Overview of the SteelCentral NPM Products

The NetProfiler and NetProfiler-v provide, on a consistent-user interface, centralized reporting and analysis of the data collected by other SteelCentral products, SteelHeads, and flow exporting routers, switches, and other network devices. The NetProfiler offers performance analytics, security analytics, and proactive alerts for delivering application-aware monitoring and troubleshooting of your network. It combines all network data into a single data set with in-depth views that support flexible analysis and high-speed presentation of the information.

Members of the NetProfiler family of products include:

• Standard NetProfiler - Standard model designed for mid-size organizations supporting up to approximately 1,000,000 flows per minute (fpm).

• Enterprise NetProfiler - Designed to be expandable, supporting environments larger than the Standard NetProfiler up to 10,000,000 fpm.

• NetProfiler-v - Designed to allow easy deployment as part of a virtualized environment, supporting up to 2,000,000 fpm. You can deploy NetProfiler-v on VMware ESXi 5.0, 5.1, and 5.5.

• NetExpress 470 - An entry-level appliance designed for small organizations. It includes NetProfiler, NetShark, and Flow Gateway functionality in one appliance and supports up to 120,000 fpm.

• NetExpress-v - An entry-level virtual appliance designed for small organizations. It includes NetProfiler, NetShark, and Flow Gateway functionality in one virtual appliance and supports up to 120,000 fpm. You can deploy NetExpress-v on VMware ESXi 5.0, 5.1 and 5.5.

For more information about the NetProfiler, see Choosing a NetProfiler Model.

The Flow Gateway and Flow Gateway-v collect flow data from routers, switches, and other network devices. These appliances support most standard flow types (NetFlow, sFlow, J-Flow, IPFIX, and so on). The Flow Gateway aggregates the data, deduplicates it, encrypts it, and sends it to the NetProfiler in a compressed format over a reliable and secure connection. The Flow Gateway can transmit data to up to five Standard NetProfilers or NetExpresses and supports up to 2,000,000 fpm.

You can deploy the Flow Gateway in the same location as the NetProfiler or regionally if you have multiple data centers. You can deploy the Flow Gateway-v on VMware ESXi 5.5.

For more information about the Flow Gateway, see Choosing a Flow Gateway Model.

The NetShark includes high-performance (multiple 1 GbE or 10 GbE interfaces) continuous packet capture, storage, and analysis. You can:

• sends flow information, including performance metrics, to the NetProfiler and standard NetFlow v9 to other flow collectors.

You can access the NetShark using Packet Analyzer. The NetShark uses the REST API for transferring data to Packet Analyzer.

NetShark-v is available in version 9.5 and later. NetShark-v operates similarly to the NetShark, but it is intended for use in virtual environments in which you want packet capture and continuous monitoring between virtual hosts or need to deploy packet capture in an environment in which deploying a full-NetShark does not make sense.

You can deploy NetShark-v on VMware ESXi v5.0, v5.1, and v5.5 and Microsoft Hyper-V Server 2012 R2.

This section contains the following topics:

For more information about the NetShark, see Choosing a NetShark Model.

In RiOS 8.5 or later, SteelHead EX supports NetShark-v 10.5 using VSP. Deploying NetShark-v in VSP provides most of the functionality available from a full NetShark-v deployment.

For more information, see Choosing NetShark-v on SteelHead EX.

AppResponse 8.6.8 or later contains an embedded a NetShark-v engine (based on NetShark-v 10.0 code). This deployment of NetShark-v code provides most of the functionality available in the full NetShark and other NetShark-v deployments, except that it cannot perform Layer-7 DPI.

You must manually install the NetShark module with AppResponse 8.6.8. In AppResponse 9.0 or later, the NetShark module is included with the base software release, however depending on the functionality you want, you might need additional licenses.

For more information, see Choosing a NetShark Module on AppResponse.

In RiOS 7.0 or later, the SteelHead includes limited NetShark functionality as Embedded SteelCentral NetShark. Embedded SteelCentral NetShark software enables on-demand packet capture on SteelHeads at remote sites, and it provides control and analysis of packet captures on remote SteelHeads directly from Packet Analyzer. As with the NetShark, you can use Embedded SteelCentral NetShark to drill down to deliver microlevel flow resolution for analysis using Riverbed XML-based protocol on top of an HTTPS connection for transferring data to Packet Analyzer. You do not need to transfer full packets until you need them.

Packet Analyzer seamlessly and securely integrates with a remote NetShark to deliver a complete and feature-rich distributed network analysis. Packet Analyzer is the only tool on the market to be fully integrated with Wireshark software, an open-source network protocol analyzer. While the NetProfiler provides visibility on all flows across the network, Packet Analyzer provides an in-depth view into problems requiring deep packet analysis.