Fabric-Wide Search and Data-Mining
New with OSm 6.5, InvestigationManager is a lightweight but exceedingly powerful, virtual server application that allows rapid search and data-mining on multiple EndaceProbe™ Analytics Platforms simultaneously.
Using InvestigationManager, analysts can conduct searches across groups of EndaceProbes, or even all the EndaceProbes in an EndaceFabric™, simultaneously.
Administrators can define which EndaceProbes in an EndaceFabric are attached to a specific InvestigationManager instance, allowing EndaceProbes to be logically grouped - for instance by team or region - giving administrators fine-grained control over which individuals and teams have access to the recorded packet data on specific EndaceProbes.
Changes to the EndaceFabric Architecture with OSm 6.5
In previous versions of OSm, centralized search was provided through EndaceCMS™ Central Management Server. With the release of OSm 6.5, EndaceCMS becomes purely a management element for managing appliances in the EndaceFabric and performing centralized management functions such as upgrades and user provisioning.
From OSm 6.5 onwards, centralized search and data-mining is now done using the new InvestigationManager virtual appliance. Customers can deploy as many InvestigationManager instances as they wish, to provide search and data-mining for multiple groups, and to logically group EndaceProbes for searching.
Separating these two functions - administration and search - allows for greater scalability and enables faster search and data-mining for network-wide searches as the demo video below shows.
Watch the short, 2 minute video to the left for an overview of the architectural changes with OSm 6.5.
Rapid, Network-Wide Search
OSm 6.5 introduces a new, rapid search capability that leverages the horizontal scalability of the EndaceFabric architecture to enable "needle-in-the-haystack" searches for packets-of-interest across petabytes of distibuted, recorded packet data in under a minute. This is a game-changer for analyst productivity.
This short, demo video shows a search for specific packets-of-interest across more than a Petabyte of Network History distributed across seven EndaceProbes - some based in the US and some in Asia Pacific.
InvestigationManager will run in VMWare, KVM environments or in the EndaceProbe's built-in Application Dock™, hosting environment on either an EndaceProbe or on a physical EndaceCMS appliance.
The system requirements for running an instance of InvestigationManager on VMWare or KVM are:
- 4 x virtual CPU
- 12GB RAM
- 40GB disk for system install
- 1TB or more of disk storage for storing packet archives
On ApplicationDock, one instance of InvestigationManager requires a Single Dock instance.