This presentation for Inside Analysis' Briefing Room explains the ExtraHop architecture for stream analytics. This concept enables you to mine all your wire data, which is all the data in motion in your environment.
2. Host
Eric Kavanagh
CEO, The Bloor Group
Presenter
Erik Giesa
SVP, Marketing and
Business Development,
ExtraHop Networks
Analyst
Mark Madsen
Research Analyst,
Third Nature
3.
4.
5. 432 TB
of analysis
@40 Gbps/day
216 TB
of analysis
@20 Gbps/day
108 TB
of analysis
@10 Gbps/day
11 TB
of analysis @1
Gbps/day
8. 1) Data Collection
• Unmatched scalability – Up to 40 Gbps
sustained throughput. Bulk SSL decryption at
line rate up to 64,000 SSL TPS using 2048-bit
keys @ 40 Gbps.
2) StreamOS
• Full-stream reassembly – Requisite for true
application fluency; understand sessions,
flows, and transactions.
• Broad protocol support – 40+ wire protocols
supported out of the box, including storage
and all major databases.
3) Trigger Engine
• Automatically executes on system events
through the ExtraHop trigger API.
4) Streaming Datastore
• More than 3,000 metrics that populate
customizable, real-time dashboards.
5) Full Transaction Records
• Rich transaction, message, and flow data
continuously gathered from across tiers, in a
consistent format
1
2
3
4
5
1
2
3
5
4
9. Wire Data Example (a small subset)
Zero modifications to applications or infrastructure are required unlike logs, machine data, or APM agents.
All data is processed, indexed, and stored in real time from live data streams off the wire.
Customer adds products to ecommerce
shopping cart. All page objects and user
interactions are measured and recorded in
real time. Order is placed and confirmed.
Customer order and payment are
received and approved confirming order
above.
Application selects and writes to database.
Every individual database method,
statement, and associated contextual data is
measured and recorded.
Behavior / Action
Real-Time Business and IT
Intelligence
• Correlate end-user performance with
purchasing patterns
• Drive DevOps website optimization
• Invest in IT based on observed fact
• Guarantee SLAs
• Rapid triage and troubleshooting
• Proactively alert and warn
• Track product and customer demand
• Top sellers by location, time, and offers
• Multi-dimensional business analysis and
correlation
• Business process monitoring
• Security analytics
• Tune applications and databases
• Manage application lifecycles
• Perform root cause analysis
• Detect and prevent data exfiltration
• Enable smart capacity planning
ExtraHop is the only vendor who can transform all network packets into structured Wire Data as in this example.
14. It’s an anomaly. We’ve only seen it once. We can work with the
merchant to understand why it happened and attempt to
resolve it.
Editor's Notes
Out-of-the-box, the ExtraHop platform delivers more functionality than any other comparable product on the market. At the core of our Discover appliance, we have the real-time stream processor, which transforms raw unstructured packets into structured wire data. It takes packets off the wire and reassembles them into full streams. This is what enables ExtraHop to understand application behavior. Unlike other products that claim to be application-aware, this capability makes ExtraHop truly application fluent.
Our platform offers broad protocol support, including for important storage protocols and all major databases. If you have Citrix in your environment, ExtraHop is the only vendor to license the ICA protocol for real-time analysis.
We analyze all communications on the wire to record more than 3,400 metrics out of the box. Other products record only hundreds, and for only a few protocols. This means that ExtraHop delivers immediate value as soon as you start sending it traffic.
Finally, we do all of this at tremendous scale. A single 2U appliance can handle up to a sustained 40 Gigabits per second. If your traffic is encrypted, we also offer SSL decryption capabilities so that you can see all of your wire data. This bulk decryption can scale to 64,000 SSL transactions per second using 2048-bit keys.
This is a sample of the toplevel dashboard for the service provider. It shows high level business information for the health of the application such as the number of transactions, what types of credit cards are in use, revenue, what state the cards are coming from.
This shows the most recent transactions for the entire application without any filtering.
Calls from users that people are getting double charged –
The same data, but grouped by the orderid attribute. The “Group By” operationanalyzes all records during the selected time frame and counts how many times the selected attribute occurs within the dataset. Any entries that occur more than once will have a value more than 1, and indicate an impacted customer.
We have access to every single transaction – filter by OrderID and anything that happens more than once = double charge.
Filtering for just the one orderid that was shown to be aduplicate provides all of the details for those transactions such as the merchant.
We’ve found the needle in the haystack – we know who was affected and valided the charges and the merchant who was charging. We’ve solved the issue in a few clicks. So, eat it!