Missing data - Where current generation visibility solutions fall short


Sinefa's visibility is designed for high resolution and deep drill-down with scale in mind. From links less than 1Mbps to core networks running at 10+Gbps, Sinefa's visibility offers performance and scale without sacrificing detail. At the core of Sinefa's visibility is our flow aggregation and processing pipeline technology, put simply, this allows Sinefa Instances to ingest millions of flows and process them efficiently into sample sets.

Current Solutions

Current generation visibility solutions store the top X flows (e.g. 1,000) for each sample period (e.g. 5 minutes). From these 1,000 flows, the top applications and hosts are derived. But what if several users are using connection intensive applications such as Bittorrent? Bittorrent creates hundreds of connections for each user, so the top 1,000 flows could easily all be made up of a single application. This clearly doesn't scale. Add to that drill-down capability… there is no way you can achieve useful drilldown when there is such little detail, particularly at higher speeds. What if you wanted to view the users of a particular application other than Bittorrent? There would be little or no detail because most of the data in the top 1,000 flows is made up of Bittorrent connections.

The problem gets worse at lower resolutions when data is summarised down. Data is lost when the top 1,000 flows for each 5 minute period is aggregated into a 60 minute sample to produce a top 1,000 flows for the 60 minutes. For example, what if there are applications that made the top 1,000 flows for some of the 5 minute samples but not the others? When they are summarised into a 60 minute sample, the totals will be under reported because of the missing data.

Next Generation Visibility

Missing data – Where current generation visibility solutions fall short
Missing data – Where current generation visibility solutions fall short

Sinefa's next generation visibility solution efficiently stores ALL connections in RAM, and derives the TRUE top applications, hosts and users for each sample period, for all resolutions. In addition, for each record, Sinefa derives TRUE drill-down statistics. What's more, Sinefa has 1 minute resolution, 5 times more than other solutions. So that's more accurate reporting at higher resolution, and longer retention.

Sinefa's solution also has the ability to segment traffic and provide the same high definition visibility on every segment. This allows users to split up the traffic into logical groups, such as branch offices, customers, or departments, and report individually on these groups in full detail.

All of Sienfa's reporting is hosted in the cloud, meaning no expensive hardware and no servers or databases to maintain. Sinefa can report on an entire WAN, a group of locations, an individual location or a segment of a location all from the one UI. Full report filtering and drill-down allows users to quickly view relevant information all from a single interface.

Visibility for Virtual Networks and Public/Private Cloud Environments

Some current generation appliances have been retro-fitted to install "virtually inline" with virtual networks in an attempt to offer some sort of solution in this space, however, that does not help in public or private cloud environments. Sinefa's solution was built from the ground-up with virtualization in mind, from deployment in virtual environments to monitoring traffic inside virtual networks. Current generation solutions simply can't be retro-fitted to provide full visibility into all virtualized environments.

Feature Comparison

Feature Sinefa's Solution Other Solutions
Historical Data Resolution 1 minute 5 minutes or more
Realtime Data Resolution 1 second 10 seconds or 1 minute
Realtime Scope Up to 1,000 locations Only one location
Data Retention Unlimited @ Daily Resolution 2 Years @ Monthly Resolution
Flows Analysed All Top 1,000
Top Applications, Hosts, Users True top 1,000 Up to top 1,000 (derived from top 1,000 flows)
Maintaining Peaks Sinefa's solution accurately maintains historical peaks Historical peaks disappear due to taking 'averages of averages' resulting in misleading historical graphs
Appilcation Signature Updates Yes, available on demand. Daily automatic updates. Only with full software release download. Manual update only.
Drill-down True HD drill-down Whatever can be derived from the top 1,000 flows
Segmentation Yes, each segment reported individually with HD visibility No
Multi-tenant Yes, with Customer Portal, each customer can access their own data No
Central Reporting Yes, all reports are managed and viewed centrally No, each appliance reports individually
Deployment Software (VM), Software (BYOD), Hardware, Inline, SPAN Port, Netflow, Network TAP Inline Hardware Appliance, SPAN
Environment Physical networks, Virtual networks (hypervisor and VM) and cloud (eg. Amazon AWS) Physical network only
Pricing Low Opex High Capex
Backup Full, automatic backup in the cloud Data is stored on the appliance, lose the appliance, lose the data
Speed Fast, next generation UI Cumbersome and slow UI
Updates New features and updates automatically available every month. No reboot. No outages. 6-12 month release cycle. Very large update files. System reboot and network outage.

Building a Managed Services Practice

Product Update – April 2013