Intelligent Access And Monitoring Architecture
II
Customer First!Net Optics works tirelessly to ensure our
customers’ and partners’ success and positive
business performance with industry-
leading service and support. Our skilled
Customer Service Representatives assist with
solution and product needs, while Technical
Support routinely works with customers
to review their objectives and architecture,
and to recommend solutions that answer
challenges and reflect technical progress.
InnovationOur Engineering team delivers innovative,
high-quality solutions that reflect leading
reliability, availability and cost efficiency.
Net Optics’ versatile designs enable smooth
implementation and consistent performance
in a compact, scalable footprint, saving space
and cost. Custom design and rapid turnaround,
plus compatibility with all major networking,
management, and security standards ensure a
fast, reliable, and secure network.
LeadershipFor more than 16 years, Net Optics
has helped customers derive optimal
value, functionality, and ROI from their
networking investments. Our solutions
help network IT and security professionals
gain 24/7 total visibility, insight, control and
non-intrusive access. Net Optics solutions
reduce CAPEX and OPEX with best-in-class
products at the lowest price per port.
It’s no wonder that the world’s largest
organizations rely on us.
2
Your Growing Network Challenges Network professionals face growing pressures in today’s rapidly changing
environment. Foremost are the needs to monitor fast-growing numbers of
links, to achieve 100 percent visibility, and to keep pace with industry-wide
migration toward 10G, 40G and 100G networks. Demanding applications
such as lawful interception (LI) and cloud computing put added pressure
on monitoring capabilities.
Customers are working to increase connectivity options, streamline
management tasks, and improve device uptime while protecting legacy
investments. For them, we deliver intelligent, scalable, high-performance
solutions that are simple to deploy, manage, and that provide a
cost-effective future path.
Net Optics Responds With Powerful, Intelligent SolutionsNet Optics leads the next wave of progress with a growing family of
best-in-class solutions that help you access and monitor all traffic at all
times and maintain a healthy, secure, and efficient network. We deliver
comprehensive visibility— even in areas you never thought you could access.
Our products reflect deep customer insight plus proven technology expertise
encompassing monitoring, control, and access for a total, integrated
approach to meeting your monitoring and security needs.
Monitoring Solutions 5Spyke 7appTap 8
Control Solutions 9Director xStream Pro 11Director xStream 12Director Pro and Director 13xBalancer 14xFilter 15iLink Agg and xStream 16
Virtualization Solutions 17Phantom Virtualization Tap 19Phantom HD 20
Passive Access Solutions 21Network Taps 23Flex Tap 24iBypass HD 25Bypass Switches 26Regeneration Taps 27iTap Port Aggregators 28
Management Solution 29Indigo Pro 30
3
• Security• Performance• Management
Application Layer
Network Layer• Core• Remote• Virtual
• Monitor• Control• Access
Access Layer
Converged Data CenterDistribution
Core
Access
Phantom Monitor™
vm 1 vm 2 vm 3
V SwitchHypervisor
Intelligent Access and Monitoring ArchitectureNet Optics’ innovative architecture delivers end-
to-end network visibility, insight and control to
achieve peak performance and run a well managed
IT network. We optimize reliability by indicating
whether any part of your implementation—router,
switch, server, or database—is working or not. In the
event of failure, you have an accurate picture of your
topology, while alerting functions can be configured
to save time. Robust resources let you plan, scale
and future-proof the network through a simplified
interface. We deliver uncompromising security
while streamlining implementation and controlling
costs, incorporating such advances as Deep Packet
Inspection, Dynamic Load Balancing, Low Latency
Switching—and much more.
4
Superior Performance and Fast Troubleshooting Enhance performance while averting downtime
with deep insight into capacity utilization,
and network and application issues. Smooth
scalability lets you plan for additional growth to
maintain service levels. Monitoring saves network
administration time and cost, letting you track
trends while improving the bottom line.
Best-In-Class Data Monitoring SolutionsDirect, aggregate, regenerate, and filter
high-density networks and volume traffic
scaling to 40 Gigabits. Gain exceptional
network productivity and value with
versatile, scalable solutions that deliver
true dynamic load balancing and the
highest port density on the market.
Control Access
Plug-and-Play Visibility Without Points of FailureExpand your visibility to 100 percent with
groundbreaking Tap technology, completely
passive and simple to deploy. Plus, advanced
bypass switching solutions support network
security with innovative features such as
a “Heartbeat” packet, small footprint, low
power consumption, and enterprise-class
device management.
Monitor
5
From the moment you connect, Net Optics solutions give you
unprecedented, continuous, 100 percent visibility of your network
traffic and applications. Now your IT engineers can drill down
quickly from high-level metrics to granular details using true
application-specific insights and timely root-cause analysis to
detect, diagnose and resolve network problems.
Spyke delivers powerful application intelligence for smaller and
medium-size businesses, uniting Performance Management with
Intelligent Access to forge a total network monitoring and access
architecture. Spyke’s visibility enables quick problem detection,
isolation, diagnosis and resolution.
appTap is the industry’s first integrated solution to combine
network tapping capabilities with network and application
monitoring. appTap’s ease of use lets you monitor remote sites in
the most cost-effective way, consistent with your budget and the
expertise of your staff. appTap lets you analyze network traffic and
application activity—plus monitor VoIP call quality, and perform
capacity planning and trend analysis.
Application Aware Monitoring SolutionsFor Total Visibility
Workstations
Data Center
Remote Branch 01
Remote Branch 02
Remote Branch 03
IP Phones
appTap™
Switch
Router with Firewall
Workstations IP Phones
appTap™
Switch
Router with Firewall
Workstations IP Phones
appTap™
Switch
Router with Firewall
Remote Access via Web Based Interface
Workstations Servers
IP Phones
Switch Switch
iTap iTap
Spyke
LAN/WAN
thruput: 47MbpsUtil: 78%
3 41 2
Monitor
MGMTConsole
www.netoptics.com
ESC
ENTER HDD
PWR
Net OpticsappTap
Net OpticsappTap
Net OpticsappTap
6
Small businesses and remote sites need to monitor
on a limited budget that doesn’t always allow for
on-site engineers. Net Optics enables plug-and-play
total visibility of remote network performance for
faster troubleshooting and problem resolution. We
offer advanced capabilities such as VoIP monitoring,
NetFlow capture and analysis, packet capture of
headers and content, powerful filtering, and accurate
capacity planning to improve efficiency and uptime,
reduce TCO and raise ROI—all on an affordable budget.
Remote Location Monitoring
The right Application Performance Management
(APM) solution lets you realize the true power and
value of real-time visibility. Now your IT operations
can deliver superior, reliable performance for users.
Our sophisticated APM capabilities include high-
speed data center traffic capture, VoIP monitoring,
capacity planning, expert analysis of network
activity, scalability, robust filtering, and more—
fully meeting the challenges of managing today’s
multi-gigabit environments.
Application Performance Monitoring
Workstations
Data Center
Remote Branch 01
Remote Branch 02
Remote Branch 03
IP Phones
appTap™
Switch
Router with Firewall
Workstations IP Phones
appTap™
Switch
Router with Firewall
Workstations IP Phones
appTap™
Switch
Router with Firewall
Remote Access via Web Based Interface
Workstations Servers
IP Phones
Switch Switch
iTap iTap
Spyke
LAN/WAN
thruput: 47MbpsUtil: 78%
3 41 2
Monitor
MGMTConsole
www.netoptics.com
ESC
ENTER HDD
PWR
Net OpticsappTap
Net OpticsappTap
Net OpticsappTap
7
Net Optics Spyke™ is an integrated application and network monitoring solution designed specifically for
small to mid-sized businesses. Spyke can be used to affordably capture and analyze network traffic, analyze
application activity, and monitor VoIP calls. Plus, Spyke consolidates all inputs onto a single pane of glass for
visibility, accurate diagnosis, and quick resolution.
Spyke helps ensure availability of networks and application performance. It captures and stores the data
needed to diagnose problems, including slow or underperforming applications, oversubscribed resources,
misconfigured DNS or proxy servers, and choppy VoIP connections. Now, network teams can go all the way
from the high-level key performance indicators (KPIs) to detailed application metrics and data packets. Spyke
helps enable early problem detection and ensure business continuity.
SpykeIntegrated Performance Monitoring
Features
Automatic identification of common applications with Deep Packet Inspection (DPI)
Reveals network usage, latency and bandwidth consumption
VoIP SIP/RTP correlation and individual VoIP call detail, jitter level, and MOS score
Continuous and ad-hoc packet capture with filter support for selective data capture
Flow monitoring with flow bounce diagrams
Expandable storage capacity
Generate and export NetFlow data to multiple destinations, integrating with third-party solutions
Capacity planning tools
Benefits
Ensures early detection of, and response to, developing issues
Streamlines problem isolation and problem diagnosis
Reduces the need to rely on highly skilled engineers
Secure access with multi-user and access level support
Easy to use, Web-based interface
Installs in minutes with plug-and-play simplicity
Monitoring
8
Net Optics appTap™ is another integrated network monitoring solution designed for distributed sites and
small offices. appTap affordably captures and analyzes network traffic, analyzes application activity, and
monitors VoIP calls. appTap not only monitors multiple sites and devices, it consolidates all inputs onto one
interface for visibility, accurate diagnosis, and quick resolution. Easy to install with the built-in Tap, you can be
up and running in minutes.
appTap helps network operations and engineering teams monitor and ensure availability of remote
networks and application performance. Now you can diagnose problems such as oversubscribed resources,
misconfigured DNS or proxy servers, irregular VoIP connections, and slow or underperforming applications.
Field network engineers can use a single
integrated solution to find and solve problems
“on the go”—supporting network availability
and improving efficiency. appTap also helps with
capacity planning and trend analysis, enabling
early problem detection and ensuring business
continuity. The embedded storage allows you to
view network performance over time and perform
trend analysis.
appTapPlug-and-Play Network Monitoring for Remote Sites
Features
Reveals network usage, latency and bandwidth consumption
Automatic identification of common applications and instant messaging tools
VoIP SIP/RTP correlation and individual VoIP call detail
Continuous and ad-hoc packet capture with filter support for selective data capture
Built-in reports on Top Talkers, Application Distribution, Conversations, Network Volume, Bandwidth Use, Latency, VoIP use, and many more
Threshold based alerts
Real-time and historical data view
Capacity planning tools
Benefits
Reveals network usage, latency and bandwidth consumption
Ensures early detection of, and response to, developing issues
Streamlines problem isolation and problem diagnosis
Reduces the need to rely on highly skilled engineers
Secure access with multi-user and access level support
Easy to use, Web-based interface
Installs in minutes with plug-and-play simplicity
Monitoring
9
ControlIntelligent Monitoring Architecture
As the pace of global economic activity accelerates, a comprehensive,
intelligent monitoring architecture is the key to a company’s
agility, productivity and competitive success. Now, the need for
management control is universal. Net Optics offers iLink Agg™,
a true, managed 1G link aggregator delivering total visibility—
including malformed packets—allowing you to see more links
in the network, as well as perform port mapping. With unrivaled
flexibility for attaching tools, iLink Agg regenerates aggregated traffic
to multiple monitoring tools to prevent conflicts between groups
needing data access. Any Span network port or monitor port can
serve as input, output—or both. iLink Agg’s versatile new web-based
interface lets you view vital data instantly. With 24 ports in a 1U form-
factor, iLink Agg is the industry’s highest port density 1 Gigabit link
aggregator.
The Director™ Data Monitoring Switch family of smart filtering
appliances directs traffic of interest to monitoring tools in order to
relieve oversubscription, leverage tool investment across groups, and
centralize monitoring in the NOC. If you need more ports, up to 10
Directors can be daisy-chained together to act as a single logical unit
with up to 380 ports and total throughput of 740Gbps.
xBalancer™ is Net Optics’ innovative, purpose-built solution for
load-balancing, offering linear scalability and superior cost-
effectiveness. xBalancer enables replication of existing tools,
with traffic load-balanced so that tools operate in parallel. Linear
scalability lets two tools perform twice the work; three tools, three
times the work, and so forth. xBalancer performs flow-coherent
inline load balancing with symmetric forwarding—ensuring that
both directions of conversation flows are always put through the
same tool. The robust xBalancer provides 4,000 layer 2-4 filters,
and enables flexible traffic of interest selection.
10
Net Optics tackles the problem of over-subscribed
monitoring tools by enabling those tools to
handle more traffic, more links, and more
protocols. A flexible Smart Filtering 10G solution,
Director xStream™ utilizes TapFlow™ filtering
technology to send each tool only the traffic of
interest—by protocol type—for its particular
purpose. The TapFlow’s hardware filtering engine
processes traffic at full 10 Gbps line speeds, enabling
you to filter traffic by protocols, IP addresses, TCP/
UDP ports, VLANs, and more. Director xStream, with
its streamlined filtering capabilities, is a key resource
for improved network visibility and security threat
management across the entire network.
If oversubscription due to skyrocketing traffic
and high-speed links is pressuring your tools
to drop packets and miss messages, Net Optics
offers unrivaled options. Static Load Balancing
splits traffic to let multiple tools work on
different parts of it. When 10G traffic exceeds
1G tool capacity, you can filter and send packets
with odd IP source addresses to one 1G tool
and even addresses to another—or use other
differentiators. xBalancer distributes flow-
coherent traffic to multiple monitoring tools
working in parallel, along with Deep Packet
Inspection (DPI) and filtering capabilities.
A Link Aggregator accepts multiple network
segments and aggregates all the traffic to 1 to 24
monitoring devices (depending on the model).
Link Aggregators allow the monitoring of multiple
network segments with one or several monitoring
appliances. One big advantage of this solution
is that the connected monitoring system only
needs one NIC to monitor all 12 connections at the
same time. iLink Agg xStream™ enables greater
accuracy, easier management and higher usability.
Traffic aggregated from different links can look
like a single, indistinguishable data stream to your
monitoring tools. By tagging each packet with the
port it arrived on, a tool simply looks at the tag and
sorts it out into separate streams.
Filter Load Balance Aggregate
10Gbps 10Gbps
Forensic
IDS Analyzer 1
DIrector xStream
Analyzer 2
Forensic Forensic
10Gbps 10Gbps
ForensicForensic
xBalancer
Forensic IDS
1 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps
Analyzer
iLink Agg xStream
11
Purpose-built for high-performance networks, Director xStream™ is a versatile 10 Gigabit monitoring
access solution. Master your monitoring tasks from a central location with regeneration, aggregation,
and smart filtering in a single unit, so you can monitor more network links than ever before.
Director xStream relieves overburdened equipment by filtering packets and shuttling traffic swiftly
to the optimal device. Even at 100 percent utilization, Director xStream passes all traffic and fully
leverages monitoring tools. Director xStream’s cut-through architecture provides an ultra-low
600 nanoseconds of latency. Even more important is jitter. Director xStream’s ultra-low jitter of
50 nanoseconds for all packet sizes is orders of magnitude less than that of switches which use a
traditional store-and-forward architecture.
Features
10G speed, with 1G flexibility and automatic data rate conversion
Many-to-many port mapping
Connects to Span ports and external Taps
Spreads the load to multiple tools with static load balancing
10 Gigabit aggregation, regeneration, matrix switching, and smart filtering
Up to 4,000 filter elements per chassis
Port Tagging
Port VLAN tag management
RMON statistics and extensive statistics covering network traffic, utilization and protocol distribution
Twenty-four 10 Gigabit SFP+ ports in 1U
Benefits
Improves network visibility and threat management
Centralizes monitoring to lower operating costs
Leverages 1G and 10G monitoring tool investments
Improves 10G network visibility and security threat management
Relieves oversubscribed tools by filtering
Compatible with monitoring tools, firewalls, and intrusion detection systems from all major manufacturers
Director xStreamExtremely Flexible Performance With Accelerated 10G Architecture
9600
6400
3400
1518
64
Latency
Packet sizein bytes
0.µs
2.µs
4.µs
12.µs
10.µs
8.µs
4.0µs 8.0µs 12.0µs 16.0µs
9600
6400
3400
1518
64 0.6.µs
0.6.µs
0.6.µs
0.6.µs
0.6.µs
0.µs 4.0µs 8.0µs 12.0µs 16.0µs
Ultra-low latency
Packet sizein bytes
Cut-Through Architecture Store-and-Forward
Control
12
Control
This robust, high-performance solution helps meet the demands
of 10G network deployments with their spiraling growth in link
numbers and sophistication. Director xStream Pro™ delivers
Dynamic Load Balancing and Deep Packet Inspection, plus
detailed timestamping and other new features for versatility
and ease of use.
Director xStream Pro combines high speed and port count
of Director xStream with advanced capabilities. Stackable,
with hot-swappable, redundant power supplies, it performs
aggregation, regeneration, switching, and L2-L4 filtering. It
offers 24 SFP+ 10G/1G ports in a 2U form factor. Switching flexibility enables traffic from any port to be
directed to any port. Traffic from any or all ports can be aggregated into a single stream, with each stream
regenerated to any or all ports. Any port can be used as network (Span) inputs or monitor outputs.
IDS Analyzer 1
IDSAnalyzer 2Load Balance Group
Forensic
Forensic
Forensic
Forensic
Director xStream Pro
10Gbps 10Gbps 1 Gbps 10 Gbps 10 Gbps PortAggregator
HTTPUDPDHCPFTP
Management
Director xStream ProMore Power, Less Energy, Maximum Performance, Minimum Latency—24x10g Monitoring Access 24/7
Features
True Timestamping™ using NTP, PTP, and GPS clock
Dynamic load balancing based on traffic flows
Deep packet inspection (DPI)
Latency measurement with nanosecond accuracy
Aggregation, regeneration, switching, and L2-L4 filtering
Real-time, per-second ProPush™ network analytics with GUI
RADIUS and TACACS+ authentication and authorization
Benefits
More stacking options by star and mesh topology to increase inter-unit bandwidth
ProPush analytics enable microburst detection to maintain availability
Graphical User Interface (GUI) lowers the learning curve
Basic Indigo Pro integration simplifies manageability
Cut-through architecture provides low latency
Command Line Interface is available to ease system configuration
Port-locking to user accounts enhances security
13
Director Pro™ advances the Director family by adding Layer 7 filtering through DPI and
failover-protected Dynamic Load Balancing for mission-critical services. Director Pro Network
Controller Switch aggregates, regenerates, switches, filters and
load balances traffic—to make monitoring more accurate and
convenient than ever. Director Pro optimizes the deployment of an
intelligent, flexible and efficient network access platform for 1G and
10G networks. An enriched Web GUI lets you control and accomplish
more tasks in a shorter time.
Net Optics Director™ helps you hold down operating expenses and
simplify tasks; cost-efficient switching, comprehensive filtering, and
centralized management features handle such challenges as threat
protection and high-speed inline analysis. Tool-sharing leverages
your investments across groups. Plus, even non-expert users
can easily monitor and configure filters and port maps using the
convenient GUI.
Switch
HTTPUDPDHCPFTP
Switch
Switch
Switch
RouterSwitch
Switch10Gbps
Director Pro
Analyzer 2 Analyzer 1
RMON 1 RMON 2
IDS
ForensicManagement
Director Pro and DirectorAdvanced Management, Control And Access To Critical Data
Features
Dynamic load balancing, tapping, link aggregation, stream regeneration, matrix switching, and smart filtering—in a single device
Layer 7 filtering through Deep Packet Inspection (DPI)
Virtual Zero Delay Technology
Industry’s highest port density
High-speed 10 and 1 Gigabit ports
Stack two Director Pro chassis for increased capacity
TapFlow™ multi-layer filtering engine
Up to 2,000 filter elements per chassis
Filter tagging
ProPush™ traffic statistics for microburst detection
Enterprise management via CLI, Web UI, SNMP, Syslog and Indigo Pro
Benefits
Leverages existing monitoring tool investments
Improves network visibility and security threat management
Relieves oversubscribed tools
Centralizes monitoring
Control
14
xBalancer™ is the first monitoring load balancer designed specifically for distributing network traffic among
inline monitoring appliances. This innovative device solves oversubscribed IPSs, firewalls, Web accelerators,
and other inline appliances by enabling two or more appliances to be deployed in parallel with traffic
balanced between them. A pool of inline appliances can be shared across multiple independent network links.
With 24 SFP+ 10G ports in a 1U form-factor, xBalancer supports four inline appliances balanced across eight
independent links—or other configurations,
such as two independent modules, with each
module balancing four appliances across two
links; or as six modules, with each balancing
two tools across one link. Heartbeat packets
monitor attached appliances and reallocate
traffic in the event of unavailability. The
solution supports 10Gbps fiber and 1Gbps
fiber and copper.
Features
Distributes traffic dynamically across inline appliances
Twenty-four SFP+ 10G ports in 1U high 19-inch rack space
480Gbps backplane
Flow-coherent traffic distribution
Supports inline and out-of-band tool sharing
Independent network links can share the same pool of IPSs
Heartbeat packets monitor IPS health
Benefits
Load balance 10G traffic to 1G and 10G tools
Multiplies inline processing capacity for 10G networks
Increases tool ROI through higher utilization
Improves network uptime by bypassing IPS failures
Flexible deployment for both 10G and 1G
Network Switch Cluster Network Switch Cluster
xBalancerAutomated Balancing Act At 240 Gbps
Control
15
xFilter performs high-throughput monitoring of data center traffic, reducing complex, sophisticated
traffic from Taps or other sources to simple data streams. In a single device, it performs packet
management, tunnel decapsulation, and network management . xFilter first terminates traffic
which has been encapsulated by various protocols and strips headers such as MPLS, GRE and other
technologies. Because many
tools are unable to handle that
complex traffic, xFilter decapsulates
the traffic and reassembles the
fragmented packets. It then feeds
this simplified traffic into a
Net Optics xBalancer™ or one of
the Net Optics Director™ family for
aggregation and quick switching
to instrumentation layer tools.
These tools can then perform
their inspection and monitoring
functions unimpeded.
Features
Delivers high throughput and port density (up to 12 10G ports)
Decapsulates tunneled traffic at 10 Gbps per port
Performs packet forwarding to an egress port or VLAN
Strips MPLS labels, VN-Tags, VX-LAN and Cisco FabricPath Headers
Carries out VLAN tagging and VLAN swaps
Performs packet filtering
Benefits
Simplifies complex tunneled traffic for effective, accurate monitoring
Improves network visibility and security
Maximizes threat management in monitored environments
Reduces packet payload overhead before it reaches instrumentation layer tools
Controls access according to defined criteria
Easily integrates with Net Optics Director family and xBalancer
xFilter Advanced Packet Broker Appliance for High-Throughput Decapsulation
Control
Phantom Monitor™
vm 1 vm 2 vm 3
V Switch
Hypervisor
Encapsulate
Director xStream™
IDS Analyzer 02ForensicsAnalyzer 01
xFilter™
xFilter™Packet Manipulation
Encapsulated Tra�c
Encapsulated Tra�c
Stripped Tra�c
VN-Tag /MPLS/FabricPath Tra�c
xFilter™(Remote Site)
LAN/WAN
Decapsulated Tra�c
Phantom™ Virtualization Tap(Data Center)
Decapsulate
16
iLink Agg™ family of products is an intelligent solution for aggregation, regeneration and matrix switching
that provides efficient, line-speed, passive monitoring access to 1 and 10 Gigabit network links.
The device supports external inline network Taps and Span ports for 10 Gigabit and 1 Gigabit monitoring
tools. iLink Agg provides higher port density than any other 1U form factor link aggregator, combining
traffic from up to 20 network links or Span ports and sending it to four monitoring appliances.
Remarkably easy to configure, secure, and
manage, iLink Agg lets you populate only
ports you need to control capital expenses—
or provision extra ports for uptime and
port availability. Because iLink Agg has
no IP address, it is immune to viruses or
other attacks.
Features
Supports different media types for flexible deployment
Managed solution for aggregation, regeneration, and matrix switching
Aggregates 20 links to 4 tools
Regenerates aggregated traffic to multiple monitoring tools
Fully configurable port mapping
Monitor and network ports can be used interchangeably
Connects to Span ports and external Taps
Delivers dual power for redundancy, hot-swappable, AC and DC models
19-inch rack mount, 1U height
Benefits
Lowers non-filtering aggregation costs
Increases 1G or 10G tool capacity utilization
Provides complete visibility—even of malformed packets— without interfering with the data stream or introducing a point of failure
Eliminates resource contention by enabling multiple tools to monitor identical traffic at the same time
Front mounted connectors ease installation
Compatible with all major manufacturers’ monitoring devices, including protocol analyzers, probes, firewalls, and intrusion detection/prevention systems
iLink Agg and iLink Agg xStream Streamlined, Flexible and Versatile Traffic Consolidation for Superior Monitoring Performance and Network Visibility
Control
iLink Agg xStream
IDS Analyzer 2Analyzer 1 RMON 1 RMON 2 Forensic
10Gbps 10Gbps 10Gbps
Tap
10Gbps 10Gbps
PortAggregator
10Gbps 10Gbps
17
Virtualization SolutionFor Limitless Network Access
Net Optics Phantom Solution for monitoring in a virtualized
computing environment consists of four key components:
The Phantom™ Virtualization Tap installs in the hypervisor
kernel of each server. It provides visibility to all server traffic
including inter-VM traffic. Based on policy, traffic of interest is
captured and forwarded.
The Phantom HD™ is a purpose built, high-throughput
appliance for network traffic filtering and pre-processing of
packets captured in virtual environments. Phantom HD can act
as a termination point for the traffic captured by Net Optics
Phantom Taps. Captured traffic is decapsulated and processed.
It is then sent to the Net Optics Director family for distribution
to instrumentation layer tools for inspection and monitoring.
Phantom HD can also be deployed in ‘reverse’ to encapsulate
raw traffic from virtual or physical devices and to send it to
remote locations for processing.
The Director™ Data Monitoring Switch family is an optional
component that can manage the Phantom HD, aggregate
raw traffic from the Phantom HD with traffic from physically
monitored sources, and filter and switch it to monitoring tools.
Physical monitoring tools are the final component of the
Phantom Solution for performance, security, and compliance
monitoring in the virtualized environment.
18
Phantom Monitor™
vm 1 vm 2 vm 3
V Switch
Hypervisor
Net Optics Director xStream, xBalancer or iLink Agg xStream
Phantom HD™
Phantom™ Virtualization Tap(Data Center)
IDS Analyzer 02ForensicsAnalyzer 01
Encapsulated Tra�c
Encapsulated Tra�c
Stripped Tra�c
VN-Tag/MPLS/FabricPath Tra�c
Decapsulated Tra�c
Physical Server
Physical Server
Physical Server FIlter, Aggregate and/or load balance raw tra�c from the Phantom HD with tra�c from physically monitored sources to monitoring tools, or to an additional Phantom HD for VN Tag Stripping
Decapsulates data from virtual and physical sources and sends it to Director
Phantom HD™VN Tag, MPLS and FabricPath Stripping with Packet Forwarding
Phantom HD™
LAN/WAN
Physical Server
RemoteSitePhysical Server
Encapsulate data and send it securely to another location for decapsulation
19
Phantom Virtualization TapTotal Visibility for Inter-VM Traffic
Features
Integrates at the kernel switching layer and is non-disruptive to production environments
Requires no maintenance mode, reboot of hypervisor, or other disruptive changes
Taps each VM instance virtual switch or VM
Aggregates traffic from multiple VMs and performs smart filtering at collection
Delivers high capacity to match port density and traffic volumes
Leverages a customer’s existing, trusted monitoring infrastructure and tools
Installs in hypervisor for full traffic access
Benefits
Preserves performance, capacity, throughput and utilization for a true cutting-edge technology solution
Lowers investment in virtual tools by bridging existing physical tools to the virtual network
Centralizes and simplifies management for better accuracy and efficiency
The Phantom™ Virtualization Tap brings you a total
monitoring access solution that delivers unprecedented
visibility of inter-VM traffic across your data center,
including a transparent view of previously unseen
(invisible) traffic passing between VMs—the “blind
spot.” Fully engineered for the virtual environment,
the Tap integrates easily and smoothly with no
single point of failure, no interference with VMs,
and no modification needed.
This Tap supports all leading hypervisors at the kernel
level. Sophisticated monitoring policy allows traffic of
interest to be captured, encapsulated and sent out to
your instrumentation layer’s tool of choice anywhere.
The Tap allows you to troubleshoot issues and identify
conflicts in your virtual environment, reducing mean-
time-to-resolution and increasing the efficiency and
productivity of IT administrators. Superior visibility
not only allows for improved capacity planning and
management, it delivers a vital head start on resolving
issues before damages can manifest.
Inter-VM Tra�c is Invisible
100% VisibilityLimited Visibility
Virtual SwitchVirtual Switch
Virtual MachinesVirtual Machines
Phantom Virtualization Tap
Virtualization
20
With data centers virtualizing at an ever-increasing pace, the monitoring infrastructure often struggles
to keep up. Now, Net Optics’ Phantom HD™ appliance eases the virtualization transition by helping
to converge the physical and virtual monitoring infrastructures. The Phantom HD is a GRE tunneling
appliance that decapsulates traffic from numerous Phantom Virtualization Taps, aggregates the
resulting raw traffic, and sends it at up to 20 Gbps for inspection by instrumentation layer tools.
Phantom HD also encapsulates raw traffic from virtual or physical devices and sends it to remote
locations for processing at up to 20 Gbps. The Phantom HD can tunnel traffic of interest to central
NOCs, including off-site instrumentation layer tools for auditing, inspection and archiving.
This versatile appliance delivers superior efficiency and dramatic cost savings. Phantom HD offers
a single aggregation point for inspecting both virtual and physical network traffic. Not only that—
Phantom HD enables you to eliminate the vulnerable security “blind spot” that emerges when
consolidating servers into a virtualized computing environment. After decapsulation, filtering and
VN-Tag processing, the Phantom HD forwards packets to an egress port and optionally a VLAN as
determined by the filtering rules.
Features
Supports high-throughput monitoring of all virtualized data center traffic with Net Optics Phantom Virtualization Tap
Delivers overall capacity of 40 Gbps in 1U rack-mount appliance
Encapsulates or decapsulates tunneled traffic at 10 Gbps per port
Initiates and terminates encapsulation tunnels
Benefits
Enables routing of data from data centers to central monitoring facilities
Handles fragmentation and defragmentation of packets
Enables monitoring of virtual network traffic in a virtualized computing infrastructure that is unable to process VN-Tags
Improves network visibility and security threat-management in virtualized computing environments
Reduces packet payload overhead before it reaches instrumentation layer tools
Sends relevant traffic to tools
Phantom HDHigh-Throughput Tunneling and Advanced Routing Appliance
Virtualization
21
Analyzer
Zero Delay
SwitchFirewall Switch
Zero Delay
Intelligent Access SolutionsPassive Network Access
The term “passive” means having no effect on traffic—no latency, IP address,
no packets added, dropped or manipulated, and no link failure. Traffic may be
collected from wired networks via hubs, SPAN ports, in-line devices or Taps.
Net Optics’ innovative family of hardware products enables companies to access
and monitor their network using the latest Intrusion Detection and Prevention
Systems, Protocol Analyzers, and Network Probes, with 24/7 passive network access
and 100% visibility. This passive monitoring access technology enables complete,
permanent visibility into any network link without data stream interference or
introducing a point of failure. Our suite of integrated fiber and copper products
include Network Taps, Regeneration Taps, Port Aggregators, and Bypass Switches
in addition to our growing families of virtualization and custom security solutions. Net Optics Zero Delay capability eliminates the
10-msec delay that occurs when a Tap loses power.
This short delay can cascade into longer delays while
devices renegotiate the link. With Zero Delay, if the
Tap loses power, no packets are dropped or re-sent;
no latency is introduced; and power loss to the Tap
is undetectable in the network. Net Optics Products
with Zero Delay include 10/100 Taps, 10/100/1000
Taps, and 10/100 Regeneration Taps.
Zero Delay
22
ManagementAnalyzer IDS
Firewall Router
Switch
iTap Port Aggregator
SwitchSwitchFirewall
Regeneration Tap
RMON Analyzer Forensic IDSManagement IPS
iBypass Switch
SwitchFirewall Switch
ONOFF
The Net Optics family of Bypass™ Switches offers
you trouble-free access ports to support your
inline network security and monitoring devices.
Because the Bypass is a passive appliance, link
traffic continues to flow even if the Bypass itself
loses power. A “Heartbeat” packet ensures that a
monitoring appliance is actually passing traffic:
If this packet doesn’t return to the Bypass Switch,
the switch instantly goes into bypass mode and
takes that appliance out of the traffic path.
Net Optics’ full suite of Regen Taps duplicates
full-duplex traffic to up 8 security and monitoring
devices simultaneously. These advanced Taps let you
examine 100 percent of the traffic on your network’s
critical links with multiple security and network
management tools. The passive Regen tap creates
a permanent, in-line access port to monitor all
full-duplex traffic without data stream interference.
Net Optics Port Aggregators are in-line monitoring
access devices enabling monitoring tools with a
single network connection to see the traffic flowing
in both directions on the link. These products handle
different media types, providing single or dual
monitor ports and incorporate, and a variety of other
features. iTap functionality adds intelligent remote
management capability, RMON traffic statistics such
as packet and CRC error counts, alarms triggered link
utilization exceeds a user-defined threshold, and a
front panel LCD display.
Bypass Switches Regeneration Taps Port Aggregators
23
The Net Optics family of Taps provides 100 percent
visibility and permanent passive access points into the
customer’s network. When a monitoring tool is needed,
simply connect the device to the Tap instead of taking
down the link and interrupting traffic. Taps pass all
network traffic—including Layers 1 and 2 errors—without
introducing bottlenecks or points of failure. Regardless
of interface or location in the network, we provide a Tap
solution, supporting copper, multimode and single mode
fiber at speeds up to 100 Gbps with media conversion
models available.
Gig Zero Delay Tap is the industry’s mission-critical resource when delay of any type is not acceptable.
This 10/100/1000BaseT Tap delivers true zero-delay operation to prevent network disruptions.
Breakthrough engineering ensures that any loss of power to the Tap is transparent to the network,
and does not affect flow of traffic through the Tap, eliminating packet delay and loss. Not only does
the network continue smooth operation under the most critical pressures, but it enables vital business
applications to remain responsive.
Features
Inline link failover protection
Access-ready connectivity
Passive access at 10Mbps to 100Gbps without data stream interference
Zero Delay failover on power loss of 10/100 and 10/100/1000 models
Redundant power supplies
Multiple split ratios available for fiber models
Benefits
Full-duplex monitoring with zero impact on network traffic around the clock
100 percent visibility to link traffic for security and network monitoring tools
Plug-and-play—no configuration required
Media conversion—‘single device’ solutions such as TX to SX
Permanent access port that avoids breaking a line when a tool is connected
Passive technology enabling maximum network uptime
Network Taps and the Gig Zero Delay Tap A Versatile, Comprehensive Family of Taps for When Delays Are Not an Option
Access
24
Access
The new, compact Net Optics Flex Tap™
delivers total traffic visibility for monitoring
and security devices. Place this slender Tap
on critical network links with a universal rack
mount that saves rack space and lowers your
facilities and operations costs. The new high
density design of the Flex Tap lets you install
up to 24 Taps in a one-rack unit panel. Flexible
and scalable, each Tap is removable and 100 percent passive, enabling deployment of 1 to 24 taps in 1U.
Because it requires no power, the Flex Tap maintains permanent passive access ports without introducing
a point of failure or disturbing other network connections. Passive Taps deliver full-duplex monitoring
with zero impact on network traffic around the clock.
Also, without an IP address, monitoring devices are isolated from the network, which dramatically
reduces their exposure to attacks. However, the monitoring device connected to the Tap still sees all full-
duplex traffic as if it were in-line, including Layer 1 and Layer 2 errors.
Features
High density design saves rack space
All-optical design
All split ratios available 50/50, 60/40, 70/30, 80/20, 90/10
24 Taps in 1U
Available in single mode and multimode for 1G and 10G
Available in single mode for 40G and 100G
Multimode dual wavelength 850/1300 nm supports SR
Single mode dual wavelength 1310/1550 nm supports both LR and ER links
Passes all full-duplex traffic (including errors) from all layers
Requires no power
Benefits
No IP address protects against attacks
Compatible with all protocols and monitoring devices
Delivers total traffic visibility
Non-disruptive and transparent
Quick, easy installation saves time with front-mounted connectors
Removable, flexible and scalable
Flex TapFiber Tap Designed for High-Density
25
Ideal for inline network security applications such as intrusion prevention, Web optimization, and
firewalls, Net Optics iBypass HD™ supports two to eight segments, with each segment operating
independently to ensure link protection. Connect, maintain, and remove single-segment and multi-
segment IPS appliances without affecting traffic through the links or the operation of the other
segments. High-availability configurations let you link pairs of bypass switches to support both tool
and link redundancy.
Rely on the exclusive Segment Group Link Fault Detect, Bypass Detect, and Heartbeat features to
support your network availability. Configurable Heartbeat packets are sent from the iBypass HD switch
through the IPS in both directions to monitor the health of the IPS. When a fault condition is detected,
the IPS loses power or is redeployed or IPS
software malfunctions, traffic is automatically
routed using FastPath™ switching technology
directly through the iBypass HD switch rather
than through the inline appliance, keeping the
network traffic flowing.
IPS IPS
IPS
iBypass HD
Switch SwitchIPS
Switch Switch
Switch RouterRouter
High availability con�gurations enable the iBypass HD to support environments that use tool redundancy and link redundancy. Tool redundant (top left), non-redundant (top right) and link redundant (bottom) IPS deployments are shown.
Features
Eight segments protected in a 1U appliance
Modular design for deployment flexibility
Customizable behavior through Web UI and Command Line Interface (CLI)
RMON traffic statistics on all ports
High availability configurations
Enterprise-ready management features (SNMP, TACACS+, and RADIUS)
Segment group link fault detect
Benefits
Passive, secure technology
Easy installation and operation with front-mounted connectors
Fail-safe monitoring with any Gigabit inline appliance
Increased reliability for important network links
Compatible with all major manufacturers, IPSs, and firewalls
Easy remote management through secure SSH connection/Web UI
iBypass HDModular, Flexible, Fail-over Bypass Switch with High Availability Capabilities
Access
26
The Net Optics family of iBypass™ Switches offers
you trouble-free access ports to support your inline
network security and monitoring devices. Because the
switch is a passive appliance, link traffic continues to
flow even if the switch itself loses power. A “Heartbeat”
packet ensures that a monitoring appliance is actually
passing traffic: If this packet doesn’t return to the
bypass switch, that appliance may be down. The
switch instantly goes into bypass mode and takes that
appliance out of the traffic path.
When Intrusion Prevention Systems (IPSs), firewalls, and other vital security equipment lose
power or need maintenance, Net Optics Bypass Switches ensure that traffic continues to flow
uninterrupted on the affected network link. A Bypass Switch can automatically switch network
traffic around an unresponsive IPS appliance—even if the IPS is still powered on. Once the IPS
re-establishes a connection, traffic is re-routed to the device for continued operation.
Features
Trouble-free access port for inline network security and WAN optimization tools
Bypass Switch with Heartbeat adds automated link fail-open protection
Remote access through 10/100 Mbps management port
Support for 10Mbps to 10Gbps connectivity and managed models
RMON Statistics available on CLI
Redundant power
User-configurable Heartbeat packets
Benefits
Protects the network from IPS link, application, and power outages
Provides greater compatibility with all network devices
Enables maximum network uptime
Maintain monitoring appliances without downtime because the bypass switch enables network traffic to flow when appliances are offline
Issues alerts if monitoring devices are offline or slow to respond
Enhances monitoring security with no IP address needed on network and monitor ports
iBypass and Bypass SwitchesFail-Safe Access Ports for Zero Downtime in Monitoring Vital Network Traffic
Access
Management IPS
iBypass Switch
SwitchFirewall Switch
ONOFF
27
Regeneration Taps™ provide visibility into one network link with up to eight attached security or
monitoring tools. All traffic between network devices is transparently forwarded at 100 percent
full-duplex rates without introducing a point of failure—even in the event of a loss of power. Multiple
monitoring tools such as traffic analysis monitors, RMON probes, and intrusion detection systems
connected to the Regeneration Tap allow for deep levels of analysis from a single 1U-high device.
Inline and Span port versions provide the ability to deploy monitoring tools in two scenarios.
Depending on your needs, the inline or Span models make it possible to collect traffic from multiple
network switches or routers that
are utilizing Span ports, or they
can be deployed inline between
two network devices for deeper
traffic capture and analysis. All
leading security and monitoring
tools and a wide variety of media
and speeds from 10/100Mbps to
10Gbps fiber are supported.
SwitchSwitchFirewall
Regeneration Tap
RMON Analyzer Forensic IDS
Features
Passive access at 10Mbps to 10Gbps without data stream interference
Optimized for each specific topology
Span models monitor two separate Span sessions independently
Replicates link traffic to multiple tools
100 percent passive traffic access
All speeds and media types supported
Benefits
View 100 percent of traffic—including VoIP, HTML, application, and Layer 1 and 2 errors
2, 4, or 8 monitor ports enable comprehensive troubleshooting
Enables sharing traffic access among groups without conflicts
Use multiple monitoring tools simultaneously
Simplified plug n’ play deployment with no device management needed
Media conversion—‘single device’ network-to-monitor-tool interfaces
Cost-effective—increases monitoring tool ROI because they are always deployed
RG-8 Series provides scalability with 16 SFP/SFP+ monitoring ports, allowing up to 8 monitoring devices per network link
Regeneration TapsPassive, Real-Time Regeneration Tap Technology for Simultaneous Traffic Monitoring on Important Links
Access
28
Features
Complements RMON probes and analyzers; helps pinpoint where needed
Increases network visibility—view statistics at a glance
Improves accessibility—remote access and configuration control
Enables transparent sharing of link information between IT groups
Easy-to-read utilization and statistics reports
Reduces network outages through proactive monitoring
Benefits
Easy-to-read front panel display for simplified troubleshooting
Threshold LED alarms
SNMP trap reporting
Management Information Base (MIB) available
Secure login access
Utilization statistics
iTap Technology and Port AggregationAggregation and Information Provides Greater Monitoring and Access Flexibility
Innovative iTap™ technology transforms Taps into
passive network status sensors that forward vital
information from throughout the network. iTap
products gather and display utilization peaks,
bandwidth levels, and error counts, even when a
monitoring tool is not attached. In addition to a
standard CLI, SNMP manageability delivers information
to Web browsers and SNMP management utilities. SNMP control enhances security because it adds
the ability to enable or disable ports from remote locations.
In addition to standard network and monitor ports, each iTap-enabled product contains a 100 Mbps
network management port and a DB9 serial port for management access.
Access
ManagementAnalyzer IDS
Firewall Router
Switch
iTap Port Aggregator
29
iTap™
IPS IPS
IPS IPSIPS IPS
vm 1
V Switch
vm 2 vm 3
Hypervisor
Phantom™Virtualization
Tap
Director™ Daisy Chain
xBalancer™
GLOBAL POLICY
vm 1
V Switch
vm 2 vm 3
Hypervisor
Phantom™Virtualization
Tap
Remote Access via Web Based Interface
Indigo Pro™
High Availability Backup
Indigo Pro™ Virtual
Central Management – San FranciscoHA Backup – Private Cloud
Converged Data Center – Sydney
Cloud Provider
Data Center – New York City Data Center – London
Branch O�ce – Mumbai
Internet
GLOBAL POLICY
Automatic Device Discovery
30
When you deploy a large number of devices across your network, you need simplified, centralized
management for control and visibility. Now, the Indigo Pro™ Management Platform unifies your
view of any number of Net Optics devices across distributed locations. Running virtually or in a 1U
appliance, Indigo Pro centralizes collection of traffic statistics while performing network, fault, and
policy management.
Indigo Pro’s convenient graphical tools convey
the health of your network at a glance as line
graphs, pie charts, 3-D bar charts, and more,
including a dashboard view. Not only does this
innovative solution monitor and visualize—it
transforms your devices into remote sensors
of traffic conditions. Indigo Pro’s breakthrough
ProPush™ technology samples traffic at an
unprecedented rate to let you see and resolve
issues before they cause congestion. You can
use any popular browser to access Indigo Pro’s
convenient features.
Features
Rich graphical data visualization
Subnet-organized network topology map
Views of snapshot and historical data
Device management
Manage Phantom Virtualization Taps
Centralized policy management for multiple devices
Fault and event management
Print and export to CSV files
High Availability Mode
Benefits
Easy configuration and management of hundreds of devices
At-a-glance dashboard views
Improved network visibility and security threat management
Monitors traffic levels and quality across the network without monitoring tools
Centralized access to data from large numbers of devices
Meet and demonstrate regulatory compliance requirements
Quick, simple deployment
Indigo Pro Management PlatformYour Command Center for Total Access, Control and Visibility—When Every Packet Counts
Management
Net Optics, inc.
5303 Betsy Ross Drive Santa Clara, CA 95054
(408) 737-7777
twitter.com/netoptics
www.netoptics.com
Net Optics is a registered trademark, and Director xStream Pro, Director xStream, Smart Filtering, Director, Director Pro, iBypass, iBypass HD, iLink Agg, iLink Agg xStream, Indigo Pro, ProPush, iTap, Regeneration Tap, xBalancer, and Zero Delay are trademarks of Net Optics, Inc. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. All rights reserved.