Introducing Endace Packets - EndaceVision™ with Protocol Decodes
-
Upload
emulex-corporation -
Category
Technology
-
view
577 -
download
1
description
Transcript of Introducing Endace Packets - EndaceVision™ with Protocol Decodes
Emulex Confidential - © 2013 Emulex Corporation
EndaceVision with Packet DecodesAn Introduction to Endace Packets
Jim MacLeod – Senior Product Manager, Emulex
2 Emulex Confidential - © 2013 Emulex Corporation
Introduction
Jim MacLeod– Senior Product Manager, Emulex– 15 years experience in monitoring– Product Manager for EndaceVision
Endace – Emulex product line – World leader in network recording– 10 years selling network visibility
3 Emulex Confidential - © 2013 Emulex Corporation
Changing Nature of Networks
Rapid shift to 10GbE – 40 and 100GbE adoption coming
Increasing complexity– Consolidation– Virtualization
Greater reliance on network– Virtual Desktop– Unified Communications
More compliance & regulation– Business and customer data– Scope of data at rest
Lower tolerance to downtime…– Cost measured in millions of dollars
4 Emulex Confidential - © 2013 Emulex Corporation
Who’d Want To Be An Analyst?
Insane pressure to resolve complex issues fast
More events than time – ‘Triage’ strategy
Lack of immediate data – Still living in ‘HHA’ mode
Tool paralysis– Too many – Too complex– Too slow
#Fail.
5 Emulex Confidential - © 2013 Emulex Corporation
Sharkbites - the Problem with Wireshark…
Wireshark remains the go-to tool for most analysts and security engineers
Tool fails under 10GbE load– 14,000,000 pps on loaded 10GbE link
Faster network, slower analysis– 5 minutes to open 5GB file on Core i5– 5 minutes for each filter
Troubleshooting requires accurate data– Recording at 10Gbps is challenging– Trace files need to be moved around
Real compliance / security concerns
6 Emulex Confidential - © 2013 Emulex Corporation
10GbE Troubleshooting Best Practice
Pervasive network recording– 100% accurate capture to disk
Effective traffic search– Trace file consolidation
Event driven trace extraction
High-level trace visualization– Layer 7 awareness is vital
Effective drill-in to precise packets of interest
On-appliance protocol decoder– Filters in seconds, not minutes
Easy trace file export for deep-dive in Wireshark
7 Emulex Confidential - © 2013 Emulex Corporation
8 Emulex Confidential - © 2013 Emulex Corporation
9 Emulex Confidential - © 2013 Emulex Corporation
10 Emulex Confidential - © 2013 Emulex Corporation
11 Emulex Confidential - © 2013 Emulex Corporation
12 Emulex Confidential - © 2013 Emulex Corporation
13 Emulex Confidential - © 2013 Emulex Corporation
14 Emulex Confidential - © 2013 Emulex Corporation
15 Emulex Confidential - © 2013 Emulex Corporation
16 Emulex Confidential - © 2013 Emulex Corporation
17 Emulex Confidential - © 2013 Emulex Corporation
18 Emulex Confidential - © 2013 Emulex Corporation
19 Emulex Confidential - © 2013 Emulex Corporation
20 Emulex Confidential - © 2013 Emulex Corporation
21 Emulex Confidential - © 2013 Emulex Corporation
22 Emulex Confidential - © 2013 Emulex Corporation
23 Emulex Confidential - © 2013 Emulex Corporation
24 Emulex Confidential - © 2013 Emulex Corporation
25 Emulex Confidential - © 2013 Emulex Corporation
26 Emulex Confidential - © 2013 Emulex Corporation
27 Emulex Confidential - © 2013 Emulex Corporation
28 Emulex Confidential - © 2013 Emulex Corporation
29 Emulex Confidential - © 2013 Emulex Corporation
30 Emulex Confidential - © 2013 Emulex Corporation
31 Emulex Confidential - © 2013 Emulex Corporation
A New Recording Paradigm
EndaceProbe next generation sniffer
100% accurate traffic recording– Real 10 Gbps performance
Up to 64 TB of local storage– Extensible via sledding or SAN
Full flow-based traffic indexing– Including application classification
Open and flexible– Endace Application Dock– Programmable RESTful API
EndaceVision / Endace Packets
32 Emulex Confidential - © 2013 Emulex Corporation
Total Datacentre Visibility
33 Emulex Confidential - © 2013 Emulex Corporation
Conclusion
Troubleshooting in a 10GbE world requires 10GbE capable tools
Wireshark needs support to remain relevant in high-speed environment
EndaceVision & Endace Packets solve the scalability challenge
100% accurate recording is mandatory input
– Dedicated purpose built hardware
Long live Wireshark!