Ramping Up Security: Network Visibility on 40G Links
Physical data centers continue to play a strategic role for large enterprises even with the proliferation of cloud services. With the adoption of leaf-spine network topologies, these next-generation data centers have indisputable blind spots when it comes to monitoring network traffic.
There are a number of reasons for the lack of network visibility. For instance, all of these 40G uplinks will need to be monitored and secured using current 1, 10 and 40G tools, many of which can easily become oversubscribed with the increased amount of traffic.
There is an ever growing need to see as much network traffic visible to tools as possible. With ongoing network security challenges, an increase in speeds from 10G to 100G Ethernet links, and next generation architectures, security and network engineers are finding traffic visibility gaps are growing. Now more than ever, installing monitoring systems to mitigate performance and security issues is critical. Failure to gain visibility into the network and monitor the traffic can result in slower issue resolution and longer threat dwell times. When evaluating systems providing insight to traffic behavior for next-generation data centers, there are a number of considerations:
- Efficient top-of-rack monitoring utilizing highest density 40G ports with aggregation and filtering capabilities
- Flexible, easy to configure, point and click graphical user interface
- Seamless integration with high performance aggregation and filtering systems and advanced services such as deduplication, packet slicing, protocol striping and NetFlow generation
- Ability to reuse and optimize existing tool farms of 1G/10G/40G analysis and security tools
- Support for one-to-one, one-to-many and any-to-any aggregated connections
- Load balancing group and trunking functionality
High-Density Blade for High-Network Speeds
APCON recently introduced a high density packet aggregation and filtering blade designed to aggregate up to 20 ports of 40Gbps traffic. Enhancing network visibility and security, this blade aggregates, filters, and load balances traffic.
It has many-to-one and many-to-many connections to linked analysis/security tools or to APCON’s high performance IntellaFlex XR network visibility and security systems such as a HyperEngine. The HyperEngine provides deduplication, deep packet inspection and NetFlow services. Traffic can also be directed to an IntellaStore II+ so capture and analysis can be completed within APCON’s integrated system.
The 40G packet aggregator blade is a part of APCON’s premier, scalable network visibility and security family and is compatible with all chassis from 1RU to 14RU and all other blades, so growing a data center visibility architecture to meet demands can be easily scaled.