Chapter 1 SteelCentral NPM Overview : Overview of the SteelCentral NPM Products
Overview of the SteelCentral NPM Products
This section describes the following SteelCentral products:
  • NetProfiler and NetProfiler-v Overview
  • Flow Gateway and Flow Gateway-v Overview
  • NetShark and NetShark-v Overview
  • Packet Analyzer Overview
    • Figure 1‑1. SteelCentral Appliance Architecture
    NetProfiler and NetProfiler-v Overview
    The NetProfiler and NetProfiler-v provide, on a consistent-user interface, centralized reporting and analysis of the data collected by other SteelCentral products, SteelHeads, and flow exporting routers and switches. The NetProfiler offers performance analytics, security analytics, and proactive alerts for delivering application-aware monitoring and troubleshooting to your network. It combines all network data into a single data set with in-depth views that support flexible analysis of the information.
    Members of the NetProfiler family of products include:
  • Standard NetProfiler - Standard model designed for mid-level organizations supporting up to approximately 1,000,000 flows per minute (fpm).
  • Enterprise NetProfiler - Designed to be expandable, supporting environments larger than the Standard NetProfiler up to 10,000,000 fpm.
  • NetProfiler-v - Designed to allow easy deployment as part of a virtualized environment, supporting up to 2,000,000 fpm. You can deploy NetProfiler-v on VMware ESXi v5.0, v5.1, and v5.5.
  • NetExpress 470 - An entry-level appliance designed for small organizations. It includes NetProfiler, NetShark, and Flow Gateway functionality in one appliance and supports up to 120,000 fpm.
    • Note: For information about NetExpress 360 and 460, see previous version of this deployment guide.
  • NetExpress-v - An entry-level virtual appliance designed for small organizations. It includes NetProfiler, NetShark, and Flow Gateway functionality in one virtual appliance and supports up to 120,000 fpm. You can deploy NetExpress-v on VMware ESXi v5.0 and v5.1.
    • For more information about the NetProfiler, see Choosing a NetProfiler Model.
    Flow Gateway and Flow Gateway-v Overview
    The Flow Gateway and Flow Gateway-v collect flow data from routers, switches, and other network devices. These appliances support most standard flow types (NetFlow, sFlow, J-Flow, IPFIX, and so on). The Flow Gateway aggregates the data, deduplicates it, encrypts it, and sends it to the NetProfiler. The Flow Gateway can transmit data to up to five Standard NetProfilers or NetExpresses and supports up to 2,000,000 fpm.
    You can deploy the Flow Gateway in the same location as the NetProfiler or regionally if you have multiple data centers. You can deploy the Flow Gateway-v on VMware ESXi v5.5.
    For more information about the Flow Gateway, see Choosing a Flow Gateway Model.
    NetShark and NetShark-v Overview
    The NetShark includes high-performance (1 GbE or 10 GbE) continuous packet capture, storage, and analysis. You can:
  • use the NetShark for fast indexing and in-depth analysis of multiterabyte network traffic recordings.
  • drill down to deliver micro-level flow resolution for analysis.
    • The NetShark:
  • sends flow information, including performance metrics, to the NetProfiler and standard NetFlow v9 to other flow collectors.
  • delivers real-time or historical deep-packet inspection (DPI) and analysis.
    • You can access the NetShark using Packet Analyzer. The NetShark uses the Riverbed XML-based protocol on top of an HTTPS connection for transferring data to Packet Analyzer.
    NetShark-v is available in v9.5 and later. NetShark-v operates similarly to the NetShark, but it is intended for use in virtual environments in which you want packet capture and continuous monitoring between virtual hosts or need to deploy packet capture in an environment in which deploying a full-NetShark does not make sense.
    This section contains the following topics:
  • NetShark-v on SteelHead EX
  • NetShark on AppResponse
  • Embedded SteelCentral NetShark Overview
    • For more information about the NetShark, see Choosing a NetShark Model.
    NetShark-v on SteelHead EX
    In RiOS v8.5 or later, SteelHead EX supports NetShark-v v10.5 using VSP. Deploying NetShark-v in VSP provides most of the functionality available from a full NetShark-v deployment.
    This deployment of NetShark-v provides most of the functionality available in the full NetShark and other NetShark-v deployments, except that it cannot perform Layer-7 DPI.
    For more information, see Choosing NetShark-v on SteelHead EX.
    NetShark on AppResponse
    AppResponse v8.6.8 or later supports a NetShark-v module (based on NetShark-v v10.0 code). This deployment of NetShark-v provides most of the functionality available in the full NetShark and other NetShark-v deployments, except that it cannot perform Layer-7 DPI.
    You can manually install the NetShark module with AppResponse v8.6.8. In AppResponse v9.0 or later, the NetShark module is included with the base software release, however depending on the functionality you want, you might need additional licenses.
    For more information, see Choosing a NetShark Module on AppResponse.
    Embedded SteelCentral NetShark Overview
    In RiOS v7.0 or later, the SteelHead includes limited NetShark functionality as Embedded SteelCentral NetShark. Embedded SteelCentral NetShark software enables on-demand packet capture on SteelHeads at remote sites, and it provides control and analysis of packet captures on remote SteelHeads directly from Packet Analyzer. As with the NetShark, you can use Embedded SteelCentral NetShark to drill down to deliver microlevel flow resolution for analysis using Riverbed XML-based protocol on top of an HTTPS connection for transferring data to Packet Analyzer. You do not need to transfer full packets until you need them.
    Packet Analyzer Overview
    Packet Analyzer seamlessly and securely integrates with a remote NetShark to deliver a complete and feature-rich distributed network analysis. Packet Analyzer is the only tool on the market to be fully integrated with Wireshark software, an open-source network protocol analyzer. While the NetProfiler provides visibility on all flows across the network, Packet Analyzer provides an in-depth view into problems requiring deep packet analysis.
    For more information about Packet Analyzer, see Choosing Packet Analyzer.