing, etc. - SDAN – another name for Gigamon’s “Visibility Fabric”. The scope of the SDAN is the taps and matrix switches… all other devices are consumers of the SDAN, a very important distinction to make when “selling it”. Sniffers can assist in DDoS and IDS leakage analysis. Intrusion Detection Fraud Threat Analysis Data Loss Prevention APM Sniffer Consumers

SDAN Value – The Big Three  Collect and Aggregate Packet Flows Several streams from multiple tiers can be collected and aggregated to one or more 10 Gbps outputs, in order to monitor complex applications and save on tool ports  Passively Share Packet Flows Packet stream sources (network ports) can service many consumers (tool ports) critical to protecting your customers and improving the end-user experience This really is the only solution that can effectively collect multiple packet streams and aggregate them to out-of band tools.  Filter and Preprocess Packet Flows Flows can be filtered by MAC, VLAN, IP (and sliced, de-duped, etc.) allowing focused analysis or fraud detection and significant drop in CPU demand on the tool or appliance

Simplified App Mapping & Tapping Application “X” Internet Users Tier 3 Tier 1 Load Balancer Authentication Internet Routers “X” Web Servers Policies Load Balancer “X” App Servers “X” DB Servers Firewalls Tier 2 Load Balancer “DMZ” Tapping above and below load balancers are great places to pick up services to monitor, isolate faults by domain, troubleshoot, optimize apps Load Balancer Messaging Access GW Mainframe Firewalls

Steps to a Successful SDAN Deployment Document the logical flow of the application In complex environments, use application (not network) conceptual flow diagrams to determine the logical tap points per end-tool requirements (packet analysis, security, APM, etc.) Different applications will have different flows and services, especially customer facing vs. internal applications Map the logical flows and devices to physical ports Example: Firewalls and where they attach Tap the physical media into your SDAN network ports These comprise the ingress or network ports Aggregate the packet streams and send to your SDAN tool ports Filters may be required to remove irrelevant packets Feed the security flows to your sniffer to validate your setup Don’t forget this important last step! IDS security below the firewall is a given. But what about fraud detection, data loss prevention, and other such tools? Validate your packet flows through the SDAN before an attack or breach!

After SDAN With the SDAN, we are now one big happy family sharing the sandbox! Note the Gigamon orange color of the sandbox. :) 

Some SDAN Security Tool Best Practices Tap related network points into a Gigamon 420 or TA1 and send aggregated flows to 2404/HD4/HD8 for security tool consumption Example: Tier 1 Firewalls and Interfaces -> TA1 -> Tier 1 Firewall Aggregate -> HD8 -> IDS Example: Nexus 2232/2248’s -> TA1 -> Server Farm Aggregate -> HD8 -> Fraud Detection Example: Mainframe OSAs -> TA1 -> Mainframe Aggregate -> HD8 -> Data Loss Prevention Use rules and filtering to greatly reduce load on the security appliance Security and APM appliances do not need to waste cycles filtering irrelevant data Reducing unnecessary intake can also increase post analysis processing performance SPANs (and mirror ports) usefulness is diminishing, so avoid if possible Easy to over subscribe, especially with port channel or full duplex aggregation Eliminate the old practice of using aggregation taps and use fiber where possible Be mindful that each tap requires two SDAN ports when operating in non-aggregation mode Consider preserving separate send/receive full duplex tap ports all the way through to your tools for certain data center or branch WAN connections Preserving full duplex tapped router connections helps to preserve incoming vs. outgoing Copy your security flows to permanent sniffers for post mortem analysis Data mine stored packet flows for deep dive forensics analysis - Preserving the send and recieve side of full duplex taps to our tools can help reserve send/receive reports and statistics

Not Best Practices!

Thank You!