VSS Monitoring: Passive and inline monitoring in network packet broker

Network packet broker specialist VSS Monitoring combines passive and inline packet capture, adds SSL offload device.

VSS Monitoring has integrated passive and inline monitoring on its network packet brokers, introduced a series of Secure Sockets Layer visibility appliances and added two families of network packet broker appliances as the vendor beefs up its product lineup.

VSS enabled the new monitoring features by meshing vProtector functionality with its vBroker 110 and 220 products. Traditionally vProtector, a packet collector for inline traffic inspection, was a standalone device with fewer features than the vBroker products. VSS introduced blades for its modular vBroker 110 and 220 network packet brokers that add vProtector functionality, thus allowing customers to attach both inline security inspection and passive monitoring tools to the same appliance.

Although the consolidation of vProtector and vBroker delivers more features and functions to customers in need of inline network packet brokers, most companies probably won't connect inline and passive monitoring tools to the same appliance, said Jonah Kowall, research vice president at Gartner. "[They] typically won't fit into a network architecture. Network packet brokers typically take flows from taps or SPAN [Switched Port Analyzer] ports. When you're running [them] inline, you're just taking the data from a regular network connection. This just makes it easier in terms of having the flexibility to decide which use case you want to use them for after [you have] spent the money," he said.

To address some network security products' lack of visibility into Secure Sockets Layer-encrypted traffic, VSS also introduced a series of vInspector SSL offload appliances with throughput ranging from 1.5 Gbps to 4 Gbps. The standalone appliance deploys in tandem with a vProtector. The two devices loop traffic with network security appliances so that vInspector can decrypt SSL traffic that hits the vProtector, then re-encrypt those packets after a network security gateway has inspected them. VInspector products are based on OEM technology that VSS acquired from Netronome. VSS plans to integrate vInspector and vProtector in a single platform, but a timetable has not been announced, said Leena Merciline, senior product manager at VSS.

"SSL traffic is becoming more pervasive, and it's becoming an easy way for malware to get into a network," Merciline said. "Most [inline security] devices -- when you turn on the SSL [decryption] -- it decreases the performance of that device." By offloading the SSL decryption onto a specialized device, enterprises can get more performance out of their security gateways, she said.

"It's kind of the same concept for what vendors do in application delivery controller products, doing SSL offload from the server tier," said Jim Frey, research director at Enterprise Management Associates (EMA).

A standalone SSL offload device will appeal to security operations teams who want SSL offload handled separately from other devices, but the pairing of vInspector with vProtector does create unwanted complexity, Gartner's Kowall said.

VSS' two new network packet broker appliances, the vBroker 100 and vBroker 400 series, are aimed at sites with higher throughput requirements. The vBroker 100 series has a capacity of 24 Gigabit Ethernet ports and four additional ports that can be configured as 1 GbE or 10 GbE. The vBroker 400 series features high-density 40 GbE ports. The vBroker 410 can support 8x40 GbE and 32x10 GbE ports in a one-rack-unit format. The two-rack-unit vBroker 420 supports 16x40 GbE ports and 64x10 GbE ports.

Frey called the introduction of the new vBroker products as a standard expansion of a network packet broker product line. "They're adding more modularity and moving up to higher data rates and backplane capacity," he said. "All the players in this sector continue to expand capacity and scale, and VSS isn't in the lead there."

Gartner's Kowall said the VSS products are hitting the market at a time when there is some uncertainty in the network packet broker market. Arista Networks recently added software functionality -- Data Analyzer, or DANZ -- that converts its switches into network packet brokers, an approach that is substantially less expensive than the approach of specialist vendors in this market. Software-defined networking (SDN) vendors such as Big Switch Networks are also using OpenFlow to create comparable functionality. Microsoft revealed at Open Networking Summit that it used OpenFlow-based SDN and merchant silicon-based switches to build its own network packet broker system for traffic monitoring in its cloud and Internet-facing data centers.

"I think these guys are all in trouble because you have the switching vendors entering this market, and they're doing it for significantly less money," Kowall said. "There are a few features that differentiate [network packet broker specialists], but most of the time people don't need all of those. If you can build something that does 80% of the functions for 50% of the cost, you'll win."

Although SDN is a threat, the technology is still in its early stages of development, EMA's Frey said. In the meantime, companies like VSS can meet a lot of customers' immediate needs.

Let us know what you think about the story; email: Shamus McGillicuddy, News Director.

Dig deeper on Network Monitoring

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close