EndaceProbes at a glance
- Bundled EndaceVision™ and EndacePackets™ browser applications provide network-wide visualization and packet-level investigation (no additional software license costs)
- Monitor multiple links simultaneously; supports 1GbE, 10GbE and 40GbE
- Continuous 100% accurate line-rate recording of network traffic
- Full indexing of recorded traffic including application classification
- Powerful, hardware-based packet filtering and manipulation functions
- Easy integration with third-party applications via API and industry standard file formats
- Built-in Endace Application Dock™ for hosting third-party commercial, open-source and custom developed applications gives hosted applications full access to captured network traffic
- Centralized management via EndaceCMS™ Central Management Server for multi-probe deployments provides real-time health monitoring and efficient configuration and system update deployment for connected appliances.
EndaceProbe Network Recorders
EndaceProbe™ Network Recorders capture, index and store network traffic with 100% accuracy, regardless of network speeds, loads or traffic types. EndaceProbes work with a wide range of security and network monitoring tools to provide them with a 100% accurate source of captured network packets.
Customers deploy EndaceProbes to:
- Help their SecOps teams to identify, investigate and contain security problems such as data breaches quickly
- Aid NetOps and applications teams in diagnosing network and application performance issues and identifying the root cause of the issue effectively
- Empower risk and compliance teams to do their jobs and comply with strict data retention policies.
EndaceProbes enable comprehensive, back-in-time investigation with the ability to drill down to packet level to deliver surety about what's really happening on your network. They are built on proven DAG™ technology and support a range of packet-processing features that help to solve a variety of different problems.
EndaceProbes are designed to be open, and offer:
- Built-in hosting for third-party commercial, open-source and custom-built applications through Endace Application Dock™
- An open API and support for industry standard packet capture formats (PCAP, ERF), for easy integration with a wide range of security and network performance monitoring tools.
EndaceProbes are based on a layered architecture comprising environmentally hardened server hardware tightly integrated with best-in-class DAG technology and our own purpose-built operating system, OSm. By controlling every aspect of the hardware, firmware and software, EndaceProbes have been optimized to deliver exceptional performance even under the most extreme conditions.
The EndaceProbe family consists of the entry-level 404, the compact 4000 Series and 4100 Series, the ultra high-performance 8100 Series and the high-capacity 9000 Series and is available in a range of configurations.
|Models||114||404||4000 Series||4100 Series||8100 Series||9000 Series|
|Dimensions||1 RU, short-depth||1 RU||1 RU||1 RU||2 RU||4 RU|
|Port Count||4x 10/100/1000BASE-T or 1GE||4x1GE||Up to 8x10GbE||Up to 8x10GbE or 2x40GbE||Up to 8x10GbE or 2x40GbE||Up to 8x10GbE or 2x40GbE|
|Local storage||3.8TB SSD||8TB||Up to 32TB||7.6TB SSD||24TB SSD||Up to 192TB|
|Sustained write-to-disk performance||0.5Gbps||0.5Gbps||3Gbps||22Gbps||40Gbps||20Gbps|
|Typical Deployment||Remote locations, branch offices||At network edge, branch offices||Branch offices, WAN gateways||On-demand recording in data centers, remote locations||Core network, data centers||Core network, data centers|
NOTE: write-to-disk performance is influenced by the number of flows-per-second. Actual performance could be as much as 30% higher than the stated figure.
EndaceProbes store recorded network traffic on SAS and SSD disks. SAS drives provide a cost-effective option where high capacity storage is a key consideration. The EndaceProbe 9000 Series supports up to an industry-leading 192TB of storage. Where throughput performance is key, the SSD-based EndaceProbe 8100 Series delivers 40Gbps sustained capture-to-disk, allowing lossless recording on the even fastest network links.
EndaceProbes can be configured to record full packets, parts of packets, selective packets or just the application-aware meta-data that is used by EndaceVision™ to generate visualizations. Being able to record selectively means storage resources can be optimized and allows EndaceProbes to be deployed in environments where full packet recording is not permitted.
The vProbe virtual EndaceProbe
The EndaceProbe™ vProbe is a virtual machine (VM) implementation of the EndaceProbe network recorder designed to complement hardware-based EndaceProbes in a network-wide, monitoring fabric.
The vProbe integrates transparently with physical EndaceProbe deployments to expand visibility across the network. It is ideally suited for monitoring performance and diagnosing issues within virtualized applications, providing east-west traffic monitoring from within the virtual infrastructure without requiring physical appliances.
The vProbe collects data by tapping virtual switches or collecting packets from a dedicated host Network Interface Card (NIC). Because the vProbe uses standard NIC or virtual switch capture, it does not provide the same guaranteed 100% packet capture as physical EndaceProbe appliances which leverage DAG™ capture card technology. Nevertheless, the vProbe can be useful for extending network visibility - particularly into virtualized environments or low-speed network links that otherwise cannot be monitored using a physical appliance.
EndaceProbes support multiple applications and functions by design. Bundled with every EndaceProbe, EndaceVision™ and EndacePackets™ deliver both real-time network visibility and access to highly accurate network history on a segment by segment or network-wide basis with packet-level decode for fine-grained forensic analysis.
A unique feature of the EndaceProbe is Endace Application Dock™ which enables custom or third-party packet processing applications to be hosted locally on the system. Running a packet processing application on an EndaceProbe versus standard commodity hardware can see significant application performance increases because of DAG's ability to offload packet processing overhead which leaves the EndaceProbe's resources free to service the hosted application.
Hosted applications gain direct access to recorded traffic from the EndaceProbe via the vDAG (virtual DAG) interface in Application Dock VMs. This removes the need to transfer large capture files across the network and gives hosted applications real-time access to a highly accurate source of captured traffic.
Where there's a need to feed third-party applications hosted remotely with accurate streams of time stamped packets, EndaceProbes support a programmable SOAP and RESTful API that allows specific packets to be offloaded on request.
Deep Packet Inspection
There are hundreds of web applications with unique signatures associated, and more being added every day. So how do you tell the good from the questionable from the definitely bad? To help you understand what the traffic on your network actually is, EndaceProbes integrate a commercial DPI engine from Procera giving a highly detailed picture of what users are actually doing on your network.
Deployment and management
EndaceProbes are designed to be deployed in data center environments in either top-of-rack or end-of-row configurations. For operational teams, visibility is very rarely a 'point problem' so EndaceProbes have been designed to function as an integrated fabric. With the addition of an EndaceCMS™ Central Management Server, a network of hundreds of EndaceProbes can be centrally managed.
EndaceProbes are connected to the network using passive taps, typically from network packet brokers or off a switch/router SPAN port. Like every piece of network infrastructure, EndaceProbes are designed to be monitored by existing network management systems and thus support SNMPv3, IPMP and other relevant MIBS. An integrated NIC card connects the EndaceProbe to the management LAN.
EndaceProbes are frequently deployed in conjunction with other third-party monitoring and security products to expedite the process of cleanup, response and root cause analysis.
Data security and data integrity
To ensure only authorized personnel can access recorded network traffic, EndaceProbes support full TACACS, RBAC and audit reporting; essential for meeting industry compliance standards. Our deep-storage, SAS-based EndaceProbes also support hardware-based data encryption for added security of captured traffic.