SlideShare ist ein Scribd-Unternehmen logo

Net Optics Top 5 Ways to Enhance Your Cisco Environment

L
LiveAction Next Generation Network Management Software

Get The Secrets You'll Want to Know When it comes to Cisco technology, most of us have wondered if we could do more to get the most out of our investments. Are we aware of all the “hidden gems”—advantages tucked away within the architecture that could put us ahead of the game with relatively little effort? Five Ways to Say Eureka! Recently, Sharon Besser delivered a talk at Cisco Live in which he presented the Top Five efficiency gems that can be a real bonanza for your Cisco investment. In this eBook he shares those configuration and design tips here for using Cisco technology to the utmost in monitoring and security. In addition, he discusses ways to use access switching and built-in Cisco features more effectively. Finally, the eBook covers key points to consider in relation to data center operation, interconnect and security. About Net Optics, Inc. Net Optics is the leading provider of Intelligent Access and Monitoring Architecture solutions that deliver real-time IT visibility, monitoring and control. As a result, businesses achieve peak performance in network analytics and security. More than 7,500 enterprises, service providers and government organizations—including 85 percent of the Fortune 100—trust Net Optics’ comprehensive smart access hardware and software solutions to plan, scale and future-proof their networks through an easy-to-use interface. Net Optics maintains a global presence through leading OEM partner and reseller networks.

Technologie
1 von 10
About the Author Sharon Besser, VP of Technology, Net Optics Inc. Sharon Besser has successfully created, developed and launched new security products for some of the industry’s leading technology vendors. Before joining Net Optics he served as Vice President of Product Strategy for application data security and compliance leader, Imperva. Previously, he served at Websense, a leading provider of the content filtering and web security solutions, where he was director of products. At Websense, Besser was primarily responsible for Content Protection Suite, which was recognized by independent research firm, Gartner as the market leader. Prior to Websense, Besser was director of products at PortAuthority Technologies, a provider of information leak prevention solutions which was acquired by Websense. Besser also served as director of Security Solutions for security vendor Check Point Software Technologies. Earlier in his career, Besser founded PubliCom, a provider of integrated data security and communications solutions, which was acquired by COMSEC. Besser holds a BSC in Mathematics, Computer Science and Geography from Bar Ilan University in Israel. Net Optics is a registered trademark of Net Optics, Inc. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. Copyright 1996-2013 Net Optics, Inc. All rights reserved.
Top Five Ways To Enhance Your Cisco Environment The Secrets You Will Want To Know When it comes to Cisco technology, most of us have wondered if we could do more to get the most out of our investments. Are we aware of all the “hidden gems”—advantages tucked away within the architecture that could put us ahead of the game with relatively little effort? Five Ways to Say Eureka! Recently, I delivered a talk at Cisco Live in which I presented the Top Five efficiency gems that can be a real bonanza for your Cisco investment. I’ll share those configuration and design tips here for using Cisco technology to the utmost in monitoring and security. In addition, I’ll discuss ways to use access switching and built-in Cisco features more effectively. Finally, I’ll cover key points to consider in relation to data center operation, interconnect and security. The Top Five at a Glance 1. Not all switches are created equal. Store-and-forward vs cut-through. Choose the right switch architecture and boost your efficiency. 2. Make sure you’re SEC(ure). Using MACsec (IEEE 802.1AE) protocol to provide switch-port-level encryption. 3. Don’t lose sight of the gems. Achieve virtual visibility without the overload penalty. 4. “SLA” yourself. Use built-in IP SLAs to benchmark and monitor the health and performance of your network. 5. Netflow is your friend. Learn it. Use it. Support it. 1
The Cisco Data Center: A Rich Vein of Productivity The multitiered Cisco data center is at the heart of today’s computational power, volume storage and sophisticated applications. It represents the leading edge of progress and potential in scalability, performance, flexibility and maintenance/ management. Naturally, efficient planning is key for resilience, agility and investment value. By investing in Cisco, you’ve staked your claim to the future of virtual computing. Now let’s mine those gems to strike it rich in optimizing your investment. 1. Not all switches are created equal. Store-and-forward vs. cut-through. Choose the right switch architecture and boost your efficiency. Today, you have your choice of two switching categories: 1) store-and-forward; and 2) the newer cut-through switching, which is increasingly popular for high-speed, lowlatency applications. But which one is ideal for you depends on several factors. Store-and-forward switching accepts the complete frame into the switch buffers for error checking before forwarding on to the network. Cut-through switching reads only the destination MAC address (the first six bytes of the frame following the preamble) to determine the switch port to forward traffic to. With store-and-forward switching, the LAN switch copies the entire frame into its onboard buffers and computes the cyclic redundancy check (CRC). The frame is discarded if it contains a CRC error or if it is a “runt” (less than 64 bytes including the CRC) or a “giant” (more than 1518 bytes including the CRC). If the frame contains no errors, the LAN switch looks up the destination address in its forwarding, or switching, table and determines the outgoing interface. It then forwards the frame toward its destination. 2 Top Five Ways To Enhance Your Cisco Environment
Cut-Through Switches Reduce Latency in the LAN A cut-through switch reduces latency because it begins to forward the frame as soon as it reads the destination address and determines the outgoing interface—even before the entire payload is received. The primary advantage of this approach lies in the amount of time the switch takes to start forwarding the packet (known as switch latency), which is on the order of a few microseconds, regardless of packet size. So, if latency issues are foremost for you, then cut-through switches will give you a better night’s sleep. Let’s take a theoretical application using 9000-byte frames. A cut-through switch can forward the frame a few microseconds to a few milliseconds earlier than its store-andforward counterpart (a few microseconds earlier in the case of 10-Gbps Ethernet). Cut-through switches are naturally more suited to extremely demanding, highperformance computing (HPC) applications that require process-to-process latencies of 10 microseconds or less. When Cut-Through Switching Is Not the Ideal Approach Certainly, store-and-forward switching delays the time it takes for the frame to get from source to destination. That’s because it waits to forward a frame until it has received the entire frame and checked it for errors, comparing the last field of the datagram against its own frame-check-sequence (FCS) calculations. So that additional time is spent ensuring that the packet is purged of physical and data-link errors. Invalid packets are dropped, whereas a a cut-through device would simply forward them on. Also, a store-and-forward switch can perform ingress buffering for the flexibility to support any mix of Ethernet speeds. For Cisco, advances in ASIC design and other progress now enable cut-through functions that are much more ingenious than in the past. With better load balancing abilities and other functions, Cisco switches, such as the low-latency Cisco Nexus 5000 or Cisco Catalyst family, can perform low-latency switching while still preserving the inspection advantages of store-and-forward switching. So now you can make an informed decision as to whether store-and-forward switching is worth the delay. In financial services and other HPC applications, where speed is of the utmost importance, you probably want to reduce latency to the lowest possible level by using the cut-through approach: Enterprises that employ HPC include: • Oil and gas exploration • Automotive and aerospace manufacturing • Biosciences • Financial data mining and market modeling • Academic and government research • Climate and weather simulation 3
2. Make sure you’re SEC(ure). Using MACsec (IEEE 802.1AE) protocol to provide switch-port-level encryption. When it comes to protecting data in motion, there aren’t too many solutions. Using encryption is considered one of the better methods to protect data but often requires installations of client applications. MACsec to the Rescue The MACsec protocol provides a method to encrypt data between two layer 2 points between the different network switches—without requiring an additional server application or changing the whole infrastructure to IPV6. MACsec lets you encrypt data communications between a switch and any attached device—most importantly communication on wired LANs. The protocol is the brainchild of the Institute of Electrical and Electronics Engineers (IEEE). Known as Security Standard 802.1AE. MACsec is the only reliable way of ensuring data integrity when it comes to independent media access Cisco provides switch-port-level encryption based on IEEE 802.1AE (MACsec) that spans the network—from endpoints to the access layer and all the way to the data center. Data encryption uses the 128-bit Advanced Encryption Standard (AES) cipher. Encryption lets you block man-in-the-middle attacks, snooping, and other forms of network intrusion and compromise. Layer 2 encryption can be implemented between an endpoint device and an access switch, or between switch ports. MACsec, Cisco, and Net Optics: a Triple Compliance and Security Solution MACsec is probably the best prescription on the market for CSO and CIO peace of mind. In a landmark Cisco Live demo in Cisco’s own booth, visitors could see in real time just how effectively Cisco’s new MACsec software protects the confidentiality of network LAN traffic. In MACsec-enabled switches, packets are encrypted on exiting the transmitting device and decrypted on entering the receiving device. They are “in the clear” only when they are within the respective devices. To prove the point, Net Optics HD8 Fiber Taps™ passively gathered data on the connections, sending transmissions to Net Optics Director xStream Pro™, which collected and displayed the data clearly in its user interface. The difference was dramatic: Unencrypted data from the non-MACsec machine, a Cisco 3500 switch, clearly revealed its types and protocols, an irresistible vulnerability to malicious intrusion. But the MACsec-protected data flowing from Cisco 6500 switches was impenetrable and unreadable. Cisco Catalyst and Nexus Switches: Cisco Catalyst® 2900, 3560, 3700, 4500, and 6500 Series Switches and Cisco Nexus® 7000 Series Switches interact with network users for authentication and authorization. Access to the network is dictated by policy, user identity, and other attributes. Flexible authentication methods include 802.1X, web authentication, and MAC authentication bypass, all controlled in a single configuration for each switch port. Furthermore, Cisco switches can tag each data packet with user identity information so that additional controls can be deployed anywhere in the network. Cisco Nexus switches also support MACsec for data-in-motion confidentiality and integrity protection. 4 Top Five Ways To Enhance Your Cisco Environment
3. Don’t lose sight of the gems. Achieve virtual visibility without the overload penalty. As adoption of virtualization gains momentum, data centers worldwide are building out their virtualized components. The growing adoption of hypervisor technologies creates monitoring, security, and compliance challenges as a result of virtual networks, switches and machines. Several solutions exist to improve manageability and visibility of virtual systems. Nexus 1010 Virtual Services Appliance: One of Cisco’s “hidden gems” Cisco Nexus 1010 VSA is an optional appliance that can provide improved management and scalability in Cisco Nexus 1000V Switch and VMware vSphere deployments. The Cisco Nexus 1000V can be deployed exclusively as software running in a VMware vSphere cluster; Cisco Nexus 1010 VSA provides customers with an additional deployment option, allowing administrators to completely offload management functions handled by the Cisco Nexus 1000V Virtual Supervisor Module (VSM). This approach gives administrators improved scalability and availability for the VSM. Cisco Nexus 1010 VSA offers impressive benefits: • A dedicated appliance for VSMs simplifies the overall design and management of the VMware vSphere cluster by moving the VSMs off the VMware hosts. Eliminating the dependency on VMware means that networking services are no longer dependent on the VMware server’s being up and running, which can be helpful during scenarios such as data center restarts. • Because the Cisco Nexus 1010 VSA runs Cisco NX-OS and VSMs are now being installed on the VSA instead of on a VMware vSphere server, the network operations team is working in a familiar environment and gets a total Cisco installation experience. • The automatic support of active-standby VSMs improves overall system availability. But Cisco’s switch doesn’t provide the same level of visibility as a true network Tap. So the question becomes, how do you achieve the 100 percent visibility that you need for compliance and security purposes? Phantom Virtual Tap to the Rescue for Total Inter-VM Visibility—Penalty-Free Net Optics’ groundbreaking Phantom Virtual Tap was engineered to monitor traffic going through the Cisco virtual switch using Nexus 1000v. The key to this advantage is visibility: Phantom enhances network visibility, including inter-VM traffic monitoring, without suffering from the inherent limitations of hypervisor Span ports. This makes it an ideal security and compliance resource that: • Delivers 100 percent visibility of traffic passing between VMs on hypervisor stacks • Supports best-of-breed hypervisors and virtual switches • Integrates seamlessly with the hypervisor at the kernel level 5
• Eliminates promiscuous probes or counterintuitive shaping and routing • Bridges virtual traffic to physical monitoring tools Net Optics Phantom Virtual Tap protects records and transactions from malicious intrusion while documenting compliance with regulations such as Payment Card Industry (PCI) standards and SOX-404. Virtualization presents a new, unique set of challenges for auditors needing visibility of virtualized as well as physical data. This makes the Phantom Virtual Tap a welcome resource. Whether the concern is passing encrypted credit card numbers between infrastructures, monitoring derivatives, or conducting other complex transactions, the Phantom Virtual Tap keeps data isolated, secure and verifiable. 4. “SLA” yourself. Use built-in IP SLAs to benchmark and monitor the health and performance of your network Cisco IOS IP Service Level Agreements, known as IP SLA, is a hidden gem built into most Cisco devices that deserves more widespread knowledge and use than it has been getting. This important component is a network’s best friend, letting you measure and benchmark performance, identify issues and alert when you’re going off standard benchmarks. The value is self-evident. A network engineer may need to evaluate a design or evaluate a QoS approach. It’s a natural for helping troubleshoot the network. And with its focus solely on performance metrics, IP SLA helps confirm new business-critical IP applications and IP services that utilize data, voice, and video, in an IP network. Cisco has augmented traditional service level monitoring and advanced the IP infrastructure to become IP application-aware by measuring both end-to-end and at the IP layer. With Cisco IP SLA, you can verify service guarantees, increase network reliability, proactively identify network issues, and increase Return on Investment (ROI) by streamlining deployment of new IP services. Cisco IP SLA uses active monitoring to generate traffic in a continuous, reliable, and predictable manner—an important resource for measuring network performance and health. 5. Netflow is your friend. Learn it. Use it . Support it. I’ll bet all of you have Netflow—and I’ll also bet that most of you are not using it to its full extent or gaining full benefit. Surprisingly few people know how to get the most out of this unique technology, qualifying it as a bona fide hidden gem. This is surprising because it shines very brightly, particularly for security and compliance purposes. 6 Top Five Ways To Enhance Your Cisco Environment
Netflow is a feature of Cisco IOS software that monitors packet flows across a router. It identifies protocol elements used and extracts packet content and metadata for analysis of data relationships and communications patterns. With Netflow, you can monitor a particular IP address so as to actually see where that address originated, where it ended, and how long it took to get there and back. For Service Providers this information is critical in billing customers for differentiated services or QoS. Another benefit is that Netflow ties into superb public domain tools you can use in any size deployment. So—why should Netflow be a hidden gem? Maybe it’s merely perceptions that prevent users from taking advantage of all it has to offer—such as the “it’s difficult to deploy” perception. Not so! Your Netflow vendor can help, as well as ensure that you have Netflow Version 9 with its free tools to enhance your Cisco investment. Cisco’s suite of virtual data center offerings is growing. The launch of such products as the Nexus 1000V and the VN-Link means that thousands more organizations can now utilize Cisco solutions to support their data center virtualization plans. But even as virtualization soars, stringent regulations proliferate and threaten to clip the productivity and competitiveness wings of companies lacking intelligent access and monitoring solutions. Virtual Visibility Plus Netflow Eases Compliance and Security Tasks Now you can take Netflow-generated network statistics, and integrate them with Director xStream Pro for almost unlimited compliance visibility. Net Optics is the only company capable of providing the enterprise-level reliability in monitoring and access demanded by Cisco’s Data Center 3.0 environments. The Phantom solution enables faster and broader adoption of virtualization technologies concurrent with Cisco’s advances across organizations worldwide. Net Optics Is a Close Fit, Now and in the Future, with Cisco’s Vision Net Optics solutions work hand-in-glove with Cisco products to deliver monitoring and access capabilities to Cisco’s Data Center 3.0 environments and beyond. Right now, by providing total visibility of data and traffic running through Cisco’s Virtual Infrastructure solutions—including VN-Link with Cisco Nexus 1000V—the Net Optics Phantom Virtual Tap is a vital resource for compliance, security and management in your Cisco environment. This tight integration helps to fortify Cisco’s multi-tier data center vision and spur faster, broader adoption of virtualization technologies in organizations worldwide. Find out more about how Net Optics helps you put the Top Five to work in your Cisco environment. visit www.netoptics.com or contact Net Optics at (408) 737-7777. 7
Net Optics, inc. 5303 Betsy Ross Drive Santa Clara, CA 95054 (408) 737-7777 twitter.com/netoptics www.netoptics.com Top Five Ways To Enhance Your Cisco Environment

Empfohlen

Taller 6 jose luis giraldo gomez 8d
Taller 6 jose luis giraldo gomez 8dTaller 6 jose luis giraldo gomez 8d
Taller 6 jose luis giraldo gomez 8dJose Luis Giraldo Gomez
 
Carol cel mare2
Carol cel mare2Carol cel mare2
Carol cel mare2gruianul
 
Módulo 2
Módulo 2Módulo 2
Módulo 2Ruth Navarro Vila
 
Desarrollo de la guia 1
Desarrollo de la guia 1Desarrollo de la guia 1
Desarrollo de la guia 1DEIBY MUÑOZ PEÑA
 
Folleto deiby
Folleto deibyFolleto deiby
Folleto deibyDEIBY MUÑOZ PEÑA
 
uso de las tics
uso de las ticsuso de las tics
uso de las ticsDEIBY MUÑOZ PEÑA
 
Power point
Power pointPower point
Power point40046798
 
Building a Hierarchical Data Model Using the Latest IBM Informix Features
Building a Hierarchical Data Model Using the Latest IBM Informix FeaturesBuilding a Hierarchical Data Model Using the Latest IBM Informix Features
Building a Hierarchical Data Model Using the Latest IBM Informix FeaturesAjay Gupte
 

Empfohlen

Taller 6 jose luis giraldo gomez 8d
Taller 6 jose luis giraldo gomez 8dTaller 6 jose luis giraldo gomez 8d
Taller 6 jose luis giraldo gomez 8dJose Luis Giraldo Gomez
 
Carol cel mare2
Carol cel mare2Carol cel mare2
Carol cel mare2gruianul
 
Módulo 2
Módulo 2Módulo 2
Módulo 2Ruth Navarro Vila
 
Desarrollo de la guia 1
Desarrollo de la guia 1Desarrollo de la guia 1
Desarrollo de la guia 1DEIBY MUÑOZ PEÑA
 
Folleto deiby
Folleto deibyFolleto deiby
Folleto deibyDEIBY MUÑOZ PEÑA
 
uso de las tics
uso de las ticsuso de las tics
uso de las ticsDEIBY MUÑOZ PEÑA
 
Power point
Power pointPower point
Power point40046798
 
Building a Hierarchical Data Model Using the Latest IBM Informix Features
Building a Hierarchical Data Model Using the Latest IBM Informix FeaturesBuilding a Hierarchical Data Model Using the Latest IBM Informix Features
Building a Hierarchical Data Model Using the Latest IBM Informix FeaturesAjay Gupte
 
Exponetns power point
Exponetns power pointExponetns power point
Exponetns power point41702001
 
База+строительство
База+строительствоБаза+строительство
База+строительствоKoderline
 
Power point 2
Power point 2Power point 2
Power point 240046798
 
Pi nd bi
Pi nd biPi nd bi
Pi nd bi41702001
 
Connecting the dots
Connecting the dotsConnecting the dots
Connecting the dotsJai Wadhwani
 
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...Evelyn Howe
 
Lectura de apoyo para la practica
Lectura de apoyo para la practicaLectura de apoyo para la practica
Lectura de apoyo para la practicaalexandra hincapié guzman
 
Bull and Bear Markets
Bull and Bear MarketsBull and Bear Markets
Bull and Bear MarketsBrent Burns
 
15020243019_NiharicaOgale_Final_Report
15020243019_NiharicaOgale_Final_Report15020243019_NiharicaOgale_Final_Report
15020243019_NiharicaOgale_Final_ReportNiharica Ogale
 
Torsion testicular
Torsion testicularTorsion testicular
Torsion testicularEsaú Ramírez C
 
Jeg liker så godt følelsen av papir
Jeg liker så godt følelsen av papirJeg liker så godt følelsen av papir
Jeg liker så godt følelsen av papirMariann Lokse
 
Les journées de Chipo - Jour 355
Les journées de Chipo - Jour 355Les journées de Chipo - Jour 355
Les journées de Chipo - Jour 355Figaronron Figaronron
 
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...LiveAction Next Generation Network Management Software
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYODLiveAction Next Generation Network Management Software
 
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...LiveAction Next Generation Network Management Software
 
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...LiveAction Next Generation Network Management Software
 
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...LiveAction Next Generation Network Management Software
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefLiveAction Next Generation Network Management Software
 
Infographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance IssuesInfographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance IssuesLiveAction Next Generation Network Management Software
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureLiveAction Next Generation Network Management Software
 
Leveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and EfficiencyLeveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and EfficiencyLiveAction Next Generation Network Management Software
 
Security-Centric Networking
Security-Centric NetworkingSecurity-Centric Networking
Security-Centric NetworkingLiveAction Next Generation Network Management Software
 

Weitere ähnliche Inhalte

Andere mochten auch

Exponetns power point
Exponetns power pointExponetns power point
Exponetns power point41702001
 
База+строительство
База+строительствоБаза+строительство
База+строительствоKoderline
 
Power point 2
Power point 2Power point 2
Power point 240046798
 
Connecting the dots
Connecting the dotsConnecting the dots
Connecting the dotsJai Wadhwani
 
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...Evelyn Howe
 
Bull and Bear Markets
Bull and Bear MarketsBull and Bear Markets
Bull and Bear MarketsBrent Burns
 
15020243019_NiharicaOgale_Final_Report
15020243019_NiharicaOgale_Final_Report15020243019_NiharicaOgale_Final_Report
15020243019_NiharicaOgale_Final_ReportNiharica Ogale
 
Jeg liker så godt følelsen av papir
Jeg liker så godt følelsen av papirJeg liker så godt følelsen av papir
Jeg liker så godt følelsen av papirMariann Lokse
 

Andere mochten auch (12)

Exponetns power point
Exponetns power pointExponetns power point
Exponetns power point
 
База+строительство
База+строительствоБаза+строительство
База+строительство
 
Power point 2
Power point 2Power point 2
Power point 2
 
Pi nd bi
Pi nd biPi nd bi
Pi nd bi
 
Connecting the dots
Connecting the dotsConnecting the dots
Connecting the dots
 
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
Mindfulness Stress Reduction Training Workshop for Social Workers and Helping...
 
Lectura de apoyo para la practica
Lectura de apoyo para la practicaLectura de apoyo para la practica
Lectura de apoyo para la practica
 
Bull and Bear Markets
Bull and Bear MarketsBull and Bear Markets
Bull and Bear Markets
 
15020243019_NiharicaOgale_Final_Report
15020243019_NiharicaOgale_Final_Report15020243019_NiharicaOgale_Final_Report
15020243019_NiharicaOgale_Final_Report
 
Torsion testicular
Torsion testicularTorsion testicular
Torsion testicular
 
Jeg liker så godt følelsen av papir
Jeg liker så godt følelsen av papirJeg liker så godt følelsen av papir
Jeg liker så godt følelsen av papir
 
Les journées de Chipo - Jour 355
Les journées de Chipo - Jour 355Les journées de Chipo - Jour 355
Les journées de Chipo - Jour 355
 

Mehr von LiveAction Next Generation Network Management Software

Mehr von LiveAction Next Generation Network Management Software (20)

VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
VMware and Net Optics an Ixia company Provide Solutions for Monitoring for Vi...
 
Navigating the Flood of BYOD
Navigating the Flood of BYODNavigating the Flood of BYOD
Navigating the Flood of BYOD
 
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
Palo Alto Networks - Next-generation Firewall Security with Expanding Scalabi...
 
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
 
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution Brief
 
Infographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance IssuesInfographic: Aim Straight at Your Application Performance Issues
Infographic: Aim Straight at Your Application Performance Issues
 
The New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler ArchitectureThe New Intelligent Network: Building a Smarter, Simpler Architecture
The New Intelligent Network: Building a Smarter, Simpler Architecture
 
Leveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and EfficiencyLeveraging vSphere 5.0 For Optimal Visibility and Efficiency
Leveraging vSphere 5.0 For Optimal Visibility and Efficiency
 
Security-Centric Networking
Security-Centric NetworkingSecurity-Centric Networking
Security-Centric Networking
 
Big Data is on a Collision Course With Your Network - Are You Ready?
Big Data is on a Collision Course With Your Network - Are You Ready?Big Data is on a Collision Course With Your Network - Are You Ready?
Big Data is on a Collision Course With Your Network - Are You Ready?
 
Overview of Net Optics Director Pro 10Gbps Data Monitoring Switch
Overview of Net Optics Director Pro 10Gbps Data Monitoring SwitchOverview of Net Optics Director Pro 10Gbps Data Monitoring Switch
Overview of Net Optics Director Pro 10Gbps Data Monitoring Switch
 
Is the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the SwordIs the Network Tap Mightier Than the Sword
Is the Network Tap Mightier Than the Sword
 
The Secret to Surviving the Network Deluge
The Secret to Surviving the Network DelugeThe Secret to Surviving the Network Deluge
The Secret to Surviving the Network Deluge
 
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
Conquering Data Monitoring Challenges in the Realm of Derivatives Trading Sys...
 
Net Optics' Virtualization Solutions Deployment Case Study
Net Optics' Virtualization Solutions Deployment Case StudyNet Optics' Virtualization Solutions Deployment Case Study
Net Optics' Virtualization Solutions Deployment Case Study
 
Lawful Interception in Virtual Environments
Lawful Interception in Virtual EnvironmentsLawful Interception in Virtual Environments
Lawful Interception in Virtual Environments
 
High-Availability Security Monitoring Using Bypass Switches
High-Availability Security Monitoring Using Bypass SwitchesHigh-Availability Security Monitoring Using Bypass Switches
High-Availability Security Monitoring Using Bypass Switches
 
What is a virtual tap?
What is a virtual tap?What is a virtual tap?
What is a virtual tap?
 
Tap Into the Health of Your Network
Tap Into the Health of Your NetworkTap Into the Health of Your Network
Tap Into the Health of Your Network
 

Kürzlich hochgeladen

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Net Optics Top 5 Ways to Enhance Your Cisco Environment

  • 1.
  • 2. About the Author Sharon Besser, VP of Technology, Net Optics Inc. Sharon Besser has successfully created, developed and launched new security products for some of the industry’s leading technology vendors. Before joining Net Optics he served as Vice President of Product Strategy for application data security and compliance leader, Imperva. Previously, he served at Websense, a leading provider of the content filtering and web security solutions, where he was director of products. At Websense, Besser was primarily responsible for Content Protection Suite, which was recognized by independent research firm, Gartner as the market leader. Prior to Websense, Besser was director of products at PortAuthority Technologies, a provider of information leak prevention solutions which was acquired by Websense. Besser also served as director of Security Solutions for security vendor Check Point Software Technologies. Earlier in his career, Besser founded PubliCom, a provider of integrated data security and communications solutions, which was acquired by COMSEC. Besser holds a BSC in Mathematics, Computer Science and Geography from Bar Ilan University in Israel. Net Optics is a registered trademark of Net Optics, Inc. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. Copyright 1996-2013 Net Optics, Inc. All rights reserved.
  • 3. Top Five Ways To Enhance Your Cisco Environment The Secrets You Will Want To Know When it comes to Cisco technology, most of us have wondered if we could do more to get the most out of our investments. Are we aware of all the “hidden gems”—advantages tucked away within the architecture that could put us ahead of the game with relatively little effort? Five Ways to Say Eureka! Recently, I delivered a talk at Cisco Live in which I presented the Top Five efficiency gems that can be a real bonanza for your Cisco investment. I’ll share those configuration and design tips here for using Cisco technology to the utmost in monitoring and security. In addition, I’ll discuss ways to use access switching and built-in Cisco features more effectively. Finally, I’ll cover key points to consider in relation to data center operation, interconnect and security. The Top Five at a Glance 1. Not all switches are created equal. Store-and-forward vs cut-through. Choose the right switch architecture and boost your efficiency. 2. Make sure you’re SEC(ure). Using MACsec (IEEE 802.1AE) protocol to provide switch-port-level encryption. 3. Don’t lose sight of the gems. Achieve virtual visibility without the overload penalty. 4. “SLA” yourself. Use built-in IP SLAs to benchmark and monitor the health and performance of your network. 5. Netflow is your friend. Learn it. Use it. Support it. 1
  • 4. The Cisco Data Center: A Rich Vein of Productivity The multitiered Cisco data center is at the heart of today’s computational power, volume storage and sophisticated applications. It represents the leading edge of progress and potential in scalability, performance, flexibility and maintenance/ management. Naturally, efficient planning is key for resilience, agility and investment value. By investing in Cisco, you’ve staked your claim to the future of virtual computing. Now let’s mine those gems to strike it rich in optimizing your investment. 1. Not all switches are created equal. Store-and-forward vs. cut-through. Choose the right switch architecture and boost your efficiency. Today, you have your choice of two switching categories: 1) store-and-forward; and 2) the newer cut-through switching, which is increasingly popular for high-speed, lowlatency applications. But which one is ideal for you depends on several factors. Store-and-forward switching accepts the complete frame into the switch buffers for error checking before forwarding on to the network. Cut-through switching reads only the destination MAC address (the first six bytes of the frame following the preamble) to determine the switch port to forward traffic to. With store-and-forward switching, the LAN switch copies the entire frame into its onboard buffers and computes the cyclic redundancy check (CRC). The frame is discarded if it contains a CRC error or if it is a “runt” (less than 64 bytes including the CRC) or a “giant” (more than 1518 bytes including the CRC). If the frame contains no errors, the LAN switch looks up the destination address in its forwarding, or switching, table and determines the outgoing interface. It then forwards the frame toward its destination. 2 Top Five Ways To Enhance Your Cisco Environment
  • 5. Cut-Through Switches Reduce Latency in the LAN A cut-through switch reduces latency because it begins to forward the frame as soon as it reads the destination address and determines the outgoing interface—even before the entire payload is received. The primary advantage of this approach lies in the amount of time the switch takes to start forwarding the packet (known as switch latency), which is on the order of a few microseconds, regardless of packet size. So, if latency issues are foremost for you, then cut-through switches will give you a better night’s sleep. Let’s take a theoretical application using 9000-byte frames. A cut-through switch can forward the frame a few microseconds to a few milliseconds earlier than its store-andforward counterpart (a few microseconds earlier in the case of 10-Gbps Ethernet). Cut-through switches are naturally more suited to extremely demanding, highperformance computing (HPC) applications that require process-to-process latencies of 10 microseconds or less. When Cut-Through Switching Is Not the Ideal Approach Certainly, store-and-forward switching delays the time it takes for the frame to get from source to destination. That’s because it waits to forward a frame until it has received the entire frame and checked it for errors, comparing the last field of the datagram against its own frame-check-sequence (FCS) calculations. So that additional time is spent ensuring that the packet is purged of physical and data-link errors. Invalid packets are dropped, whereas a a cut-through device would simply forward them on. Also, a store-and-forward switch can perform ingress buffering for the flexibility to support any mix of Ethernet speeds. For Cisco, advances in ASIC design and other progress now enable cut-through functions that are much more ingenious than in the past. With better load balancing abilities and other functions, Cisco switches, such as the low-latency Cisco Nexus 5000 or Cisco Catalyst family, can perform low-latency switching while still preserving the inspection advantages of store-and-forward switching. So now you can make an informed decision as to whether store-and-forward switching is worth the delay. In financial services and other HPC applications, where speed is of the utmost importance, you probably want to reduce latency to the lowest possible level by using the cut-through approach: Enterprises that employ HPC include: • Oil and gas exploration • Automotive and aerospace manufacturing • Biosciences • Financial data mining and market modeling • Academic and government research • Climate and weather simulation 3
  • 6. 2. Make sure you’re SEC(ure). Using MACsec (IEEE 802.1AE) protocol to provide switch-port-level encryption. When it comes to protecting data in motion, there aren’t too many solutions. Using encryption is considered one of the better methods to protect data but often requires installations of client applications. MACsec to the Rescue The MACsec protocol provides a method to encrypt data between two layer 2 points between the different network switches—without requiring an additional server application or changing the whole infrastructure to IPV6. MACsec lets you encrypt data communications between a switch and any attached device—most importantly communication on wired LANs. The protocol is the brainchild of the Institute of Electrical and Electronics Engineers (IEEE). Known as Security Standard 802.1AE. MACsec is the only reliable way of ensuring data integrity when it comes to independent media access Cisco provides switch-port-level encryption based on IEEE 802.1AE (MACsec) that spans the network—from endpoints to the access layer and all the way to the data center. Data encryption uses the 128-bit Advanced Encryption Standard (AES) cipher. Encryption lets you block man-in-the-middle attacks, snooping, and other forms of network intrusion and compromise. Layer 2 encryption can be implemented between an endpoint device and an access switch, or between switch ports. MACsec, Cisco, and Net Optics: a Triple Compliance and Security Solution MACsec is probably the best prescription on the market for CSO and CIO peace of mind. In a landmark Cisco Live demo in Cisco’s own booth, visitors could see in real time just how effectively Cisco’s new MACsec software protects the confidentiality of network LAN traffic. In MACsec-enabled switches, packets are encrypted on exiting the transmitting device and decrypted on entering the receiving device. They are “in the clear” only when they are within the respective devices. To prove the point, Net Optics HD8 Fiber Taps™ passively gathered data on the connections, sending transmissions to Net Optics Director xStream Pro™, which collected and displayed the data clearly in its user interface. The difference was dramatic: Unencrypted data from the non-MACsec machine, a Cisco 3500 switch, clearly revealed its types and protocols, an irresistible vulnerability to malicious intrusion. But the MACsec-protected data flowing from Cisco 6500 switches was impenetrable and unreadable. Cisco Catalyst and Nexus Switches: Cisco Catalyst® 2900, 3560, 3700, 4500, and 6500 Series Switches and Cisco Nexus® 7000 Series Switches interact with network users for authentication and authorization. Access to the network is dictated by policy, user identity, and other attributes. Flexible authentication methods include 802.1X, web authentication, and MAC authentication bypass, all controlled in a single configuration for each switch port. Furthermore, Cisco switches can tag each data packet with user identity information so that additional controls can be deployed anywhere in the network. Cisco Nexus switches also support MACsec for data-in-motion confidentiality and integrity protection. 4 Top Five Ways To Enhance Your Cisco Environment
  • 7. 3. Don’t lose sight of the gems. Achieve virtual visibility without the overload penalty. As adoption of virtualization gains momentum, data centers worldwide are building out their virtualized components. The growing adoption of hypervisor technologies creates monitoring, security, and compliance challenges as a result of virtual networks, switches and machines. Several solutions exist to improve manageability and visibility of virtual systems. Nexus 1010 Virtual Services Appliance: One of Cisco’s “hidden gems” Cisco Nexus 1010 VSA is an optional appliance that can provide improved management and scalability in Cisco Nexus 1000V Switch and VMware vSphere deployments. The Cisco Nexus 1000V can be deployed exclusively as software running in a VMware vSphere cluster; Cisco Nexus 1010 VSA provides customers with an additional deployment option, allowing administrators to completely offload management functions handled by the Cisco Nexus 1000V Virtual Supervisor Module (VSM). This approach gives administrators improved scalability and availability for the VSM. Cisco Nexus 1010 VSA offers impressive benefits: • A dedicated appliance for VSMs simplifies the overall design and management of the VMware vSphere cluster by moving the VSMs off the VMware hosts. Eliminating the dependency on VMware means that networking services are no longer dependent on the VMware server’s being up and running, which can be helpful during scenarios such as data center restarts. • Because the Cisco Nexus 1010 VSA runs Cisco NX-OS and VSMs are now being installed on the VSA instead of on a VMware vSphere server, the network operations team is working in a familiar environment and gets a total Cisco installation experience. • The automatic support of active-standby VSMs improves overall system availability. But Cisco’s switch doesn’t provide the same level of visibility as a true network Tap. So the question becomes, how do you achieve the 100 percent visibility that you need for compliance and security purposes? Phantom Virtual Tap to the Rescue for Total Inter-VM Visibility—Penalty-Free Net Optics’ groundbreaking Phantom Virtual Tap was engineered to monitor traffic going through the Cisco virtual switch using Nexus 1000v. The key to this advantage is visibility: Phantom enhances network visibility, including inter-VM traffic monitoring, without suffering from the inherent limitations of hypervisor Span ports. This makes it an ideal security and compliance resource that: • Delivers 100 percent visibility of traffic passing between VMs on hypervisor stacks • Supports best-of-breed hypervisors and virtual switches • Integrates seamlessly with the hypervisor at the kernel level 5
  • 8. • Eliminates promiscuous probes or counterintuitive shaping and routing • Bridges virtual traffic to physical monitoring tools Net Optics Phantom Virtual Tap protects records and transactions from malicious intrusion while documenting compliance with regulations such as Payment Card Industry (PCI) standards and SOX-404. Virtualization presents a new, unique set of challenges for auditors needing visibility of virtualized as well as physical data. This makes the Phantom Virtual Tap a welcome resource. Whether the concern is passing encrypted credit card numbers between infrastructures, monitoring derivatives, or conducting other complex transactions, the Phantom Virtual Tap keeps data isolated, secure and verifiable. 4. “SLA” yourself. Use built-in IP SLAs to benchmark and monitor the health and performance of your network Cisco IOS IP Service Level Agreements, known as IP SLA, is a hidden gem built into most Cisco devices that deserves more widespread knowledge and use than it has been getting. This important component is a network’s best friend, letting you measure and benchmark performance, identify issues and alert when you’re going off standard benchmarks. The value is self-evident. A network engineer may need to evaluate a design or evaluate a QoS approach. It’s a natural for helping troubleshoot the network. And with its focus solely on performance metrics, IP SLA helps confirm new business-critical IP applications and IP services that utilize data, voice, and video, in an IP network. Cisco has augmented traditional service level monitoring and advanced the IP infrastructure to become IP application-aware by measuring both end-to-end and at the IP layer. With Cisco IP SLA, you can verify service guarantees, increase network reliability, proactively identify network issues, and increase Return on Investment (ROI) by streamlining deployment of new IP services. Cisco IP SLA uses active monitoring to generate traffic in a continuous, reliable, and predictable manner—an important resource for measuring network performance and health. 5. Netflow is your friend. Learn it. Use it . Support it. I’ll bet all of you have Netflow—and I’ll also bet that most of you are not using it to its full extent or gaining full benefit. Surprisingly few people know how to get the most out of this unique technology, qualifying it as a bona fide hidden gem. This is surprising because it shines very brightly, particularly for security and compliance purposes. 6 Top Five Ways To Enhance Your Cisco Environment
  • 9. Netflow is a feature of Cisco IOS software that monitors packet flows across a router. It identifies protocol elements used and extracts packet content and metadata for analysis of data relationships and communications patterns. With Netflow, you can monitor a particular IP address so as to actually see where that address originated, where it ended, and how long it took to get there and back. For Service Providers this information is critical in billing customers for differentiated services or QoS. Another benefit is that Netflow ties into superb public domain tools you can use in any size deployment. So—why should Netflow be a hidden gem? Maybe it’s merely perceptions that prevent users from taking advantage of all it has to offer—such as the “it’s difficult to deploy” perception. Not so! Your Netflow vendor can help, as well as ensure that you have Netflow Version 9 with its free tools to enhance your Cisco investment. Cisco’s suite of virtual data center offerings is growing. The launch of such products as the Nexus 1000V and the VN-Link means that thousands more organizations can now utilize Cisco solutions to support their data center virtualization plans. But even as virtualization soars, stringent regulations proliferate and threaten to clip the productivity and competitiveness wings of companies lacking intelligent access and monitoring solutions. Virtual Visibility Plus Netflow Eases Compliance and Security Tasks Now you can take Netflow-generated network statistics, and integrate them with Director xStream Pro for almost unlimited compliance visibility. Net Optics is the only company capable of providing the enterprise-level reliability in monitoring and access demanded by Cisco’s Data Center 3.0 environments. The Phantom solution enables faster and broader adoption of virtualization technologies concurrent with Cisco’s advances across organizations worldwide. Net Optics Is a Close Fit, Now and in the Future, with Cisco’s Vision Net Optics solutions work hand-in-glove with Cisco products to deliver monitoring and access capabilities to Cisco’s Data Center 3.0 environments and beyond. Right now, by providing total visibility of data and traffic running through Cisco’s Virtual Infrastructure solutions—including VN-Link with Cisco Nexus 1000V—the Net Optics Phantom Virtual Tap is a vital resource for compliance, security and management in your Cisco environment. This tight integration helps to fortify Cisco’s multi-tier data center vision and spur faster, broader adoption of virtualization technologies in organizations worldwide. Find out more about how Net Optics helps you put the Top Five to work in your Cisco environment. visit www.netoptics.com or contact Net Optics at (408) 737-7777. 7
  • 10. Net Optics, inc. 5303 Betsy Ross Drive Santa Clara, CA 95054 (408) 737-7777 twitter.com/netoptics www.netoptics.com Top Five Ways To Enhance Your Cisco Environment