Copyright 2003 2015. VSS Monitoring Inc. All rights reserved.

The VSS Unied Visibility Plane

White Paper

Layered Security

Borderless Data

Fast IT

2Network tools meet the dynamic networkThe network has evolved from a communication tool to the mission-critical backbone of your organization. Not only does the network enable business, in the case of service providers, e-commerce, and cloud companies, the network actually IS the business. And that business is growing in every dimension: volume, speed, and size.

i, the 40G market is in transition as service providers move on to 100G; 40G, however, continues to grow in the data center market, resulting in 40G port shipments more than doubling in 2013. Shipments of 40G ports are expected to nearly triple this year, hitting 1.5 million, while 100G ports almost quadrupled in 2013, due to surging service provider demand.

of the Internet of Things poses a challenge for the physical locations of data centers as well. According to Gartner Research, IoT will drive the need for additional data centers, which will force changes for many large organizations that have already centralized and homogenized operations ii.

The need to quickly adapt to market and technology changes, including spinning up new services and greater capacity, while managing costs, has led organizations to embrace virtualization and commodity infrastructure. Virtualization has crossed over from

network operations. In 2014, over 70% of server workloads were virtualized iii. At the same time, organizations are exploring new

networking (SDN), which have the potential to impact IT in the near and long term.

For nearly all large organizations, business functions are anchored to network availability and performance. The average cost of

White Paper

TAP/SPAN ports

were used to add

passive security or

monitoring tools.

Matrix switches

or basic NPBs

were used to

accommodate

multiple tools.

network downtime to an organization is three hundred thousand dollars per hour. For some companies, cost of downtime can climb to over half a million dollars per hour iv. Given the increasing importance of functionality and performance, it is essential that networks operate at their best. Close inspection and monitoring of network data is the only way to ensure optimal operation.

Further, because of its high importance, the network is now seen as a rich source of data that can shed light on applications, customers, and partners, all interacting together in real time; so the consumers of network data have moved beyond solely operations. However, changes in the networksuch as capacity growthhave had a

business analysts to monitor, analyze and defend the network. These effects hold true for both active tools, which act on live network

has also become a larger target. Protecting and optimizing todays networks demand more highly specialized tools, designed to

VoD.

There is a clear need to continuously monitor, analyze, and defend the network, but as the network rapidly expands and evolves, organizations face challenges keeping tools up to date with changes on the network.

In this white paper we will examine how a dynamic network is incompatible with static tool deployments. Then well show how

Plane, a global network access architecture that can optimize and scale the entire spectrum of network security, performance and intelligence tools, enabling them to operate dynamically to meet the needs of todays networks.

TOOL

CORE

AGGREGATION

ACCESS

TAP

ToR

SECURITY TOOL

SECURITY TOOL

MONITORING TOOL

MONITORING TOOL

CORE

AGGREGATION

ACCESS

MATRIX SWITCH

ToR

3The VSS Unified Visibility Plane; White Paper

3

Traditional network analysis: Tools compete for network accessThe legacy approach to network visibility involved the use of a switch SPAN (mirror) port or a tool probe deploying directly inline on a network. Unfortunately, as management and monitoring requirements grew over time, SPAN port and access point contention prevented this model from scaling. Too many tools would need access to too few access points. Even after a tool gained access to a network, it could not operate efficiently, as it was forced to view all traffic from a single linkincluding traffic that it was not designed to analyze. Tools were often over or under subscribed, and because this model required that tool ports be consumed for each link monitored, it eventually became cost-prohibitive.

Next-generation network analysis: Tools meet the early network packet brokersEventually TAPs (test access ports) became used as dedicated access points, replicating traffic for multiple tools, and with the advent of aggregationa feature that joins packets from multiple links onto a single streameach tool was given greater network scope. As the TAPs decoupled the tools from the network, they took on many of the tools traditional hardware based functions, such as pre-filteringwhich allows the portions of copied network traffic that are unneeded to be stripped out. Traditional TAPs were sometimes deployed alongside matrix switches, which were used to direct multiple network links to multiple tools. Traditional TAPs eventually evolved into a limited version of network packet brokers (NPBs), which are largely deployed in large networks in order to accommodate a variety of network tools. Matrix switches were abandoned in favor of NPB devices, as new functions, such as load balancing, proved more efficient in delivering desired traffic to tools.

NPB devices sit between the network and the tools, enabling those tools to scale and perform more efficiently. The network packet broker operates in real time, delivering an unparalleled ability to optimize network data for each security, performance or monitoring tool. NPBs deliver a true copy of traffic to each tool and only the traffic the tool needs to see. By delivering only the traffic of interest, NPBs ensure that no tool is over or undersubscribed. Maximizing the efficiency of each tool reduces capital expenses and ensures that the tools can operate in all network environmentseven with 100G linksdespite intake restrictions of lower speed tools.

But while matrix switches and limited NPBs are a step in the right direction, these devices alone are not enough to address the monitoring infrastructure needs of todays hyper-scale and highly dynamic networks. Even clustered NPB devices can lead to visibility

silos, with different groups of NPBs providing access to different groups of network links. Siloed visibility can increase management complexity, slow correlation of network data across multiple links and lead to blind spots, which in turn increases mean time to response (MTTR) and overall organizational risk.

Todays networks demand visibility architectures that are still more flexible in order to quickly adapt to changes in either the network layer or tool layer. Limited NPB devices create pockets of visibility that are challenging to manage and that defeat the goal of an overarching view of the network.

In the past, organizations have had no unifying strategy for managing the delivery of data from the network to an organizations decision makers. Each intelligence or management tool is separately placed at one or more locations in the network. The result is fragmented visibility that is sensitive to network changes. If the network grows or its architecture is reconfiguredeven in softwarethe tools will often physically need to be redeployed. Data is segmented and tool deployments slow organizations down, even as the network speeds up.

By themselves, matrix switches and limited NPB devices are not able to operate dynamically, which would enable tools to keep pace with the network and erase the pockets of visibility that can slow response times. NPB devices resolve access contention for tools, but as mere devices are still deployed in silos and cannot enable tools to quickly respond to changes on the network.

Network owners need an agile, highly scalable visibility system that can centralize the provisioning of network data from across an organizations network and meets the following essential criteria:

1. Operate continuously and on demand

2. Function over LAN and WAN

3. Accommodate all traffic speeds, including 100G, at 100% throughput

4. Deliver custom data (and metadata) to tools in real time

5. Accommodate multiple passive and active (inline) tools discretely and in series

6. Access virtual traffic, as well as traffic from physical links

7. Allow tool architecture to be dynamically reconfigured in software, from anywhere

8. Enable all components to be managed from a single pane interface

9. Grow dynamically as tools and network ports are added

10. Support full redundancy, automatically

4The VSS Unified Visibility Plane; White Paper

4

Network owners have mostly eliminated early SPAN/port aggregation devices, recognizing their weaknesses. Limited NPB devices share many of these weaknesses, as they are static, promote silos, and are difficult to scale. They are a half solution to the challenges of monitoring todays large-scale networks.

The VSS Unified Visibility Plane: Monitor, analyze and defend the dynamic networkNetwork owners need a dynamic solution that is defined in software and that enables tools to have access to traffic from across the network, globally, without physical reconfiguration. These owners also need a solution that supports tools that operate on live (active) traffic, as well as those that only process copies of traffic. Such a solution ensures that the tools can properly defend the network, keep pace with fast moving IT, and get the right data to the right decision makers at the right time.

The VSS Unified Visibility Plane enables tools to be physically anywhere, but logically everywhere, so the tools can monitor, analyze, and defend the dynamic network in real time.

The Unified Visibility Plane is a global network view enabled by vMesh that delivers the right data in real time and as needed, enabling toolswhether active or passiveto operate dynamically, regardless of physical location and without the need for manual intervention.

The Unified Visibility Plane is an advancement beyond device- focused packet brokering. Standalone appliances and limited clusters arent able to span the entire global network. Instead, these disparate deployments create pockets of visibility that are challenging to manage and often require tools be uprooted and moved if they need a different view or if there are changes on the network. In contrast, the Unified Visibility Plane operates in a similar way to the software defined networking (SDN) model, where the underlying appliances are centrally controlled and can change their state dynamically. Just as in an SDN architecture, no physical intervention is required. The Unified Visibility Plane aggregates traffic from throughout the network, and then distributes it in the appropriate type and form to each tool. Because the Unified Visibility Plane and the tools behind it operate parallel to the networksupplementing the traditional management plane in networkingyou can get an overarching view of the traffic, eliminating the traditional siloed approach. You can achieve this truly holistic network awareness via a robust system of interconnected NPBs forming a superbox that scales and functions as a single plane, regardless of site location. You can then make changes to the network without physically reconfiguring or repositioning the tools. All configurations to the components of the plane, which control the data each tool receives, can be managed in software through the vMC central controller. The vMC central controller offers single pane visual management and integrates into management workflows through XML API, SNMP, and other protocols.

The Unified Visibility Plane also offers distinct benefits over clustered or stacked devices, by aggregating traffic across the LAN and/or the WAN, so your view is truly global.

The VSS Unified Visibility Plane is composed of a number of interlocking componentsboth hardware and software basedenabling you to get exactly the visibility that you need without being locked into a single network design. Components of the Unified Visibility Plane include:

Flexible and Scalable TAPs and Network Packet Brokers for both active and passive tools and virtual networks

Traffic Optimization Suite customize data and metadata for every tool

vMesh software defined architecture for dynamic delivery of data to toolsglobally, rather than just siloed

vMC Central Controller and Management Applications single pane management, from anywhere

Together, these components provide you with layered security, support your fast IT initiatives, and deliver a borderless data architecture that gets every one of your tools the network access it needs to function optimally and keep pace with todays dynamic network.

5The VSS Unified Visibility Plane; White Paper

5

These three critical challenges for network ownerslayered security, fast IT, and borderless dataare key to managing todays rapidly evolving, dynamic network.

The VSS Unified Visibility Plane delivers solutions for each of these challenges:

Layered Security: Gives organizations the power to properly defend themselves by providing a dynamic objection-proof architecture for placing security tools IN the network, where they can best defend against ongoing threats.

Fast IT: Helps organizations keep pace with the network by providing scalable, software defined solutions that are right sized for hyper-scale, distributed, and virtualized environments.

Borderless Data: Erases data borders that can fragment information and impede decisions. It also customizes data prior to delivery, improving efficiency, and eliminating the noise that can slow responses.

The Unified Visibility Plane is a single, unifying solution for managing network data access and delivery across the organization, enabling you to:

Fortify your network defenses Keep pace and scale as the network changes Erase data borders and get the right data to the right toolsanywhere, 24/7without the need to go onsite

Unified Visibility Plane

Layered Security Fast IT Borderless Data

Portfolio vProtector Active Protection Suite

Flexible and scalable TAPs and NPBs, including:

vBroker Series VB6000 Blade & Chassis Optimizer 2400 vNetConnect Virtual Access

vMesh vMC Central Controller and Management Apps

Traffic Optimization Suite

Solution Mediates network access for active and passive security tools, such as next-generation firewalls and advanced threat protection systems, giving each tool visibility into multiple links and customizing the network traffic each receives.

Right sized solutions for remote sites, highly dense data centers, and virtual environments

100G/40G Hardware accelerated applications Cost-effective aggregation

Gives you a complete and centrally controllable view of your global network that can be dynamically customized for each analytics application and security system.

Benefits Eliminate disadvantages of placing tools inline on active links

Maximize tool efficiency Enable toolsets to scale with network growth

Keep pace with increasing speeds, densities, and new architectures

Give tools access to virtualized traffic

Lower CAPEX with appropriately sized solutions that scale as the network grows

Reduce tool cost by maximizing performance

Reduce OPEX and MTTR by getting the right data to the right tools at anytime without physical intervention

Enable tools to respond quickly to network changes

Table 1. Solution components of Unified Visibility Plane

Copyright 2003 2015. VSS Monitoring Inc. All rights reserved.

For more information please contact us at info@vssmonitoring.com

www.vssmonitoring.com

VSS Monitoring, the VSS Monitoring logo, vBroker Series, Distributed Series, vProtector Series, Finder Series, TAP Series, vMC, vAssure, LinkSafe, vStack+, vMesh, vSlice, vCapacity, vSpool, vNetConnect and PowerSafe are trademarks of VSS Monitoring, Inc. in the United States and other countries. Any other trademarks contained herein are the property of their respective owners.

VSS Monitoring is a world leader in network packet brokers (NPB), providing a visionary, unique systems approach to integrating network switching and the broad ecosystem of network analytics, security, and monitoring tools.

The VSS Unified Visibility Plane; White Paper

The Unified Visibility Plane: The only dynamic solution for todays dynamic networksThe VSS Unified Visibility Plane delivers a true visibility fabric. By operating programmaticallysimilar to SDNthe network can remain flexible and dynamic while security, performance and monitoring tools can continually deliver complete visibility. No physical intervention is necessary. The Unified Visibility Plane is on premise so the tools dont have to be. Its auto node discovery and built in redundancy ensure continuous data delivery to tools. It also has a scalability advantage over limited NPB devices, supporting up to 256 physical nodes (or over 4000 network links) in a single cluster or full mesh.

Limited NPB devices, especially those based on matrix switch technology, support only a portion of visibility fabric requirements. It is worthwhile to question how far such fabrics scale and how many devices can be interconnected. Any limitations to fabric scalability are essentially limitations to visibility and a recreation of the very visibility silos that data center operators today strive to avoid. A key consideration for a true visibility fabric is that of global geography: Todays networks and data centers simply cannot be tied to a single location. Further, switch-based devices cannot offer advanced filtering and grooming features, forcing network managers to bolt-on advanced systems to address these weaknesses.

The VSS Unified Visibility Plane offers architectural, operational, and business benefits:

For the Business Analyst: Lower CAPEX and OPEX of Network Management by increasing efficiency Increase IT agility and accelerate response times to intelligence Reduce risk with proactive, not reactive network security

For the Network and Security Architect: Accommodate all tools (active and passive) and scale as needed across the global network, regardless of expansion or changes to the network or tools

Lower tool cost by maximizing tool performance

For Operations: Change or refine data to tools quickly, from anywhere, without site visits Get alerts on tool health and see and manage entire network access architecture from a single interface

Operations, security, and business analysts need to monitor, analyze and defend the network. To do so, they need tools that can keep pace with a dynamic environment, scale as needed, and go wherever visibility or defense is required. The VSS Unified Visibility Plane empowers tools and their users to overcome the challenges of today and tomorrows networks with solutions that provide layered security, fast IT, and borderless data.

Contact VSS to learn more, get a demo or request a quote: info@vssmonitoring.com

i 1G/10G/40G/100G Networking Ports, Infonetics, April 21, 2014

ii Forecast: The internet of things will grow 30 times to 26 billion by 2020, Gartner, December 12, 2013

iii Server Virtualization Market Forecast and Analysis, 2009-2014, IDC 2010

iv The Costs of Downtime, Gartner, July 16, 2014: http://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/