advertisement

Gigamon Systems

42 %
58 %
advertisement
Information about Gigamon Systems

Published on July 27, 2007

Author: gigamon

Source: slideshare.net

Description

The DAN or Data Access Network is a newly emerging “best practice” for passive monitoring of mission critical networks that solves real access problems, improves network performance and uptime, and saves capital, operation and maintenance costs. A DAN is a combination of out-of-band data access switching plus passive monitoring instrumentation to enable required security, compliance, forensics review, application performance, VoIP QoS, uptime and other network management tasks. Data is acquired from multiple SPAN ports or taps and multicast to multiple tools, aggregated to a few consolidated tools, and filtered or divided across many instances of the same tools. The DAN may be thought of as a “data socket” providing immediate access for ad hoc tool deployment without impact to the production network and outside of the scope of configuration management policies. Data Access Networking is a concept whose time has come due to a recent confluence of factors including enhanced fiduciary responsibilities, heightened threats to network security, real convergence of voice, video and data networks, plus greater economic dependency on network uptime and performance. This Podcast recommends the DAN as a solution to those who suffer real problems like too many tools and not enough span ports, too many links to monitor and not enough money to deploy distributed tools, or too much traffic that threatens to overflow even the highest capacity tool. For more details, visit http://www.gigamon.com.
advertisement

LAN, WAN, SAN, and now DAN D ata A ccess N etwork Tom Gallatin Gigamon Systems A Network Infrastructure Company

What’s a DAN? Out-of-Band Monitoring Network Includes Passive Tools like: Sensors, Probes, Monitors, Recorders, Analyzers, and Access Switching Proprietary & Confidential

What’s a DAN? A new “Best Practice” Part of the network infrastructure Facilitates instrumentation of a network Enterprise or Telco What’s new is how data is fed to the tools By a Data Access Switch or Aggregator Unobtrusive to the primary network Proprietary & Confidential

A new “Best Practice”

Part of the network infrastructure

Facilitates instrumentation of a network

Enterprise or Telco

What’s new is how data is fed to the tools

By a Data Access Switch or Aggregator

Unobtrusive to the primary network

Example of a DAN Proprietary & Confidential

Why are DANs Needed Now? Things Have Changed 9/11 spawned new security and lawful intercept requirements Enron spawned new auditing and monitoring laws New tools optimize E-commerce and internet applications VoIP and media convergence make the network more strategic Network is more valuable; Downtime is unacceptable Proprietary & Confidential

Things Have Changed

9/11 spawned new security and lawful intercept requirements

Enron spawned new auditing and monitoring laws

New tools optimize E-commerce and internet applications

VoIP and media convergence make the network more strategic

Network is more valuable; Downtime is unacceptable

New SOX compliance transaction monitors Keep your boss out of jail! IDS Sensors detect external hacker attacks NAC Appliance protects networks from inside From your own people! Forensic recorders capture events and how the network being used! Configuration monitoring tools watch over network resources Application and Network troubleshooting Proprietary & Confidential Proliferation of Tools

New SOX compliance transaction monitors

Keep your boss out of jail!

IDS Sensors detect external hacker attacks

NAC Appliance protects networks from inside

From your own people!

Forensic recorders capture events

and how the network being used!

Configuration monitoring tools watch over network resources

Application and Network troubleshooting

Proprietary & Confidential Proliferation Causes Contention for Span Ports Security and IT Engineers seen here “ Negotiating” Over a SPAN Port

What Other Problems do DANs solve? Consolidate tools and sensors Save money on capital and operational budgets Aggregate flows from parallel links - etherchannel Give tools the “big pipe” network wide view Filter and divide high bandwidth traffic Reduce and balance load to match tool capacity Overcome the tyranny of Configuration Management Policies Deploy tools and make changes on your own schedule Proprietary & Confidential

Consolidate tools and sensors

Save money on capital and operational budgets

Aggregate flows from parallel links - etherchannel

Give tools the “big pipe” network wide view

Filter and divide high bandwidth traffic

Reduce and balance load to match tool capacity

Overcome the tyranny of Configuration Management Policies

Deploy tools and make changes on your own schedule

Proprietary & Confidential Too Many Power Tools? Not Enough Sockets? ? ? ? ?

Proprietary & Confidential For Power Tools, use a Power Strip

Proprietary & Confidential Too Many Monitoring Tools? Not Enough Span Ports ? ? ? ? ?

Proprietary & Confidential For Sensors/Monitors/Analyzers, Use a Data Access Switch One Span port serves Many tools

Proprietary & Confidential Monitoring a Mesh Network?

Proprietary & Confidential Could Distribute Tools, Deploy one tool per span port/switch Lots of hardware…very expensive!

Proprietary & Confidential Better to Distribute Connections with a DAN Aggregate and balance flows to Consolidated Tools

Plug-in multiple out-of-band tools – any tool to any data Unobtrusive tool changes – never touch the network Do moves, adds, changes at any convenient time DAN is out-of-band “Data Socket” Part of the Reliable Network Infrastructure Performance Monitor Security IDS Transaction Auditor Forensic Recorder Protocol Analyzer Edge Router Switch Storage Area Network Switch Server Farm Consolidated Tool Farm Config Monitor “ Data Socket”

Plug-in multiple out-of-band tools – any tool to any data

Unobtrusive tool changes – never touch the network

Do moves, adds, changes at any convenient time

DAN Solves Access Problems By Aggregating many links to any tool Multicasting any link to many tools Filtering data to map packets to tools Saving $$ Cap Ex and Op Ex budget$ Proprietary & Confidential Any to Any Any to Many Many to Any Bit-Mask Filtering

Aggregating many links to any tool

Multicasting any link to many tools

Filtering data to map packets to tools

Saving $$ Cap Ex and Op Ex budget$

Add a comment