2. Company Overview
Founded in 1994
Privately held
Internally funded
Same management
team since „94
20 offices worldwide
North America (16)
Europe (4)
130 Partners
Across 50
countries
Celebrating 14 years of continued company growth
3. About Network Instruments
Privately held
Founded 1994; same
management team today
18 offices worldwide
130 partners across
50 countries
Driving Factors
GigaStor™ sales
Repeat business
10 Gb analysis solutions
Competitive displacements
14 years of double-digit growth
4. 3 of the Global Top 5
Strong Customer Base 70 of the Global Top 100
5. Virtualization Trends & Challenges
Adoption
55% of firms will have implemented by 12/09*
Additional 29% planning budget for virtualization*
Challenges
Inability to access data streams via purpose-built devices
(analyzers, IDS)
Blind spots exist in analyzing internal VM host traffic
Existing VM monitoring lacks in-depth performance metrics
Views limited to either physical or virtual world
* Forrester Research, Inc. The State Of Emerging Enterprise Hardware Trends: 2008 To 2009, Feb. 27, 2009
6. Google “virtualization” and “network instruments”
quot;While server virtualization is happening at a rapid rate, tools for managing
application performance in these environments have not kept pace,quot; said Will
Cappelli, research vice president at Gartner. “In order to understand application
behavior, one needs to combine data from the dynamically reconfiguring
application layer, network layers, and virtualization layer. Traditional tools which
assume that the environments remain static while an application executes are
not answering the needs of the Global 2000.” – Gartner
“The introduction of the new VM features by Network Instruments addresses
the visibility need and includes a great, innovative answer to some of the key
challenges delaying many from embracing virtualization fully.” – EMA
“Though not the first application of packet analysis to vSwitch traffic, Network
Instruments is including an innovative “Virtual TAP” feature which can
aggregate all vSwitch traffic and ship it out a physical NIC, eliminating the blind
spot and allowing security & compliance monitoring as well as full packet-
stream storage for forensic performance analysis.” – Network World
7. Virtualization Advantages
Reduce Operational Overhead
Lower number of physical servers - you can reduce hardware maintenance
costs because of a lower number of physical servers leading to a smaller
datacenter, with decreases in cooling and electrical costs.
Improve the efficiency of your Windows Data Center, as well as lower your
cost of ownership.
Increase Computing Efficiencies - Server consolidation
If applications running on separate computers do not utilize the computing resources
of their computers, they can be consolidated onto a smaller number of servers using
virtualization technology.
Flexibility and agility:
]You can deploy multiple operating system technologies on a single hardware
platform (i.e. Windows Server 2003, Linux, Windows 2000, etc).
Run legacy applications alongside new versions, migrate applications to new
environments, and restore systems in post-disaster scenarios.
8. Virtualization Disadvantages
Magnified physical failures - Multiple important servers running on one
physical host
Degraded performance - every piece of software behaves differently in a
virtualized environment. Applications that are quite modest as long as they run
on a physical server, but when they were virtualzed their resource requirements
are multiplied.
Lack management tools –you can only take advantage of virtualizations
advantages if you have the proper tools. Often, the tools that come with a
virtualization solution are not enough, only supporting basic system
performance management tasks.
Complex root cause analysis - A new layer of complexity is added and can
cause new problems. However, the main difficulty is that if something doesn‟t
work as it is supposed to, it can require considerable extra efforts to find the
cause of the problem.
Lack visibility and in-depth analysis of application performance and traffic
Lack integrated visibility across physical and virtualized domains
9. Virtual Terminology
Virtual Machine Host (VM Host) – Physical computer, running a „host‟
OS / Software (VMWare ESX, ESXi, etc.)
Virtual Machine (VM) – Software installation of an OS, running within
the VM Host
Virtual Switch (vSwitch) – Logical connection path between VMs
within the same VM Host. Facilitates communication between local VMs
Virtual Network Interface Card (vNIC) – Logical communication
interface for VMs, used to connected logically to a vSwitch, or to allow
for communication to the physical network via an association to a
physical NIC (pNIC)
Physical NIC (pNIC) – network-facing physical NIC over which VM
Host data enters or exits the Host
10. Types of monitoring in the Physical realm
Network Application
troubleshooting monitoring
Compliance
Firewall
reporting
monitoring
Database Intrusion Forensic
security detection analysis
18. What does a TAP in the physical realm do?
Provide a non-intrusive connection point
For analysis and security devices
To analyze you must see all of the data
A TAP delivers a copy of data to an analyzer
Insulate network
From failure of the appliance/analyzer/probe
Network under
analysis
B
A
Server Switch
Router
Firewall …
19. Network Instruments Combines Physical, Virtual Domain
Visibility
• A Virtual Tap …
•Exact copies of all
intra- and extra-host
traffic
• Enables vTraffic to be
seen in the physical
world
• Other devices now
have visibility and
access to this critical
data
20. Monitoring Multiple VM’s
VM Host 1 VM Host 2 VM Host 3 VM Host 4 VM Host 5
• Aggregate traffic from up to 8
VM Hosts per Packet Recorder
• Data mine by VM Host, VM,
application,
21. Monitoring Multiple VM‟s with Multiple Devices & Taps
VM Host 1 VM Host 2 VM Host 3 VM Host 4
n x IDS
NI Packet
22. Data Center Tool Deployment Challenges
A growing list of tools need network
access
Application monitors, security/IDS, packet
analyzers, VOIP analyzers, data
recorders, compliance auditors, content
filters, etc…
Not enough SPAN port and TAPs
Many tools require “big pipe” aggregated
view
Monitoring 10G links
23. Aggregate Many to One, Many to Many or Any to Many
Network Ports Tool Ports
Post
Pre
1Gig Link A
Filter
Filter
Multiple 1/10Gig Taps
10Gig Network
Instruments GigaStor
Post
Pre
Filter
Filter
1Gig Link B
Post
Pre
IDS / Security
Filter
Filter
1Gig Link C
Post
Pre
Compliance
GigaVUE Filter
Filter
Auditor
10Gig Link D
Aggregate network data to a convenient centralized “tool farm”
Allow multiple tools to share access to network data
Load balance tools by providing them just the data they need
No more overloading tools with non-critical data 23
24. Hardware based Data Access Switch
• Purpose built, non-blocking cross-connect hardware
switching
• Based on circuit switching, not destination address
switching
• Packet aware, aggregating and filtering
• NOT a physical layer matrix switch
• NOT software based, no OS, no CPU, no Store & Forward
• Full 100% line rate performance at all ports – even if filtering
is on
• Ultra-low 6 micro seconds latency from port to port
• Speed and media converting from ingress to egress
Bit-Mask Filtering
Any to Many Many to Any Any to Any
25. Gigamon Tool Aggregator Benefits
Extends the range and depth of your network tools‟
coverage
Eliminates contention over limited SPAN ports and
TAPs
Monitor 10G links with 1G tools
Reduces operating costs and troubleshooting time by
centralizing tools
Get the Most From Your
Network Tools
44. NI-DNA™
Three Unique Advantages
Unified Code Set
Core application connects all products
Enhancements added to all platforms
Ex. IPv6, NetFlow, VoIP, MPLS
Local and Remote Visibility
Identical functionality across segments
Lower cost of ownership
Multi-Instance
Supports multiple topologies
Including Gig, 10Gbe, Wireless a/b/g/n
OC-3/12, Fiber Channel, WAN
Supports multiple users
All done simultaneously or concurrently
Wired to wireless. Local and remote. Data and applications.
45. Capture Technology
Gen2™ Capture Card
Card internally designed card for
high-performance analysis
1 Gb
10 Gb
Performance
Fastest real-time processing available
Full-duplex, line-rate capture
Streams directly to physical system memory
Fully integrates with NI-DNA™ technology
Flexibility
Gen2 Delivers
Higher port densities – up to 8 ports on gigabit
links and 4 ports on 10 gigabit
Performance
SFP/XFP-based – switch copper and optical
Flexibility
Adaptability
Adaptability
Filtering, processing, and analysis on the card
Flash upgradeable
46. End-to-End Network Analysis
Observer Console Interface
Software
Probe
10/100/1000
Probe Appliance
WAN, Gigabit, FC, and 10 Gb
Probe Appliances
GigaStor for gigabit,
10 Gb, FC, and WAN
Gigabit, WAN, FC, and 10 Gb
Portable System
47. GigaStor™ - TiVo for your network
Retrospective Network Analysis
Intelligent Forensics
Up to 48 TB storage
Line-rate capture
Local processing and analysis
Supports Gigabit, 10Gbe, WAN and Fiberchannel
Four Models
2TB 4 Drive Unit
4TB 8 Drive Unit
8TB 16 Drive Unit
12TB 16 Drive Unit
48. GigaStor Expandable
Available in 16TB, 32TB
or 48TB SATA config‟s
Expansion capacities up to
288TB‟s using SAS Drives
Benefits
Higher performance
Investment protection
Longer recording times
49. GigaStor is Portable
First self-contained,
GigaStor Portable
portable forensics appliance
for performing retrospective
analysis
Provide back-in-time
visibility of network,
application, security events
Deploy unattended and Mobile appliance for
performing in-the-field
control like an Appliance forensics