Stream Analytics for Data in Motion
•Download as PPTX, PDF•
2 likes•809 views
This presentation for Inside Analysis' Briefing Room explains the ExtraHop architecture for stream analytics. This concept enables you to mine all your wire data, which is all the data in motion in your environment.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Stream Analytics for Data in Motion
Similar to Stream Analytics for Data in Motion (20)
More from ExtraHop Networks
More from ExtraHop Networks (10)
Recently uploaded
Recently uploaded (20)
Stream Analytics for Data in Motion
- 2. Host Eric Kavanagh CEO, The Bloor Group Presenter Erik Giesa SVP, Marketing and Business Development, ExtraHop Networks Analyst Mark Madsen Research Analyst, Third Nature
- 5. 432 TB of analysis @40 Gbps/day 216 TB of analysis @20 Gbps/day 108 TB of analysis @10 Gbps/day 11 TB of analysis @1 Gbps/day
- 6. Se
- 7. Se VS Machine Data: System self-reported Wire Data: Real-time observed activity of all communications
- 8. 1) Data Collection • Unmatched scalability – Up to 40 Gbps sustained throughput. Bulk SSL decryption at line rate up to 64,000 SSL TPS using 2048-bit keys @ 40 Gbps. 2) StreamOS • Full-stream reassembly – Requisite for true application fluency; understand sessions, flows, and transactions. • Broad protocol support – 40+ wire protocols supported out of the box, including storage and all major databases. 3) Trigger Engine • Automatically executes on system events through the ExtraHop trigger API. 4) Streaming Datastore • More than 3,000 metrics that populate customizable, real-time dashboards. 5) Full Transaction Records • Rich transaction, message, and flow data continuously gathered from across tiers, in a consistent format 1 2 3 4 5 1 2 3 5 4
- 9. Wire Data Example (a small subset) Zero modifications to applications or infrastructure are required unlike logs, machine data, or APM agents. All data is processed, indexed, and stored in real time from live data streams off the wire. Customer adds products to ecommerce shopping cart. All page objects and user interactions are measured and recorded in real time. Order is placed and confirmed. Customer order and payment are received and approved confirming order above. Application selects and writes to database. Every individual database method, statement, and associated contextual data is measured and recorded. Behavior / Action Real-Time Business and IT Intelligence • Correlate end-user performance with purchasing patterns • Drive DevOps website optimization • Invest in IT based on observed fact • Guarantee SLAs • Rapid triage and troubleshooting • Proactively alert and warn • Track product and customer demand • Top sellers by location, time, and offers • Multi-dimensional business analysis and correlation • Business process monitoring • Security analytics • Tune applications and databases • Manage application lifecycles • Perform root cause analysis • Detect and prevent data exfiltration • Enable smart capacity planning ExtraHop is the only vendor who can transform all network packets into structured Wire Data as in this example.
- 10. Delivering real business impact
- 14. It’s an anomaly. We’ve only seen it once. We can work with the merchant to understand why it happened and attempt to resolve it.
Editor's Notes
- Out-of-the-box, the ExtraHop platform delivers more functionality than any other comparable product on the market. At the core of our Discover appliance, we have the real-time stream processor, which transforms raw unstructured packets into structured wire data. It takes packets off the wire and reassembles them into full streams. This is what enables ExtraHop to understand application behavior. Unlike other products that claim to be application-aware, this capability makes ExtraHop truly application fluent. Our platform offers broad protocol support, including for important storage protocols and all major databases. If you have Citrix in your environment, ExtraHop is the only vendor to license the ICA protocol for real-time analysis. We analyze all communications on the wire to record more than 3,400 metrics out of the box. Other products record only hundreds, and for only a few protocols. This means that ExtraHop delivers immediate value as soon as you start sending it traffic. Finally, we do all of this at tremendous scale. A single 2U appliance can handle up to a sustained 40 Gigabits per second. If your traffic is encrypted, we also offer SSL decryption capabilities so that you can see all of your wire data. This bulk decryption can scale to 64,000 SSL transactions per second using 2048-bit keys.
- This is a sample of the toplevel dashboard for the service provider. It shows high level business information for the health of the application such as the number of transactions, what types of credit cards are in use, revenue, what state the cards are coming from.
- This shows the most recent transactions for the entire application without any filtering. Calls from users that people are getting double charged –
- The same data, but grouped by the orderid attribute. The “Group By” operationanalyzes all records during the selected time frame and counts how many times the selected attribute occurs within the dataset. Any entries that occur more than once will have a value more than 1, and indicate an impacted customer. We have access to every single transaction – filter by OrderID and anything that happens more than once = double charge.
- Filtering for just the one orderid that was shown to be aduplicate provides all of the details for those transactions such as the merchant. We’ve found the needle in the haystack – we know who was affected and valided the charges and the merchant who was charging. We’ve solved the issue in a few clicks. So, eat it!