Why integrated bypass switches should not be used within an NPB for inline deployments?
"Who will guard the guards?"
It's a very valid question in situations where bypass switches 'protect' Network Packet Brokers (NPBs). In many inline applications, NPBs are used to load balance or pass traffic through to downstream security tools. In such cases, bypass switches are used to protect the NPB (or security tools).
The NPB can be switched out of the inline flow of network data for many reasons:
· upgrading of the NPB (or security tool)
· software or scheduled maintenance,
· or even to configure and deploy new security appliances
There are two main ways that bypass switches can be deployed:
As independent, stand-alone appliances - KEYSIGHT, a leading provider of visibility solutions, belives that the separation of bypass switches and NPBs is the better and more robust solution for complex network architectures.
As integrated by pass option - Keysight does not provide the integrated bypass option. Customers sometimes ask why Keysight does not provide integrated bypass switches with NPBs? The answer is simple – it's not a sound failsafe architecture for providing true bypass capabilities. In fact, in certain use cases it can be positively dangerous.
Let's discuss the three key use cases why integrated bypass switches should not be used within an NPB for inline deployments:
Use case #1 - Imagine a situation where an NPB has 48 individual 10G connections connected to a single NPB and 2 x 40G links are being used to provide the network traffic. Let's now assume the NPB has a hardware failure. In the event of a complete hardware failure most integrated bypass switches will switch to bypass mode and bypass the failed NPB. Now what? How is the failed NPB with the integrated bypass to be replaced? A major benefit of having a separate bypass switch is to allow you to replace the security device (be it a NPB or other tool) without bringing down the network. With an integrated bypass switch its just not possible (this argument also applies to using built-in bypass switches within a firewall/IPS as well) to swap out the NPB without disrupting live network traffic. You also must be careful to not disturb any of the live network links when performing maintenance on the NPB. Removing the 48 x 10G cables whilst a Bypass module is 'suspended' in thin air is not a professional approach in this scenario. A bypass switch is an excellent solution that keeps traffic flowing, for failsafe implementation of inline security tools. The White paper External Bypass Switches: A Better Inline Security Tool examines the value of an external bypass switch, over and above that of an internal bypass switch. Bypass switches improve the overall solution reliability, increase application availability, provide better instrumentation, and add the convenience and cost savings of remote monitoring and control.
Now where is that live network connection among the NPB ports?
Use case #2 - With built-in bypass switches, the management interface is common between the NPB and the bypass switch the can become a major single point of failure. What happens if the NPB management interface 'freezes"? You may wish to switch the NPB out of the circuit while further diagnostic work is undertaken. How do you do this? It's the same management interface used for both the bypass and the NPB. The two devices should be independent, but they are not.
Well it's a good thing I have one management I/F for the Bypass and one for the device it's protecting!
Use case #3 – Around 75% of all bypass deployments do not involve NPBs. NPBs are great for large complex environments, but in many deployments, they are "overkill." Vendors including bypass switches that are built-in with an NPB are "forcing" customers to adopt overly complex expensive solutions in all network locations. This is inefficient and a waste of scarce resources and budgets. Stand-alone bypass switches often cost one third or even less the price of an integrated NPB/bypass switch solution.
Let's optimize the costs of providing bypass capabilities. Why have a NPB when it's not needed?
SUMMARY
When a network monitoring device such as an Intrusion Protection Solution (IPS) is deployed inline in a network, it is vital to ensure that traffic continues to flow in all circumstances, even if the IPS loses power, so that mission-critical business applications remain available. Bypass Switches are in-line devices that provide fail-safe protection for in-line security and monitoring devices, such as an intrusion prevention system (IPS), web application firewalls (WAFs), and many others. Keysight offers a wide array of iBypass switch products to support user requirements for high availability, failure modes, speeds, and different media types.
- |
- +1 赞 0
- 收藏
- 评论 0
本文由翊翊所思转载自Keysight,原文标题为:Bypass Switches - "Quis custodiet ipsos custodes?",本站所有转载文章系出于传递更多信息之目的,且明确注明来源,不希望被转载的媒体或个人可与我们联系,我们将立即进行删除处理。
相关研发服务和供应服务
相关推荐
What Can You Do to Strengthen Your Network?
This blog suggested a simple 3-point plan that can strengthen your network, Keysight offers many solutions that could be beneficial.
设计经验 发布时间 : 2022-03-08
Keysight(是德科技)网络可视化产品选型指南
目录- Network Visibility Products Introduction Network Packet Brokers Bypass Switche Network Taps Cloud Visibility Visibility Central Management
型号- VISION EDGE OS,VISION 400,VISION EDGE 1S,VISION EDGE 10S,VISION EDGE 100,IBYPASS 100G,VISION 7816,VISION EDGE 40,VISION X,VISION ONE,VISION E400S,IBYPASS VHD,IBYPASS DUO,TRADEVISION,IBYPASS 4 COPPER
Keysight‘s Taps, Bypass Switches, And NPBs Can Help Find Your Security Vulnerability Before Hackers
Keysight Technologies has taps, bypass switches, and NPBs provide the visibility and confidence you need that you are seeing EVERYTHING in your network. They can find your security vulnerability before hackers find it for you.
厂牌及品类 发布时间 : 2022-01-22
Keysight Electromechanical Bypass Switches Product Fact Sheet
型号- N1812UL,N1811TL,8763B,8764C,8763C,8764A,8763A,8764B
How Can I Reduce Network Security Risk – Part 2
This blog Keysight examines step 2 of reducing network security risk. Step 2 is about finding intrusions on your network and quickly remediating those issues.
厂牌及品类 发布时间 : 2022-03-03
iBypass Quick Reference Guide
型号- IBP-8000-DC,IBPDUO-2X10-LR,IBPDUO-1X10-SR,IBPDUO-1X10-LR,IM-21-BYP,IBP-8000,DBM-100,IBPDUO-2X10-SR,DBM-300,DBM-200,IBPVHD-CH-DC,DBM-250,I2BP-40G-SR-50-QSFP,I3BP-CU3,IBPVHD-CH-AC
从技术原理、显示效果、能耗和寿命四方面对比IPS屏幕和LED屏幕
IPS屏幕和LED屏幕是两种不同的技术。IPS屏幕是一种液晶显示技术,而LED屏幕是一种发光二极管(LED)背光技术。本文TOPPOWER从技术原理、显示效果、能耗和寿命四方面对二者进行了对比介绍。
技术探讨 发布时间 : 2024-04-21
【选型】赛特勒(ZETTLER)IPS TFT模组(平面转换TFT)液晶显示产品选型指南
目录- IPS TFT模组 IPS TFT优点 IPS TFT模组系列 TFT解决方案
型号- ATM0680L2,ATM0500D27,ATM0700L61,ATM1010L19,ATM0400D1,ATM0430D44,ATM0350D17,ATM0784L1,ATM0154B1
IPS model REACH Compliance Declaration
型号- DRS-24V100W1AZ,MEA-160A15C GAA,PMT-12V35W2BA,PMB-24V50W1AH,DRS-24V100W1AR,PMB-24V50W1AG,DRC-12V060W1RZ,PMB-24V50W1AA,DRC-12V30W1BZ,PJB-24V240WBNJ,LNV-36V320WAAA,DRF-24V480W1GTA,ADT-090A24AA F-A,MDS-100APS18 BA,LNE-36V100WDAA,DRR-40N,DRN-24V7AAEN,PJU-27V60WCBA,MDS-350AD701 AA,PJU-27V60WCBB,PJU-27V60WCBC,LNE-12V185WDAA,PMT-D2V100W1AAPZ,PMT-36V350W2BM,PJL-48V200WBAA,PMT-15V350W1AR,DRC-12V30W1AZ,PMT-15V350W1AK,PJ-5V50WLNA,PMT-12V35W2BG,PMT-36V350W2BR,PMR-5V320WCAA,MDS-100BPS15 BA,PJT-12V100WBAA,PMC-12V600W1BA,LNE-12V100WAAA,LNE-48V120WDAA,PMF-4V320WCGB,PMT-D2V75W2CA,DRL-24V480W1ENN,DRF-48V480W3GTA,DRS-24V30W1AZD,PJ-24V30WCNA,MDS-300ADB48 AB,PJ-5V30WCNA,DRL-48V480W1EN,LNE-36V150WACA,DRR-20A,PMC-12V600W1BY,PJ-12V150WBRA,PMC-12V100W1AA,ADT-060A15AB B-A,PJT-12V100WBBA,DRP048V480W1BN,PMR-12V320W1AT,PMT-12V100W1AA,MDS-060AAS19 B,PMT-12V350W2BRC,PMT-12V350W2BRB,LNE-24V150WDAA,MEU-650A24T AAA,PMC-12V100W1AH,PMC-12V100W1AJ,PJT-12V65WBAA,MEB-750A48B AAA,PMC-12V100W1AL,PMT-12V350W1ARZ,PJB-24V300WLNA,PJB-24V240WBRA,PML-24V150W1AA,PML-24V150W1AH,PML-24V150W1AG,MDS-300ADB48 AA,DRP048V480W1BA,LNE-12V185WDCA,PMT-12V350W1AK,PJB-24V300WLNJ,ADT-060A24AB BE,PJ-5V15WCNA,PMT-12V350W1AR,PMF-4V320WCGR,PJB-24V300WLNT,DRL-24V480W1ENA,PMT-12V100W1AH,PMT-12V100W1AG,DRP-24V100W1NN,MEP-120A15J BNA,ADT-120A19AA F-A,MDS-100APS28 BA,PJT-15V100WBBA,PMT-12V350W1ART,PMT-15V50W2BA,LNE-36V150WAAA,MEA-160A24C GAA,DRC-24V100W1AZT,LNE-36V320WABA,PJ-24V150WLRA,PMT-12V350W1ARBZ,PMT-30V100W2BA,PMT-5V50W1AAF,LNE-24V150WDCA,MDS-300ADB12 AA,DRL-12V240W1EN,PMT-D2V75W2BA,PMT-12V35W2BAW,PMT-12V35W2BAB,MEP-200B12J CNA,PJB-24V150WBNA,LNE-36V320WACA,PMR-24V1K5W1BTB,PMR-24V600W1BT,PMT-12V35W2BAE,PMT-12V35W2BAC,PJT-18V100WBBA,MDS-065APS15 BA,DRC-12V30W1AG,PMT-12V100W1DG,DRF-48V120W1GBA,PMT-12V100W1DA,ADT-060A15AA B-A,MEB-750A24B AAA,MDS-005AAS06 AR,PMT-12V35W1AAT,PMT-12V35W1AAA,DRR-40A,PMT-12V35W1AAB,PJ-12V30WBNA,PJ-12V150WBNA,PJT-18V100WBAA,PMB-24V35W1AG,LNE-54V150WDCA,PMB-24V35W1AH,PMB-24V35W1AA,LNE-36V100WDCA,MEA-065A12C 6-A,DRC-12V100W1AZT,PJB-24V240WBNC,PJB-24V240WBNA,PJT-15V100WBAA,DRL-48V240W1EN,MDS-300ADB24 AA,MDS-300ADB24 AB,MDS-090BAS24 A,PJ-12V100WCNA,DRL-24V480W1AAT,DRL-15V240W1EN,PMT-24V150W2AA,PJ-24V150WLNA,PMU-13V155WCCAB,PMT-15V35W2BA,LNE-48V185WDAA,PMS-24V750W1BTD,LNE-24V320WBBA,PJU-13V60WCAC,PJU-13V60WCAB,MDS-005BAS05 BR,PJU-13V60WCAA,DRF-48V480W1GTA,PMT-12V150W2CA,PMR-12V240W1AT,PMT-24V200W1AM,PMT-48V200W2BNJ,ADT-060A12AA E-A,DRL-48V75W1AZR,PMT-24V200W1AN,PMT-D1V100W1AGB,MDS-060BAS19 AB,ADT-150A24AA K-A,MDS-060BAS19 AA,PJT-27V150WBNA,LNE-54V185WDCA,LNE-36V600WBGA,PJ-24V100WBNA,DRF-12V120W1GBA,LNE-24V320WBAA,PJ-12V50WCNA,PJB-24V300WCRJ,MEP-120A24J BNA,PJ-24V100WBNN,MEP-200A12J BNA,PJB-24V300WCRT,PJB-24V150WBRA,PMT-D1V100W1AHB,PMT-36V100W2BA,PML-5V50W1AAF,PMT-36V200W2BM,DRP-24V480W1CBN,LNE-48V185WDCA,PMH-12V100WCLT,LNE-12V320WBCA,PMH-12V100WCLU,DRC-24V100W1RZ,PMH-12V100WCLS,PMH-12V100WCLV,PMC-27V150W2AJ,PJ-5V75WCNA,MDS-400AUS24 B,PMH-24V200WCBV,DRF-24V480W3GTA,PMT-12V150W2CAB,PMT-12V150W2CAC,DRC-24V10W1AZ,MDS-150AAS12 BA,MEA-065A24B A-A,PMH-24V200WCBH,LNE-24V120WACA,LNE-54V185WDAA,PMH-24V200WCBL,PJ-48V50WLNA,DRP-24V480W1CAN,PMC-05V035W1AA,PMH-24V200WCBJ,DRC-12V15W1BZ,PMT-12V50W2BG,MDS-150AAS24 FA,PMT-12V50W2BA,LNE-24V320WBCA,LNE-12V120WDAA,PMH-24V200WCBT,PMH-24V200WCBU,PMC-05V035W1AJ,PMH-24V200WCBS,LNE-12V320WBBA,DRC-24V10W1BZ,PMT-36V200W2BR,PMH-24V200WCBA,LNE-36V320WAAA,LNE-48V100WAAA,MEA-090A15B V-A,PJ-12V100WCRA,PJ-5V15WLNA,PMC-24V075W1AJ,PJU-27V60WLAB,PMT-D1V100W1AG,PJU-27V60WLAA,PMT-D1V100W1AH,LNE-48V120WDCA,PMT-D1V100W1AA,PMT-24V100W2AZ,MDS-030AAC15 ZC,LNE-24V320WDBA,DRL-24V120W1EN,PMT-24V100W2BA,MDS-030AAC12 BB,MEA-090A15C V-A,PMT-24V100W2BG,MDS-030AAC24 AA,PMT-48V200W2BM,LNE-12V320WBAA,ADT-060A12AA C-A,MDS-030AAC15 A,PJU-27V60WLAC,MDS-030AAC24 AC,LNE-12V100WACA,DRP048V060W1BN,PMT-24V75W2BA,LNE-24V120WAAA,MDS-100APS48 BA,PJ-24V100WBRA,PMT-48V350W1AR,PJB-24V300WCNA,PMT-36V350W1ARZ,PMT-24V75W2BG,PMR-24V240W1AT,PMT-24V200W1AMB,PJB-24V300WCNJ,MDS-030AAC12 AB,LNE-24V320WDAA,MEB-2K5A24T RAA,DRV-24V120W1PN,PMT-24V100W2AA,PJT-15V65WBAA,PMT-48V350W1AK,LNE-36V185WACA,DRF-48V240W1GBA,PJB-24V300WCNT,DRC-24V10W1HZ,PJT-24V40WBAB,DRS-24V100W1NZ,PJT-24V40WBAA,PJT-15V65WBAK,LNE-12V120WDCA,LNE-48V100WACA,DRS-24V100W1NR,LNE-24V185WACA,PMC-24V075W1AA,PMT-24V200W1AMZ,PJ-12V15WBNA,PMS-48V1K2W1BTD,PMT-24V200W2BMA,PMT-24V200W1ANB,MEU-650A48T AAA,DRP012V060W1AA,PMT-24V200W2BMB,DRP048V240W1BA,PMT-24V150W2CA,DRP048V060W1BA,MDS-080AAS12 AD,LNE-12V320WDCA,MDS-080AAS12 AB,PMU-13V155WLCA,PJB-24V300WCRA,DRP048V240W1BN,PJU-27V60WLBA,PMT-24V150W2BA,DRP-24V120W2BN,PJU-27V60WLBC,PJU-27V60WLBB,PJU-13V60WCBA,PJB-24V100WBRA,PMT-48V150W1AA,PMT-24V150W2BG,MEA-090A15C 6-A,PJU-13V60WCBC,PJU-13V60WCBB,LNE-24V320WDCA,MDS-150AAS24 BA,PMT-24V200W2BNJ,LNE-36V185WAAA,PMT-30V75W2BA,PMT-12V150W2BA,MDS-150CAB19 AA,MDS-250ADB12 AB,MDS-250ADB12 AA,LNE-12V320WDBA,PMT-48V35W2BA,PMT-12V150W2BG,PJ-5V150WLRA,PMT-48V150W1AG,ADT-150A24AC K-A,PMT-48V150W1AH,LNE-24V185WAAA,DRC-12V10W1AZ,DRL-24V120W1AA,P
ZETTLER Display Provides 7-inch IPS Display Solution for Smart Home Application
ZETTLER Display engineering team offered a customized solution to a leading manufacturer of smart home appliances, based on its new ATM0700L61-CT IPS module. This 7-inch display features superior 1024 x 600 dot resolution along with 500cd/m² brightness.
厂牌及品类 发布时间 : 2023-09-03
【产品】最高可测600 bar的IPS压力传感器,粗暴操作、高强度振动等恶劣条件仍具稳定高精度
安费诺旗下的I2S推出的IPS压力传感器用于需要具有高度耐用性和介质兼容性的传感器的应用中。 IPS使用可靠,即使在恶劣条件下使用,粗暴操作以及受到高强度振动的情况下,也可以在整个使用寿命内提供精确,稳定的测量结果。 压力传感器元件和压力连接器由不锈钢制成,并且设计用于最高600 bar的绝对压力和相对压力。 IPS非常适合用于石油,汽油,柴油,氢气、天然气和液化石应用油气的。
新产品 发布时间 : 2020-02-19
现货市场
服务
提供是德(Keysight),罗德(R&S)测试测量仪器租赁服务,包括网络分析仪、无线通讯综测仪、信号发生器、频谱分析仪、信号分析仪、电源等仪器租赁服务;租赁费用按月计算,租赁价格按仪器配置而定。
提交需求>
配备KEYSIGHT网络分析仪,可测量无线充电系统发射机/接收机线圈的阻抗,电感L、电阻R、电感C以及品质因数Q,仿真不同充电负载阻抗下的无线充电传输效率。支持到场/视频直播测试,资深专家全程指导。
实验室地址: 深圳 提交需求>
授权代理品牌:集成电路
授权代理品牌:分立元件
授权代理品牌:接插件及结构件
授权代理品牌:部件、组件及配件
授权代理品牌:电源及模块
授权代理品牌:电子材料
授权代理品牌:仪器仪表及测试配组件
授权代理品牌:电工工具及材料
授权代理品牌:机械电子元件
授权代理品牌:加工与定制
我要提问
登录 | 立即注册
提交评论