Taps and Aggregator Solutions
Teraquant has a fine reputation for exceptional customer value and is a highly recognized SIP specialist. We provide cost effective IP telephony and networking infrastructure for UC services and always with advanced real-time network monitoring built-in. To keep your network running 24/7 by monitoring real-time and capturing every packet at line rate, without errors under heavy traffic loads, Teraquant integrates Garland Technologies Network Taps and Aggregators with our service assurance solutions.
Network Taps and Aggregators
Typically, monitoring of a full duplex link requires squashing 2 data flows from opposite directions, both side of the duplex link [east to west and west to east streams] into one SPAN port or mirroring port on the switch or router. After multiple flows are squashed into one physical span port, This causes collisions and dropped packets. Not all packets reach the monitoring tool resulting in erroneous measurements and analysis. For example, this means when monitoring SIP/VoIP networks, which would result in a poor MOS/voice quality measurement in a case where there is no bad packet loss on the live network and no bad user experience. A network operator is then left chasing ghosts, errors that are not real, don’t exist and not a problem to users.
Benefits of Tap Aggregators
Tap aggregators provide many benefits. The insertion of a Tap either fiber optic or copper, ensures every packet is captured at line rate with zero packet loss. The tap feeds to the Aggregator, both which operate in “failsafe modes” where optical switches /relays allow the traffic to continue flowing despite power outage or in case the device ever suffers from systematic failure. The Aggregators are utilized to unite the traffic into one or multiple traffic streams, to filter, merge, aggregate and fans-out the traffic to your monitoring devices ensuring that only the flows required are dispensed to each monitor and no packet is ever lost. Garland Technologies taps and aggregators support speeds up to 100Gbps.
Taps and aggregators therefore save you expensive extra switches and routers to support the SPAN ports, management overhead, continuous support costs to monitor over utilization and ensure you can right size your monitoring tools, ensuring they are never overloaded.
Types of Tap Aggregators
Copper and Fiber taps in particular can never be compromised owing to absence of a management port. They are also easy to install with a simple ‘plug and play’ setup. The aggregators have a display (front panel) that makes it possible to monitor real time data. For maximum flexibility, they also have a CLI (if required) and a web GUI for easy set up and come pre-loaded with common port mappings. They show utilization of network links which in comparison to higher end tools, have a lower cost.
Enabling Comprehensive VoIP Analytics across Public/Private Cloud Environments
When efficiently managing a voice over Internet protocol (VoIP) telephony environment, Session Initiation Protocol (SIP) monitoring system is essential for delivering excellent service quality and 5×9’s up-time. Garland Technology and Teraquant Oracle SIP Service Assurance solution delivers 100% packet-level visibility eliminating voice, video, and UC service blind spots across the network at the lowest operational costs. By partnering together, they help spot performance degradation and drill down the root cause of security threats and service problems, reducing trouble ticket resolution time by 66%.
Service Assurance combines troubleshooting with proactive performance monitoring including alert and trap generation. Oracle’s OCOM is the preferred platform for troubleshooting and maintenance for real-time services. Delivering total visibility across your entire network, OCOM from Teraquant provides a complete solution for SIP Service Assurance. The solution isolates all call connection and quality issues and saves you from sudden bursts of international fraud or stealth under the radar fraudulent revenue leakage, inbound robocalls, and domestic traffic pumping.
By saving all historical calls, issues are already captured and can be isolated in seconds. What used to take IT professionals 1-2 hours to analyze in wait time for resolution and strain on network security, now solves in 1-2 minutes and manages performance proactively. The combined Garland/Teraquant solution optimizes operational efficiency, requires no CAPEX, and shows OPEX profit in the first month.
The capabilities and comprehensive features include filtering, aggregation, packet-slicing, inline traffic by-pass, and load balancing. Fully modular and flexible Network Packet and TAP Broker solutions which are tailored to fulfill the requirements of your network. It allows for solutions that enable managing, protecting, and monitoring your network more cost effective and easy. This centralizes and improves efficiency and ROI of the network across the monitoring and security infrastructures.
Security Applications of Network Taps
TAPs are regarded as basis of Secure visibility, enabling intrusion detection systems (IDS) and security monitor platforms to work without compromise and maintaining total visibility across the network. Security is assured as the tap is a dedicated device and feeds to dedicated monitoring devices only. a fiber optic tap is a simple piece of glass and cannot be hacked. Removal will be instantly noticeable.
Customer Premise Deployment
How It Works
- The Garland Technology network TAPs are deployed in on-premise locations feeding into the Garland Technology PacketMAX packet broker.
- Teraquant configures the Garland Technologies aggregator with required filters and aggregation as required by a customer.
- The Garland deployment routes filtered and load-balanced IP packets to the Teraquant packet capture probe, where the customer logs into the Mediation Engine to use the Teraquant SIP service assurance dashboard.
- Teraquant SIP service assurance delivers KPI reporting, decryption analysis, and big data analytics applications that are reported on customers’ common off-the-shelf servers (COTS.)
Taps and Aggregators provide the physical access at port level required for connections into monitoring appliances but that is only the beginning. Intelligent features like filtering and port mapping ensure that the right information is sent to the right appliance. Access ports are protected from unauthorized access and fail-over features help maintain network operation when appliances lose power or are out of service. Taps and Aggregators also allow safe removal of redundant data through Deduplication. Not all traffic that flows through a Network Packet Broker or Aggregators is useful – some data may be duplicated. To save time and processing power, duplicate packets and other redundant data can be removed before reaching monitoring and security tools. During this process it’s imperative that relevant original data isn’t accidentally dropped. Additionally, having a network TAP working alongside your Packet Broker provides the first layer of network visibility. So in 2017, The Rolling Stones might now be singing, “Hey! You! Get on my cloud” – but only if they have good access traffic control implemented, as well as good security.
Public/Private and Hybrid Cloud Deployment Use Case
How It Works
- In a public cloud deployment, customers need access to data from both on-premise data and public cloud workloads like Azure, AWS, Google Cloud, or VMWare/Private cloud environments.
- The Garland network TAP feeds from physical data center environments and the Garland Prism traffic mirroring provides packet-level data via GRE or VxLAN tunneling to hybrid deployments.
- The data mirrored from the on-premise or virtual TAP is delivered and aggregated via PacketMAX Advanced Aggregator.
- The Garland deployment routes filtered and load-balanced IP packets to the Teraquant packet capture probe, where the customer logs into the applications server to use the Teraquant SIP assurance dashboard.
IT Operations and Sec Ops Team Benefits
- Provide rapid troubleshooting of IP telephony problems, according to our customers, “what used to take us two hours to troubleshoot, now takes us less than 2 minutes.”
- Ensures real-time trending, graphing, and alerts of performance threshold violations.
- Gain full control of the network with dashboards for every aspect and dimension of an IP telephony service.
- Gain full control over traffic behavior with advanced traffic aggregation, load balancing, and filtering.
- Reliable zero-loss packet processing.
- Filter duplicated packets optimizing resource consumption, throughput, and storage capacity.
The Teraquant SIP solution and Garland Technology provides unique visibility to customers in the public and private cloud that can be quickly implemented. Using readily available and industry-standard protocols, this partnership’s proven interoperability has been scaling millions of complex hybrid environments, increasing ROI, and overall saving 37% on operational support costs. IT operations and Security Ops teams gain industry-leading accurate analytics for VoIP environments.
Teraquant is a SIP specialist offering cost effective communication infrastructure with advanced real-time network monitoring for VoIP and UC networks. We recommend Network Critical products to keep your network running 24/7 and for monitoring real-time data without false errors under heavy traffic loads:
- Network Packet Brokers.
- Network TAPs.
- V-Line™ Bypass TAPs.
Packet capture using a TAP or SPAN is a critical initial step required to capture raw packet information vital for troubleshooting and achieve complete visibility across your network. Raw packet capture is essential to troubleshoot in contrast to tools that use only CDR [call detail records] which provide only summary information purely from the perspective of network elements such as the PBX. Network Critical delivers 100% failsafe TAP solutions for your network monitoring, with hot-swap TAP modules for easy re-configuration and expansion to meet evolving network demands.
The comprehensive features and capabilities include aggregation, filtering, load balancing, packet-slicing and inline traffic by-pass. Flexible and fully modular network TAP and Network Packet Broker solutions, tailored to meet your network’s needs. This enables solutions that make monitoring; managing and protecting your network easier and more cost effective, centralizing and improving network efficiency and ROI across your security and monitoring infrastructures.
The Smart Network Access (SmartNA™) System from Network Critical is the most flexible and customizable TAP solution available on the market today. It is designed to work as a portable solution as well as an enterprise solution custom fit for any datacenter, no matter the size.
(Drag-n-Vu™) Control Module from Network Critical is for Network Administrators, Network Security Administrators, and VoIP UC Administrators who need a safe, reliable and non-intrusive way of accessing a network for the purpose of monitoring traffic. By using simple commands over SSH or from the secure web based GUI, the Smart Network Access System is easily configurable to achieve duplication, aggregation, filtering or to perform other administrative functions.
Network Critical’s PacketPro masking is the key enabler for compliance with regulations such as SOX, HIPAA and PCI-DSS; sensitive and confidential information, such as credit card numbers or medical records, can be hidden or removed with the PacketPro payload masking feature.
Inline devices such as a firewall, IDS or IPS are a single point of failure in a network. Using the V-Line TAP, will replace the position of the inline device. SmartNA High Availability V-Line (Bypass) TAP consists of 1 pair of Live Ports which are connected directly to the network, 1 pair of Primary Sensor which can connect to your primary firewall, IDS or IPS and 1 pair of Secondary Sensor which can connect to your secondary firewall, IDS or IPS.
All SmartNA™ Chassis are built to hold any SmartNA™ TAP module. This flexibility allows you to customize your TAP solution to your exact specifications, while still leaving room for expansion.
TAP Module Options:
All TAP modules are hot-swappable, fully configurable and available with Copper, Single mode Fiber, Multi-mode Fiber or SFP cage ports.
V-Line™ Bypass TAPs.
Configurable as V-Line™ TAPs, Breakout TAPs, and Aggregating TAPs, and can switch between all three TAP modes without losing network link…
- Portable Chassis-For on the fly monitoring- holds one TAP module.
- 1U Aggregating and Filtering Chassis-Enterprise design holds 4 TAP modules, Aggregating backplane allows aggregation across all modules, traffic filtering, full SNMP and web GUI for configuration available.
- 2U High Density Chassis-Built for high density holds up to 12 TAP modules in 2U of rack space, save money, power & rack space by powering the entire unit with only 2 power supplies.
- Virtually Inline (V-Line™) Bypass TAP Modules– Configurable as V-Line™ TAPs, Breakout TAPs, and Aggregating TAPs, and can switch between all three TAP modes without losing network link. Aggregation Mode supports Packet Slicing on the monitoring ports and Packet Injection.
- Control Modules– Allow users to manage the modules inside of a chassis. By using simple commands over SSH or from the secure web based GUI, the Smart Network Access System is easily configurable to achieve duplication, aggregation, filtering or to perform other administrative functions
NETWORK PACKET BROKERS
Fully Modular, Next-Generation, Hybrid Packet Brokers designed for use in any Corporate Network or Data Center. As networks constantly grow in complexity, size and speed, organizations must efficiently and economically connect and provide relevant visibility to all of their security and monitoring appliances at ever increasing speeds and varying physical media, without impacting network visibility and reliability. Deliver uncompromising insight into the traffic traveling across your network, centralizing and improving network efficiency and ROI across your security and monitoring infrastructures. Network Critical Packet Broker Systems enable you to:
- Filter, Aggregate, and Load-Balance traffic collected by Intelligent TAPs across your Network in real-time.
- Utilize Single-Pane Management with the Unique Drag-N-Vu™ Interface for simple, intelligent port-mapping.
- Deploy with ultimate scalability, using a fully-modular design to expand as your infrastructure evolves.
Network TAPs are stand-alone devices that make a mirror copy of all of the traffic that flows between two network end-points (nodes). This can then be output to various network tools, while the live traffic continues to pass through the network. TAPs (test access points) are independent of the network, meaning that they are fully configurable. This allows complex packet manipulation to be performed by security and/or performance tools. TAPs are the foundation of Smart Network Access, maintaining total visibility across your security and monitoring platforms without compromise.
ACTIVE NETWORK TAPS
Active TAPs are the ultimate enabler for real-time network threat detection and mitigation, allowing for more complex inline monitoring and reactive response. Active TAPs feature robust fail-safe mechanisms to protect the live network traffic from disruption. Network Critical offers several Active TAP solutions including:
- Active Copper TAP modules for 10Mb~10Gb for SmartNA-X NPB System.
- Active Copper Bypass TAP modules for 10Mb~10Gb for SmartNA-X NPB System.
- Active Fiber Bypass TAP modules for 10Mb~10Gb for SmartNA-X NPB System.
PASSIVE FIBER TAPS
Passive TAPs provide the ultimate visibility into network activity by accurately duplicating all traffic at 100% bandwidth while remaining invisible to all other network components. Passive TAPs require no management, and cause no latency to the live network. Network Critical offers several Passive TAP solutions including:
- Passive Fiber TAPs for 10Mb~100Gb.
- Passive Fiber TAP modules for SmartNA-X NPB System.
- Passive Copper TAPs for 10/100Mb.
BYPASS NETWORK TAPS
Virtually Inline (V-Line™) Bypass TAP Modules– Configurable as V-Line™ TAPs, Breakout TAPs, and Aggregating TAPs, and can switch between all three TAP modes without losing network link…
When an IPS or other Inline Appliance is installed behind a V-Line™ Bypass the TAP continually checks the status of the appliance and if it is online, will direct traffic through it. If the appliance goes for maintenance or update, or any reason, the Tap will automatically bypass the appliance and direct traffic straight through to the network. When the appliance comes back online, the status is detected by the Tap and traffic is once again directed through the appliance.
NETWORK PACKET BROKERS
SMARTNA PORT PLUS™
- Ultimate Port Density.
- Scalable up to 192 ports for simple expansion.
- 1/10/25/40/100G flexible port mapping.
- Single pane of management with unique GUI software.
- Traffic Aggregation from any module.
- Advanced Packet Filtering.
- Hot-Swappable modular design.
- Powerful Packet Slicing.
- Header Stripping for advanced filtering.
- Payload Masking for compliant analysis.
- Fully Configurable for customization and growth with your network.
- High Density 48x 10G port count.
- Line rate 480 Gbps Aggregation.
- L2/3 & Custom Bit Filtering.
- 3-Tuple Load Balancing up to 8 groups.
- Drag’n’Vu Intuitive Interface.
PASSIVE FIBER OPTIC MPO TAP
- Passive Fiber Optic TAPs.
- 100% Passive Visibility of speeds up to 100G.
- Always On, No point of failure.
PASSIVE FIBER OPTIC TAPS
- Passive Fiber Optic TAPs.
- Total Visibility of speeds up to 100G.
- Advanced traffic filtering and aggregation.
- Simple management interface with Drag-n-Vu™.
- Hot-swappable modular design.
Is your cloud provider safe?
According to a Ponemon Institute report, the Global Cloud Data Security Study, companies are not doing a very good job of securing the confidential information stored in the cloud. Respondents included IT professionals from around the world. Over half believed that their companies did not employ a proactive approach to compliance with privacy and data security regulations in a cloud environment. Most of the respondents (56%) also believed that their companies were not as careful with private customer information stored in the cloud. Some general recommendations noted in the report are for companies to make broader use of encryption when data is stored in the cloud. Further, comprehensive policies should be developed that govern what information should and should not be stored in the cloud. Finally, continuous monitoring and security measures should be implemented by the company and the cloud service provider. Cloud providers are offering enterprise monitoring services in IaaS environments with a goal of allowing more management control to the client company. EarthLink, for example, offers a server monitoring and management service as well as a network monitoring and management service for cloud customers.
Comprehensive monitoring services require access and visibility to data flows in a network.
In order to establish a monitoring program that includes network analysis, application performance and acceleration, intrusion prevention, data loss protection, encryption/decryption offloading and other specialized services, numerous appliances may be required. Packet Brokers give access to the network traffic and help enterprise networks and cloud service providers manage the panoply of appliances that are required for robust monitoring.
Packet Brokers provide the physical access ports required for connections into monitoring appliances but that is only the beginning. Intelligent features like filtering and port mapping ensure that the right information is sent to the right appliance. Access ports are protected from unauthorized access and fail-over features help maintain network operation when appliances lose power or are out of service. Packet Brokers also allow safe removal of redundant data. Not all traffic that flows through a Network Packet Broker is useful – some data may be duplicated. To save time and processing power, duplicate packets and other redundant data can be removed before reaching monitoring and security tools. During this process it’s imperative that relevant original data isn’t accidentally dropped. Additionally, having a network TAP working alongside your Packet Broker provides the first layer of network visibility. So in 2017, The Rolling Stones might now be singing, “Hey! You! Get on my cloud” – but only if they have good access traffic control implemented, as well as good security.