Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ixia Visibility Architecture

Published byDina Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Ixia Visibility Architecture"— Presentation transcript:

1 Ixia Visibility Architecture
Slide 1: Hello, my name is ________________ and I’m ___________________ for Ixia. Today I would like to introduce you to the Ixia “Visibility Architecture” and discuss how we might help you with your visibility needs. Ixia Visibility Architecture Artem Kirillov EMEA

2 74 42 15 of the Fortune 100 of the top 50 carriers of the top 15 NEMs
Enterprise Carriers/ Service Providers of the Fortune 100 of the top 50 carriers of the top 15 NEMs 74 42 15 NEMs Customer Focused Innovation Ixia…BAM!! <drop the mic> 2014 Industry-first ATI security solution 2014 Industry-first virtual tap 2014 Industry-first 400GbE test solution

3 Challenges of IT’s Central Role
Technology Challenges No Matter What Business You’re In No Matter What Stakeholder You Serve Scale Virtualization SDN NFV Rapid Deployment Data Center Efficiency Business Challenges Stakeholder Challenges However there are constant challenges that keep us from achieving this role easily. Generally they fall into business expectations, external stakeholder expectations, and technology challenges. For example, I know that your industry peers have experienced (PICK 3-5 CHALLENGES). Are there others that are top of mind for you right now? New Applications Always-on Performance Any Device, Anywhere, Anytime IT Efficiency Reliability Data Security Privacy Anywhere Access Rapid Response

4 Sub-optimal Visibility and Security Systems
Cloud Monitor Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus Network Infrastructure APM Network Operations Performance Management Security Admin Server Admin Audit & Privacy Forensics IT Management Groups IPS / IDS User Experience Forensics NPM Firewalls HW Monitor Most organizations attempt to achieve the ‘desired state’ shown in the previous slide by putting in a ton of tools. Until they end up with a new layer of complexity and management challenges – this approach is generally inefficient and leads to unplanned complexity, missed SLAs, Costs that do not scale and investment churn. Sample challenges to discuss: The Ops Team Inefficient, costly and longer resolution times Rocky or failed deployments Wasted CAPEX and OPEX Symptomatic failure resolution Downtimes & missed SLAs Churn in resources & investment The Business Loss of revenue Loss of credibility Unknown exposures in security posture Unhappy customers Competitive disadvantage New Complexity Missed SLA’s Costs that do not Scale Churn in Investment

5 Network Infrastructure
Build a Network and Security Visibility Foundation Ensure Efficiency, Application Performance, and Security Resilience Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus Network Infrastructure Network Operations Performance Management Security Admin Server Admin Audit & Privacy Forensics IT Management Groups Visibility Needs End-to-End Visibility Tool access to any point in the network Meet or Exceed SLAs Predictable Deployment and Resolution Scalability Scales to fit the needs of any network Manageability Flexible macro-level management To avoid these new challenges, you want to build on a new foundation that lets you meet efficiency goals. We have found that most who get this right tend to take a more fundamental, architecture oriented approach. They start with wanting to measure and gain insight before they can attempt to improve. This insight begins with planting in visibility ….once you begin with the basics you can get to meeting / exceeding SLAs, end-to-end visibility gives you better scale and improved manageability, much better traffic control and finally controlled costs due to minimum surprises.  Traffic Control View exactly the information you need Reduce Costs Reduce tool costs & administrative burdens Success Comes from an Architectural Approach

6 Network Infrastructure
Ixia’s Visibility Product Portfolio Serves as the foundation for Application Performance and Security Resilience Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus Network Infrastructure Network Operations Performance Management Security Admin Server Admin Audit & Privacy Forensics IT Management Groups Visibility Architecture Network Taps Out of Band NPB App Aware Element Mgmt Virtual & Cloud Access Policy Mgmt Inline NPB Session Aware Slide 11: The foundation of our Visibility Architecture is our products. Ixia has today, the biggest, broadest and we think the most innovative visibility product portfolio in the industry. [Build 1] and [Build 2] It starts with our Network Access solutions and our Network Packet Broker solutions. In band or out of band. These products form the infrastructure part of the Visibility Architecture. [Build 3] Then there’s the components that make up the Intelligence layer of our Visibility Architecture, that provide application aware and session aware visibility. [Build 4] And of course the management components that provide control of the entire Visibility Architecture. Everything from global element management. To policy and configuration management. And even data center automation and orchestration management. This is the Ixia visibility product portfolio. It is the foundation of all our Visibility Architecture solutions. Inline Bypass Data Center Automation Network Access Packet Brokers Intelligence Management

7 Why Customers Choose Ixia’s Visibility Architecture
End-to-End Visibility & Control to Better Serve your Customers Leading Tap and Bypass Portfolio Fail-Safe Inline Security Enforcement Simple & Quick Deployment and Troubleshooting Innovation Leader In Visibility Broadest tap and inline bypass portfolio 1/10/40/100 Gbps solutions Single and high- density designs such as FlexTap Passive and intelligent designs Portfolio designed from ground up for inline deployments Multi-stream heart- beat for fail-safe inline security Lowest latency in the industry Double your ports technology provides 2X density Easy to use Network Tool Control Panel Patented Automated Filter Compiler Hitless & concurrent filter changes Automated packet capture RESTful API for auto service provisioning Virtual tap for virtual data centers & private clouds Application & threat intelligence (ATI) IxFlow – contextual application metadata SIEM, NMS & APM Automated Response Market data feed analysis Slide 14: At the end of the day, there are some very simple reasons why customers choose Ixia over our competitors. [Build 1] Often, when company’s first start trying to solve their visibility needs they look for Taps. And that is often our first conversation with our customers. They come to us because Ixia provides the broadest and most innovative Tap portfolio in the industry. [Build 2] Or companies are looking to improve their inline security deployments. And they come to Ixia because we provide the most innovative portfolio of Inline Bypass Switches. These two items most often lead to our first conversations with our customers. [Build 3] Another common reason customers select Ixia is Simplicity. When evaluating or testing our products, customers find that our visibility solutions are really easy to use. They are easy to deploy. And they make it much easier and quicker for companies to troubleshoot problems – speeding the time it takes to fix user impacting issues. [Build 4] And finally, customers choose Ixia because we continually deliver innovative visibility solutions ahead of the market. Solutions like our virtual taps, our application and threat intelligence capabilities, and out new market data feed analysis capability. But regardless of the reason, companies are more and more turning to Ixia for their visibility needs. So let’s talk about the Ixia Visibility Architecture…

8 Visibility Architecture Key Components – Packet Brokers Evolution of Intelligence and Application Brokering Monitoring Tools All traffic from Georgia Meta Data All voice traffic from HTC Ones NPB – App Brokering App Filtering Someone from S. Africa watching House of Cards on Netflix on an iPhone L2-4 Filters Only /8 traffic NPB Only TCP Port 25 traffic Raw Packets All packets TAP

9 Visibility Architecture Key Components Network, application and end-user monitoring eliminates the blind spots Scales to Your Network Most extensive visibility portfolio Mission critical reliability - NEBS Improved tool scalability & resiliency Network & App Performance Security Intelligence Customer Experience Management Tools & Mgmt. Proven, Patented Control Auto Filter Compiler speeds set-up and on-going hitless changes Simplifies service provisioning Easy to use Control Panel Contextual application metadata Intelligence Network Packet Brokers and Application Intelligence Aggregation Filtering Flow Linking Regeneration Load Balancing App and Threat Intelligence Processing Offload Contextual Metadata Dedup Time Stamping Burst Protection Stripping Packet Capture NPB Global Manageability Easy global management Data center automation and service provisioning using RESTful API Role based access for compliance Cloud & Virtual Campus Network Taps Slide 15: Let’s look at the Network Visibility Framework. Companies have large networks as shown on the bottom of this slide. And they have a variety of monitoring and security tools as shown on the top. And there’s a gap in the middle. So how do you fill this gap, and optimize the effectiveness of the tools that you’ve already invested in? [Build 1] It all starts with the taps. With our broad tap portfolio companies can easily tap into every part of their networks. This allows them to harvest packets from end-to-end. But as we’ve discussed, the tools can’t consume the volume of raw data or packets. [Build 2] That’s where the Network Packet Broker comes in. The network packet brokers allow you to aggregate all of this harvested data. They allow you to deduplicate the data. They allow you to filter the data. And to even allow you to load balance the data that you provide to your tools. So now the right data goes to the right tools, nothing more and nothing less. You can even offload packet processing from the tools with our Application and Threat Intelligence Processor. This means the tools can consume the data any way they want – raw data, filtered data or contextual metadata. And this can be done across the entire, end-to-end network. It may start with a single network packet broker. [Build 3] But it can also be a large, global deployment with lots of interconnected network packet brokers – all managed as one. In fact, you can manage this entire deployment from a single management console. You can even integrate it with your existing data center automation and service provisioning tools. [Build 4] And last, but not least, you can set-up Auto Response. Not only can the tools consume data from the network packet brokers, but they can control the network packet brokers. They can control what data they see. And they can control where that data goes. The tools are now an active participant in the Visibility Architecture. For instance, if your network monitoring tool registers an event, it can automatically trigger the capture of traffic preceding and immediately following the event. Or a security monitoring tool can automatically direct traffic to an IDS and trigger the capture of event traffic. This is huge. The Visibility Architecture is an integrated whole. It’s so much more than a simple network packet broker fabric. Access Maintain Network Performance Speed security and network event diagnosis with Auto Response Direct flows to forensics recorders, IDS or DLP devices, or honey pots Core Branch Data Center

10 Visibility Architecture Key Components - Access Instant, Fail-safe access to all network traffic eliminates the blind spots Unified Access to Physical and Virtual Network Traffic Virtual / Cloud Visibility to East / West Traffic Kernel-Level Integration Tools & Mgmt. Instant Access to all Network Traffic without Change Boards or Live Network Impacts Managed Remote Control/Config Additional Flexibility Intelligence High Density Highest Density Available Flexible 1/10/40/100G Easily Scales NPB Exact Copies of Network Traffic, including Errors and Fragments for Complete Analysis Cloud & Virtual Campus Network Taps Slide 15: Let’s look at the Network Visibility Framework. Companies have large networks as shown on the bottom of this slide. And they have a variety of monitoring and security tools as shown on the top. And there’s a gap in the middle. So how do you fill this gap, and optimize the effectiveness of the tools that you’ve already invested in? [Build 1] It all starts with the taps. With our broad tap portfolio companies can easily tap into every part of their networks. This allows them to harvest packets from end-to-end. But as we’ve discussed, the tools can’t consume the volume of raw data or packets. [Build 2] That’s where the Network Packet Broker comes in. The network packet brokers allow you to aggregate all of this harvested data. They allow you to deduplicate the data. They allow you to filter the data. And to even allow you to load balance the data that you provide to your tools. So now the right data goes to the right tools, nothing more and nothing less. You can even offload packet processing from the tools with our Application and Threat Intelligence Processor. This means the tools can consume the data any way they want – raw data, filtered data or contextual metadata. And this can be done across the entire, end-to-end network. It may start with a single network packet broker. [Build 3] But it can also be a large, global deployment with lots of interconnected network packet brokers – all managed as one. In fact, you can manage this entire deployment from a single management console. You can even integrate it with your existing data center automation and service provisioning tools. [Build 4] And last, but not least, you can set-up Auto Response. Not only can the tools consume data from the network packet brokers, but they can control the network packet brokers. They can control what data they see. And they can control where that data goes. The tools are now an active participant in the Visibility Architecture. For instance, if your network monitoring tool registers an event, it can automatically trigger the capture of traffic preceding and immediately following the event. Or a security monitoring tool can automatically direct traffic to an IDS and trigger the capture of event traffic. This is huge. The Visibility Architecture is an integrated whole. It’s so much more than a simple network packet broker fabric. Access Zero Impact to Network Performance or Uptime Core Branch Data Center

11 Visibility Architecture Key Components – Packet Brokers Line-Rate Filtering and Application Intelligence for Tool Optimization and Security Advanced features provide exactly the right traffic to the right tools at the right time. (real-time, lossless) Tools & Mgmt. Core and High Density Key Capabilities Deduplication Burst Protect Time Stamping Stripping Packet Capture Aggregation Filtering Flow Linking Load Balancing Automated Filter Compiler that automatically configures all filters via simple GUI Intelligence Distributed and SDN NPB Control Tower Architecture allows easy management of hundreds of ports in a single UI, seamless upgrades, and more. Branch and Remote Office Slide 15: Let’s look at the Network Visibility Framework. Companies have large networks as shown on the bottom of this slide. And they have a variety of monitoring and security tools as shown on the top. And there’s a gap in the middle. So how do you fill this gap, and optimize the effectiveness of the tools that you’ve already invested in? [Build 1] It all starts with the taps. With our broad tap portfolio companies can easily tap into every part of their networks. This allows them to harvest packets from end-to-end. But as we’ve discussed, the tools can’t consume the volume of raw data or packets. [Build 2] That’s where the Network Packet Broker comes in. The network packet brokers allow you to aggregate all of this harvested data. They allow you to deduplicate the data. They allow you to filter the data. And to even allow you to load balance the data that you provide to your tools. So now the right data goes to the right tools, nothing more and nothing less. You can even offload packet processing from the tools with our Application and Threat Intelligence Processor. This means the tools can consume the data any way they want – raw data, filtered data or contextual metadata. And this can be done across the entire, end-to-end network. It may start with a single network packet broker. [Build 3] But it can also be a large, global deployment with lots of interconnected network packet brokers – all managed as one. In fact, you can manage this entire deployment from a single management console. You can even integrate it with your existing data center automation and service provisioning tools. [Build 4] And last, but not least, you can set-up Auto Response. Not only can the tools consume data from the network packet brokers, but they can control the network packet brokers. They can control what data they see. And they can control where that data goes. The tools are now an active participant in the Visibility Architecture. For instance, if your network monitoring tool registers an event, it can automatically trigger the capture of traffic preceding and immediately following the event. Or a security monitoring tool can automatically direct traffic to an IDS and trigger the capture of event traffic. This is huge. The Visibility Architecture is an integrated whole. It’s so much more than a simple network packet broker fabric. Access A broad gamut of deployment options from 1U to distributed deployments to large chassis.

12 Automated Filter Compiler Automation of difficult manual functions - speeds set-up and on-going changes 1. What you want 2. What you do Traffic multi-casted from one SPAN port to 3 tools Enter 3 simple filters in the Network Tool Control Panel Tool Port #1 VLAN 1-3 TCP Tool Port #2 Network SPAN Port VLAN 3-6 Tool Port #3 3. What Automated Filter Compiler does 4. Why is this a big deal Automatically calculates filter overlaps, and creates rules Simple and quick flow control - quick deployment, changes and troubleshooting Hitless changes – no packets dropped Concurrent changes by different admin users Simple to integrate with external provisioning systems – automated service provisioning No. Criteria Action VLAN 3 + TCP Tool 1, 2 & 3 1 VLAN TCP Tool 1 & 2 2 VLAN TCP Tool 2 & 3 3 VLAN 3 Tool 1 & 3 4 VLAN 1-2 Tool 1 5 VLAN 4-6 Tool 3 6 TCP Tool 2 7 Null Drop Slide 16: Let’s look at one of our biggest network packet broker differentiators – our patented Automated Filter Compiler. I can’t stress enough how important this capability is. Let’s look at what it really does and why it matters so much. In this example, let’s assume we have a single SPAN port. And we want to distribute different data to 3 different tools – Tool #1, Tool #2 and Tool #3. We want to send VLAN 1-3 traffic to tool #1, all TCP traffic to Tool #2, and VLAN 3-6 traffic to Tool #3. Sounds simple, right? [Build 1] So what do you do? You open the Control Panel on the Ixia network packet broker. You create the network port. You create the 3 tool ports. And you use drag and drop to connect the tools to the network port. Then you create 3 simple Boolean filters. Creating these filters is almost like writing English it’s so easy. You can set this entire scenario up in just a couple of minutes! [Build 2] But what does the Automated Filter Compiler do? What is does in the background is what’s so important. It’s this aspect that is patented. The compiler takes these 3 simple rules and automatically calculates the overlaps. In this scenario there are only 4 overlaps as shown. If there are more filters or more complex filters there can and quite often is 100’s of overlaps. The compiler automates this very manual, complex problem. If you’ve ever created complex Access Control Lists on a switch, you know how challenging these calculations can be. But it doesn’t stop there. The compiler then creates the rule sets necessary to execute the filters you created. And it puts them all in order. They have to go in a very specific order. In this case there are 7 rules necessary to execute these 3 simple filters. [Build 3] So why is this a big deal? First, it certainly makes the network packet broker very easy to use. Which is nice, but it doesn’t stop there! With the filter compiler, filter changes on the system are completely hitless! What I mean by that? It means that you can make filter changes on the fly, and those changes are implemented immediately without any dropped packets. If you try to do this manually, it’ll take a significant amount of time to calculate the overlaps and rule sets. And you’ll have down-time while implementing the changes. That really slows down troubleshooting! And you can do this with multiple users. You can have multiple users making concurrent changes to the filters, and it is still implemented in a hitless fashion! The overlaps are all calculated. The rule sets are updated in order. And no packets get dropped. And probably the most important aspect of the Auto Filter Compiler – it makes it really easy to integrate with service provisioning and orchestration systems. That makes it easy to provision monitoring when you deploy new services. And to set up the filtering for monitoring those new services. That makes it easy to integrate with their monitoring tools for troubleshooting as well. That’s why the Auto Filter Compiler is so important. Sure it makes the solution easy to use, but it’s so much more than that! VLAN 1-3 VLAN 3-6 TCP

13 Visibility Architecture Key Components – Application-aware Packet Brokers Better Data for Better Decisions Automatic recognition and filtering of 200+ applications, and dynamic detection Tools & Mgmt. Key Capabilities Application Filtering Application Recognition and Categorization Threat Intelligence NetFlow provides crucial Metadata for network intelligence. Combines traditional packet broker capabilities with application awareness and context Intelligence Supports generation of NetFlow v9 &10 and IPFIX data Chassis or 1U Deployment NPB ATI subscription delivers frequent updates for new applications and as applications change over time. Slide 15: Let’s look at the Network Visibility Framework. Companies have large networks as shown on the bottom of this slide. And they have a variety of monitoring and security tools as shown on the top. And there’s a gap in the middle. So how do you fill this gap, and optimize the effectiveness of the tools that you’ve already invested in? [Build 1] It all starts with the taps. With our broad tap portfolio companies can easily tap into every part of their networks. This allows them to harvest packets from end-to-end. But as we’ve discussed, the tools can’t consume the volume of raw data or packets. [Build 2] That’s where the Network Packet Broker comes in. The network packet brokers allow you to aggregate all of this harvested data. They allow you to deduplicate the data. They allow you to filter the data. And to even allow you to load balance the data that you provide to your tools. So now the right data goes to the right tools, nothing more and nothing less. You can even offload packet processing from the tools with our Application and Threat Intelligence Processor. This means the tools can consume the data any way they want – raw data, filtered data or contextual metadata. And this can be done across the entire, end-to-end network. It may start with a single network packet broker. [Build 3] But it can also be a large, global deployment with lots of interconnected network packet brokers – all managed as one. In fact, you can manage this entire deployment from a single management console. You can even integrate it with your existing data center automation and service provisioning tools. [Build 4] And last, but not least, you can set-up Auto Response. Not only can the tools consume data from the network packet brokers, but they can control the network packet brokers. They can control what data they see. And they can control where that data goes. The tools are now an active participant in the Visibility Architecture. For instance, if your network monitoring tool registers an event, it can automatically trigger the capture of traffic preceding and immediately following the event. Or a security monitoring tool can automatically direct traffic to an IDS and trigger the capture of event traffic. This is huge. The Visibility Architecture is an integrated whole. It’s so much more than a simple network packet broker fabric. Access

14 The Virtual Network Visibility Gap Expect more than 80% of traffic in the data center to be between servers 1 1 Host to User Visibility Solved today Tap into network at Top of Rack Or use expensive Top of Rack switch SPAN port Host to Host Visibility Limited/no visibility below Top of Rack No visibility within server chassis VM to VM Visibility Traffic does not enter the physical network 100% of traffic goes unseen and uninspected VM Mobility Visibility vMotion launches VMs in separate sites for DR or other purposes Physical visibility options may be cost prohibitive for these uses Core Switch 1 2 Top of Rack Switch 3 Physical Host Physical Host Physical Host Slide 17: Next, let’s talk about visibility in virtualized environments. There are several typical traffic patterns in the data center. Let’s look at each. First, we have application traffic traversing the network going to users on the edge of the network. We’ve solved this visibility problem. We can tap into multiple places on the physical network as the data moves from the data center to the user. And we can direct that traffic to our monitoring tools. So we can see that traffic at each hop if we want. But what about traffic within the data center? Gartner says that as much as 80% of data center traffic is application to application traffic. Or what we call “east-west” traffic. This traffic never leaves the data center. And most companies today are blind to much of this traffic. So instead of using the general 80/20 rule, companies are stuck with only seeing 20% of the traffic. They can see the north-south traffic that leaves the data center. Why is this happening? If you’re using bladed servers in the data center, traffic between those bladed servers may never hit the physical network. The traffic merely hits a bladed switch and most companies don’t tap into that traffic. Meaning you’re blind that all that application to application traffic. Traffic between VM’s on the same physical host… Most companies are almost certainly blind to that traffic. Why? Because they have no way to get that traffic reliably to their monitoring tools. The traffic goes from one VM to the virtual switch to another VM. And they never see it. So we’re blind to 100% of this VM-to-VM traffic. And the last are is VM mobility or vMotion. As VM’s move from one physical host to another in the data center; or if they move to a separate physical data center for disaster recovery purposes, and we don’t have the same visibility set-up there; we may be blind to all the traffic after the VM moves. I need a solution that can move with the VM, or is already in place once the VM moves, so we have the exact same visibility no matter where that VM and/or application moves. So we’ve got a huge amount of application to application, or east-west traffic in the data center that we’re completely blind to for monitoring and troubleshooting purposes. 3 2 4 VM VM VM VM VM VM App App App App App App OS OS OS OS OS OS VMs moved to separate site 4 1. Gartner Research: Your Data Center Network is Heading for Traffic Chaos, 27 April, 2011)

15 Visibility for the Physical and Virtual Network
Network Management Application Performance Security Intelligence Customer Experience Top of Rack Switch vSwitch Kernel Module Virtual Tap Virtual Tap Virtual Tap Slide 19: This gives us a single solution; or a single architecture for monitoring everything on the physical network and everything in the virtual environment. This is where our visibility frameworks come together into an entire Visibility Architecture. OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App OS App Physical Servers Blade Server Chassis Virtualized Servers Cluster

16 Inline Security Framework Enabling fail-safe, proactive security models throughout the network
Inline Performance & Reliability Designed specifically for inline deployments Cut through architecture with ~300ns latency Campus Cloud Network Proven Inline Control Industry proven fail-safe deployment designs Multi-stream heartbeat improves overall design resiliency Branch Core Data Center Scales to Your Network Most extensive inline portfolio “Double Your Ports” NPB technology provides 2x density Single and high density bypass configurations IPS Load Balanced Group Network Packet Brokers Slide 21: So I’m talking about all of this to set the stage for our Inline Security Framework. I talked about the places inline security is installed. Let’s look at an example of our deployments. [Build 1] Let’s assume we have redundant 10G links in between our data center and our core network. And I want to deploy inline security in this network. [Build 2] First we put Inline Bypass Switches in each of the 10G links. A single bypass switch in each link. The beauty of the Inline Bypass Switch is, it lets me direct production traffic to my inline security tools logically, without having to have all those tools physically inline in the network. So where do we want to route the production traffic? We can route it directly to our security tools. [Build 3] Or, better yet, we can first route it to a Network Packet Broker. The same network packet broker that we’re using for our network and virtual network monitoring. Now, we’ve got real control over this production traffic. [Build 4] We can route the traffic through our inline security tools – whether it’s a single tool, or a load balanced tool group, or multiple tool load balanced groups. In this example we have an inline IPS load balanced group and an inline Next-Gen Firewall load balanced group. And we can control how the traffic is routed through the different tools – which one comes first, which comes, second. And we can monitor the tools for failure or excessive delay or latency. So now, these multiple security tools no longer represent a point of failure in the network. The bypass switch controls the actions in the event of a failure. You can either shut off network traffic because the security tools are out of service. Or you can bypass the tools, or fail-open, allowing the applications to keep working for the users. Allowing business to proceed. This is what we mean when we refer to an Inline Security Framework. NGFW Load Balanced Group Core Switches Inline Bypass Data Center Switches

17 Why Visibility? Why Ixia? Why Now?
Focus on Improved Visibility for Improving Customer Service IT Evolving → Customer Service Approach Eliminating Visibility Blind Spots Scalable, end-to-end network, application and user visibility Integrated virtual & physical solution Fail-safe, inline security Slide 22: These three frameworks make up our Visibility Architecture. It’s all about providing a single solution allowing customers to maintain network visibility and inline security control. So, why visibility? It all comes down to customer service. IT organizations are continuing to evolve and focusing more and more on customer service. And because of that, there is a much greater focus on providing improved visibility. Why Ixia? We think Ixia provides the best no compromise NETWORK VISIBILITY SOLUTIONS in the industry. Why, because we can provide a more scalable solution, that is more easily managed, provides more granular information control, and easily integrates with your tools for automated response actions. And why now? Ultimately it’s all about delivering on your Service Level Agreements and Key Performance Indicators, and providing best in class customer service. The Answer: Ixia’s Visibility Architecture ER >SOLOMONSAMUEL>D成龙 >ZUKAUS KIENEJANINA>UPATIONCONTRACTOR>SALARY$54GRANT BOB>KIMMINJUN> SCOVERCARD >ST AVENHDE5010CC>SCHODERJURGEN>MOBINAUSTALLIA> HYPOTHEKENZAHLUNYOSHIMI>ИМЯ:DUBOVVICTOR>NUM

18 Slide 24: I’d like to thank you for your time today. Are there any questions? Thank you

19 Visibility Sample Architecture Slides

20 Visibility Architecture Designs
Medium Enterprise Large Enterprise Carrier Networks Inline Security Virtual Monitoring

21 Medium Enterprise Design
Network & App Performance Security Intelligence Protocol Analyzer Monitoring Tools Network Visibility Management Servers with Phantom Tap NTO 2113 Packet Broker Network Taps Campus Cloud Data Center Core Branch

22 Large Enterprise Design
Monitoring Tools Network Visibility Management Protocol Analyzer Network Performance Application Performance Security Intelligence VoIP Monitor Servers with Phantom Tap NTO 7300 Packet Broker NTO 5288 Packet Broker Net Optics Taps Campus Cloud Data Center Core Branch

23 Carrier Design Monitoring Tools NFV Environments NTO 7300 GTP
Network Visibility Management Network Performance Application Performance Security Intelligence LTE Monitor Probe Probe Probe NFV Environments NTO 7300 GTP Session Controller NetOptics Taps HSS AS SLF MME PCRF SGW PGW EPC IMS

24 IPS IPS Inline Bypass Design Normal Operation Bypass Mode
Traffic routes through IPS Monitored with custom heartbeat Switch programmed to fail open/closed Managed via CLI, Web, etc. Optional NPB to route through multiple security devices Bypass Switch IPS Security Monitoring Tool Bypass Mode Traffic bypasses the IPS Security tool(s) can be replaced/upgraded without interruption Bypass Switch IPS Security Monitoring Tool (down/removed/upgrading)

25 Virtualization Design (detail)

Download ppt "Ixia Visibility Architecture"

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
HetnetIP Ethernet BackHaul Configuration Automation Demo.

HetnetIP Ethernet BackHaul Configuration Automation Demo.
 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.

 What Is Desktop Virtualization?  How Does Application Virtualization Help?  How does V3 Systems help?  Getting Started AGENDA.
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
Brocade VDX 6746 switch module for Hitachi Cb500

Brocade VDX 6746 switch module for Hitachi Cb500
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.

1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
The future of Desktops Transform Your Desktop with Virtualization.

The future of Desktops Transform Your Desktop with Virtualization.
Oracle Data Guard Ensuring Disaster Recovery for Enterprise Data

Oracle Data Guard Ensuring Disaster Recovery for Enterprise Data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Software Defined Networking.
Session Agenda Introducing the Serverquarium for 2013.

Session Agenda Introducing the Serverquarium for 2013.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
What is a Virtual Tap? Intelligent Access and Monitoring Architecture Solutions.

What is a Virtual Tap? Intelligent Access and Monitoring Architecture Solutions.
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Similar presentations

Ads by Google