Riverbed Cascade Shark Family - DATA SHEET
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
DATA SHEET
Riverbed Cascade Shark Family
® ®
DATA SHEET: Cascade Shark Family
Overview
Cascade Shark Family Riverbed understands packet capture and analysis better than
any other company. Three leading innovators in this field – Steve
Continuous, High-Speed Packet Capture, McCanne, co-creator of TCPDUMP, Loris Degioanni, creator of
Indexing, and Storage WinPcap, and Gerald Combs, creator of Wireshark® software
The Cascade® Shark appliance from Riverbed – continue the advancement of Riverbed application-aware
network performance management (NPM) solutions that today’s
Technology provides continuous, high-speed
leading enterprise and government organizations rely upon for
packet capture, indexing, and storage to ensure their IT performance needs.
that packet-level information is always available
When business critical applications fail, the impact can be
for end-to-end performance monitoring and for
serious. Today’s IT operations and management teams need to
granular, real-time and back-in-time analysis. be one step ahead with real-time, actionable information to
Deploy in three ways for maximum coverage identify and diagnose problems before the business is impacted.
– dedicated appliance, virtualized software, or Cascade Shark products not only alert on issues, but can also
embedded functionality in Riverbed® Steelhead® help diagnose where the problem is and what’s causing it.
WAN optimization products – Cascade Shark solu- Cascade Shark products provide rich visibility and information
about application and network performance to enable smarter
tions allow organizations to:
decision-making and faster, easier problem diagnosis.
»»Accelerate application troubleshooting with Cascade Shark products are typically deployed wherever detailed
fast retrieval and analysis of packet and trans- real-time and historical analysis is needed, such as within the
action data data center, headquarters or key branch offices. They can be
used as an integral part of the complete Cascade visibility solu-
»»Solve intermittent performance problems tion or as a standalone troubleshooting solution
without having to recreate them
»»Gain end-to-end visibility with continuous export Comprehensive, Application-Aware Network
of application-enhanced metrics to the Cascade® Performance Management
Profiler console Businesses that need enterprise-wide visibility into network and
application performance should turn to the Cascade application-
»»Accommodate any monitoring requirement with aware network performance management suite. The Cascade
flexible storage capacity options product family enables proactive monitoring and troubleshoot-
ing of application and network performance, automated
discovery of applications and their dependencies, and delivers a
consistent and reliable end-user experience.
Cascade Shark products are an integral component of the
Cascade suite. They export summarized metrics derived from
the packet data to the Cascade Profiler appliance for advanced
behavioral analysis, monitoring, reporting, and alerting on
application performance. Because the metrics from the Cascade
Shark product are de-duplicated and integrated with flow-based
data from other sources and stored in the same logical record,
IT operators can streamline the troubleshooting workflow and
accelerate the triage process.NON-OPTIMIZED BRANCH
Virtual
Cascade Shark
DATA CENTER
Cascade Pilot
Cascad
e Pilot
Cascade Shark Virtual
Cascade Shark
Steelhead
INTERNET
WAN
OPTIMIZED BRANCH
Cascade Sensor-VE
G Cascade Profiler,
Sensor & Gateway
P
Steelhead with embedded
Shark functionality
Cascade Shark products provide both packet capture and storage, and send application-enhanced metrics to Cascade Profiler for centralized analysis, monitoring, reporting
and alerting. The Cascade Pilot analysis console provides direct access to packet-level details for back-in-time forensic analysis. Cascade Shark products are available in three
species: Cascade Shark appliance, Virtual Cascade Shark software, and embedded Shark functionality on Steelhead WAN optimization products.
Key Benefits
Whether deploying Cascade Shark appliances, Virtual Cascade®
Shark, Steelhead appliances running embedded Cascade Shark
“I am not sure how the folks at Riverbed are index-
functionality or any combination, the Cascade Shark family
provides a powerful, easy-to-use, and cost-effective solution ing their traces, but it is night and day faster than
for monitoring and troubleshooting complex or intermittent anyone else. I cannot begin to tell you how much
performance and security-related problems, without having to time this saves especially when on a high pressure
transfer large files across the network. By continuously recording
conference call with people breathing down your
the packets traversing the network, rich troubleshooting details
are always available when the IT staff needs them. neck wanting to know what the problem is. Riverbed
Cascade, keep it coming!”
As a result, the Cascade Shark family saves time and money by
helping IT troubleshoot problems faster, minimizing the effect Mike Canney, When the Shark Bites!
downtime has on business productivity by reducing or avoiding
business-stopping slowdowns or outages. It also enhances IT pro-
ductivity by avoiding lost time waiting for problems to reoccur.DATA SHEET: Cascade Shark Family
Cascade Shark Species Cascade Shark
Cascade Shark is a dedicated continuous packet capture
Cascade Shark products deliver scalable, high-performance
appliance capable of sustained line-rate, multi-gigabit per
packet capture, rapid indexing, and long-term storage, enabling
second recording, and storage of network traffic of using
real-time and back-in-time forensic analysis and reporting of
high-performance 1GbE and 10GbE capture cards. Cascade Shark
network and security events across physical and virtual environ-
appliances are available in five models: the entry-level CSK 1100,
ments. Cascade Shark species passively and non-intrusively
the mid-range CSK 2100 and 2200, and the high-end CSK 3100
monitor key network links to provide greater visibility into
and 3200.
network-based application traffic.
The Cascade Shark family consists of three species:
Cascade Shark Appliances
• Cascade Shark appliances, which provide dedicated continu-
NIC
ous packet capture at 1GbE and 10GbE line rates Size Storage Capture Cards
Slots
• Virtual Cascade Shark software, which provide simultaneous 2-port 1GbE card
CSK 1100 1U 4TB 1
packet capture and flow export to monitor inter-VM within or 4-port 1GbE card
virtualized environments
CSK 2100 2U 8TB 2 Any combination of
• Embedded Cascade Shark functionality on Steelhead appli- 2-port 1GbE card,
ances, which provide on-demand packet capture for remote CSK 2200 2U 16TB 2 4-port 1GbE card or
site troubleshooting at no additional cost 2-port 10GbE SFP+
card
CSK 3100 3U 16TB 2
Cascade Virtual Embedded Up to 2 NICs per
Shark Cascade Shark on CSK 3200 3U 32TB 2 system
appliances Shark Steelhead
Continuous Table 2: Cascade Shark appliances are available in a variety of models for deploy-
ü ü - ment flexibility.
capture
On-demand
ü ü ü
capture Virtual Cascade Shark
Packet indexing Virtual Cascade Shark is a software version of Cascade Shark
ü ü ü
for fast analysis that has been virtualized to run on VMware ESXi environments.
Flow export to It taps into the virtual switch in an ESX hypervisor to monitor
ü ü -*
Profiler the performance of all inter-VM traffic. Virtual Cascade Shark
Analysis by software is unique in that it can simultaneously send summarized
ü ü ü
Cascade Pilot data to the Cascade Profiler console for analysis and reporting
Monitor live and continuously capture packets and capture, index, and store
traffic with full packet data on the local server or on a storage area network
ü ü -
views &
(SAN) for back-in-time analysis with Cascade® Pilot software.
watches
Runs in virtual Virtual Cascade Shark software can also be used to “build your
- ü -
environment own” packet capture appliance. Leverage any virtualized server
Disk space 4TB to 32TB 50GB to 2TB 15GB to 119GB running VMware ESXi – such as an existing virtualized branch
office server or a Cisco SRE blade on a Cisco Integrated Services
Supports
Router (ISR G2) – to gain cost-effective remote visibility. Monitor
real-time traffic ü ü -
(VoIP) branch LAN traffic by spanning from the switch to the physical
NIC on the server in addition to monitoring intra-server (VM-to-
Table 1: Comparing the capabilities of the various Cascade Shark species. VM) traffic.
*CascadeFlow export is performed by Steelhead appliance itself, not embedded Shark
functionality.With Virtual Cascade Shark software, IT operations teams Steelhead appliances with embedded Cascade Shark
can restore visibility in their virtualized environments and functionality
benefit from:
Steelhead products running RiOS 7.0 include Cascade Shark
• Continuous monitoring of interactions between virtualized functionality at no additional cost, enabling them to function
applications within the same physical host as remote probes without affecting core WAN optimization
• Accurate end-user experience metrics enabled by response capabilities. IT operations teams can leverage Steelhead appli-
time measurement ances for remote site troubleshooting of the optimized WAN as
well as local LAN, without having to deploy a dedicated probe or
• Deep retrospective analysis of server interactions using
dispatch a technician.
stored packets
Cascade Pilot software is used to schedule and initiate on-
• Baseline virtual environment traffic analysis to identify
demand capture jobs on the Steelhead appliances. Packet data is
abnormal changes in performance
indexed and stored directly on the Steelhead appliance. Storage
• Monitoring for security threats is a fixed amount that varies according to Steelhead model (see
Table 4 below). Just as with the Cascade Shark appliance, traffic
is analyzed directly on the remote Steelhead using Cascade Pilot
Virtual Cascade Shark Software as the management and analysis console so that large trace files
VSK-00050 VSK-00200 VSK-00400 do not need to be transferred across the network. Trace files
automatically appear in Cascade Pilot under the appropriate
Packet Storage Up to 50GB Up to 1TB Up to2TB
Steelhead probe and TCPDUMP folder.
Hypervisor VMware ESXi 4.1 Access to embedded Cascade Shark is password protected so that
only users with TCPDUMP permission on the Steelhead appliance
vCPU 2
can access the packet capture functionality.
Memory 2GB
System Disk Packet Storage Capacity on Steelhead Appliances
30GB
Space
Steelhead 250 550 1050 2050 5050 7050
6050
Capture Ports Up to 4 model L/M/H L/M/H L/M/H L/M/H L/M/H L/M
Management Packet
2
Ports storage 15GB 15GB 15GB 15GB 59GB 119GB 119GB
capacity
Table 3: Virtual Cascade Shark software is licensed according to required
storage space. Table 4: Storage dedicated to embedded Cascade Shark functionality differs by
Steelhead model.
“Because we capture and store all the traffic moving
through our two primary data centers, we always
have the information available whenever an appli-
cation team reports an issue. When this happens,
we go straight to Cascade to determine if anything
abnormal was happening at the time. Cascade helps
us quickly determine if it’s a network, server or
third-party issue.”
Network engineer, BlueCrest Capital ManagementDATA SHEET: Cascade Shark Family
Unique Capabilities
Some of the advantages that Cascade Shark provides over other
packet capture and analysis solutions include: Capture Retention
Business P2P VoIP jobs time
Multi-Gigabit Per Second Ethernet Traffic Capture – Cascade Web
Backup SAP 30 days
Shark includes Shark Packet Recorder, which is capable of con- Citrix Email
SAP
tinuous, reliable recording of multi-gigabit per second network SSL 5 days
Business Apps
traffic to disk. Shark Packet Recorder is a customized dump-to- 5 days
192.168.1/2 10.10.10/24
disk utility based on the 1GbE and 10GbE capture cards and a 172.16.1/24
172.16.2/24 10.10.10/24
specially designed RAID-enhanced packet storage system.
Distributed analysis – Cascade Pilot software analyzes trace files Network Traffic
directly on remote Cascade Shark products, eliminating the need
to export large trace files across the network for local analysis.
Only the results of the analysis (called “views”) are sent to Figure 2: All Cascade Shark species can simultaneously record multiple capture jobs.
Each job can capture specified traffic, selectively record the header and/or payload
Cascade Pilot. Once the data has been refined and the packets of information, and store the data for varying amounts of time, as determined by the
interest identified using Cascade Pilot, only that small subset of amount of storage dedicated to the job.
packets need be sent over the network to Wireshark for decod-
ing. Distributed analysis also means that when the network is
Precision time stamping – Cascade Shark appliances can adopt
experiencing issues, Cascade is not part of the problem.
the precision time stamps from network tap aggregators for
Smart packet indexing – Packet metadata, called microflows, greater accuracy and for coordinated time stamping across
provides efficient real-time indexing of packets. It enables users the network and with other monitoring tools in a customer’s
to quickly search terabytes of data and provides a seamless environment. Precision time stamping is critical for low-latency
transition between flow-based information in Cascade Profiler trading environments or other time-sensitive applications and
and packet-level information in Cascade Shark. Smart indexing of provides better accuracy for multi-segment analysis. Supported
packets accelerates troubleshooting, reducing the time it takes network taps include:
to identify and diagnose complex performance issues. • Gigamon SMT-436 GigaSMART blade for the GigaVue-2404
Selective recording – The option to record all or just a portion • cPackets cPacket cVU & cTap families (with Precision Timing
of the packet payload is important for meeting compliance with module option)
many regulatory initiates, such as HIPAA or PCI DSS; it can also
• VSS Monitoring Distributed Traffic Capture Series
extend the amount of packet data that can be stored and the
length of time it is available for analysis. Sophisticated packet analysis with Cascade Pilot – Cascade Pilot
software is designed to seamlessly and securely connect with
Multiple capture jobs – The ability to perform multiple, separate
one or more remote Cascade Shark products to enable rapid
capture jobs on a Cascade Shark species enables IT staff to dedi-
and simplified analysis of long-duration packet data. All of the
cate different amounts of storage to each job to flexibly extend
features of Cascade Pilot are available in the distributed envi-
storage time for critical applications. For example, one capture
ronment, including an extensive collection of views, drill-down
job could dedicate a certain amount of the storage on a Cascade
analysis, retrospective visualization and analysis of long-duration
Shark appliance to recording a few days’ worth of traffic, retain-
traffic statistics, a flexible trigger-alerting mechanism, and
ing the entire packet header and payload for a business-critical
simplified, pro¬fessional report generation. Once connected, the
CRM application. Meanwhile, a second capture job could use the
interaction between Cascade Pilot and Cascade Shark appears as
remaining storage to store a week’s worth of all other traffic,
if it were local.
recording only the packet header.
Wireshark integration – Wireshark, the leading open source pro-
tocol analyzer, can be used to analyze trace files recorded by any
Cascade Shark product. Tight integration and seamless hand off
from Cascade Pilot to Wireshark streamlines troubleshooting and
takes advantage of the network staff’s expertise with Wireshark
without having to learn yet another approach.Key Features
Cascade Shark Virtual Cascade Shark
• Mix 1GbE and 10GbE interfaces on the same appliance • Monitors and troubleshoots virtual traffic on VMware
ESXi host
• Modular and extensive storage options range from 4TB
to 32TB • Storage options range from 50GB to 2TB
• Real-time microsecond alerting and microburst views for
Embedded Cascade Shark on Steelhead
fine-grained analysis
• On-demand packet capture and indexing
• Ability to adopt precision time stamps from network tap
aggregators. Supported network taps include: • Storage options range from 15GB to 119GB
• Gigamon SMT-436 GigaSMART blade for the GigaVue-2404 • Requires Cascade Pilot 3.0 or later
• cPackets cPacket cVU & cTap families (with Precision Timing
module option)
• VSS Monitoring Distributed Traffic Capture Series
Features Common to all Shark species
• Capable of multiple concurrent capture jobs, each capable • Supports a wide variety of network protocols and traffic
of sustained line-rate recording and flexible storage time for analysis metrics (called views) for in-depth troubleshooting,
critical applications including:
• Smart file indexing accelerates packet analysis by up to -- LAN and network (MAC, VLAN, ARP, ICMP, DHCP, and DNS)
10,000x
-- Bandwidth usage (microbursts, IP, TCP, Web, and VoIP)
• Uses a custom file system optimized for time-based queries
-- Talkers and conversations (IP, subnets, countries, TCP, Web,
• Selective recording of all or a portion of the packets extends VoIP, database, financial)
the amount of data that can be recorded and the length of
-- Performance and errors (IP, TCP, Web, VoIP, database,
time it is available for analysis
financial)
• Multi-terabyte packet recordings are represented as a single
-- User activity (Web, VoIP, database, financial)
“virtual file” in Cascade Pilot to streamline in-depth analysis
and traffic visualization • Tight integration with Wireshark to take advantage of the
thousands of dissectors available from the Wireshark commu-
• Live traffic can be analyzed on Cascade Shark local network
nity for other protocols and deep packet analysis
interfaces or to off-line network traces stored in the Cascade
Shark storage systemAbout Riverbed
Riverbed delivers performance for the
globally connected enterprise. With
Riverbed, enterprises can successfully and
intelligently implement strategic initiatives
such as virtualization, consolidation, cloud
computing, and disaster recovery without
fear of compromising performance. By giving
enterprises the platform they need to
understand, optimize and consolidate their
IT, Riverbed helps enterprises to build a fast,
fluid and dynamic IT architecture that aligns
with the business needs of the organization.
Additional information about Riverbed
(NASDAQ: RVBD) is available at
www.riverbed.com.
2005, 2006, 2007, 2008, 2009, 2011
Riverbed Technology Riverbed Technology Ltd.
199 Fremont Street One Thames Valley
San Francisco, CA 94105 Wokingham Road, Level 2
Tel: +1 415 247 8800 Bracknell RG42 1NG
Fax: +1 415 247 8801 United Kingdom
www.riverbed.com Tel: +44 1344 401900
Riverbed Technology Pte. Ltd. Riverbed Technology K.K.
391A Orchard Road #22-06/10 Shiba-Koen Plaza Building 9F
Ngee Ann City Tower A 3-6-9, Shiba, Minato-ku
Singapore 238873 Tokyo, Japan 105-0014
Tel: +65 6508-7400 Tel: +81 3 5419 1990
©2012 Riverbed Technology. All rights reserved.
Riverbed and any Riverbed product or service name or
logo used herein are trademarks of Riverbed
Technology. All other trademarks used herein belong
to their respective owners. The trademarks and logos
displayed herein may not be used without the prior
written consent of Riverbed Technology or their
respective owners.
BR-CS05312012You can also read
