Deploying EndaceProbes in conjunction with third-party tools
EndaceProbe™ Network Recorders can be used to solve a wide range of different visibility problems. As data center infrastructure elements, they are frequently deployed alongside third-party monitoring and security products to expedite root cause analysis and remediation, or to provide the detail necessary to investigate data breaches.
Re-categorizing the visibility tool kit
Today's enterprise network management tools can be broken down into three distinct categories.
- Tools that sit in line and prevent bad things from happening. Tools in this category include IPS, QoS, and Wan Optimization, which prevents delay from impacting the end-user experience
- Tools that sit out-of-band and detect issues and problems before users complain, populating dashboards with alarms. Tools in this category include APM, NPM, IDS, SIEM, NMS etc
- Tools that help engineers respond quickly to problems and establish the true root cause of problems. EndaceProbes fall into the category of forensics and troubleshooting or, in our parlance, Response and Root Cause analysis.
EndaceProbes can be deployed in their own right to investigate issues reported by end-users and/or deployed in conjunction with both detection and prevention tools to expedite problem analysis and resolution. The following scenarios illustrate the various different ways in which EndaceProbes can be deployed in parallel with detection tools.
Scenario One - "swivel chair" integration
In this scenario, engineers and analysts pivot between their detection dashboard(s) and EndaceVision™ to investigate alerts. Engineers extract the basic information that they need from the detection tool – and typically re-key it into EndaceVision to search for the relevant packets and begin their investigation.
The detection tool may be running on its own physical (or virtual) appliance in the network deployed alongside the EndaceProbe or deployed as a virtual image on the EndaceProbe in Endace Application Dock™.
Scenario Two - workflow consolidation
In this scenario, some level of integration exists between the detection tool and the EndaceProbe and EndaceVision. End users can "right click" on the alarm in an application's dashboard and go straight to a relevant pre-configured EndaceVision visualization to conduct their investigation. This consolidates the workflow and reduces the time to resolve issues so more issues can be resolved in less time. Often, it also has the added benefit of reducing the level of skill an analyst needs to complete investigations - which can further reduce cost.
Again, the detection tool may be running on its own physical appliance alongside the EndaceProbe or it could be deployed as a virtual image on the EndaceProbe itself in Application Dock.
This integrated workflow approach is what we call Endace Fusion, and we work with a number of commercial partners to provide integration between their applications and EndaceProbes and EndaceVision.