The Power of Cluster Computing for Network Monitoring &

Cyber Security

KNOW THE UNKNOWN®

WHITE PAPER

2 The Power of Cluster Computing for Network Monitoring & Cyber Security

IntroductionData centers have become increasingly complex. The cost of ownership for a wide array of equipment, heating and cooling costs, real estate, adding hardware and technology to suit ever increasing data needs are monumental tasks for any IT department and large organization. CISOs and CFOs alike are faced with the “vendor lock” problem when newer or better technology becomes available, as the cost of a “rip and replace” is too prohibitive and incurs unwanted downtime with expense.

Further, performing the critical functions of monitoring and securing the network amongst many pieces of equipment and vendors (firewalls, routers, servers, load balancers, content inspection, NGFW, etc.) can create headaches now that were not foreseen a few years ago, as new disruptive technologies enter the picture. To alleviate some of these pains, NIKSUN is offering best-in-class, next-generation cluster technology to ease the burden on IT costs and allow organizations to scale gracefully and with ease.

Today’s data centers require a new paradigm for network and security monitoring, one that grows with you and your business, with no downtime and with minimal transition costs. NIKSUN’s new cluster solution offers the highest technological advances to its already award-winning technology, allowing an “add as you need” system that lets you acquire additional scale in monitoring speeds, storage, and processing power when you need it, instead of paying for huge excess capacity to meet anticipated future needs, which can be very tricky to project.

What about the Cloud?

Many companies and organizations are moving or plan to move to the cloud. For some companies, this transition has already taken place to a large degree, except for some services which CIOs and CSOs believe may be better suited to remain on premises for strategic or other reasons. When we consider the number of companies that have moved 100% of their services to the cloud, the percentages are quite low. Many of these companies are seeking to gain the benefits of the cloud and virtualization, such as scalability, cost of operation, and energy use, but are not ready or able to complete a full cloud adoption strategy. NIKSUN’s new cluster solution can also fill this gap by offering the market place a simple, yet powerful solution that can scale, meet stringent reliability requirements, and provide very low cost of ownership. Augmented by NIKSUN’s cloud and virtualization offerings, complete coverage of your infrastructure can remain continuous as you transition.

NIKSUN’s Cluster Solution provides a new paradigm for network and security

monitoring, one that

grows with you and

your business, with no downtime and minimal

transition costs.

3 The Power of Cluster Computing for Network Monitoring & Cyber Security

Whether your IT or Network Service deployment resides in the cloud or on-premise, the requirement for visibility is not just a nice-to-have, but is now critical because of the increased emphasis on customer and user quality of experience, amidst the growth and sophistication of cyber security threats.

NIKSUN Cluster Solution Scales with Your Business

The NIKSUN Cluster Solution is the most technologically advanced platform for delivering cyber security, network and application performance monitoring, and compliance monitoring in the industry, across all major market verticals.

Scalability is one of the most important requirements for an organization in managing operational efficiency and to support the growth in subscribers, users, applications, remote locations and new services. All studies around big data show the growth to be occurring at an exponential rate. A fundamental question in the purchasing process is: How much capacity do I buy today? If the choice is made to purchase capacity to handle the needs for the next several years, what do I do with all that unused capacity I will have in the first few years? If, for example, your networks are operating at 1 to 6 Gbps rates now, and you know that you will require greater than 30 Gbps in a couple of years, you may decide to purchase that extra bandwidth now, to avoid the matter in the future. Or, you can adopt the NIKSUN cluster solution and “right fit” the solution to meet the current monitoring demands, easily scaling when needed.

With NIKSUN’s new Cluster Solution, organizations can purchase the capacity they need and simply add capacity as their needs increase in a modular plug-and-play architecture with predictable impact to CAPEX as well as OPEX.

Figure 1 --------------------------------------------------- NIKSUN’s cloud and virtualization offerings, complete coverage of your infrastructure and can remain continuous as you transition.

4 The Power of Cluster Computing for Network Monitoring & Cyber Security

The NIKSUN Cluster Solution consists of a Management and Operations Server and one or more High Performance Analytic Servers, both seamlessly integrated to form one logical cyber security and general purpose network monitoring system. From the operator perspective, the customer uses and sees the system like all other NIKSUN products, using the newly released HTML5-based NikOS Everest UI. Both the management and analytic servers are directly connected via a tightly coupled, integrated, private network, and maintain a strong security profile across the networked components certified to meet stringent military specifications. The installation is fast and easy as either minimal or no special firewall configuration or network changes are required to implement.

Multiple clustered monitoring systems can be deployed at strategic places in the network and orchestrated together using NIKSUN’s NetOmni to deliver a centralized management and operational console, without the need for multi-tiered, un-scalable architectures that include a packet or data broker. The cluster processes all the data locally and makes it available simultaneously with no raw data forwarding or reprocessing for user queries. This is another area where the NIKSUN technology separates itself from the competition, as other solutions that cannot index while receiving raw data, do not scale when responding to queries.

Figure 2 --------------------------------------------------- NIKSUN Cluster Solution consists of a Management and Operations Server and one or more high performance Analytic Servers.

Figure 3 --------------------------------------------------- NIKSUN NetOmni delivers a centralized management and operational console.

5 The Power of Cluster Computing for Network Monitoring & Cyber Security

High Performance Analytic Processing Server

Much of the heavy lifting in the NIKSUN cluster is done by the Analytic Servers. The Analytic Servers perform high speed packet capture, real time indexing, metadata generation, and store both the packets and meta data in a locally contained super high performance database, called NIKSUN Knowledge Warehouse (NKW).

Each one of these servers runs its own instances of the NIKSUN Operating System, referred to as NIKOS, and includes one or more of NIKSUN’s custom designed FALCON capture interface cards, with a large disk subsystem used to maintain the NKW. The NKW is highly scalable and can be as small as a few Terabytes and scale up to hundreds of Terabytes using various RAID options, per individual server.

The form factor and processing capacity of each Analytic Server can vary in the number of cores, RAM, storage and footprint as measured by Rack Units (1RU to 4RU). Although the mixing of different Analytic Server models is supported by the architecture, the standard offering uses a common model for each.

Data ingested by the Analytic Server can be network packet traffic and/or Flow traffic, with support for various versions of NetFlow, SFlow, and JFlow.

Information or raw data from an Analytic Server is accessed using a specialized query interface that reads from the NKW and forwards the results to the requester, which within the cluster framework is the System Management and Data Correlation Server. There are also configuration management APIs that are used internally to configure the operation of the Analytic Server, such as recording filters, data retention policies, meta-data generation, and special purpose data processing directed from the System Management Server.

A single cluster system can contain up to 8 Analytic Servers, allowing for wide range scale expansion, when transitioning from a small deployment to a very high-end system, as network bandwidth utilization and/or network traffic complexity increases. NIKSUN chooses to maintain ownership of each component of its fielded platforms from hardware through to UI, fielding superior flexibility and results like the cluster, or as small as a hand-held portable, or through 100 Gbps+ with the same user experience and data types that can be correlated and reported upon.

System Management and Data Correlation Server

The System Management and Data Correction Server does the job of cluster management, querying data from the Analytic Servers, and correlating and aggregating results. It also provides the primary interface to the external management network for user and machine access.

The reliability and integrity of the cluster is fostered by the System Management Server, as it performs continuous health and status fault monitoring and reporting of core components such as storage, processing, network, and critical processes. Status is reported to the NetOmni central management console or to an external network management system, via several means including syslog, SNMP, CEF, and email.

6 The Power of Cluster Computing for Network Monitoring & Cyber Security

NIKSUN’s latest generation NikOS Everest software,which features a complete redesigned HTML5 based User Interface, comes embedded in the cluster with UI services residing in the Management Server. The beauty is that this is all transparent to the user; access to the cluster is the same as access to a regular NIKSUN physical or virtual server.

Integrated Load Balancing with Dynamic Failover Switching

Another key design element of cluster is integrated load balancing. There is no need to deploy and maintain a separate “box” to balance the load across the Analytic Servers. The system takes in a single ingress feed and load distributes using one of several supported balancing algorithms. When new Analytic Servers are connected, the system automatically detects and adds the servers to the system.

Summary

By choosing the NIKSUN Cluster solution, you can enjoy the immediate benefits of a “network blackbox” providing you the ability to rewind time, investigating and discovering security or infrastructure events. All this with the assurance that additional capability is economically grown as the business grows, using even measurements from the product itself to trend and see what capacity should be added for the near or distant future.

NIKSUN, the inventors of “packet-to-disk recording” has provided its customers solid, secure, and innovative technology as well as superior customer support to enable them to get on with running their own business, safe and secure. While many vendors in this space have grown and accumulated products via acquisition, NIKSUN has been in this space for a solid twenty years, continuously developing and perfecting its technology. NIKSUN’s mission has always been to stay ahead of current data trends and protect organizations’ critical infrastructure from today’s threats as well as future threats that are yet ‘unknown’. An investment in NIKSUN technology is an assurance that your networks and your organization will be protected with the latest revolutionary technology, with a past to back that up, and a future that will be around for many decades to come.

Figure 4 --------------------------------------------------- NIKSUN NikOS Everest - Global View Report

NIKSUN Corporate Headquarters

457 North Harrison StreetPrinceton, NJ 08540

t: +1.609.936.9999toll free: +1.888.504.3336

f: +1.609.419.4260info@niksun.com

Massachusetts8 Faneuil Hall Marketplace

3rd FloorBoston, Massachusetts 02109

IndiaVatika Business Centre

Vatika Business ParkBlock Two, 1st Floor

Sector 49, Sohna RoadGurgaon 122018, Haryana

t: +91.124.441.6999

JapanLevel 7, Wakamatsu Building 3-3-6

Nihonbashi Honcho, Chuo-kuTokyo 103-0023 Japan

sales_japan@niksun.com

Europesales_europe@niksun.com

Canadasales_canada@niksun.com

Caribbean & Latin Americasales_cala@niksun.com

Middle Eastsales_middle_east@niksun.com

APACsales_apac@niksun.com

About NIKSUN: NIKSUN is the recognized worldwide leader in making the Unknown Known. The company develops a highly scalable array of real time and forensics-based cybersecurity and network performance management solutions for government & intelligence agencies, service providers, financial services companies, and large enterprises such as retailers and manufacturers. NIKSUN’s award-winning appliances deliver unprecedented flexibility and packet capture power. The company’s patented real-time analysis and recording technology is the industry’s most comprehensive solution for secure and reliable network infrastructure and services. NIKSUN, headquartered in Princeton, New Jersey, has sales offices and distributors throughout the US, Europe, the Mid East and Asia-Pacific.

NIKSUN, NetDetector, NetVCR, NetOmni, Supreme Eagle and other NIKSUN marks are either registered trademarks or trademarks of NIKSUN, Inc. in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. For more information, including a complete list of NIKSUN marks, visit NIKSUN’s website at www.niksun.com. Copyright© 2016 NIKSUN, Inc. All rights reserved. NK-WP-ClusterSol_1216