Riverbed Cascade Shark - DATA SHEET
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
DATA SHEET Riverbed Cascade Shark
DATA SHEET: Cascade Shark
Overview
Cascade Shark Riverbed understands packet capture and analysis better than
any other company. Three leading innovators in this field – Steve
Continuous, high-speed packet capture, McCanne, co-creator of TCPDUMP, Loris Degioanni, creator of
indexing, and storage WinPcap, and Gerald Combs, creator of Wireshark® software
Riverbed® Cascade® Shark appliance provides con- – continue the advancement of Riverbed application-aware
network performance management (NPM) solutions that today’s
tinuous, high-speed packet capture, indexing, and
leading enterprise and government organizations rely upon for
storage to ensure that packet-level information their IT performance needs.
is always available for end-to-end performance
When business-critical applications fail, the impact can be
monitoring and for granular, real-time and back-
serious. Today’s IT operations and management teams need to
in-time analysis. be one step ahead with real-time, actionable information to
identify and diagnose problems before the business is impacted.
Deploy in three ways for maximum coverage
Cascade Shark products not only alert on issues, but can also
– dedicated appliance, virtualized software, or help diagnose where the problem is and what’s causing it.
embedded functionality in Riverbed® Steelhead® Cascade Shark products provide rich visibility and information
WAN optimization products – Cascade Shark solu- about application and network performance to enable smarter
tions allow organizations to: decision-making and faster, easier problem diagnosis.
Cascade Shark products are typically deployed wherever detailed
»»Accelerate application troubleshooting with fast real-time and historical analysis is needed, such as within the
retrieval and analysis of packet and transaction data center, headquarters or key branch offices. They can be
data used as an integral part of the complete Cascade visibility solu-
tion or as a standalone troubleshooting solution.
»»Solve intermittent performance problems
without having to recreate them
Comprehensive, application-aware NPM
»»Gain end-to-end visibility with continuous Businesses that need enterprise-wide visibility into network and
export of application-enhanced metrics to the application performance should turn to the Cascade application-
Riverbed® Cascade® Profiler console aware network performance management suite. The Cascade
product family enables proactive monitoring and troubleshoot-
»»Accommodate any monitoring requirement with ing of application and network performance, automated
flexible storage capacity options discovery of applications and their dependencies, and delivers
a consistent and reliable end-user experience. Cascade Shark
products are an integral component of the Cascade product
family. They export summarized metrics derived from the packet
data to the Cascade Profiler appliance for advanced behavioral
analysis, monitoring, reporting, and alerting on application
performance. Because the metrics from Cascade Shark products
are deduplicated and integrated with flow-based data from
other sources and stored in the same logical record, IT operators
can streamline the troubleshooting workflow and accelerate the
triage process.OPTIMIZED BRANCH
Embedded Cascade Shark
functionality on Steelhead
DATA CENTER
Cascade Shark
Cascade Shark
Virtual Edition
Steelhead
WAN VXLAN
NON-OPTIMIZED BRANCH
Cascade Shark
Virtual Edition
P
Cascade Profiler
Figure 1: Cascade Shark products provide both packet capture and storage, and send application-enhanced metrics to Cascade Profiler appliances for centralized analysis,
monitoring, reporting and alerting. The Cascade Pilot software analysis console provides direct access to packet-level details for back-in-time forensic analysis. Cascade Shark
products are available in three species: Cascade Shark appliance, Cascade Shark Virtual Edition software, and embedded Shark functionality on Steelhead WAN optimization
products.
Key benefits
Whether deploying Cascade Shark appliances, Cascade Shark
Virtual Edition, Steelhead appliances running embedded Cascade “I am not sure how the folks at Riverbed are index-
Shark functionality or any combination, the Cascade Shark prod-
uct family monitors and troubleshoots complex or intermittent
ing their traces, but it is night and day faster than
performance and security-related problems, without having to anyone else. I cannot begin to tell you how much
transfer large files across the network. By continuously recording time this saves especially when on a high pressure
the packets traversing the network, rich troubleshooting details conference call with people breathing down your
are always available when the IT staff needs them.
neck wanting to know what the problem is. Riverbed
As a result, the Cascade Shark product family saves time and Cascade, keep it coming!”
money by helping IT troubleshoot problems faster, minimizing
the effect downtime has on business productivity by reducing Mike Canney, Principal Network Analyst, getpackets.com
or avoiding business-stopping slowdowns or outages. It also
enhances IT productivity by avoiding lost time waiting for
problems to reoccur.DATA SHEET: Cascade Shark
Cascade Shark species Cascade Shark
Cascade Shark is a dedicated, continuous packet capture appli-
Cascade Shark products deliver scalable, high-performance
ance capable of sustained line-rate, multi-gigabit per second
packet capture, rapid indexing, and long-term storage, enabling
recording, and storage of network traffic using high-perfor-
real-time and back-in-time forensic analysis and reporting of
mance 1Gb or10Gb ethernet and/or 1Gb or 10GB fiber capture
network and security events across physical and virtual environ-
cards. Cascade Shark appliances are available in five models: the
ments. Cascade Shark species passively and non-intrusively
entry-level CSK 1100, the mid-range CSK 2100 and 2200, and the
monitor key network links to provide greater visibility into
high-end CSK 3100 and 3200.
network-based application traffic.
The Cascade Shark product family consists of three species:
Cascade Shark Appliances
• Cascade Shark appliances, which provide dedicated, continu-
NIC
ous packet capture at 1GbE and 10GbE line rates Size Storage Capture Cards
Slots
• Virtual Cascade Shark software, which provides simultaneous 2-port 1GbE card,
packet capture and flow export to monitor inter-VM within CSK 1100 1U 4TB 1 4-port 1GbE card,
virtualized environments or 4-port 1Gb SFP card
• Embedded Cascade Shark functionality on Steelhead appli-
CSK 2100 2U 8TB 2
ances, which provides on-demand packet capture for remote Any combination of
4-port 1GbE card,
site troubleshooting at no additional cost CSK 2200 2U 16TB 2 4-port 1Gb SFP or
2-port 10Gb SFP+ card
Cascade Cascade Embedded CSK 3100 3U 16TB 2
Shark Shark Virtual Shark on Up to 2 NICs per
system
appliances Edition Steelhead CSK 3200 3U 32TB 2
Continuous
ü ü -
capture Table 2: Cascade Shark appliances are available in a variety of models for deploy-
ment flexibility.
On-demand
ü ü ü
capture
Packet indexing Cascade Shark Virtual Edition
ü ü ü
for fast analysis Cascade Shark-VE is a software version of Cascade Shark that
Flow export to has been virtualized to run on VMware ESXi environments. It
ü ü -*
Profiler taps into the virtual switch in an ESX hypervisor to monitor the
Analysis by performance of all inter-VM traffic. Cascade Shark-VE software
ü ü ü
Cascade Pilot is unique in that it can simultaneously send summarized data to
Monitor live the Cascade Profiler appliance console for analysis and reporting
traffic with and continuously capture, index, and store full packet data on
ü ü -
views &
the local server or on a storage area network (SAN) for back-in-
watches
time analysis with Cascade Pilot software.
Runs in virtual
- ü -
environment Cascade Shark-VE software can also be used to build your own
Disk space 4TB to 32TB 50GB to 2TB 15GB to 119GB packet capture appliance. Leverage any virtualized server run-
ning VMware ESXi – such as an existing virtualized branch office
Supports
server or a Cisco SRE blade on a Cisco Integrated Services Router
real-time traffic ü ü -
(VoIP) (ISR G2) – to gain cost-effective remote visibility. Monitor branch
LAN traffic by spanning from the switch to the physical NIC on
Table 1: Comparing the capabilities of the various Cascade Shark species. the server in addition to monitoring intra-server (VM-to-VM)
traffic.
*CascadeFlow export is performed by Steelhead appliance itself, not embedded Shark
functionality.With Cascade Shark-VE software, IT operations teams can restore
visibility in their virtualized environments and benefit from: “Because we capture and store all the traffic moving
• Continuous monitoring of interactions between virtualized through our two primary data centers, we always
applications within the same physical host have the information available whenever an appli-
• Accurate, end-user experience metrics enabled by response cation team reports an issue. When this happens,
time measurement
we go straight to Cascade to determine if anything
• Deep, retrospective analysis of server interactions using stored abnormal was happening at the time. Cascade helps
packets
us quickly determine if it’s a network, server or
• Baseline virtual environment traffic analysis to identify third-party issue.”
abnormal changes in performance
Network engineer, BlueCrest Capital Management
• Monitoring for security threats
Cascade Pilot software is used to schedule and initiate on-
Cascade Shark Virtual Edition demand capture jobs on the Steelhead appliances. Packet data is
VSK-00050 VSK-00200 VSK-00400 indexed and stored directly on the Steelhead appliance. Just as
with the Cascade Shark appliance, traffic is analyzed directly on
Packet Storage Up to 50GB Up to 1TB Up to2TB
the remote Steelhead appliance using Cascade Pilot software as
Hypervisor VMware vSphere 4.1, 5.0 the management and analysis console so that large trace files do
not need to be transferred across the network. Trace files auto-
vCPU 2 matically appear in Cascade Pilot software under the appropriate
Steelhead probe and TCPDUMP folder.
Memory 2GB
Access to embedded Cascade Shark is password protected so that
System Disk
30GB only users with TCPDUMP permission on the Steelhead appliance
Space
can access the packet capture functionality.
Capture Ports Up to 4
Management
2
Ports
Table 3: Virtual Cascade Shark software is licensed according to required
storage space.
Steelhead appliances with embedded Cascade Shark
functionality
Steelhead products running RiOS 7.0 include Cascade Shark
functionality at no additional cost, enabling them to function
as remote probes without affecting core WAN optimization
capabilities. IT operations teams can leverage Steelhead appli-
ances for remote site troubleshooting of the optimized WAN as
well as local LAN, without having to deploy a dedicated probe or
dispatch a technician.DATA SHEET: Cascade Shark
Unique capabilities
Some of the advantages that Cascade Shark products provide
over other packet capture and analysis solutions include: Capture Retention
Business P2P VoIP jobs time
Multi-gigabit per second ethernet traffic capture – Cascade Shark Web
Backup SAP 30 days
appliances include Shark Packet Recorder, which is capable of Citrix Email
SAP
continuous, reliable recording of multi-gigabit per second net- SSL 5 days
Business Apps
work traffic to disk. It’s a customized dump-to-disk utility based 5 days
192.168.1/2 10.10.10/24
on the 1GbE and 10GbE capture cards and a specially designed 172.16.1/24
172.16.2/24 10.10.10/24
RAID-enhanced packet storage system.
Distributed analysis – Cascade Pilot software analyzes trace files Network Traffic
directly on remote Cascade Shark products, eliminating the need
to export large trace files across the network for local analysis.
Only the results of the analysis (called “views”) are sent to Figure 2: Cascade Shark and Virtual Cascade Shark appliances can simultaneously
record multiple capture jobs. Each job can capture specified traffic, selectively
Cascade Pilot software. Once the data has been refined and the record the header and/or payload information, and store the data for varying
packets of interest identified using the software, only that small amounts of time, as determined by the amount of storage dedicated to the job.
subset of packets need be sent over the network to Wireshark
for decoding. Distributed analysis also means that when the net-
trading environments or other time-sensitive applications and
work is experiencing issues, Cascade is not part of the problem.
provides better accuracy for multi-segment analysis. Supported
Smart packet indexing – Packet metadata, called microflows, network taps include:
provides efficient real-time indexing of packets. It enables users • Gigamon SMT-436 GigaSMART blade for the GigaVue-2404
to quickly search terabytes of data and provides a seamless
• cPackets cPacket cVU & cTap families (with Precision Timing
transition between flow-based information in Cascade Profiler
module option)
and packet-level information in Cascade Shark. Smart indexing of
packets accelerates troubleshooting, reducing the time it takes • VSS Monitoring Distributed Traffic Capture Series
to identify and diagnose complex performance issues.
Cascade Shark system diagnostics – Provides disk status, SNMP
Selective recording –The option to record all or just a portion of polling, and email alerting on Cascade Shark device, disk, and
the packet payload is important for meeting compliance with management interface health, letting you know immediately in
many regulatory initiates, such as HIPAA or PCI DSS; it can also the rare event of a system problem.
extend the amount of packet data that can be stored and the
Sophisticated packet analysis with Cascade Pilot – Cascade Pilot
length of time it is available for analysis.
software is designed to seamlessly and securely connect with
Multiple capture jobs – The ability to perform multiple, separate one or more remote Cascade Shark products to enable rapid
capture jobs on a Cascade Shark species enables IT staff to dedi- and simplified analysis of long-duration packet data. All of the
cate different amounts of storage to each job to flexibly extend features of Cascade Pilot are available in the distributed envi-
storage time for critical applications. For example, one capture ronment, including an extensive collection of views, drill-down
job could dedicate a certain amount of the storage on a Cascade analysis, retrospective visualization and analysis of long-duration
Shark appliance to recording a few days’ worth of traffic, retain- traffic statistics, a flexible trigger-alerting mechanism, and
ing the entire packet header and payload for a business-critical simplified, professional report generation. Once connected, the
CRM application. Meanwhile, a second capture job could use the interaction between Cascade Pilot software and Cascade Shark
remaining storage to store a week’s worth of all other traffic, products appear as if it were local.
recording only the packet header.
Wireshark integration – Wireshark, the leading open source pro-
Precision time stamping – Cascade Shark appliances can adopt tocol analyzer, can be used to analyze trace files recorded by any
the precision time stamps from network tap aggregators for Cascade Shark product. Tight integration and seamless hand off
greater accuracy and for coordinated time stamping across from Cascade Pilot to Wireshark streamlines troubleshooting and
the network and with other monitoring tools in a customer’s takes advantage of the network staff’s expertise with Wireshark
environment. Precision time stamping is critical for low-latency without having to learn yet another approach.Key features Cascade Shark • Mix 1GbE and 10GbE interfaces on the same appliance • Modular and extensive storage options range from 4TB to 32TB • Real-time microsecond alerting and microburst views for fine-grained analysis • Ability to adopt precision time stamps from network tap aggregators. Supported network taps include: -- Gigamon SMT-436 GigaSMART blade for the GigaVue-2404 -- cPackets cPacket cVU & cTap families (with Precision Timing module option) -- VSS Monitoring Distributed Traffic Capture Series • Capable of multiple concurrent capture jobs, each capable of sustained line-rate recording and flexible storage time for critical applications • Smart file indexing accelerates packet analysis by up to 10,000x • Uses a custom file system optimized for time-based queries • Selective recording of all or a portion of the packets extends the amount of data that can be recorded and the length of time it is available for analysis • Multi-terabyte packet recordings are represented as a single “virtual file” in Cascade Pilot to streamline in-depth analysis and traffic visualization Cascade Shark Virtual Edition • Monitors and troubleshoots virtual traffic on VMware ESXi host • Storage options range from 50GB to 2TB • Capable of multiple concurrent capture jobs, each capable of sustained line-rate recording and flexible storage time for critical applications • Smart file indexing accelerates packet analysis by up to 10,000x • Uses custom file system optimized for time-based queries • Selective recording of all or a portion of the packets extends the amount of data that can be recorded and the length of time it is available for analysis • Multi-terabyte packet recordings are represented as a single “virtual file” in Cascade Pilot to streamline in-depth analysis and traffic visualization Embedded Cascade Shark on Steelhead • On-demand packet capture and indexing • Storage options range from 15GB to 119GB • Requirement, Cascade Pilot 3.0 or later • Smart file indexing accelerates packet analysis by up to 10,000x • Selective recording of all or a portion of the packets extends the amount of data that can be recorded and the length of time it is available for analysis • Requirement, RiOS 7.0 or later
About Riverbed
Riverbed delivers performance for the
globally connected enterprise. With
Riverbed, enterprises can successfully and
intelligently implement strategic initiatives
such as virtualization, consolidation, cloud
computing, and disaster recovery without
fear of compromising performance. By giving
enterprises the platform they need to
understand, optimize and consolidate their
IT, Riverbed helps enterprises to build a fast,
fluid and dynamic IT architecture that aligns
with the business needs of the organization.
Additional information about Riverbed
(NASDAQ: RVBD) is available at
www.riverbed.com.
2005, 2006, 2007, 2008, 2009, 2011
Riverbed Technology Riverbed Technology Ltd.
199 Fremont Street One Thames Valley
San Francisco, CA 94105 Wokingham Road, Level 2
Tel: +1 415 247 8800 Bracknell RG42 1NG
Fax: +1 415 247 8801 United Kingdom
www.riverbed.com Tel: +44 1344 401900
Riverbed Technology Pte. Ltd. Riverbed Technology K.K.
391A Orchard Road #22-06/10 Shiba-Koen Plaza Building 9F
Ngee Ann City Tower A 3-6-9, Shiba, Minato-ku
Singapore 238873 Tokyo, Japan 105-0014
Tel: +65 6508-7400 Tel: +81 3 5419 1990
©2012 Riverbed Technology. All rights reserved.
Riverbed and any Riverbed product or service name or
logo used herein are trademarks of Riverbed
Technology. All other trademarks used herein belong
to their respective owners. The trademarks and logos
displayed herein may not be used without the prior
written consent of Riverbed Technology or their
respective owners.
DS-CS10152012You can also read
