introducing endace packets - endacevision™ with protocol decodes
DESCRIPTION
Join Jim MacLeod, Senior Product Manager at Emulex, for an interactive webinar where you'll learn how the combination of Endace Packets and EndaceVision can help troubleshoot your hardest 10GbE network problems.TRANSCRIPT
Emulex Confidential - © 2013 Emulex Corporation
EndaceVision with Packet DecodesAn Introduction to Endace Packets
Jim MacLeod – Senior Product Manager, Emulex
2 Emulex Confidential - © 2013 Emulex Corporation
Introduction
Jim MacLeod– Senior Product Manager, Emulex– 15 years experience in monitoring– Product Manager for EndaceVision
Endace – Emulex product line – World leader in network recording– 10 years selling network visibility
3 Emulex Confidential - © 2013 Emulex Corporation
Changing Nature of Networks
Rapid shift to 10GbE – 40 and 100GbE adoption coming
Increasing complexity– Consolidation– Virtualization
Greater reliance on network– Virtual Desktop– Unified Communications
More compliance & regulation– Business and customer data– Scope of data at rest
Lower tolerance to downtime…– Cost measured in millions of dollars
4 Emulex Confidential - © 2013 Emulex Corporation
Who’d Want To Be An Analyst?
Insane pressure to resolve complex issues fast
More events than time – ‘Triage’ strategy
Lack of immediate data – Still living in ‘HHA’ mode
Tool paralysis– Too many – Too complex– Too slow
#Fail.
5 Emulex Confidential - © 2013 Emulex Corporation
Sharkbites - the Problem with Wireshark…
Wireshark remains the go-to tool for most analysts and security engineers
Tool fails under 10GbE load– 14,000,000 pps on loaded 10GbE link
Faster network, slower analysis– 5 minutes to open 5GB file on Core i5– 5 minutes for each filter
Troubleshooting requires accurate data– Recording at 10Gbps is challenging– Trace files need to be moved around
Real compliance / security concerns
6 Emulex Confidential - © 2013 Emulex Corporation
10GbE Troubleshooting Best Practice
Pervasive network recording– 100% accurate capture to disk
Effective traffic search– Trace file consolidation
Event driven trace extraction
High-level trace visualization– Layer 7 awareness is vital
Effective drill-in to precise packets of interest
On-appliance protocol decoder– Filters in seconds, not minutes
Easy trace file export for deep-dive in Wireshark
7 Emulex Confidential - © 2013 Emulex Corporation
8 Emulex Confidential - © 2013 Emulex Corporation
9 Emulex Confidential - © 2013 Emulex Corporation
10 Emulex Confidential - © 2013 Emulex Corporation
11 Emulex Confidential - © 2013 Emulex Corporation
12 Emulex Confidential - © 2013 Emulex Corporation
13 Emulex Confidential - © 2013 Emulex Corporation
14 Emulex Confidential - © 2013 Emulex Corporation
15 Emulex Confidential - © 2013 Emulex Corporation
16 Emulex Confidential - © 2013 Emulex Corporation
17 Emulex Confidential - © 2013 Emulex Corporation
18 Emulex Confidential - © 2013 Emulex Corporation
19 Emulex Confidential - © 2013 Emulex Corporation
20 Emulex Confidential - © 2013 Emulex Corporation
21 Emulex Confidential - © 2013 Emulex Corporation
22 Emulex Confidential - © 2013 Emulex Corporation
23 Emulex Confidential - © 2013 Emulex Corporation
24 Emulex Confidential - © 2013 Emulex Corporation
25 Emulex Confidential - © 2013 Emulex Corporation
26 Emulex Confidential - © 2013 Emulex Corporation
27 Emulex Confidential - © 2013 Emulex Corporation
28 Emulex Confidential - © 2013 Emulex Corporation
29 Emulex Confidential - © 2013 Emulex Corporation
30 Emulex Confidential - © 2013 Emulex Corporation
31 Emulex Confidential - © 2013 Emulex Corporation
A New Recording Paradigm
EndaceProbe next generation sniffer
100% accurate traffic recording– Real 10 Gbps performance
Up to 64 TB of local storage– Extensible via sledding or SAN
Full flow-based traffic indexing– Including application classification
Open and flexible– Endace Application Dock– Programmable RESTful API
EndaceVision / Endace Packets
32 Emulex Confidential - © 2013 Emulex Corporation
Total Datacentre Visibility
33 Emulex Confidential - © 2013 Emulex Corporation
Conclusion
Troubleshooting in a 10GbE world requires 10GbE capable tools
Wireshark needs support to remain relevant in high-speed environment
EndaceVision & Endace Packets solve the scalability challenge
100% accurate recording is mandatory input
– Dedicated purpose built hardware
Long live Wireshark!