What is a Monitoring and Recording Fabric?
Watch our "Deploying a Monitoring and Recording Fabric" video
A monitoring and recording fabric consists of two or more Endace Systems. These are purpose-built packet capture and recording appliances that leverage the power of DAG® I/O technology to ensure 100% capture of all the traffic on your network regardless of your network’s speed, type or topology.
Endace Systems are designed to be deployed across your network as a 'fabric' and centrally managed. A fabric can consist of anything from two to 2000 systems, depending on your needs. They provide write-to-disk storage of captured traffic where required and deliver real-time, 100% accurate analysis and alerting for all network applications.
For more information, download the Endace Fabric Overview datasheet.
Elements of a Monitoring and Recording Fabric
A fabric consists of four main components, which, when integrated, deliver the power to see everything on the network - providing a complete network monitoring and recording solution capable of scaling to 10Gb/s and beyond and powering a raft of network monitoring, analysis and security applications. The four core components of a fabric are:
Endace Systems
Every Endace System leverages the power of our proprietary DAG® I/O technology which enables high-speed, lossless network traffic capture on any interface type to 10Gb/s and beyond.
DAG uses a combination of the latest FPGA technology from Altera and DMA techniques to move packets from the network to host memory with minimal system resource consumption. This has the effect of substantially improving the accuracy of the system’s packet capture capability while increasing the amount of system processing resource available for applications. Learn more about the Genius of DAG.
To reduce the number of systems required in a fabric, every Endace System is designed to support the highest possible number of monitoring ports. Monitoring ports can both receive and transmit on the same interface and can be configured to support just about any type of interface including Ethernet, SONET, PDH, etc. The latest Intel processors are used to power the systems, giving extremely high levels of performance and processing capability.
Endace Systems use carefully selected commodity hardware components that have been optimised to deliver a stable and predictable packet-processing environment. One of the biggest challenges for systems attempting to operate at 10Gb/s is heat dissipation. All our systems are tested to ensure that they continue to perform, regardless of the traffic load. They are the most reliable and predictable platforms on the market today.
Where the ability to capture traffic to local disk is a requirement, our systems can incorporate up to 32TB of local RAID storage. Where extremely high write-to-disk speeds are required, SAS drives can be incorporated into the RAID array. In situations where longer-term storage is required, specific Endace Systems support fibre channel, which allows packets to be moved to a remote SAN environment quickly and efficiently.
Learn more about our EndaceProbe™ and EndaceSensor™ Systems
Endace Management Server
At the heart of every fabric is an Endace Management Server (EMS). Like all the systems in the fabric, the EMS runs its own unique version of OSm, which provides administrators and users with a graphical fabric management console.
The console enables users to configure monitoring activity (by port) and view system health, system resource utilisation and allocation and a range of other important management statistics. Through the console administrators can also manage the applications hosted on individual Systems and ensure the resources required for a particular application are correctly assigned.
EMS has been designed to run its own version of the Endace Application Dock, which enables organisations to deploy the server components of chosen applications in their own virtual container.
This capability is important as it enables 100% software-only deployments of applications and further improves the time-to-deployment and application agility.
The EMS is built on a Series 7000 EndaceProbe with the monitoring functionality removed.
Timestamping and synchronisation
Timestamps applied to captured packets are used by a range of different applications including latency measurement and performance monitoring tools. The more accurate the timestamps, the better the quality of the application output.
To ensure accuracy, every Endace System timestamps every packet as it hits the monitoring interface.
Organisations need to deploy, or at least get access to, a UTC timing source at each physical location where they want to capture packets. We have partnered with Trimble™ and EndRun Technologies to offer a comprehensive range of PPS timing solutions.
Once you’ve secured a timing input into a physical location, the next step is to distribute it out to every system. We’ve developed our own range of rack-mounted time-distribution servers which enable a timing input feed to be distributed out to multiple systems in the same data centre.
Our TDS24 (timing distribution server) distributes timing information to up to 24 systems, but can be easily daisy chained to supply timing inputs to literally hundreds of systems. Check out our timing accessories, or download our Network Timing Technical Brief.
Passive Network Taps
Endace Monitoring and Recording Fabrics can be connected into the network in a number of different ways. Our recommended method is to use simple network taps such as those marketed by our Technology Partners - Network Critical and NetOptics. See Accessories for details.
Passive Network Taps: In our experience, the simpler the connector, the better, the more predictable and better the result and the base products offered by these vendors have been proven over many years to be extremely good.
SPAN ports: Certain network elements such as routers and switches provide a SPAN (mirror) port, which outputs packets aggregated from multiple links, to which the Endace System can be connected. Using a SPAN port is generally the fastest way to connect to the network, but it comes with a number of risks including potential packet loss at the network element, misordering of the packets, loss of visibility into the link packets arrived on and the existence of errors on the wire.
For more information about Taps and Tapping and the pros and cons of various approaches, read our Network Tapping Technical Brief.