Endace Application Dock
Every organization has a unique set of network monitoring requirements. Many need tools that provide specific functionality additional to EndaceVision™, the powerful network visualization tool bundled with every EndaceProbe™. But those tools could be so much more effective if they had access to the same 100% accurate source of captured network packets that EndaceVision uses. That's why we developed Endace Application Dock™.
Application Dock is a highly optimized virtualized application hosting environment that enables customers to run multiple applications in parallel on each EndaceProbe™ in their monitoring fabric. It enables hosted applications to directly access the 100% accurate packet storage on the host EndaceProbe, improving the application's output quality.
By hosting multiple monitoring tools on the same hardware platform, organizations benefit from hardware consolidation, and reduce resource constraints in the data center. Applications running in Application Dock can also be integrated with EndaceVision™ to take advantage of its rapid event investigation workflow using the Pivot to Packets and Pivot to Vision features of the Endace API.
Hosting applications in the Application Dock enables organizations to:
- Host multiple applications (or multiple instances of the same application) on EndaceProbes to provide effective scaling. Load balancing between virtual machines on the EndaceProbe is also supported.
- Packets can be filtered and classified before they are presented to the hosted application, removing filtering overhead from the application and helping it scale more efficiently
- Control the system resources being consumed by a particular application using the remote management tools available on the EndaceCMS™ Central Management Server.
- Become more flexible and fluid in the way that they deploy and manage applications in the field and respond to changing environments quickly and efficiently without the need to deploy additional hardware.
Working out whether your application is compatible with the Endace Application Dock couldn't be easier. There are two considerations:
- Operating system: Any application that is built on Unix/Linux should work
- Packet retrieval method: DAG, Libpcap and PF_Ring are all supported methods of extracting packets from the wire.
Custom application hosting
For more than ten years organizations all over the world have used EndaceProbe™ Network Recorders, EndaceODE™ Open Application Environment appliances, and Endace DAG™ cards as the foundation for a wide range of custom surveillance, measurement, security and network monitoring applications.
The architecture on which all EndaceProbe Recorders are based is the ideal host for any monitoring application that relies on captured and time stamped packets as the core input. Leveraging our proprietary DAG I/O technology, the architecture ensures every application hosted in the Endace Application Dock virtual hosting environment receives a feed of 100% accurate network traffic as well as the necessary system resources to run efficiently. The number of virtual applications that can be hosted simultaneously on a single EndaceProbe depends on the demands of the application, and the specifications of the host EndaceProbe.
Talk to us about hosting your chosen applications on EndaceProbes using Endace Application Dock.
Application Dock gives hosted applications the power to see more
Applications hosted in Application Dock gain real-time access to the 100% accurate, filtered and time stamped network history recorded by the host EndaceProbe. Giving tools access to a more accurate, detailed source of network data often helps them perform more effectively. In the case of monitoring tools, that can mean a reduction in the number of false positives reported, lightening the load on SecOps and NetOps teams and freeing them up to focus on real issues.
Many detection tools struggle to cope with the throughput demands that enterprises are asking of them. Although most offer 10Gbps interfaces, very few can actually handle 10Gbps of traffic before saturating, and often beyond 2Gbps things start going wrong. Saturated detection tools start missing events, which exposes organizations to risk.
Hosting applications in Application Dock can help with this in three ways:
- Powerful, DAG card packet processing: EndaceProbes can offload much of the packet-processing to DAG card hardware that would otherwise need to be performed by the application, and this can substantially improve application performance
- No more missed events: EndaceProbes capture everything. So hosted applications don't miss packets that might indicate security or performance issues, and they have sufficient detail to distinguish real issues from false ones
- Multi-instance hosting: Application Dock allows multiple instances of the same application to be hosted. Traffic can then be directed to specific instances to ensure load balancing. This can potentially multiply the effective throughput of applications and enable them to scale efficiently.