Acquisition, Aggregation, and Intelligence – A Hierarchical Visibility Architecture
The purpose of a network visibility architecture is to provide a method of access for security, analysis, and performance tools to access the data traversing your network infrastructure. These appliances are incedibly valuable to your organization, however they are only as effective as the data they are seeing. This post is intended to provide a framework to design a visibility architecture that can support the tools you currently have as well as scale to support the tools of the future. There are five key considerations that a visibility architecture should address. Along with these considerations, your design should adhere to a well defined, repeatable approach that can be translated across all environments with minimal architecture changes. Adhering to these principles allows for a supportable architecture that is easy to maintain and cost effective to deploy. The five key considerations: Provide shared access Wire-speed, reliable transport Scalability Cost Simplicity The Three Tiers - Acquisition, Aggregation and Intelligence A good way to visualize the design of your visibility architecture is a hierarchical, three tiered approach. Those tiers are acquisition, aggregation, and intelligence. Each layer defines a separate role within the visibility infrastructure and contributes individually to the five key considerations above. Let's dive into each role to get a better understanding of it's place in our architecture. 74
