EndaceProbes at a glance
- Continuous 100% accurate line-rate recording of network traffic to local disk
- Line rate indexing of traffic including a layer 7 application classification
- Hardware-based packet filtering and manipulation capabilities
- Ability to forward traffic to third-party systems and/or offload traffic to a SAN
- Central management capability for fabric deployments
- Support for EndaceVision, NetFlow generation and Endace Application Dock
EndaceProbes
Endace Intelligent Network Recorders, called EndaceProbes, are designed from the ground up to capture, index and record network traffic with continuous 100% accuracy, regardless of network speed, or traffic type. They are powerful, efficient, and a critical infrastructure element in every modern data centre and DMZ environment.
Intelligent recording infrastructure is deployed by organizations to help IT teams troubleshoot and diagnose network and application performance issues; help security teams investigate and contain security problems and help risk and compliance teams do their jobs. Unlike traditional detection tools, EndaceProbes are pieces of essential network infrastructure that deliver continuous historical network visibility.
EndaceProbes are built on a proven DAG foundation and support a range of packet-processing features that allow them to be used to solve a variety of different problems. EndaceProbes are built on an open foudation, meaning that not only can third-party applications be run on top of them in addition to EndaceVision, but that remote systems can also be fed with packets captured and timestamped by EndaceProbes.
EndaceProbe specifications
The EndaceProbe family of consists of the 300, the 3000 and the 7000. Each family member is available in a range of port configurations.
| 300 | 3000 | 7000 | |
|---|---|---|---|
| Dimensions | 1 rack unit | 1 rack unit | 3 rack units |
| Port Count | 4x1GbE | 8x1GbE or 2x10bGE + 4x1GbE | 8x1GbE or 20x1GbE or 2x10GbE + 4x1GbE or 4x10GbE + 8X1GbE or 10x10GbE |
| Local storage | 8TB | 8TB | 64TB |
| Write-to-disk performance | 0.5Gbps | 1Gbps | 10Gbps* |
| Fibre channel support | No | No | Yes - dual channel 8Gbps |
| Application Dock | 1 | 1 | 6 |
| Deployment | Access / branch office | Aggregation / WAN | Core | Download Datasheet | Download Datasheet | Download Datasheet |
*Write-to-disk performance is influenced by the number of flows-per-second. Actual performance could be as much as 30% higher than the stated figure.
EndaceProbe architecture
EndaceProbes are based on a layered architecture comprising environmentally hardened off-the-shelf server hardware tightly integrated with best-in-class DAG technology and our own purpose-built operating system. By controlling every aspect of the hardware, firmware and software EndaceProbes have been optimized to deliver exceptional performance even under the most extreme conditions. In a true 10Gbps environment a 3RU 7000 EndaceProbe delivers the same packet processing performance typically found in 5 or even 6RU solutions.
OSm, our own operating system, based on the CentOS linux distribution, enables much of the rich functionality that has made EndaceProbes so popular with enterprise customers. It incorporates a commercial Deep Packet Inspection (DPI) engine that gives the EndaceProbe it's application awareness and enables EndaceVision to search and visualize network traffic based on application type as well as a range of other features and functions
Intelligent recording
Traffic storage calculator
Use our network storage calculator to work out how much traffic you can record with various EndaceProbe configurations.
EndaceProbes store network traffic on SAS and SATA disks that are tightly integrated into the system. Storage disks can be configured to offer different levels of redundancy and performance depending on the use case - both RAID 5 and RAID 50 are supported. Where extended traffic storage is required, network traffic can be offloaded to additional stacked and load-balanced EndaceProbes or offloaded to a SAN using integrated fiber channel HBAs. With industry-leading 64TB of storage in a stackable 3RU appliance, data retention of up to 256TB becomes a cost-effective alternative to SAN storage; with the benefit of lower cost and complexity.
Not all recording is equal. EndaceProbes can be configured to record full packets, parts of packets, selective packets or just the application-aware meta-data that is used by EndaceVision to generate visualizations. Being able to record selectively means that storage resources can be optimized and enables EndaceProbes to be deployed in environments where full packet recording is not permitted. EndaceProbes have been proven in independent testing to deliver 100% accurate packet recording at 13Gbps.
Learn more about performance tests (PDF: Packet Capture Performance Evaluation Whitepaper)
Application support
EndaceProbes support multiple applications and functions by design. At the core of the EndaceProbe's out-of-the-box value proposition is EndaceVision which delivers both real-time network visibility and access to highly accurate network history on a segment by segment or network-wide basis. In addition, EndaceProbes can generate sampled or unsampled NetFlow v5, V9 and IPFIX, which can be exported over UDP via the management NIC at very high speed.
A unique feature of the EndaceProbe is Endace Application Dock which enables custom or third-party packet processing applications to be hosted locally on the system. Running a packet processing application on an EndaceProbe versus a standard piece of commodity hardware can see application performance increased by as much as 25%.
The need to feed third-party applications hosted remotely with accurate streams of timestamped packets is growing, particularly in forensic / security-centric deployments. EndaceProbes are ideally suited to this function and support a programmable SOAP and RESTful API that allows specific packets to be offloaded on request.
Deep Packet Inspection
There are hundreds of web applications with unique signatures associated with them, with more being added every day. How do you tell the good from the questionable from the definitely bad? To help you understand what the traffic on your network actually is, EndaceProbes integrate a commercial DPI engine from Procera.
Deployment and management
EndaceProbes are designed to be deployed in data center environments in either top-of-rack or end-of-row configurations. For operational teams, visibility is very rarely a ‘point problem,’ so EndaceProbes have been designed to function as an integrated fabric. With the addition of a Central Management Server, a network of hundreds of EndaceProbes can be managed from a central point, which has the additional benefit of enabling full network-wide traffic searches through EndaceVision.
EndaceProbes are connected to the network using passive taps, typically from network packet brokers or off a switch/router SPAN port. Like every piece of network infrastructure, EndaceProbes are designed to be monitored by existing network management systems and thus support SNMPv3, IPMP and other relevant MIBS. An integrated NIC card connects the EndaceProbe to the management LAN.
EndaceProbes are frequently deployed in conjunction with other third-party monitoring and security products to expedite the process of clean up, response and root cause analysis.
Learn more about deploying EndaceProbes in conjunction with third-party tools.
Data security, data integrity and other capabilities
To ensure that only authorized personnel are able to access the network traffic stored inside the Intelligent Recording Fabric, EndaceProbes support full TACACS, RBAC and audit reporting, which is essential for meeting industry compliance standards.
For up-to-date EOL information, visit our End-of-Life Announcements page.
