network visibility

  • ByPass Switches

    Protect your network from interruption, An Inline Lifeline for Growing Networks

    ByPass Switches

    Problem: Inline Tool Risk

    Neworks face a continualusly evolving barrage of security threats. By deploying inline security tools you create a line of defense, but these tools can also result in single points of failure. In the event that your inline tool becomes unavailable due to a failure, reboot or maintenance it can bring down the network link, compromising network uptime and business continuity.

    Solution ByPass Switch:

    A Bypass Tap is designed to avoid the "single point of failure". with your inline security tools.  The bypass switch is deployed in front of your IPS or next generation firewall (NGFW) and in the event that an active tool fails, either due to a hardware malfunction, power loss, or software problem, a Bypass TAP will keep the link flowing, while a redundant path can be activated. This way it acts as a fail-safe link point of access, for inline network monitoring.

    Advantages of Using an External Bypass Switch:

    • Keeps network traffic flowing when the inline appliance fails.
    • Allows the in-line appliance to be removed or serviced without impacting network fraffic. For example, an IPS can be take offline for upgrades, maintenance or troubleshooting.
    • In-line appliance can be moved from one network segment to another without impacting network traffic.

    HeartBeat

    A ByPass Switch or TAP monitors the health of the active, in-line appliance by sending heartbeats to the in-line security appliances. As long as the in-band security appliane is on-line, the heartbeat packets will be returned to the switch/TAP, and the link traffic will continue to flow through the in-line security appliance.

    If the heartbeat packets are not returned to the TAP (indicating that the in-line security appliance has gone off-line), the TAP will automatically bypass the in-band security appliance and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

    How a ByPass Switch Works

    How a ByPass Switch Works. 

     

    IXIA
    CUBRO
    ProfiTap
     
  • Keysight Vision Edge 100

    Vision E100 Cost-effective rack-level visibility for ANY size data center Get a Quote Highlights Easy-to-use web-interface with point-and-click functionality. No command-line needed! NetStack features built-in Supports Keysight’s Ixia Fabric Controller (IFC) — a highly resilient and extremely easy to use SDN controller providing visibility management through a single pane of glass Can be deployed in both inline and out-of-band monitoring modes simultaneously Max 32 ports of 40/100GE | Max 128 ports of 10/25GE | Max 64 ports of 50GE 1RU The Evolving Data Center Data center design is evolving with the advent of software defined networking (SDN) which allows for completely software defined data centers (SDDC). We are seeing the rise of hyperscale, microscale and other high-density variations of data-centers emerging all at the same time. These technologies are barely defined, yet their growth over the next few years is predicted to be many multiples! Though each serves a different purpose, a core component of these modern data centers is a building block, sometimes as small as a single rack, that includes the compute, storage and networking required to operate on its own — a containerized, independent unit. These individual blocks are great because one can be used on its own as the smallest microscale data center or thousands can be used together to create a hyperscale data center — and everything in between. Software plus hardware tailored for redundancy makes this both possible and cost-effective. But, as data centers grow, the ability to see what is happening in the network diminishes. You need a cost-effective solution that operates like the building blocks, both capable of providing top-of-the rack visibility for a single unit and capable of scaling to thousands of racks with software defined visibility. Our Vision Edge 40 (E40) and Vision Edge 100 (E100) are best-in-class, fully-featured network packet brokers that are ideal for the ANY size modern data center. Versatile. Vision Edge. Our Vision E40 and Vision E100, part of the Vision portfolio of network packet brokers, have the right features to handle the visibility requirements of a single rack, as well as that of a massive data center. Vision E40 and E100 Cost-effective and can integrate seamlessly with into your existing environment — ideal for scale Can be deployed rapidly and modified quickly with our easy-to-use web-interface, which makes configuration and re-configuration simple and hitless Are ideal for expansion as they can be used standalone or with our turnkey Vision One, as part of a Security Fabric Are great for continuous modification because they can be deployed inline or out-of-band – and even both simultaneously. Plus, they are multi-speed capable, to support evolving speeds! Use in ANY Data Center The Vision Edge network packet brokers can ensure the right data gets to the right tools in multiple data center configurations: For top-of-the-rack visibility for a single site deployment with network and tools In a leaf-spine architecture, aggregating across multiple racks in a smaller or microscale data center In a distributed network, Vision Edge can be used with Vision ONE with direct connect, so tools at the data center can be used for multiple branch monitoring and security In a high-availability configuration, when used with Keysight bypass switches, for a single data center With other Vision packet brokers to leverage more advanced packet processing capabilities In a hybrid monitoring environment with Keysight's CloudLens platform — visibility for public, private and hybrid cloud Vision E100 Capabilities OVERVIEW IN A SECURITY FABRIC INLINE & OUT-OF-BAND FAN-OUT Vision E100 is a Fully-Featured Network Packet Broker Which Makes it Great For Multiple Uses, Including Top-of-The-Rack Aggregation Physical Specifications: Capable of multi-speed — 10G, 25G, 40G, 50G and 100G networks Each port is capable of any of the speeds, set independently (32) QSFP28 front panel ports Supports QSFP28 (for 100G) or QSFP+ (for 40G) transceivers Massive density with (128) 10G ports in 1U size Hot swap redundant power supplies and fans Available in AC and DC models  Vision E100 is versatile because it can be used as a standalone unit or as a software defined visibility solution in a software defined network (SDN) within a security fabric. With Ixia Fabric Controller (IFC), multiple Vision E100 and/or other Vision network packet brokers can be managed through a single pane of glass in the topology you need to optimize your tool deployment. With IFC, you get unified management of distributed architectures, role-based access and controls, and oversight of all ports from all Vision network packet brokers at once, allowing you configure an efficient, scalable visibility solution. As part of a Security Fabric, Vision E100 also provides the ability to leverage our turnkey Vision ONE and massively scalable Vision 7300, when your deployment is ready. With these network packet brokers and the visibility intelligence capabilities of PacketStack, SecureStack and AppStack, you can manipulate and mold traffic so your tools always get the right data. With Vision ONE, you can also monitor virtual traffic with Keysight's CloudLens platform for public, private and hybrid cloud visibility. Deploy both inline, out-of-band, or both simultaneously based on your security and monitoring needs. Inline Robust inline tool deployment enables users to deploy intrusion prevention systems (IPS), data loss prevention (DLP), and similar tools while assuring high service availability, even when parts of the system fail or become overloaded. Data from the network passes through a Vision E100 network packet broker via a bypass switch for resilience. Vision E100 sends the data to the IPS, DLP and other tools, which process the data and send back safe information via the Vision E40 and bypass switch back into the network. Out-of-band Process and monitor packet data with a variety of tools without affecting the network with an Out-of-Band (OOB) deployment. Data is passively copied from the network with Keysight's Taps and sent to Vision E100 and other network packet brokers for filtering and processing. Relevant data is then sent to tools, at appropriate speeds, so the tools can operate efficiently. With only the right data being sent, false-positives are minimized and your team has improved relevance of alerts, for a quicker response to incidents. The Vision E100 has a space-efficient 1RU design. To get the most out of the rack space used and to optimize data speeds for tools, Keysight offers a Fan-Out capability on Vision E100. With fan-out, a 40G port can be used with a break-out to operate as 4, 10G ports or a 100G port, can be used with a break-out to operate as 4, 25G ports — this capability is ideal for tools that may have have a lower throughput capacity. Combined with the load-balancing capability, you can ensure your tools are not overloaded and are operating at the optimal capacity. Visibility Intelligence Vision Edge network packet brokers have our Robust baseline NetStack capabilities including aggregation, replication, filtering and load balancing — all with three stages of filtering and Ixia's patented dynamic filter compiler. To be able to use our PacketStack, SecureStack and AppStack capabilities, the Vision Edge NPBs can be used with Vision ONE or Vision 7300 with Ixia Fabric Controller.  Robust filtering, aggregation, replication, and more, with 3 stages of filtering (ingress, dynamic, and egress) and dynamic filter compiler Intelligent packet filtering, manipulation, and transport with deduplication, header (protocol) stripping, packet trimming, and burst protection Optimized handling for secure traffic with active SSL, passive SSL decryption, threat insights and data masking Context-aware, signature-based application layer filtering with application identification, geolocation and tagging, and optional RegEx filtering Visibility intelligence tailored for the mobile carrier evolved packet core with GTP and SIP correlation and load balancing Marked data feed monitoring with gap detection, feed and channel health, high-resolution traffic statistics, and microburst detection Resources Data Sheets Vision E100 Brochures What Is a Network Packet Broker (And Why Do You Need One)? Solutions Ease of Use White Papers Deploying an Inline Security Architecture: Key Considerations Solution Briefs Network Visibility Network Packet Broker Comparison Table

  • Vision E10S

  • Vision E1S

Contact Us

Address:

Telnet Networks Inc.
1324 Andersen Drive
Kingston, ON  K7P 0C6
Canada

Phone:

(800) 561-4019

Fax:

613-498-0075

For More Information about Telnet Networks, our products, or our services, or to request a quote please feel free to contact us directly.

Latest Blog Posts

Latest Blog Posts