Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

ExtraHop mines the network to glean operations intelligence

John Dix | Oct. 7, 2013
Rothstein, founder of Extrahop, updates us on the company and what he has learned about things about virtual loss.

You guys deliver as an appliance, right?
Yes. We're sold as a physical or a virtual appliance.

And where do you plug in?
For us, we just take a copy of the network traffic with no overhead at all. We're not in line, we're out of line. And how we get a copy of the traffic really depends on the environment. Sometimes it's directly from one or more switches using a SPAN port or a VACL capture. Sometimes there is a whole aggregation-tapping layer that's in place. Some organizations even use some pretty advanced SDN techniques to get us traffic to analyze. At the end of the day, if we get a feed of the traffic, we can make sense of it.  

But I want to stress that, even though we're a network deployment and we analyze what I'm calling the wire data, we're really answering questions about the health and performance of business-critical applications. So it's not just network teams that use an ExtraHop system. And that's an important distinction, because I see that confusion a lot.

Do you have a sweet spot in terms of customer size?
Our high-end physical appliances can support 20 gigabits of line-rate analysis, and hundreds of thousands of transactions per second. So we have large enterprises and carriers that use multiple EH8000 appliances across the data center with an ExtraHop Central Manager to provide a unified view. Our initial customers were larger enterprises, but we're starting to see more adoption at mid-size organizations because we also have virtual appliances that can analyze a gigabit of traffic and cost less than $10,000.  

How are the virtual appliances used?
First of all, a virtual appliance can actually terminate traffic from physical systems as well as virtual systems. So the fact that it runs in a virtual appliance is really just a form factor for us to deliver. But we're certified by Cisco to run in the Cisco UCS environment, where there is great flexibility around tapping virtual traffic. With VMware vSphere 5.1 and the distributed vSwitch, they introduced support for both RSPAN and ERSPAN and the ability to tap virtual traffic for security and monitoring purposes. And some of the announcements at VMworld around the new NSX offering afford even greater flexibility. So there are a number of approaches to take there, but I think the short answer is that virtual networking has really matured rapidly in the past 24 months or so, and we're seeing great capabilities for tapping virtual traffic much as you would tap physical traffic.

Do efforts to virtualize everything increase the need for your type of product?
Absolutely. Any time there are additional layers of abstraction it increases the need for not just our product, but solutions to help manage that complexity. That's a general trend. And certainly server virtualization and SDN are additional layers of abstraction and complexity. But we've worked with a lot of customers around things as simple as physical-to-virtual migrations, where they need to prove to the application owners that when they migrate an application from a physical environment to a virtual environment the performance and availability are the same or better. Or if they're not, they need to be able to measure that they're not.  

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for CIO Asia eNewsletters.