Presentation is loading. Please wait.

Presentation is loading. Please wait.

For Monitoring, Security, Performance Shared Data Access Network (SDAN) 1 J. Scott Haugdahl Principal Engineer, Blue Cross Blue Shield Former Asst. VP.

Similar presentations


Presentation on theme: "For Monitoring, Security, Performance Shared Data Access Network (SDAN) 1 J. Scott Haugdahl Principal Engineer, Blue Cross Blue Shield Former Asst. VP."— Presentation transcript:

1 for Monitoring, Security, Performance Shared Data Access Network (SDAN) 1 J. Scott Haugdahl Principal Engineer, Blue Cross Blue Shield Former Asst. VP & Architect, US Bank Data Connectors Minneapolis, March 28 th, 2013

2  Who is US Bank (Symbol: USB)? –Part of U.S., a diversified financial services, holding company –Fifth-largest commercial bank in the U.S with over 3,000 branches –Recognized for its strong financial performance and prudent risk management, capital generation, and product quality  What is Network Application Analysis (NAA)? –Founded in 2008 as part of US Bank’s Network Planning and Engineering to adapt new thinking methods, tools, process, and collaboration in order to focus on resolving potential or chronic application performance problems –Solutions oriented, not only the lower network (i.e. infrastructure) layers –Gained a high level of visibility and credibility during pre-migration analysis to new data center –Created the Shared Data Access Network (SDAN) to support security, monitoring, and analysis tools  Why the SDAN? –The only solution able to collect and aggregate multiple streams simultaneously from several tiers in real-time to feed Application Performance Monitoring (APM), fraud detection, security, and sniffer tools The US Bank Experience 2

3 3

4 The Dark Ages 4 “Technicians had to physically unplug and move tools from one tap or SPAN port to another. That necessitated change orders and scheduling during off hours, slowing the group’s agility and flexibility to monitor effectively.” - Royal Bank of Canada

5 Is This the Best We Can Do? 5

6 Sharing SPANs Got Ugly 6 Hey, It’s MY SPAN PORT! (Referee from Gigamon) (Blade Server) (Dropped Packets)

7 Gigamon Intelligent Matrix Switching, Filtering, Aggregation, Slicing, etc. Fast Forward The Shared Data Access Network (SDAN) Collects & Sends Packets to Consumers FraudThreat AnalysisIntrusion Detection APM Sniffer Load Balancers Firewalls Mainframe Switches UCS Fabric Blade Chassis Tapped MediaMirror Ports Consumers Packet Sources Data Loss Prevention

8 SDAN Value – The Big Three 8 Collect and Aggregate Packet Flows Several streams from multiple tiers can be collected and aggregated to one or more 10 Gbps outputs, in order to monitor complex applications and save on tool ports    Filter and Preprocess Packet Flows Flows can be filtered by MAC, VLAN, IP (and sliced, de-duped, etc.) allowing focused analysis or fraud detection and significant drop in CPU demand on the tool or appliance Passively Share Packet Flows Packet stream sources (network ports) can service many consumers (tool ports) critical to protecting your customers and improving the end-user experience

9 Simplified App Mapping & Tapping 9 Load Balancer Firewalls Load Balancer Access GW Internet Routers Application “X” Internet Users Firewalls Tier 1 Tier 2 Load Balancer “X” Web Servers “X” App Servers Load Balancer Mainframe Messaging “X” DB Servers Authentication Policies “DMZ” Tier 3 Tapping above and below load balancers are great places to pick up services to monitor, isolate faults by domain, troubleshoot, optimize apps

10  Document the logical flow of the application –In complex environments, use application (not network) conceptual flow diagrams to determine the logical tap points per end-tool requirements (packet analysis, security, APM, etc.) –Different applications will have different flows and services, especially customer facing vs. internal applications  Map the logical flows and devices to physical ports –Example: Firewalls and where they attach  Tap the physical media into your SDAN network ports –These comprise the ingress or network ports  Aggregate the packet streams and send to your SDAN tool ports –Filters may be required to remove irrelevant packets  Feed the security flows to your sniffer to validate your setup –Don’t forget this important last step! Steps to a Successful SDAN Deployment 10

11 After SDAN 11

12  Tap related network points into a Gigamon 420 or TA1 and send aggregated flows to 2404/HD4/HD8 for security tool consumption -Example: Tier 1 Firewalls and Interfaces -> TA1 -> Tier 1 Firewall Aggregate -> HD8 -> IDS -Example: Nexus 2232/2248’s -> TA1 -> Server Farm Aggregate -> HD8 -> Fraud Detection -Example: Mainframe OSAs -> TA1 -> Mainframe Aggregate -> HD8 -> Data Loss Prevention  Use rules and filtering to greatly reduce load on the security appliance –Security and APM appliances do not need to waste cycles filtering irrelevant data –Reducing unnecessary intake can also increase post analysis processing performance  SPANs (and mirror ports) usefulness is diminishing, so avoid if possible –Easy to over subscribe, especially with port channel or full duplex aggregation –Eliminate the old practice of using aggregation taps and use fiber where possible –Be mindful that each tap requires two SDAN ports when operating in non-aggregation mode  Consider preserving separate send/receive full duplex tap ports all the way through to your tools for certain data center or branch WAN connections –Preserving full duplex tapped router connections helps to preserve incoming vs. outgoing  Copy your security flows to permanent sniffers for post mortem analysis –Data mine stored packet flows for deep dive forensics analysis Some SDAN Security Tool Best Practices 12

13 Not Best Practices! 13

14 Thank You! 14


Download ppt "For Monitoring, Security, Performance Shared Data Access Network (SDAN) 1 J. Scott Haugdahl Principal Engineer, Blue Cross Blue Shield Former Asst. VP."

Similar presentations


Ads by Google