University of California at Berkeley and Syracuse University speak out about their successful usage of the GigaVUE®

In almost all networks, there always seem to be tension and competition between the security group and the network group when it comes to providing network access to the security folks. As the network’s complexity grows, this access conflict becomes more intractable. The growing number of network nodes and links that requiring monitoring, the ever increasing speed and volume of data in the network, and the ever tighter budget environments all strive to make the job of securing and managing a network more and more difficult.

This short article describes how two of the major universities in the US found a solution to this often vexing problem by deploying a unique data access switch from Gigamon Systems.

The GigaVUE data access switch is a sophisticated device that bridges the chasm between the production network and the tools that secure and manage it. By making it possible to tap and link the different links and nodes to a variety of tools, the GigaVUE made it possible to bring any data from any point on a network and delivering it to any tools connected to the GigaVUE, all without the need to open maintenance tickets and waiting hours or days for permission to gain access.

Fred Archibald is the Network Manager, Infrastructure Development and Support Group, Electrical Engineering and Computer Sciences, University of California at Berkeley.

Fred Archibald says “The Gigamon data access switch has become an indispensable part of our network infrastructure in EECS. Some of my colleagues refer to it as the ‘Swiss Army Knife’ of the data monitoring game. It is extremely flexible which is mandatory in our dynamic environment. Our internal network topology changes frequently and our monitoring tools must adapt quickly to these changes without burdening staff.”

John Ives is the System & Network Security Expert for the University of California at Berkeley

“The GigaVUE fulfills a need we have been looking to deal with for a couple years now. It is very difficult to monitor gigabit, let alone multi-gigabit speed traffic on a diverse network using commodity hardware. The GigaVUE 420 allows us to break apart the traffic in multiple ways, be it subnets, ports or protocols, for monitoring by multiple commodity based and limited bandwidth sensors.

When evaluating 10G IDS solutions recently, the average quote we received, for one sensor, was $200,000. When the necessary management equipment, support and maintenance are included, the price tag was almost $300,000. With the GigaVUE, we are able to monitor our network for well less than $100,000 and can use as many different products and tools as we like.

Using the GigaVUE’s abilities to segment and filter traffic prior to it reaching our IDS sensors, we were able to cut the amount of CPU time spent dealing with interrupts (most of which were from the network cards) to around 30% of what it had been. In some cases this will actually extend the useful life of some of our older sensors because it allows them to bring more CPU time to bear on the traffic.”

A Success Story of Monitoring the Network Backbone at Syracuse with the GigaVUE – By Bruce Boardman:

Migration to 10 Gig, backbone redundancy, Network Access Control (NAC) and exploding security mandates driven by student course work, faculty research, financial administration, event ticketing  and security monitoring keep Syracuse Universities Network Design and Development busy. Just like the infomercials, “But there’s more!”. The University is leading citizenship initiatives that bring together government, world wide scholars, and the local community. An important win for all, as well as a challenge for the Network and Design and Development (NDD) team at Syracuse University.

Like most large institutions of higher learning, demands like this create an IT organization that is part enterprise and part ISP. Individual colleges within S.U. operate autonomously like separate corporate divisions. Administrative systems and departments drive transactions that support the university. Students live academically and socially across all systems expecting to be just as well connected in a dorm room as they are at home. This means weekend outage, like those for residential ISP users, gets noticed and fixed.  Traditional computing devices are joined by voice, video, mail, game, and environmental network connected devices. Some of the systems, practices, and policies are centrally designed and maintained, like a corporation, while others, only require network services of an ISP.

Central to all of this is monitoring and within this environment, monitoring is strategic. The network is ever more complex, creating opaque layers that cannot be seen without monitoring. Monitoring, once ad-hoc, must be predictable to protecting the network and it’s assets in the pursuit of these goals, mandates monitored connections. Monitoring is strategic and for this reason NDD relies on Gigamon Systems and its GigaVUE devices.

Gigamon creates a powerful and flexible monitoring backbone that bridges the network and the tools. SU has begun to add 10 Gig core links as Gigabit runs out of gas, so it is important to build on a base that meets these requirements. But beyond raw power, SU needs a reliable, flexible monitoring backbone. Without flexibility the monitored connections are too brittle to serve the wide variety of monitoring needs.
In the past ad hoc link taps and SPAN connections required network engineer’s time to configure and verify data collection. Link interruption and tracing patches through the thousands of connections requires time and expertise.

Using GigaVUE’s media agnostic modularity, and extremely powerful filtering and mapping, NDD has eliminated the need to build and tear down monitoring setups. Instead a combination of high value ongoing links and ad hoc system and application links are easily directed to network monitoring gear.

It doesn’t matter if law enforcement, intrusion detection, network  performance characterization, or end user diagnostics are required, NDD can quickly create a feed and be assured that only the right data is being monitored through the GigaVUE.
The Gigamon Systems’ GigaVUE has been tested and proven invaluable by many experts but especially at these two large and respected Universities by the real everyday network experts that make sure the network is up and running securely 24 X 7.

The three Network and Security Professionals that contributed to this article are:

Bruce Boardman of Syracuse University

Bruce tests network management systems at Syracuse University. Bruce has seen IT from service provider, test lab, and central IT perspectives. Bruce is a committed network analyst with many years of experience in testing and deployment of network tools and infrastructure devices. Information Technology and Services (ITS) maintains an array of technologies that are designed to connect students, faculty, and staff to their critical University information resources 24 hours a day, seven days a week, regardless of where they are physically located.

Fred Archibald of the University of California at Berkeley

Fred is the Network Manager, Infrastructure Development and Support Group, Electrical Engineering and Computer Sciences.
Fred has been at the University for year and his team supports the Electrical Engineering and Computer Sciences departments and assures them of full network access, complete security and support, 24 X 7. The Department of Electrical Engineering and Computer Sciences (EECS) is the largest department within the College of Engineering which itself is one of the top five professional schools and colleges belonging to the 30,000-student University of California at Berkeley. Whether measured by headcount, operational cash flow, or capital investment and expenditures, EECS is comparable in scale to a typical Fortune-5000 corporation and therefore, not surprisingly, has similar networking requirement and infrastructure.

John Ives of The University of California at Berkeley