Net Optics Phantom Solution for monitoring in a virtualized computing environment consists of four key components:

The Phantom™ Virtualization Tap installs in the hypervisor kernel of each server. It provides visibility to all server tra� c including inter-VM tra� c. Based on policy, tra� c of interest is captured and forwarded.

The Phantom HD™ is a purpose built, high-throughput appliance for network tra� c � ltering and pre-processing of packets captured in virtual environments. Phantom HD can act as a termination point for the tra� c captured by Net Optics Phantom Taps. Captured tra� c is decapuslated and processed. It is then sent to the Net Optics Director family for distribution to instrumentation layer tools for inspection and monitoring.

Phantom HD can also be deployed in ‘reverse’ to encapsulate raw tra� c from virtual or physical devices and to send it to remote locations for processing.

The Director™ / Director xStream™ / xBalancer™ Data Monitoring Switch family is an optional component that easily integrates with the Phantom HD, aggregates raw tra� c from the Phantom HD with tra� c from physically monitored sources, and � lter and switch it to monitoring tools.

Physical monitoring tools are the � nal component of the Phantom Solution for performance, security, and compliance monitoring in the virtualized environment.

Phantom HD At a Glance • Supports high-throughput monitoring of all

virtualized data center tra� c with Net Optics Phantom Virtualization Tap

• Delivers overall capacity of 40 Gbps in 1U rack-mount appliance

• Encapsulates or decapsulates tunneled traffi c at 10 Gbps per port

• Initiates and terminates encapsulation tunnels

Limitless Network Access Solution

• Enables routing of data from data centers to central monitoring facilities

• Handles fragmentation and defragmentation of packets

• Net Optics Phantom HD™ easily integrates with Director™ / Director xStream™ / xBalancer™

• Optimized for use with Net Optics Phantom Virtualization Taps

• Enables monitoring of virtual network traffi c in a virtualized computing infrastructure that is unable to process VN-Tags

• Improves network visibility and security threat-management in virtualized computing environments

• Reduces packet payload overhead before it reaches instrumentation layer tools

Data centers are virtualizing at breakneck speed, but the monitoring infrastructure often struggles to match

that pace. Now, Net Optics’ Phantom Solution™ uses the Phantom HD™ appliance to ease the virtualization

transition by converging the physical and virtual monitoring infrastructures.

Data Sheet I Phantom HD

High-Throughput Encapsulation/Decapsulation The Phantom HD terminates tunnelled captured tra� c from Phantom Virtualization Taps or other sources. It decapsulates the tra� c and reassembles fragmented packets.

The Phantom HD can tunnel tra� c of interest to central NOCs, including o� -site instrumentation layer tools for auditing, inspection and archiving.

Packet FilteringThe Phantom HD can perform initial � ltering of captured packets based on the set of rules speci� ed by an administrator. Filtering rules can contain any combination of L2 and L3/L4 packet header fi elds, including VN-Tag ingress and egress virtual interface ID.

Packet ManipulationVN-Tag Stripping with Packet Forwarding — the Phantom HD can be con� gured to remove VN-Tag headers from the captured packets.

VN-Tag Mapping — the Phantom HD can be con� gured to map Virtual Interface IDs of VN-Tag headers into VLAN IDs. This allows monitoring tools to gain further visibility into captured tra� c.

MPLS Stripping - Phantom HD™ is capable of striping and removing MPLS headers.

Cisco FabricPath Header Stripping — Phantom HD is capable of decapsulating and stripping Cisco FabricPath headers.

Packet ForwardingAfter decapsulation, � ltering and VN-Tag processing step, the Phantom HD forwards packets to an egress port and optionally a VLAN as determined by the � ltering rules.

Phantom HD Capabilities

The Phantom HD modi� es data streams from virtual servers and works with Net Optics Network Access and Management Solutions. It also aggregates tra� c from remote facilities to your destination of choice.

Net Optics® is a registered trademark of Net Optics, Inc. Copyright 1996-2012 Net Optics, Inc. All rights reserved. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. 815-0031-001 PUBPHDD Rev A 6/12

High-Throughput Tunneling and Advanced Routing Appliance

Data Sheet I Phantom HD

Speci� cations, chassis

FunctionalPurpose: Encapsulates/decapsulates tunneled tra� c for extraction and transport of packets to monitoring switch or tool. Advanced header manipulations for visibility of raw packets.Tunneling protocol: GRE, RSPAN, ERSPANFragmentation: Automatic defragmentationThroughput: Up to 20 Gbps full-duplexDevice management: Direct (SSH), or through Net Optics Director (requires software version 5.x and above). Director management is separateOperatingOperating temperature: 0˚C to 35˚CStorage temperature: -10˚C to 70˚CRelative humidity: 10% min, 95% max, non-condensingMechanicalDimensions: 1.75” high x 23.5” deep x 19” wideMounting: 19” rack mount (1U)Weight: 26 lbs (11.8kg)

PortsTunnel in: Up to (2) 10 Gbps SFP+Data out: Up to (2) 10 Gbps SFP+Management: 100 Mbps RJ-45Console: RS-232 serial DB9Electrical Speci� cationsPower: 100-240VAC, 47-63Hz 650W PFCRedundancy: Dual modulesMaintenance: Power supplies are hot-swappable IndicatorsPower, disk activity, network 1 activity, network 2 activity, over-temperature warningCerti� cationsFCC, CE, VCCI, and C-Tick certi� edFully RoHS and WEEE compliantSystem RequirementsNet Optics Phantom Virtualization Tap or other source of tunneled tra� cWarrantyAll products require an advanced replacement service plan. Service plans with 1 to 5 years coverage are available.

Part NumbersPT-HD-10-E Phantom HD Appliance, 10G Throughput, EncapsulationPT-HD-10-D Phantom HD Appliance 10G Throughput, DecapsulationPT-HD-20-EE Phantom HD Appliance 20G Throughput, EncapsulationPT-HD-20-DE Phantom HD Appliance, 10G Throughput, Encapsulation 10G Throughput, DecapsulationPT-HD-20-DD Phantom HD Appliance, 20G Throughput, DecapsulationSFP Transceiver Module Kits*:SFP+KT-50SR Module Kit, 10G, Multimode, Fiber, 50µm, w/CableSFP+KT-SR Module Kit, 10G, Multimode, Fiber, w/CableSFP+KT-LR Module Kit, 10G, Singlemode, Fiber, w/Cable* One SFP+ transceiver module is required in Director / Director xStream / xBalancer to connect to Phantom HD

Phantom Monitor™

vm 1 vm 2 vm 3

V Switch

Hypervisor

Net Optics Director xStream™ *

Phantom HD™

Phantom™ Virtualization Tap(Data Center)

IDS Analyzer 02Analyzer 02Analyzer 02IDS Analyzer 02ForensicsAnalyzer 01Analyzer 01 ForensicsForensicsForensics

Encapsulated Tra�c

Stripped Tra�c

VN-Tag / FabricPath Tra�c

Decapsulated Tra�c

Physical ServerPhysical Server

Physical Server

Physical Server

Stripped Tra�c

Aggregates raw tra�c from the Phantom HD with tra�c from physically monitored sources, and �lters and switches it to monitoring tools, or to an additional Phantom HD for VN Tag Stripping.

* Phantom HD™ easily integrates with Net Optics Director™ / Director xStream™ / xBalancer™

Decapsulates data from virtual and physical sources and sends it to Director

Phantom HD™VN Tag Stripping with Packet Forwarding

Phantom HD™

LAN/WAN

Physical Server

RemoteSitePhysical Server

Encapsulate data and send it securely to another location for decapsulation

Physical ServerPhysical Server

RemoteRemotePhysical ServerPhysical Server

Phantom Monitor™

V Switch

Phantom Monitor™

HypervisorHypervisor

VN-Tag / FabricPath Tra�c

ELEXO - Téléphone : 01 41 22 10 00 - Fax : 01 41 22 10 01 - info@elexo.fr