Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
Similar a IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots (20)
IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots
- 1. 1© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA VISIBILITY ARCHITECTURE
Eliminating Blind spots
Юлий Явич, IXIA
- 2. 2© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
of the
Fortune 100
of the
top 50 carriers
of the
top 15 NEMs
74
45
15
Customer
Focused
Innovation
Enterprise
Carriers/
Service Providers
NEMs
2014 Industry-first ATI security solution
2014 Industry-first virtual tap
2014 Industry-first 400GbE test solution
- 3. 3© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA SOLUTION PORTFOLIO
Across the Infrastructure
Across ALL Platforms
Flex Taps,
iBypass,
Virtual Taps
802.11ac,
MU-MIMO
PerfectStorm
BPS vEPC
IxLoad/VE
IxNetwork/VE
Multis SDN
Threat
ARMOR,
ATI
Mobile Endpoint Network Data Center Cloud
NTO, Vision ONE,
Hawkeye,
xStream40,
Control Tower
TEST SECURITY VISIBILITY
- 4. 6© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 6© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
INTELLIGENT VISIBILITY
- 5. 7© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Clients
INTELLIGENT VISIBILITY - CHALLENGES
Server
Network
TapSwitch Switch
How to:
• Get data access for tools?
• Network taps instead of SPAN
ports?
Network
Tap
Network
Tap
Tool 1 Tool 2 Tool N
How to:
• Deal with limited tool ports?
• Scale tool capacity?
• Filter traffic to tools?
• Manage access for each tool?
- 6. 8© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Network
Operations
Application
Operations
Security
Admin
Forensics
INTELLIGENT VISIBILITY
End-to-End Data Access and Distribution
Switch
Switch
Servers
THE DATA CENTER
Taps
Taps
Taps
Network
Packet
Brokers
• Aggregation
• Filtering
• Load Balancing
• SSL Decryption
• NetFlow
1G
10G
40G
- 7. 9© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
APPLICATIONS AND NETWORK PERFORMANCE TOOLS
- 8. 10© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SECURITY TOOLS
- 9. 13© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
INTELLIGENT PACKET PROCESSING
All unique frames going to
10.0.0.0/8
Only the first 128 bytes of TCP Port
25 frames
Hardware AFM
NPB
Adv. Packet Processing
Advanced Packet Processing (AFM) Features
• Deduplication
• Header stripping
• Trimming
• Tunnel Termination
• Data Masking
• Timestamping
• Burst Protection
- 10. 21© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ENTERPRISE – INTELLIGENT APPLICATION PROCESSING
• ATI Processor (ATIP) - Context-rich Application Visibility
• Application forwarding based on application, geography, and RegEx matching
• Real-time dashboard
• Rich NetFlow / IPFIX generation
– Device OS
– Browser
– Carrier BGP AS#
– Geolocation
• Data Masking
• Stateful SSL decryption
All traffic from Georgia
All voice traffic from HTC
Ones
Someone from remote office
Skype for business monitor
NPB –
App Brokering
Meta Data
App Filtering
- 11. 26© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
ATIP ENABLES SSL INSIGHT
• Passive decryption – no impact on application performance
• Fully compatible with all other ATIP features:
Rich Netflow/IPFIX
Data Masking
Geolocation
• Easy setup – just import server certificate & key
• All popular key exchange & ciphers:
RSA & DH Key Exchange
SHA1/521/384/256/224
MD5
• Application Filtering
• Handset/workstation type
• Browser identification
• 3DES
• RC4
• AES
• ECC (Elliptic Curve)
• Encryption details reported over Netflow Hardware Encryption Offload
- 12. 27© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SPY GLASS ACTIVE SSL
- 13. 28© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
NTO FAMILY
NTO 7300
Vision ONE
• 48x1/10G & 4x40G
• Advanced Features
• ATI Processor
> Application layer filtering
> SSL Encryption
> Netflow Generation
• Inline Support
• Load Balancing
• GUI
• 1/10/40/100G Interfaces
• Advanced Features
• ATI Processor
> Application layer filtering
> SSL Encryption
> Netflow Generation
• Packet Capture
• Load Balancing
• GUI
- 14. 31© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
General Features
> Full Duplex Mode
> Passes all traffic (including errors) from all
layers for comprehensive Troubleshooting
> Regeneration TAP
> No IP address is needed
> Redundant power ensures monitoring uptime
TP-CU3; TP-CU3-ZD
Network A Network B
Mon A
Mon B
TX
TXRX
RX
TX
TX
FULL DUPLEX COPPER TAP
- 15. 32© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
- 1G/10G/40G/100G (LR & ER)
> Single Mode with LC Connector
-
1G (SX)
> Multi Mode with LC Connector
-
10G (SR)
> Multi Mode with LC Connector
- 40G (SR4 / Cisco Bidi/ MR4)
- 100G (SR10)
> Multi Mode with MTP Connector
IXIA FLEXTAP
- 16. 34© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
GETTING VIRTUAL TRAFFIC TO MONITORING TOOLS
- 17. 38© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
CUSTOMER CASE STUDY
International Bank
Customer
• Leading International Bank
Need
• Massive volumes or raw application traffic to monitor
• Control traffic inspection costs
• Improve overall Incident Response Team effectiveness
Results
• Deployed Ixia Intelligent Visibility solutions including NTO 7300
• Reduced monitored traffic using advanced filters of deduplication, packet slicing, IPs, VLANs
• VLAN marking and Time stamping to monitoring tools
• Reduced planned CapEx investments
- 18. 39© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
CUSTOMER CASE STUDY
Large Hi-tech Company
Customer
• Large L2/3 manufacturer
Need
• Control traffic inspection costs
• Layer 7 filtering to Nectar tool
Results
• Deployed Ixia Intelligent Visibility solution including Vision One
• Reduced monitored traffic using deduplication
• Provided Skype for business specific traffic to Nectar tool
• Reduced planned CapEx investments
- 19. 40© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
TECHNOLOGY ECOSYSTEM
TrafficREWIND is a unique patent pending solution that uses NetFlow metadata to regenerate the
dynamics of production networks within BreakingPoint test beds
Solution Overview
- 20. 42© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 42© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
RESILIENT SECURITY
- 21. 43© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
RESILIENT SECURITY
Serial Deployments of Inline Security Tools is Dangerous
Switch
Server
Server
Switch
Switch
Switch
Very complex operationally
Single points of failure
Administrative tension
Expensive to scale
- 22. 44© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Inline
Security
Tool Farm
RESILIENT SECURITY
A More Detailed View of a Resilient Security Framework
Switch
Server
Switch
Inline Security
Tool Farm
Server
Switch Switch
Bypass Switch
Bypass Switch
Network Packet
Brokers (HA)
Out of Band
Sandboxing
Monitored Tool Links via Heartbeat Packets
Threat Intelligence
Gateway
- 23. 46© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
INLINE & MONITORING TOGETHER
Inline Monitoring
Inline
• IPS (multiple vendors)
Out-of-band Monitoring
• Data logging
- 24. 49© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
WORLD-CLASS GLOBAL SUPPORT
Expert team of
>100 engineers
Proven track record
of superior support
Always-on
24x7 coverage
Best-in-class
support tools
- 25. 50© 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
WE MAKE
APPLICATIONS
STRONGER