Network-Wide Packet Capture and Analytics Hosting
EndaceFabric enables multiple EndaceProbe™ Analytics Platforms to be connected into a network-wide fabric that is centrally searchable and provides visibility into, and accurate recording of, network traffic across an entire network– including visibility into high-speed 40Gbps and 100Gbps links. The distributed fabric is centrally managed using the EndaceCMS Central Management Server™ which reduces OPEX and CAPEX.
The architecture of the EndaceFabric enables huge scalability. EndaceProbes can be stacked and grouped to provide lossless recording of traffic on links running at 100Gbps and beyond with massive packet storage capacity sufficient to store weeks or months of recorded network traffic.
EndaceProbes can also be synchronized with a common, accurate time source - such as a GPS time source - to ensure packet time-stamping retains its nanosecond-level accuracy across complex, highly distributed networks. This precision makes it possible to reconstruct network events accurately even on distributed networks.
Read more about EndaceFabric scalability in our Distributing and Stacking EndaceProbes with EndaceFabric solution brief.
The EndaceFabric Architecture
The EndaceFabric architecture consists of three main components:
- Multiple EndaceProbe Analytics Platforms, deployed on a LAN or WAN network to record network traffic and host analytics applications.
- EndaceCMS Central Management Server to enable centralized management of the EndaceProbes deployed on the network.
- One or more InvestigationManager instances to provide network-wide packet search and data-mining services
EndaceProbe Analytics Platforms
EndaceProbes are scalable, high-speed, Analytics Platforms that provide 100% accurate packet capture and can also host a wide range of security and performance analytics applications from our Fusion Partners, or open-source tools.
They offer maximum storage depth at minimum rack space with a range of deployment options suited from the core to the edge of the network, from 10Mbps to 100Gbps and beyond.
EndaceCMS Central Management Server
The EndaceCMS™ Central Management Server provides powerful, centralized command and control for a connected fabric of Endace appliances, reducing management overhead and lowering operational costs.
Powered by OSm, the security-hardened OS, which powers all Endace appliances, EndaceCMS lets you manage all Endace elements – physical or virtual – that are part of the EndaceFabric.
EndaceCMS provides health and performance monitoring, configuration management and upgrade management (groups, profiles, scheduled updates).
InvestigationManager™ is a virtual machine application that lets analysts conduct network-wide investigations and searches across an entire EndaceFabric, or a group of EndaceProbes, to quickly find the packets they need.
At the heart of InvestigationManager is EndaceVisionTM, a browser-based investigation tool that lets analysts select data sources from multiple EndaceProbes and analyze recorded traffic from all these sources simultaneously.
Due to the distributed, parallel nature of the EndaceFabric architecture, searches can be conducted across a hundred EndaceProbes, and petabytes of data, incredibly quickly, dramatically improving analyst performance.
Customers can deploy as many instances of InvestigationManager as they need to support simultaneous data mining and facilitate investigations for multiple concurrent users.
Fusion Partner Integrations
API integration provides tight integration between InvestigationManager, EndaceVision and EndacePackets and network security and monitoring tools from our Fusion Partners including:
Analysts can click on alerts in these tools and go directly to the related packet-level history to see exactly what’s happened.