October 11, 2007

A time machine for your network

Network Instruments' GigaStor appliance combines complete traffic capture, deep analysis, and even session playback, making an effective if expensive tool for solving network performance and security problems

When it comes time to dissect a network problem, whether the problem is related to security or performance, a deep look into all the network activity surrounding the incident can be critical to resolving the issue. An intrusion detection system, with its rules for capturing problematic network events, can be of some help, but for real problem diagnosis or forensics, you need more. Network Instruments' GigaStor is designed to meet that need with full traffic capture that extends backward to hours or days. This "keep it all" capability makes the GigaStor a valuable addition to any network for which high performance, security, or regulatory compliance are critical issues. When you need to investigate a network slowdown, a security breach, or anything else that happened on your network, if you know when it happened, then GigaStor can take you there.

 


Click for larger view.
GigaStor is, essentially, a large box of great storage capacity (from 4TB to 48TB) with high-speed network interfaces on the outside and the capability to rapidly move data between NIC and disk within. I tested a "small" version of the GigaStor, with 8TB of storage, four Gigabit Interface Converters, and three 10/100/1000Base-T interfaces, and the IO necessary to reach the device, all packaged in a 6U box. All the hardware would be much less useful without software to analyze the data gathered, and Network Instruments does not disappoint: GigaStor includes the company's Observer software (version 12 in this case), which serves as your window into the GigaStor's stored information. In addition to providing analysis from GigaStor, Observer can gather data from multiple GigaStor appliances and perform correlated analysis across all the instances. Network Instruments recommended that we run Observer on a Windows XP or Windows Server 2003 system, with a minimum 2GHz processor and at least 2GB RAM. Our test platform met or exceeded all the recommended specifications.

 

Interestingly, Observer isn't the only piece of the GigaStor solution that runs on Windows. Whereas most network and security appliances use Linux as the embedded OS, the GigaStor sits on Windows XP 64. When I asked why Network Instruments chose Windows XP 64 as the platform, I was told that it had to do with their developers' experience -- an absolutely valid reason for reaching a decision. In our testing, we had no issues with the device, no concerns about performance, and no problems with the operating system. I give you this information because it's unusual -- not because it was a problem.

The roughest part of installing the GigaStor was picking up the box to install in the rack. After the hard disks were installed in the chassis and various cables plugged in, I moved straight to software setup. I began by discovering the network devices. For the GigaStor system this is a passive activity performed by listening to network traffic, not scanning ports. This is a good thing if you aren't the Tripwire jockey for your network. After I built an accurate description of our test network, I began to set up filters for the activities and the criteria I wanted to set for alarms. The Observer software allows you to include or exclude traffic based on packet type, addresses, address pairs, traffic level, behavioral rules, and most other factors that can reasonably be considered for this kind of task.

Remember that time at 23:49?

Test Center Scorecard
20%20%20%15%15%10%
Network Instruments GigaStor899988
8.6
Very Good
Close

On Twitter now

Network monitoring and management

Powered by Twitter
additional resources
White Paper - How to Improve Delivery of Advanced Web Applications

White Paper

Virtual Workforce: The Key to Expanding The Business While Cutting Costs

Get the independent advice and expertise you need to support a virtual workforce.

Go inside:
The three-step approach to making a virtual workforce a reality.
The four flavors of client virtualization technologies.
The three key initiatives that solve IT challenges.
Download now »
White Paper: Successfully Secure Your Wireless LAN With Wi-Fi firewalls.

White Paper

Addressing Linux Threats Leveraging Fewer Resources

The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.

Download now »
White Paper - The 2009 Handbook of Application Delivery

White Paper

The 2009 Handbook of Application Delivery

Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.

Download now »
White Paper - Is Your Backup System Outdated?

White Paper

Mid-range Storage Considerations

A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.

Download now »

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

©1994-2010 Infoworld, Inc.