Download pptx - Introducing Endace Packets - EndaceVision™ with Protocol Decodes

Emulex Confidential - © 2013 Emulex Corporation

EndaceVision with Packet DecodesAn Introduction to Endace Packets

Jim MacLeod – Senior Product Manager, Emulex

2 Emulex Confidential - © 2013 Emulex Corporation

Introduction

Jim MacLeod– Senior Product Manager, Emulex– 15 years experience in monitoring– Product Manager for EndaceVision

Endace – Emulex product line – World leader in network recording– 10 years selling network visibility


Changing Nature of Networks

Rapid shift to 10GbE – 40 and 100GbE adoption coming

Increasing complexity– Consolidation– Virtualization

Greater reliance on network– Virtual Desktop– Unified Communications

More compliance & regulation– Business and customer data– Scope of data at rest

Lower tolerance to downtime…– Cost measured in millions of dollars


Who’d Want To Be An Analyst?

Insane pressure to resolve complex issues fast

More events than time – ‘Triage’ strategy

Lack of immediate data – Still living in ‘HHA’ mode

Tool paralysis– Too many – Too complex– Too slow

#Fail.


Sharkbites - the Problem with Wireshark…

Wireshark remains the go-to tool for most analysts and security engineers

Tool fails under 10GbE load– 14,000,000 pps on loaded 10GbE link

Faster network, slower analysis– 5 minutes to open 5GB file on Core i5– 5 minutes for each filter

Troubleshooting requires accurate data– Recording at 10Gbps is challenging– Trace files need to be moved around

Real compliance / security concerns


10GbE Troubleshooting Best Practice

Pervasive network recording– 100% accurate capture to disk

Effective traffic search– Trace file consolidation

Event driven trace extraction

High-level trace visualization– Layer 7 awareness is vital

Effective drill-in to precise packets of interest

On-appliance protocol decoder– Filters in seconds, not minutes

Easy trace file export for deep-dive in Wireshark


























A New Recording Paradigm

EndaceProbe next generation sniffer

100% accurate traffic recording– Real 10 Gbps performance

Up to 64 TB of local storage– Extensible via sledding or SAN

Full flow-based traffic indexing– Including application classification

Open and flexible– Endace Application Dock– Programmable RESTful API

EndaceVision / Endace Packets


Total Datacentre Visibility


Conclusion

Troubleshooting in a 10GbE world requires 10GbE capable tools

Wireshark needs support to remain relevant in high-speed environment

EndaceVision & Endace Packets solve the scalability challenge

100% accurate recording is mandatory input

– Dedicated purpose built hardware

Long live Wireshark!


Thank you.

[email protected]